Secure and private backup storage and processing for trusted computing and data services
First Claim
1. A method for publishing backup data, comprising:
- encrypting, by at least one computing device of a publisher, modification data to form encrypted modification data representing a set of modifications to a data set of the at least one computing device of the publisher, the encrypted modification data formed according to at least one searchable encryption algorithm based on cryptographic key information received from a key generator that generates the cryptographic key information;
transmitting, by the at least one computing device of the publisher, the encrypted modification data to at least one computing device of a backup data service provider for update of synthetic full backup data stored by the at least one computing device of the backup data service provider; and
proving, by the at least one computing device of the publisher, that the at least one computing device of the backup data service provider applied the set of modifications to the synthetic full backup data to update the synthetic full backup data.
2 Assignments
0 Petitions
Accused Products
Abstract
A digital escrow pattern is provided for backup data services including searchable encryption techniques for backup data, such as synthetic full backup data, stored at remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. In one embodiment, an operational synthetic full is maintained with encrypted data as a data service in a cryptographically secure manner that addresses integrity and privacy requirements for external or remote storage of potentially sensitive data. The storage techniques supported include backup, data protection, disaster recovery, and analytics on second copies of primary device data. Some examples of cost-effective cryptographic techniques that can be applied to facilitate establishing a high level of trust over security and privacy of backup data include, but are not limited to, size-preserving encryption, searchable-encryption, or Proof of Application, blind fingerprints, Proof of Retrievability, and others.
107 Citations
23 Claims
-
1. A method for publishing backup data, comprising:
-
encrypting, by at least one computing device of a publisher, modification data to form encrypted modification data representing a set of modifications to a data set of the at least one computing device of the publisher, the encrypted modification data formed according to at least one searchable encryption algorithm based on cryptographic key information received from a key generator that generates the cryptographic key information; transmitting, by the at least one computing device of the publisher, the encrypted modification data to at least one computing device of a backup data service provider for update of synthetic full backup data stored by the at least one computing device of the backup data service provider; and proving, by the at least one computing device of the publisher, that the at least one computing device of the backup data service provider applied the set of modifications to the synthetic full backup data to update the synthetic full backup data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for publishing backup data, comprising:
-
encrypting, by at least one computing device of a publisher, modification data to form encrypted modification data representing a set of modifications to a data set of at least one computing device of the publisher, the encrypted modification data formed according to at least one searchable encryption algorithm based on cryptographic key information received from a key generator that generates the cryptographic key information; and transmitting, by the at least one computing device of the publisher, the encrypted modification data to at least one computing device of a backup data service provider for update of synthetic full backup data stored by the at least one computing device of the backup data service provider, wherein to reduce transmitting redundant data, the transmitting includes fingerprinting at least one data segment represented in the data set to form at least one fingerprint for replacing actual modification data when the at least one data segment is determined to be represented in a local set of fingerprints representing data segments of the data set. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method for subscribing to backup data, comprising:
-
after a failure of data of a data set of at least one computing device of a subscriber, requesting a restore of at least one data item of the data set from a backup data service that maintains synthetic full data corresponding to the data set in a searchably encrypted format; receiving, by the at least one computing device of the subscriber, at least a portion of the at least one data item in an encrypted format from the backup data service; restarting, by the at least one computing device of the subscriber, an application of the at least one computing device of the subscriber based on use of the at least a portion of the at least one data item; and subsequent to restarting the application, receiving any remaining data of the at least one data item not yet received by the at least one computing device of the subscriber. - View Dependent Claims (23)
-
Specification