Electronic backup and restoration of encrypted data
First Claim
Patent Images
1. A method comprising:
- receiving a first request to generate a first backup of an encrypted source disk image;
identifying the encrypted source disk image to be included in a backup operation, the encrypted source disk image having data encrypted with a first key, wherein the first key is protected using at least a user password, and the encrypted source disk image is decryptable by an authenticated user;
encrypting the encrypted data of the encrypted source disk image with a second key to form an encrypted backup disk image;
encrypting the second key with a randomly generated password to form an encrypted second key;
receiving a second request to generate a second backup of the encrypted source disk image;
decrypting the encrypted second key using the randomly generated password to obtain a decrypted second key in response to receiving the second request;
decrypting the encrypted backup disk image using the decrypted second key to form a decrypted backup disk image;
storing additional backup data in the decrypted backup encrypted disk image; and
encrypting the decrypted backup encrypted disk image, including the additional backup data, using the decrypted second key,wherein the encrypted backup disk image includes a first header including one or more encrypted versions of the first key and a second header including one or more encryptions of the second key; and
wherein each of the one or more encryptions of the first key being protected by respective first passwords, and each of the one or more encryptions of the second key being protected by respective second passwords, where the second passwords include the randomly generated password.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods are provided for storing and restoring digital data. In some implementations, a method is provided. The method includes identifying an encrypted source disk image to be included in a backup operation, the encrypted disk image being encrypted with a first key and generating an encrypted backup disk image, the encrypted backup disk image being encrypted with a second key protected with a randomly generated password. Other embodiments of this aspect include corresponding systems, apparatus, computer program products, and computer readable media.
237 Citations
19 Claims
-
1. A method comprising:
-
receiving a first request to generate a first backup of an encrypted source disk image; identifying the encrypted source disk image to be included in a backup operation, the encrypted source disk image having data encrypted with a first key, wherein the first key is protected using at least a user password, and the encrypted source disk image is decryptable by an authenticated user; encrypting the encrypted data of the encrypted source disk image with a second key to form an encrypted backup disk image; encrypting the second key with a randomly generated password to form an encrypted second key; receiving a second request to generate a second backup of the encrypted source disk image; decrypting the encrypted second key using the randomly generated password to obtain a decrypted second key in response to receiving the second request; decrypting the encrypted backup disk image using the decrypted second key to form a decrypted backup disk image; storing additional backup data in the decrypted backup encrypted disk image; and encrypting the decrypted backup encrypted disk image, including the additional backup data, using the decrypted second key, wherein the encrypted backup disk image includes a first header including one or more encrypted versions of the first key and a second header including one or more encryptions of the second key; and wherein each of the one or more encryptions of the first key being protected by respective first passwords, and each of the one or more encryptions of the second key being protected by respective second passwords, where the second passwords include the randomly generated password. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system comprising:
-
a processor; and a memory storing computer executable instructions that, when executed by the processor, cause the processor to perform the steps of; receiving a first request to generate a first backup of an encrypted source disk image; identifying the encrypted source disk image to be included in a backup operation, the encrypted source disk image having data encrypted with a first key, wherein the first key is protected using at least a user password, and the encrypted source disk image is decryptable by an authenticated user; encrypting the encrypted data of the encrypted source disk image with a second key to form an encrypted backup disk image; encrypting the second key with a randomly generated password to form an encrypted second key; receiving a second request to generate a second backup of the encrypted source disk image; decrypting the encrypted second key using the randomly generated password to obtain a decrypted second key in response to receiving the second request; decrypting the encrypted backup disk image using the decrypted second key to form a decrypted backup disk image; storing additional backup data in the decrypted backup encrypted disk image; and encrypting the decrypted backup encrypted disk image, including the additional backup data, using the decrypted second key, wherein the encrypted backup disk image includes a first header including one or more encrypted versions of the first key and a second header including one or more encryptions of the second key; and wherein each of the one or more encryptions of the first key being protected by respective first passwords, and each of the one or more encryptions of the second key being protected by respective second passwords, where the second passwords include the randomly generated password.
-
-
19. A computer program product, stored on a non-transitory computer readable storage medium, that when executed by a data processing apparatus, cause the data processing apparatus to perform the operations comprising:
-
receiving a first request to generate a first backup of an encrypted source disk image; identifying the encrypted source disk image to be included in a backup operation, the encrypted source disk image having data encrypted with a first key, wherein the first key is protected using at least a user password, and the encrypted source disk image is decryptable by an authenticated user; encrypting the encrypted data of the encrypted source disk image with a second key to form an encrypted backup disk image; encrypting the second key with a randomly generated password to form an encrypted second key; receiving a second request to generate a second backup of the encrypted source disk image; decrypting the encrypted second key using the randomly generated password to obtain a decrypted second key in response to receiving the second request; decrypting the encrypted backup disk image using the decrypted second key to form a decrypted backup disk image; storing additional backup data in the decrypted backup encrypted disk image; and encrypting the decrypted backup encrypted disk image, including the additional backup data, using the decrypted second key, wherein the encrypted backup disk image includes a first header including one or more encrypted versions of the first key and a second header including one or more encryptions of the second key; and wherein each of the one or more encryptions of the first key being protected by respective first passwords, and each of the one or more encryptions of the second key being protected by respective second passwords, where the second passwords include the randomly generated password.
-
Specification