Method and system for managing information retention

US 6,915,435 B1
Filed: 02/09/2000
Issued: 07/05/2005
Est. Priority Date: 02/09/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method for managing information retention in a system, comprising:

receiving a set of information into a system;

associating one or more keys with said set of information;

encrypting said set of information using said one or more keys;

storing said set of information in encrypted form into one or more repositories, wherein only the encrypted form of the set of information is persistently stored within the information system and no unencrypted form of the set of information is persistently stored within the information system;

purging said set of information from the system so that said set of information is not available to a user from the system by deleting said one or more keys, thereby making said set of information unrenderable;

prior to deletion of said one or more keys, receiving a request from an information sink to render said set of information to a user accessing the encrypted form of said set of information from the one or more repositories;

accessing said one or more keys;

providing the encrypted form of said set of information and said one or more keys to the information sink to enable the information sink to decrypt the encrypted form of said set of information; and

using said one or more keys to render said set of information to the user, wherein the information sink comprises sufficient logic to prevent it from persistently storing said one or more keys received from an information manager.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An improved information retention management mechanism is disclosed wherein an information set may be purged from an information system without having to delete the information set from the system. Whenever an information set enters an information system, a key is associated with the information set. The information set is encrypted using the associated key, and the encrypted form of the information set is stored in the information system. The unencrypted form of the information set is not stored. To render the information set to a user, the encrypted form of the information set is accessed along with the associated key, and then decrypted using the associated key to derive the original information set. Once derived, the information set is rendered to the user. So long as the associated key remains in the system, this process may be carried out to render the information set to a user. At some point, in accordance with an information retention policy, the information set is selected for purging. To purge the information set, all that needs to be done is to delete the associated key. By deleting the associated key, all copies of the encrypted information set stored within the information system are made unrenderable; as a result, the information set is effectively “purged” from the system. This purging is achieved without having to delete the encrypted information set from the system.

200 Citations

30 Claims

1. A method for managing information retention in a system, comprising:
- receiving a set of information into a system;
  
  associating one or more keys with said set of information;
  
  encrypting said set of information using said one or more keys;
  
  storing said set of information in encrypted form into one or more repositories, wherein only the encrypted form of the set of information is persistently stored within the information system and no unencrypted form of the set of information is persistently stored within the information system;
  
  purging said set of information from the system so that said set of information is not available to a user from the system by deleting said one or more keys, thereby making said set of information unrenderable;
  
  prior to deletion of said one or more keys, receiving a request from an information sink to render said set of information to a user accessing the encrypted form of said set of information from the one or more repositories;
  
  accessing said one or more keys;
  
  providing the encrypted form of said set of information and said one or more keys to the information sink to enable the information sink to decrypt the encrypted form of said set of information; and
  
  using said one or more keys to render said set of information to the user, wherein the information sink comprises sufficient logic to prevent it from persistently storing said one or more keys received from an information manager.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein said set of information is purged from the system without requiring that the encrypted form of said set of information be deleted from the one or more repositories.
  - 3. The method of claim 1, wherein said set of information is stored in the one or more repositories only in encrypted form.
  - 4. The method of claim 1, wherein said one or more keys comprises a symmetrically paired set of keys.
  - 5. The method of claim 1, further comprising:
    - prior to deletion of said one or more keys, receiving a request from an information sink to render said set of information to a user;
      
      accessing the encrypted form of said set of information from the one or more repositories;
      
      decrypting the encrypted form of said set of information using said one or more keys to derive said set of information; and
      
      providing said set of information to the information sink to render said set of information to the user.
  - 6. The method of claim 5, wherein said set of information is stored in the one or more repositories only in encrypted form, and wherein the encrypted form of said set of information is decrypted only when it is necessary to render said set of information to the user.
  - 7. The method of claim 1, wherein said set of information is stored in the one or more repositories only in encrypted form, and wherein the encrypted form of said set of information is decrypted only when it is necessary to render said set of information to the user.
  - 8. The method of claim 1, wherein purging comprises:
    - determining, based upon an information retention policy, whether said set of information should be purged from the system; and
      
      in response to a determination that said set of information should be purged from the system, purging said set of information from the system by deleting said one or more keys, thereby making said set of information unrenderable.
  - 9. The method of claim 8, wherein said information retention policy is time-based such that said set of information is purged after a certain period of time.
  - 10. The method of claim 8, wherein said information retention policy is condition-based such that said set of information is purged when one or more conditions are satisfied.

11. An apparatus for managing information retention in a system, comprising:
- a mechanism for receiving a set of information into a system;
  
  a mechanism for associating one or more keys with said set of information;
  
  a mechanism for encrypting said set of information using said one or more keys;
  
  a mechanism for storing said set of information in encrypted form into one or more repositories, wherein only the encrypted form of the set of information is persistently stored within the information system and no unencrypted form of the set of information is persistently stored within the information system;
  
  a mechanism for purging said set of information from the system so that said set of information is not available to a user from the system by deleting said one or more keys, thereby making said set of information unrenderable;
  
  a mechanism for receiving prior to deletion of said one or more keys, a request from an information sink to render said set of information to a user;
  
  a mechanism for accessing the encrypted form of said set of information from the one or more repositories;
  
  a mechanism for accessing said one or more keys;
  
  a mechanism for providing the encrypted form of said set of information and said one or more keys to the information sink to enable the information sink to decrypt the encrypted form of said set of information; and
  
  using said one or more keys to render said set of information to the user, wherein the information sink comprises sufficient logic to prevent it from persistently storing said one or more keys received from an information manager.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The apparatus of claim 11, wherein said set of information is purged from the system without requiring that the encrypted form of said set of information be deleted from the one or more repositories.
  - 13. The apparatus of claim 11, wherein said set of information is stored in the one or more repositories only in encrypted form.
  - 14. The apparatus of claim 11, wherein said one or more keys comprises a symmetrically paired set of keys.
  - 15. The apparatus of claim 11, further comprising:
    - a mechanism for receiving, prior to deletion of said one or more keys, a request from an information sink to render said set of information to a user;
      
