Archive with timestamps and deletion management
First Claim
1. A method for archiving digital records in a data storage system which protects records from premature deletion and allows the existence and content of a record at a point in time to be proven, while supporting a deletion mechanism which, if applied to the record, does not allow its existence to be proven even if the content is guessed correctly, the method comprising:
- for each record in a set of records;
determining a content fingerprint based on the content of the record;
choosing a number that is distinct from the content fingerprint;
determining a record identifier for the record based at least in part on the number;
storing the record and the number; and
assigning an expiration time to the record, before which time both modification and deletion are prohibited;
selecting a plurality of the set of records;
constructing, using a cryptographic hash, a timestamp fingerprint that is based at least in part on all of the content fingerprints, and all of the record identifiers, of the records of the plurality; and
recording the timestamp fingerprint in a manner that allows both the time of the recording and the value of the timestamp fingerprint at the time of the recording to be later proven;
wherein a client of the data storage system reassigns the expiration time of a one of the plurality of the set of records to a later time but no action taken by the client can cause the expiration time to be changed to an earlier time or cause the one of the plurality to be deleted at an earlier time than the expiration time;
wherein after the expiration time of the one of the plurality of the set of records has passed, the one of the plurality is deleted and the number of the one of the plurality is also deleted; and
wherein, for each record in the set of records, the choosing of the number is done in a manner designed to make it impracticable to reconstruct or guess the number if the number has been deleted.
4 Assignments
0 Petitions
Accused Products
Abstract
A method by which a disk-based distributed data storage system is organized for protecting historical records of stored data entities. The method comprises recording distinct states of an entity, corresponding to different moments of time, as separate entity versions coexisting within the distributed data storage system, and assigning expiration times to the entity versions independently within each of a plurality of storage sites according to a shared a set of rules, before which times deletion is prohibited.
-
Citations
12 Claims
-
1. A method for archiving digital records in a data storage system which protects records from premature deletion and allows the existence and content of a record at a point in time to be proven, while supporting a deletion mechanism which, if applied to the record, does not allow its existence to be proven even if the content is guessed correctly, the method comprising:
-
for each record in a set of records; determining a content fingerprint based on the content of the record; choosing a number that is distinct from the content fingerprint; determining a record identifier for the record based at least in part on the number; storing the record and the number; and assigning an expiration time to the record, before which time both modification and deletion are prohibited; selecting a plurality of the set of records; constructing, using a cryptographic hash, a timestamp fingerprint that is based at least in part on all of the content fingerprints, and all of the record identifiers, of the records of the plurality; and recording the timestamp fingerprint in a manner that allows both the time of the recording and the value of the timestamp fingerprint at the time of the recording to be later proven; wherein a client of the data storage system reassigns the expiration time of a one of the plurality of the set of records to a later time but no action taken by the client can cause the expiration time to be changed to an earlier time or cause the one of the plurality to be deleted at an earlier time than the expiration time; wherein after the expiration time of the one of the plurality of the set of records has passed, the one of the plurality is deleted and the number of the one of the plurality is also deleted; and wherein, for each record in the set of records, the choosing of the number is done in a manner designed to make it impracticable to reconstruct or guess the number if the number has been deleted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
Specification