DIGITAL DATA RETENTION MANAGEMENT
First Claim
1. A method for operating a storage system, a retention management system and a trusted component, said storage system being configured for storing data objects and metadata associated thereto, said retention management system being operable for data processing, said trusted component being operable for providing access to a secure date or time basis and for performing cryptographic operations by using internally stored secret data, said method comprising:
- calculating a retention date associated with a data object in said storage system;
generating a cryptographic checksum for metadata relating to said data object in said trusted component, the metadata comprising the retention date;
storing said metadata and said cryptographic checksum; and
based on receiving a request to perform a deletion transaction on said data object for deleting said data object from the storage system;
verifying metadata validity by checking the cryptographic checksum for the metadata associated with said data object to detect possible tampering of the metadata;
verifying retention expiration by determining that a current date is past the retention date comprised in said metadata; and
based on successful verification of metadata validity and retention expiration, authorizing deletion of said data object by the storage system.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments relate to digital data retention management. An aspect includes calculating a retention date associated with a data object in a storage system. Another aspect includes generating a cryptographic checksum for metadata relating to said data object, the metadata comprising the retention date. Another aspect includes storing said metadata and said cryptographic checksum. Another aspect includes, based on receiving a request to perform a deletion transaction on said data object for deleting said data object from the storage system: verifying metadata validity by checking the cryptographic checksum for the metadata associated with said data object to detect possible tampering of the metadata; verifying retention expiration by determining that a current date is past the retention date comprised in said metadata; and based on successful verification of metadata validity and retention expiration, authorizing deletion of said data object by the storage system
-
Citations
20 Claims
-
1. A method for operating a storage system, a retention management system and a trusted component, said storage system being configured for storing data objects and metadata associated thereto, said retention management system being operable for data processing, said trusted component being operable for providing access to a secure date or time basis and for performing cryptographic operations by using internally stored secret data, said method comprising:
-
calculating a retention date associated with a data object in said storage system; generating a cryptographic checksum for metadata relating to said data object in said trusted component, the metadata comprising the retention date; storing said metadata and said cryptographic checksum; and based on receiving a request to perform a deletion transaction on said data object for deleting said data object from the storage system; verifying metadata validity by checking the cryptographic checksum for the metadata associated with said data object to detect possible tampering of the metadata; verifying retention expiration by determining that a current date is past the retention date comprised in said metadata; and based on successful verification of metadata validity and retention expiration, authorizing deletion of said data object by the storage system. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A data processing and storage apparatus comprising:
-
a storage system, said storage system being configured for storing data objects and metadata associated thereto; a retention management system, said retention management system being operable for data processing; and a trusted component, said trusted component being operable for providing access to a secure date or time basis and for performing cryptographic operations by using internally stored secret data, said data processing and storage apparatus being configured for; calculating a retention date associated with a data object in said storage system; generating a cryptographic checksum for metadata relating to said data object in said trusted component, the metadata comprising the retention date; storing said metadata and said cryptographic checksum; and based on receiving a request to perform a deletion transaction on said data object for deleting said data object from the storage system; verifying metadata validity by checking the cryptographic checksum for the metadata associated with said data object to detect possible tampering of the metadata; verifying retention expiration by determining that a current date is past the retention date comprised in said metadata; and based on successful verification of metadata validity and retention expiration, authorizing deletion of said data object by the storage system. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer program product for operating a storage system, a retention management system and a trusted component, said storage system being configured for storing data objects and metadata associated thereto, said retention management system being operable for data processing, said trusted component being operable for providing access to a secure date or time basis and for performing cryptographic operations by using internally stored secret data, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a processing circuit to cause the processing circuit to:
-
calculating a retention date associated with a data object in said storage system; generating a cryptographic checksum for metadata relating to said data object in said trusted component, the metadata comprising the retention date; storing said metadata and said cryptographic checksum; and based on receiving a request to perform a deletion transaction on said data object for deleting said data object from the storage system; verifying metadata validity by checking the cryptographic checksum for the metadata associated with said data object to detect possible tampering of the metadata; verifying retention expiration by determining that a current date is past the retention date comprised in said metadata; and based on successful verification of metadata validity and retention expiration, authorizing deletion of said data object by the storage system. - View Dependent Claims (17, 18, 19, 20)
-
Specification