Method for revoking computer backup files using cryptographic techniques
First Claim
1. A method for preventing the reading of all backup copies of electronic information, the method comprising:
- using an encryption key, encrypting only the electronic information being backed up;
storing the encrypted electronic information on a backup medium;
creating a key file;
storing the encryption key in the key file;
encrypting the key file with a master key;
backing up the encripted key file; and
destroying any record of the encryption key.
11 Assignments
0 Petitions
Accused Products
Abstract
A system enables a user to remove a file from a file system and from all backup tapes without ever mounting a single tape. When a file is backed up, it is first encrypted using a randomly generated key and then backed up. When the user wishes to remove the file from the backup tape, the key used to encrypt the file is deleted. Deleting the encryption key renders the data on the tape inaccessible. No one, including the file owner, can ever access the file again. The encrypt before-backup method is completely transparent to the user. Only the computer system'"'"'s operating system knows which key was used to encrypt the file during backup. This ensures that when the operating system is instructed to delete the encryption key, the key is "lost" forever and thus the backed up files become unreadable. Unlike prior cryptographic file systems, the revoked backup files are inaccessible to both the user and others.
-
Citations
10 Claims
-
1. A method for preventing the reading of all backup copies of electronic information, the method comprising:
-
using an encryption key, encrypting only the electronic information being backed up; storing the encrypted electronic information on a backup medium; creating a key file; storing the encryption key in the key file; encrypting the key file with a master key; backing up the encripted key file; and destroying any record of the encryption key. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus for backing up electronic information on a computer system comprising:
-
a. a system memory storing; (1) a file of electronic information; and (2) a key file configured to store encryption keys; b. an encryption means configured to; (1) receive and encrypt the file of electronic information using a first encryption key; and (2) receive and encrypt the key file using a master key; and c. a backup system configured to receive and store the encrypted file of electronic information and the key file, wherein said stored encrypted file of electronic inform ation and key file are rendered unreadable without access to said first encryption key and the master key. - View Dependent Claims (8, 9)
-
-
10. A method for backing up electronic information stored on a computer system so that reading of all copies of the backed up information is prevented when the electronic information stored on the computer system is deleted, the method comprising:
-
generating a first encryption key; encrypting said stored electronic information using the first encryption key; backing up the encrypted electronic, information by making a copy of said encrypted electronic information on a backup storage medium; generating a second encryption key when a second backup copy of said electronic information is made; creating an encryption key file for storing said first and second encryption keys; and storing in said encryption key file a date associated with each encryption key upon which each of said first and second encryption keys will expire.
-
Specification