System and method for efficiently deleting a file from secure storage served by a storage system

US 8,397,083 B1
Filed: 08/23/2006
Issued: 03/12/2013
Est. Priority Date: 08/23/2006
Status: Active Grant

First Claim

Patent Images

1. A method for efficiently deleting a data container from a cryptainer configured to store a plurality of data containers served by a storage system having a processor, the method comprising:

designating a region of storage space of the storage system as the cryptainer configured to store the plurality of data containers;

storing, by a security appliance, a data container encryption key associated with each data container of the plurality of data containers within a metadata portion of each data container, wherein the data container includes the metadata portion and a data portion;

encrypting, by the security appliance, the data portion of each data container with the associated data container encryption key stored within the metadata portion of each data container of the plurality of data containers;

encrypting, by the security appliance, each data container encryption key stored within the metadata portion of each data container with a first secure storage key, stored in a lifetime key management server, associated with the cryptainer that stores the plurality of data containers;

initiating deletion of a specified data container of the plurality of data containers stored on the cryptainer;

deleting, by the security appliance, a first data container encryption key associated with the specified data container;

re-keying, by the security appliance, each metadata portion of all other data containers stored in the cryptainer using a second secure storage key associated with the cryptainer; and

deleting, by the security appliance and lifetime key management server, the first secure storage key to thereby delete the specified data container from the cryptainer.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method efficiently deletes a file from secure storage, i.e., a cryptainer, served by a storage system. The cryptainer is configured to store a plurality of files, each of which stores an associated file key within a special metadata portion of the file. Notably, special metadata is created by a security appliance coupled to the storage system and attached to each file to thereby create two portions of the file: the special metadata portion and the main, “file data” portion. The security appliance then stores the file key within the specially-created metadata portion of the file. A cryptainer key is associated with the cryptainer. Each file key is used to encrypt the file data portion within its associated file and the cryptainer key is used to encrypt the part of the special metadata portion of each file. To delete the file from the cryptainer, the file key of the file is deleted and the special metadata portions of all other files stored in the cryptainer are re-keyed using a new cryptainer key. Thereafter, the “old” cryptainer key is deleted.

101 Citations

View as Search Results

17 Claims

1. A method for efficiently deleting a data container from a cryptainer configured to store a plurality of data containers served by a storage system having a processor, the method comprising:
- designating a region of storage space of the storage system as the cryptainer configured to store the plurality of data containers;
  
  storing, by a security appliance, a data container encryption key associated with each data container of the plurality of data containers within a metadata portion of each data container, wherein the data container includes the metadata portion and a data portion;
  
  encrypting, by the security appliance, the data portion of each data container with the associated data container encryption key stored within the metadata portion of each data container of the plurality of data containers;
  
  encrypting, by the security appliance, each data container encryption key stored within the metadata portion of each data container with a first secure storage key, stored in a lifetime key management server, associated with the cryptainer that stores the plurality of data containers;
  
  initiating deletion of a specified data container of the plurality of data containers stored on the cryptainer;
  
  deleting, by the security appliance, a first data container encryption key associated with the specified data container;
  
  re-keying, by the security appliance, each metadata portion of all other data containers stored in the cryptainer using a second secure storage key associated with the cryptainer; and
  
  deleting, by the security appliance and lifetime key management server, the first secure storage key to thereby delete the specified data container from the cryptainer.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 wherein re-keying comprises:
    - generating the second secure storage key;
      
      decrypting each of the encrypted metadata portions of all other data containers with the first secure storage key; and
      
      encrypting each of the decrypted metadata portions of the all other data containers with the second secure storage key.
  - 3. The method of claim 2 wherein the first secure storage key and the second secure storage key are cryptainer keys, and wherein the data container is a file and the data container encryption key is a file key.
  - 4. The method of claim 3 wherein encrypting the metadata portion of each file comprises encrypting all of the metadata portion except a file key package.

