Management of the retention and/or discarding of stored data

US 7,593,532 B2
Filed: 04/22/2004
Issued: 09/22/2009
Est. Priority Date: 04/22/2004
Status: Active Grant

First Claim

Patent Images

1. A method for making data stored in a computer data storage system unrecoverable, comprising:

providing a data storage computer system for storing a data originating from a plurality of files stored by one or more client computers as the stored data, the stored data being stored in permanent storage devices by the data storage computer system;

providing a root key;

providing a first retention key;

providing a first file key;

encrypting a first data file using the first file key;

encrypting the first file key using the first retention key to make a first encrypted file key, and storing the first encrypted file key;

encrypting the first retention key using the root key to make a first encrypted retention key, and storing the encrypted retention key;

encrypting a plurality of additional first data files using a first selected file key for each additional data file;

encrypting each first selected file key by the first retention key to form an encrypted first selected file key, and storing each encrypted first selected file key;

discarding the first data file by destroying the first encrypted file key; and

discarding the plurality of additional first data files by destroying the first encrypted retention key;

using a delete function to mark one or more particular encrypted files of a selected group of files as deleted (hereinafter the deleted files), where each file of the selected group of files is encrypted by a respective file encryption key, each respective file encryption key being encrypted by an old retention key;

recovering one or more respective file encryption key(s) corresponding to one or more particular encrypted file(s) of the selected group of files not marked as deleted by un-encrypting the corresponding one or more respective file encryption key(s) using the old retention key;

re-encrypting the recovered file encryption key(s) using a new retention key; and

discarding the deleted files by destroying the old retention key, while retaining all files of the group of files which were not marked as deleted by retaining the re-encrypted file encryption key(s) and the new retention key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of methods, devices and/or systems for a method of managing the retention and/or discarding of stored data are described.

61 Citations

View as Search Results

23 Claims

1. A method for making data stored in a computer data storage system unrecoverable, comprising:
- providing a data storage computer system for storing a data originating from a plurality of files stored by one or more client computers as the stored data, the stored data being stored in permanent storage devices by the data storage computer system;
  
  providing a root key;
  
  providing a first retention key;
  
  providing a first file key;
  
  encrypting a first data file using the first file key;
  
  encrypting the first file key using the first retention key to make a first encrypted file key, and storing the first encrypted file key;
  
  encrypting the first retention key using the root key to make a first encrypted retention key, and storing the encrypted retention key;
  
  encrypting a plurality of additional first data files using a first selected file key for each additional data file;
  
  encrypting each first selected file key by the first retention key to form an encrypted first selected file key, and storing each encrypted first selected file key;
  
  discarding the first data file by destroying the first encrypted file key; and
  
  discarding the plurality of additional first data files by destroying the first encrypted retention key;
  
  using a delete function to mark one or more particular encrypted files of a selected group of files as deleted (hereinafter the deleted files), where each file of the selected group of files is encrypted by a respective file encryption key, each respective file encryption key being encrypted by an old retention key;
  
  recovering one or more respective file encryption key(s) corresponding to one or more particular encrypted file(s) of the selected group of files not marked as deleted by un-encrypting the corresponding one or more respective file encryption key(s) using the old retention key;
  
  re-encrypting the recovered file encryption key(s) using a new retention key; and
  
  discarding the deleted files by destroying the old retention key, while retaining all files of the group of files which were not marked as deleted by retaining the re-encrypted file encryption key(s) and the new retention key.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, further comprising:
    - encrypting a second data file using a second file key;
      
      encrypting the second file key using a second retention key to make a second encrypted file key, and storing the second encrypted file key;
      
      encrypting the second retention key using the root key to make a second encrypted retention key, and storing the second encrypted retention key; and
      
      discarding the second data file by destroying the second encrypted file key.
  - 3. The method of claim 2, further comprising:
    - discarding the second data file by destroying the second encrypted retention key.
  - 4. The method of claim 2, further comprising:
    - discarding the first data file, the plurality of additional first data files, and the second data file by destroying the root key.

5. A method for operating a computer data storage system, comprising:
- providing a plurality of file keys, each file key of the plurality of file keys used to encrypt at least one data file, and storing the at least one data file on a data storage device;
  
  providing a plurality of retention keys, each retention key used to encrypt selected ones of the file keys;
  
  providing a root key, the root key used to encrypt each retention key of the plurality of retention keys to make an encrypted retention key of each of the plurality of retention keys, and storing each of the encrypted retention keys;
  
  using the encrypted file key to both encrypt the data file and decrypt the data file after the encrypted file key is decrypted by its retention key;
  
  decrypting the encrypted file key by its retention key after the retention key is decrypted by the root key;
  
  discarding one or more data files by discarding at least one encrypted key which must be decrypted in order to decrypt the data file;
  
  using a delete function to mark one or more particular encrypted files of a selected group of files as deleted (hereinafter the deleted files), where each file of the selected group of files is encrypted by a respective file encryption key, each respective file encryption key being encrypted by an old retention key;
  
  recovering one or more respective file encryption key(s) corresponding to one or more particular encrypted file(s) of the selected group of files not marked as deleted by un-encrypting the corresponding one or more respective file encryption key(s) using the old retention key;
  
  re-encrypting the recovered file encryption key(s) using a new retention key; and
  
  discarding the deleted files by destroying the old retention key, while retaining all files of the group of files which were not marked as deleted by retaining the re-encrypted file encryption key(s) and the new retention key.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13)
- - 6. The method of claim 5, further comprising:
    - storing the encrypted retention keys in a storage media separate from the data storage device.
  - 7. The method of claim 5, further comprising:
    - discarding an encrypted key by physically destroying a data storage media on which the encrypted key is stored.
  - 8. The method of claim 5, further comprising:
    - discarding an encrypted key by deleting the encrypted key from a computer storage media, where the deletion renders the encrypted key not recoverable.
  - 9. The method of claim 5, further comprising:
    - discarding an encrypted key by changing a key which must be decrypted in order to decrypt the encrypted key.
  - 10. The method of claim 5, further comprising:
    - maintaining a file structure, and storing in the file structure an encrypted file and an encrypted file key used to encrypt the encrypted file, the file structure stored on the data storage device.
  - 11. The method of claim 10, further comprising:
    - storing the encrypted retention keys on a media separate from the data storage device.
  - 12. The method of claim 11, further comprising:
    - maintaining the media so that the encrypted retention key may be destroyed.
  - 13. The method of claim 11, further comprising:
    - maintaining the media so that the media may be easily destroyed.

