Centralized secure backup system and method
First Claim
1. A method for providing centralized secure backup of data comprising the steps of:
- providing centrally initiated extraction of data to be backed up from a plurality of processing nodes;
encrypting the centrally extracted data using a public key based cryptographic system; and
analyzing backup policy data to determine whether backup data is to be encrypted and if so, determining a public encryption key to be used by the public key cryptographic system to wrap a symmetric key that is used to encrypt the backup data.
6 Assignments
0 Petitions
Accused Products
Abstract
Briefly, a centralized secure data backup system pulls information to be securely backed-up from one or more data sources such as computer nodes or other communication units. A processor or other suitable processor centrally initiates extraction of data to be backed-up from a plurality of processing nodes. The processor employs a backup data encryptor that encrypts the centrally extracted data using a public key based cryptographic system. Data is encrypted using a suitable symmetric key and symmetric cryptosystem. Then the symmetric key is wrapped using the public encryption key of the data source, such as a user, organization administrator, software application or other entity.
127 Citations
18 Claims
-
1. A method for providing centralized secure backup of data comprising the steps of:
-
providing centrally initiated extraction of data to be backed up from a plurality of processing nodes;
encrypting the centrally extracted data using a public key based cryptographic system; and
analyzing backup policy data to determine whether backup data is to be encrypted and if so, determining a public encryption key to be used by the public key cryptographic system to wrap a symmetric key that is used to encrypt the backup data. - View Dependent Claims (2, 3, 4, 5, 6, 7)
providing a backup data selection interface to facilitate central extraction of data to be backed up;
indexing file system descriptor data with associated public key identification data; and
storing the indexed data.
-
-
3. The method of claim 1 wherein the step of encrypting includes obtaining backup based public key data based on backup policy data.
-
4. The method of claim 3 including the step of obtaining a public key certificate that includes a public encryption key corresponding to the backup policy data.
-
5. The method of claim 2 including providing the public key identification data from a public key infrastructure system to at least one central backup unit that contains the backup data selection interface.
-
6. The method of claim 1 including generating request data and generating response data to determine, based on the response data, whether to securely backup data.
-
7. The method of claim 1 including storing index data in a directory for use by other servers.
-
8. A system for providing centralized secure backup of data comprising:
-
a processor that centrally initiates extraction of data to be backed up from a plurality of processing nodes wherein the processor analyzes backup policy data to determine whether backup data is to be encrypted and if so, determining a public encryption key to be used by the public key cryptographic system to wrap a symmetric key that is used to encrypt the backup data; and
a backup data encryptor coupled to encrypt the centrally extracted data using a public key based cryptographic system. - View Dependent Claims (9, 10, 11, 12, 13)
a backup data selection interface, operatively coupled to the processor, to facilitate central extraction of data to be backed up;
a backup data indexer that indexes file system descriptor data with associated public key identification data; and
memory that stores the indexed data.
-
-
10. The system of claim 8 wherein the backup data encryptor obtains backup based public key data based on backup policy data.
-
11. The system of claim 10 wherein the backup data encryptor obtains a public key certificate that includes a public encryption key corresponding to the backup policy data.
-
12. The system of claim 8 including a processor adapted to generate request data and another processor adapted to generate response data that determines, based on the response data, whether to securely backup data.
-
13. The system of claim 8 including memory that stores index data in a directory for use by other servers.
-
14. A digital storage medium that stores programming instructions that, when read by at least one processing module, causes the processing module to facilitate centralized secure back-up of data, the digital storage medium comprising:
-
program instruction memory that contains programming instructions that cause the processing module to provide centrally initiated extraction of data to be backed up from a plurality of processing nodes;
encrypt the centrally extracted data using a public key based cryptographic system, and to analyze backup policy data to determine whether backup data is to be encrypted and if so, determining a public encryption key to be used by the public key cryptographic system to wrap a symmetric key that is used to encrypt the backup data.- View Dependent Claims (15, 16, 17, 18)
provide a backup data selection interface to facilitate central extraction of data to be backed up;
index file system descriptor data with associated public key identification data; and
store the indexed data.
-
-
16. The storage medium of claim 14 including memory that contains programmed instructions to obtain backup based public key data based on backup policy data.
-
17. The storage medium of claim 14 including memory that contains programmed instructions to obtain a public key certificate that includes a public encryption key corresponding to the backup policy data.
-
18. The storage medium of claim 14 including memory that contains programmed instructions to provide the public key identification data from a public key cryptographic system to at least one central backup unit that contains the backup data selection interface.
Specification