Electronic backup and restoration of encrypted data

US 8,429,425 B2
Filed: 06/08/2007
Issued: 04/23/2013
Est. Priority Date: 06/08/2007
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a first request to generate a first backup of an encrypted source disk image;

identifying the encrypted source disk image to be included in a backup operation, the encrypted source disk image having data encrypted with a first key, wherein the first key is protected using at least a user password, and the encrypted source disk image is decryptable by an authenticated user;

encrypting the encrypted data of the encrypted source disk image with a second key to form an encrypted backup disk image;

encrypting the second key with a randomly generated password to form an encrypted second key;

receiving a second request to generate a second backup of the encrypted source disk image;

decrypting the encrypted second key using the randomly generated password to obtain a decrypted second key in response to receiving the second request;

decrypting the encrypted backup disk image using the decrypted second key to form a decrypted backup disk image;

storing additional backup data in the decrypted backup encrypted disk image; and

encrypting the decrypted backup encrypted disk image, including the additional backup data, using the decrypted second key,wherein the encrypted backup disk image includes a first header including one or more encrypted versions of the first key and a second header including one or more encryptions of the second key; and

wherein each of the one or more encryptions of the first key being protected by respective first passwords, and each of the one or more encryptions of the second key being protected by respective second passwords, where the second passwords include the randomly generated password.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided for storing and restoring digital data. In some implementations, a method is provided. The method includes identifying an encrypted source disk image to be included in a backup operation, the encrypted disk image being encrypted with a first key and generating an encrypted backup disk image, the encrypted backup disk image being encrypted with a second key protected with a randomly generated password. Other embodiments of this aspect include corresponding systems, apparatus, computer program products, and computer readable media.

237 Citations

19 Claims

1. A method comprising:
- receiving a first request to generate a first backup of an encrypted source disk image;
  
  identifying the encrypted source disk image to be included in a backup operation, the encrypted source disk image having data encrypted with a first key, wherein the first key is protected using at least a user password, and the encrypted source disk image is decryptable by an authenticated user;
  
  encrypting the encrypted data of the encrypted source disk image with a second key to form an encrypted backup disk image;
  
  encrypting the second key with a randomly generated password to form an encrypted second key;
  
  receiving a second request to generate a second backup of the encrypted source disk image;
  
  decrypting the encrypted second key using the randomly generated password to obtain a decrypted second key in response to receiving the second request;
  
  decrypting the encrypted backup disk image using the decrypted second key to form a decrypted backup disk image;
  
  storing additional backup data in the decrypted backup encrypted disk image; and
  
  encrypting the decrypted backup encrypted disk image, including the additional backup data, using the decrypted second key,wherein the encrypted backup disk image includes a first header including one or more encrypted versions of the first key and a second header including one or more encryptions of the second key; and
  
  wherein each of the one or more encryptions of the first key being protected by respective first passwords, and each of the one or more encryptions of the second key being protected by respective second passwords, where the second passwords include the randomly generated password.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, where identifying the encrypted source disk image includes identifying data encrypted with the first key.
  - 3. The method of claim 2, where the first passwords include a user password and a system password.
  - 4. The method of claim 1, where the second passwords also include a user password and a system password corresponding to passwords used to protect an encryption of the first key of the encrypted source disk image.
  - 5. The method of claim 1, further comprising:
    - performing a next backup of data on the encrypted disk image, including;
      
      using the randomly generated password to access the encrypted backup disk image;
      
      storing additional backup data in the backup disk image from the encrypted disk image; and
      
      encrypting data in the backup disk image including the additional backup data.
  - 6. The method of claim 5, where the backup data includes at least one view of a source disk image.
  - 7. The method of claim 5, further comprising:
    - receiving an input to display a history view, the history view including one or more views of the source disk image;
      
      decrypting the backup encrypted disk image; and
      
      presenting the history view, the history view including one or more visual representations corresponding to the views of the source disk image.
  - 8. The method of claim 7, further comprising:
    - receiving a selection of an item presented in the history view for restoration; and
      
      restoring the selected item including copying the item from the backup disk image to the source disk image.
  - 9. The method of claim 1, further comprising:
    - identifying data from a backup disk image on a backup device to restore a previous encrypted disk image of a storage device as a restored encrypted disk image, an encryption key of the previous encrypted disk image having been protected using an existing user password, the backup disk image being encrypted using a first encryption key and the backup disk image being associated with a particular user, the backup disk image including one or more versions corresponding to a source disk image;
      
      accessing the backup disk image using the randomly generated password;
      
      copying using a computer system a version of the one or more versions of the backup disk image as the restored encrypted disk image on the storage device, where the restored encrypted disk image is encrypted using a second different encryption key and includes a header having multiple encryptions of the second encryption key, each encryption of the second encryption key being protected with respective passwords including a respective temporary password associated with the user, the temporary password being used to protect the encryption of the second encryption key when the existing user password is unavailable to the computer system;
      