5. A system configured to efficiently delete a data container from a cryptainer configured to store a plurality of data containers served by a storage system having a processor, the system comprising:
- a key management server configured to manage keys used to encrypt and decrypt data stored on the cryptainer of a region of storage space configured to store a plurality of data containers, the key management server having a key database configured to store a first secure storage key associated with the cryptainer; and
  
  a security appliance coupled to the key management server and the storage system, the security appliance configured to store a data container encryption key associated with each data container of the plurality of data containers within a metadata portion of each data container, encrypt a data portion of each data container with the associated data container encryption key stored in the metadata portion, and encrypt the metadata portion of each data container using the first secure storage key, the security appliance further configured to delete a first data container encryption key associated with a specified data container, re-key the metadata portion of all other data containers stored within the cryptainer using a second secure storage key associated with the cryptainer, and cooperate with the key management server to delete the first secure storage key to thereby delete the specified data container from the cryptainer.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 6. The system of claim 5 wherein each data container encryption key comprises a number which, when taken together with an encryption algorithm, defines a unique transformation used to encrypt or decrypt data.
  - 7. The system of claim 5 wherein the first secure storage key and the second secure storage key are cryptainer key.
  - 8. The system of claim 7 wherein each cryptainer key contains an encryption section and a signature section.
  - 9. The system of claim 7 wherein the metadata portion of each data container includes a cryptainer identifier field and a file key field.
  - 10. The system of claim 9 wherein the cryptainer identifier field and the file key field together form a file key package.
  - 11. The system of claim 9 wherein the cryptainer identifier field contains an identifier of the cryptainer key.
  - 12. The system of claim 9 wherein the file key field contains a specific encryption key.
  - 13. The system of claim 12 wherein the data container encryption key is encrypted and signed with its own identifier to form an encrypted file key package.
  - 14. The system of claim 13 wherein the encrypted file key package comprises a format field followed by an identifier field that includes an identifier, as well as policy and key type information.
  - 15. The system of claim 14 wherein the encrypted file key package further comprises an encrypted file key and a signature.

16. A non-transitory computer readable medium containing executable program instructions executed by a processor, comprising:
- program instructions that designate a region of storage space of a storage system as a cryptainer to store a plurality of data container;
  
  program instructions that store a data container encryption key associated with each data container of a plurality of data containers within a metadata portion of each data container, wherein the data container includes the metadata portion and a data portion;
  
  program instructions that encrypt the data portion of each data container with the associated data container encryption key stored within the metadata portion of each data container;
  
  program instructions that encrypt each data container encryption key stored within the metadata portion of each data container with a first secure storage key, stored in a lifetime key management server, associated with the cryptainer that stores the plurality of data containers;
  
  program instructions that initiate deletion of a specified data container of the plurality of data containers stored on the cryptainer;
  
  program instructions that delete a first data container encryption key associated with a specified data container;
  
  program instructions that re-key each metadata portion of all other data containers stored within the cryptainer using a second secure storage key associated with the cryptainer; and
  
  program instructions that delete the first secure storage key to thereby delete the specified data container from within the cryptainer.
- View Dependent Claims (17)
- - 17. The non-transitory computer readable medium of claim 16 wherein the program instructions that re-key comprise program instructions that:
    - generate the second secure storage key;
      
      decrypt each of the encrypted metadata portions of all other data containers with the first secure storage key; and
      
      encrypt each of the decrypted metadata portions of all other data containers with the second secure storage key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NetApp, Inc.
Original Assignee
NetApp, Inc.
Inventors
Sussland, Robert Jan, Chang, Lawrence Wen-Hao, Subramanian, Ananthan
Primary Examiner(s)
Truong, Thanhnga B
Assistant Examiner(s)
Jeudy, Josnel

Application Number

US11/508,430
Time in Patent Office

2,393 Days
Field of Search

713150-154, 713189-194, 713160-167, 707100-103, 380277-286, 380 44- 47, 709246-249
US Class Current

713/193
CPC Class Codes

H04L 2463/062   applying encryption of the ...

H04L 63/0478   applying multiple layers of...

H04L 63/062   for key distribution, e.g. ...

H04L 63/102   Entity profiles

H04L 67/1097   for distributed storage of ...

H04L 9/0894   Escrow, recovery or storing...

System and method for efficiently deleting a file from secure storage served by a storage system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

101 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

System and method for efficiently deleting a file from secure storage served by a storage system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

101 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others