14. A computer data storage system apparatus, comprising:
- a data storage device;
  
  a processor configured to execute software to,provide a plurality of file keys, each file key of the plurality of file keys used to encrypt at least one data file, and storing the at least one data file on the data storage device;
  
  provide a plurality of retention keys, each retention key used to encrypt selected ones of the file keys;
  
  provide a root key, the root key used to encrypt each retention key of the plurality of retention keys to make an encrypted retention key of each of the plurality of retention keys, and storing each of the encrypted retention keys;
  
  use the encrypted file key to both encrypt the data file and decrypt the data file after the encrypted file key is decrypted by its retention key;
  
  decrypt the encrypted file key by its retention key after the retention key is decrypted by the root key;
  
  discard one or more data files by discarding at least one encrypted key which must be decrypted in order to decrypt the data file;
  
  use a delete function to mark one or more particular encrypted files of a selected group of files as deleted (hereinafter the deleted files), where each file of the selected group of files is encrypted by a respective file encryption key, each respective file encryption key being encrypted by an old retention key;
  
  recover one or more respective file encryption key(s) corresponding to one or more particular encrypted file(s) of the selected group of files not marked as deleted by un-encrypting the corresponding one or more respective file encryption key(s) using the old retention key;
  
  re-encrypt the recovered file encryption key(s) using a new retention key; and
  
  discard the deleted files by destroying the old retention key, while retaining all files of the group of files which were not marked as deleted by retaining the re-encrypted file encryption key(s) and the new retention key.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. The apparatus as in claim 14, further comprising:
    - the processor adapted to store the encrypted retention keys in a storage media separate from the data storage device.
  - 16. The apparatus as in claim 14, further comprising:
    - physically destroying a data storage media on which the encrypted key is stored to discard the encrypted key.
  - 17. The apparatus as in claim 14, further comprising:
    - the processor adapted to discard an encrypted key by deleting the encrypted key from a computer storage media, where the deletion renders the encrypted key not recoverable.
  - 18. The apparatus as in claim 14, further comprising:
    - the processor adapted to discard an encrypted key by changing a key which must be decrypted in order to decrypt the encrypted key.
  - 19. The apparatus as in claim 14, further comprising:
    - the processor adapted to maintain a file structure, and to store in the file structure an encrypted file and an encrypted file key used to encrypt the encrypted file, the file structure stored on the data storage device.
  - 20. The apparatus as in claim 19, further comprising:
    - the processor adapted to store the encrypted retention keys on a media separate from the data storage device.
  - 21. The apparatus as in claim 20, further comprising:
    - the processor adapted to maintain the media so that the encrypted retention key may be destroyed.
  - 22. The apparatus as in claim 20, further comprising:
    - the media used for storing the encrypted retention key may be destroyed.

23. A computer readable storage media, comprising:
- said computer readable storage media containing instructions for execution on a processor for a method of operating a computer data storage system, having,providing a plurality of file keys, each file key of the plurality of file keys used to encrypt at least one data file, and storing the at least one data file on a data storage device;
  
  providing a plurality of retention keys, each retention key used to encrypt selected ones of the file keys;
  
  providing a root key, the root key used to encrypt each retention key of the plurality of retention keys to make an encrypted retention key of each of the plurality of retention keys, and storing each of the encrypted retention keys;
  
  using the encrypted file key to both encrypt the data file and decrypt the data file after the encrypted file key is decrypted by its retention key;
  
  decrypting the encrypted file key by its retention key after the retention key is decrypted by the root key; and
  
  discarding one or more data files by discarding at least one encrypted key which must be decrypted in order to decrypt the data file;
  
  using a delete function to mark one or more particular encrypted files of a selected group of files as deleted (hereinafter the deleted files), where each file of the selected group of files is encrypted by a respective file encryption key, each respective file encryption key being encrypted by an old retention key;
  
  recovering one or more respective file encryption key(s) corresponding to one or more particular encrypted file(s) of the selected group of files not marked as deleted by un-encrypting the corresponding one or more respective file encryption key(s) using the old retention key;
  
  re-encrypting the recovered file encryption key(s) using a new retention key; and
  
  discarding the deleted files by destroying the old retention key, while retaining all files of the group of files which were not marked as deleted by retaining the re-encrypted file encryption key(s) and the new retention key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Decru Incorporated (NetApp, Inc.)
Original Assignee
NetApp, Inc.
Inventors
Brown, Kevin, Plotkin, Serge, Bojinov, Hristo Iankov
Primary Examiner(s)
Pich; Ponnoreay

Application Number

US10/830,580
Publication Number

US 20050238175A1
Time in Patent Office

1,979 Days
Field of Search

380/45, 380/281, 380/284
US Class Current

380/284
CPC Class Codes

H04L 9/0836 using tree structure or hie...

H04L 9/0894 Escrow, recovery or storing...

Management of the retention and/or discarding of stored data

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

61 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Management of the retention and/or discarding of stored data

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links