      capturing the user password, the user password being provided by a user to access the encrypted disk image; and
      
      replacing the temporary password with the captured user password and using the captured user password to provide access to the restored encrypted disk image including;
      
      using the temporary password to decrypt the second encryption key, andusing the captured user password to encrypt the second encryption key.
  - 10. The method of claim 9, further comprising:
    - storing the temporary password in a system keychain.
  - 11. The method of claim 10, further comprising:
    - identifying the temporary password in the system keychain corresponding to the user.
  - 12. The method of claim 11, where encrypting the second encryption key with the captured user password includes removing the key encryption associated with the temporary password from the encryption of the second encryption key.
  - 13. The method of claim 9, where capturing the user password includes:
    - identifying a request from a user for access to the restored encrypted disk image;
      
      prompting a request for a password from the user; and
      
      capturing the password provided by the user.
  - 14. The method of claim 1, wherein storing additional backup data comprises updating backup data stored in the backup disk image.
  - 15. The method of claim 14, further comprising identifying change information associated with an earlier backup operation and only storing additional backup data reflecting the change information.
  - 16. The method of claim 1, wherein the backup data is stored separately within the decrypted backup disk image as a different version of the source disk image, and data can be restored from a particular version.
  - 17. The method of claim 16, further comprising decrypting the encrypted backup disk image to provide an interface that enables a user to navigate views of data in the source disk image versions to identify and restore particular data to the source disk image.

18. A system comprising:
- a processor; and
  
  a memory storing computer executable instructions that, when executed by the processor, cause the processor to perform the steps of;
  
  receiving a first request to generate a first backup of an encrypted source disk image;
  
  identifying the encrypted source disk image to be included in a backup operation, the encrypted source disk image having data encrypted with a first key, wherein the first key is protected using at least a user password, and the encrypted source disk image is decryptable by an authenticated user;
  
  encrypting the encrypted data of the encrypted source disk image with a second key to form an encrypted backup disk image;
  
  encrypting the second key with a randomly generated password to form an encrypted second key;
  
  receiving a second request to generate a second backup of the encrypted source disk image;
  
  decrypting the encrypted second key using the randomly generated password to obtain a decrypted second key in response to receiving the second request;
  
  decrypting the encrypted backup disk image using the decrypted second key to form a decrypted backup disk image;
  
  storing additional backup data in the decrypted backup encrypted disk image; and
  
  encrypting the decrypted backup encrypted disk image, including the additional backup data, using the decrypted second key,wherein the encrypted backup disk image includes a first header including one or more encrypted versions of the first key and a second header including one or more encryptions of the second key; and
  
  wherein each of the one or more encryptions of the first key being protected by respective first passwords, and each of the one or more encryptions of the second key being protected by respective second passwords, where the second passwords include the randomly generated password.

19. A computer program product, stored on a non-transitory computer readable storage medium, that when executed by a data processing apparatus, cause the data processing apparatus to perform the operations comprising:
- receiving a first request to generate a first backup of an encrypted source disk image;
  
  identifying the encrypted source disk image to be included in a backup operation, the encrypted source disk image having data encrypted with a first key, wherein the first key is protected using at least a user password, and the encrypted source disk image is decryptable by an authenticated user;
  
  encrypting the encrypted data of the encrypted source disk image with a second key to form an encrypted backup disk image;
  
  encrypting the second key with a randomly generated password to form an encrypted second key;
  
  receiving a second request to generate a second backup of the encrypted source disk image;
  
  decrypting the encrypted second key using the randomly generated password to obtain a decrypted second key in response to receiving the second request;
  
  decrypting the encrypted backup disk image using the decrypted second key to form a decrypted backup disk image;
  
  storing additional backup data in the decrypted backup encrypted disk image; and
  
  encrypting the decrypted backup encrypted disk image, including the additional backup data, using the decrypted second key,wherein the encrypted backup disk image includes a first header including one or more encrypted versions of the first key and a second header including one or more encryptions of the second key; and
  
  wherein each of the one or more encryptions of the first key being protected by respective first passwords, and each of the one or more encryptions of the second key being protected by respective second passwords, where the second passwords include the randomly generated password.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Ko, Steve, Ulrich, Robert
Primary Examiner(s)
PHAM, LUU T

Application Number

US11/760,615
Publication Number

US 20080307020A1
Time in Patent Office

2,146 Days
Field of Search

707/204, 707/600, 707/610, 713/165, 713/193, 713/182, 380/255, 380/259
US Class Current

713/193
CPC Class Codes

G06F 11/1458   Management of the backup or...

G06F 11/1469   Backup restoration techniques

G06F 21/6209   to a single file or object,...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2107   File encryption

Electronic backup and restoration of encrypted data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

237 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Electronic backup and restoration of encrypted data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

237 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links