      a mechanism for accessing the encrypted form of said set of information from the one or more repositories;
      
      a mechanism for decrypting the encrypted form of said set of information using said one or more keys to derive said set of information; and
      
      a mechanism for providing said set of information to the information sink to enable the information sink to render said set of information to the user.
  - 16. The apparatus of claim 15, wherein said set of information is stored in the one or more repositories only in encrypted form, and wherein the encrypted form of said set of information is decrypted only when it is necessary to render said set of information to the user.
  - 17. The apparatus of claim 11, wherein said set of information is stored in the one or more repositories only in encrypted form, and wherein the encrypted form of said set of information is decrypted by the information sink only when it is necessary to render said set of information to the user.
  - 18. The apparatus of claim 11, wherein the mechanism for purging comprises:
    - a mechanism for determining, based upon an information retention policy, whether said set of information should be purged from the system; and
      
      a mechanism for deleting, in response to a determination that said set of information should be purged from the system, said one or more keys, thereby making said set of information unrenderable.
  - 19. The apparatus of claim 18, wherein said information retention policy is time-based such that said set of information is purged after a certain period of time.
  - 20. The apparatus of claim 18, herein said information retention policy is condition-based such that said set of information is purged when one or more conditions are satisfied.

21. A computer readable medium having stored thereon instructions which, when executed by one or more processors, cause the one or more processors to manage information retention in a system, comprising:
- instructions for causing one or more processors to receive a set of information into a system;
  
  instructions for causing one or more processors to associate one or more keys with said set of information;
  
  instructions for causing one or more processors to encrypt said set of information using said one or more keys;
  
  instructions for causing one or more processors to store said set of information in encrypted form into one or more repositories;
  
  wherein only the encrypted form of the set of information is persistently stored within the information system and no unencrypted form of the set of information is persistently stored within the information system, instructions for causing one or more processors to purge said set of information from the system so that said set of information is not available to a user from the system by deleting said one or more keys, thereby making said set of information unrenderable;
  
  instructions for causing one or more processors to receive, prior to deletion of said one or more keys, a request from an information sink to render said set of information to a user;
  
  instructions for causing one or more processors to access the encrypted form of said set of information from the one or more repositories;
  
  instructions for causing one or more processors to access said one or more keys;
  
  instructions for causing one or more processors to provide the encrypted form of said set of information and said one or more keys to the information sink to enable the information sink to decrypt the encrypted form of said set of information; and
  
  instructions for using said one or more keys to render said set of information to the user, wherein the information sink comprises sufficient logic to prevent it from persistently storing said one or more keys received from an information manager.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The computer readable medium of claim 21, wherein said set of information is purged from the system without requiring that the encrypted form of said set of information be deleted from the one or more repositories.
  - 23. The computer readable medium of claim 21, wherein said set of information is stored in the one or more repositories only in encrypted form.
  - 24. The computer readable medium of claim 21, wherein said one or more keys comprises a symmetrically paired set of keys.
  - 25. The computer readable medium of claim 21, further comprising:
    - instructions for causing one or more processors to receive, prior to deletion of said one or more keys, a request from an information sink to render said set of information to a user;
      
      instructions for causing one or more processors to access the encrypted form of said set of information from the one or more repositories;
      
      instructions for causing one or more processors to decrypt the encrypted form of said set of information using said one or more keys to derive said set of information; and
      
      instructions for causing one or more processors to provide said set of information to the information sink to enable the information sink to render said set of information to the user.
  - 26. The computer readable medium of claim 25, wherein said set of information is stored in the one or more repositories only in encrypted form, and wherein the encrypted form of said set of information is decrypted only when it is necessary to render said set of information to the user.
  - 27. The computer readable medium of claim 21, wherein said set of information is stored in the one or more repositories only in encrypted form, and wherein the encrypted form of said set of information is decrypted by the information sink only when it is necessary to render said set of information to the user.
  - 28. The computer readable medium of claim 21, wherein the instructions for causing one or more processors to purge said set of information from the system comprises:
    - instructions for causing one or more processors to determine, based upon an information retention policy, whether said set of information should be purged from the system; and
      
      instructions for causing one or more processors to delete, in response to a determination that said set of information should be purged from the system, said one or more keys, thereby making said set of information unrenderable.
  - 29. The computer readable medium of claim 28, wherein said information retention policy is time-based such that said set of information is purged after a certain period of time.
  - 30. The computer readable medium of claim 28, wherein said information retention policy is condition-based such that said set of information is purged when one or more conditions are satisfied.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Merriam, Charles
Primary Examiner(s)
Vu, Kim
Assistant Examiner(s)
TRUVAN, LEYNNA THANH

Application Number

US09/501,332
Time in Patent Office

1,973 Days
Field of Search

713200-201, 713160-161, 713/171, 713/193, 709223-226, 709/200, 709/201, 709/203, 709/229, 380/201, 380228-229, 380/259, 380277-285, 380 28- 30, 707/100, 707/200, 707/103.R, 707/103, 707/103.Y, 711/100, 711/163
US Class Current

726/5
CPC Class Codes

G06F 11/1448   Management of the data invo...

G06F 16/125   characterised by the use of...

G06F 16/162   Delete operations erasing i...

G06F 2216/09   Obsolescence

Method and system for managing information retention

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

200 Citations

30 Claims

Specification

Use Cases

Quick Links

Others

Method and system for managing information retention

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

200 Citations

30 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others