Discarding sensitive data from persistent point-in-time image
First Claim
Patent Images
1. A method comprising:
- encrypting an Active File System (AFS) with a corresponding encryption key;
generating a new encryption key in response to creating a Persistent Point-in- time Image (PPI) of the AFS, wherein data written to the AFS after the PPI is created is encrypted with the new encryption key;
identifying data to be discarded and data not to be discarded, the data to be discarded being read-only, encrypted with a first encryption key, and selected from a first plurality of datasets included in a first PPI;
determining whether to re-encrypt a portion of datasets in the AFS corresponding to a subset of the first plurality of datasets in the first PPI by comparing the first plurality of datasets with the AFS to determine whether the AFS references the subset both encrypted with the first encryption key and corresponding to the data not to be discarded;
decrypting each dataset of the subset corresponding to ˜
the data not to be discarded, with the first encryption key;
re-encrypting each of the decrypted datasets of the first PPI with the new encryption key;
in response to determining whether to re-encrypt the portion of datasets in the AFS corresponding to the subset of the first plurality of datasets in the first PPI, copying each of the re-encrypted datasets of the first PPI to the AFS; and
shredding the first encryption key to render the data to be discarded unrecoverable.
1 Assignment
0 Petitions
Accused Products
Abstract
A network storage server implements a method to discard sensitive data from a Persistent Point-In-Time Image (PPI). The server first efficiently identifies a dataset containing the sensitive data from a plurality of datasets managed by the PPI. Each of the plurality of datasets is read-only and encrypted with a first encryption key. The server then decrypts each of the plurality of datasets, except the dataset containing the sensitive data, with the first encryption key. The decrypted datasets are re-encrypted with a second encryption key, and copied to a storage structure. Afterward, the first encryption key is shredded.
-
Citations
22 Claims
-
1. A method comprising:
-
encrypting an Active File System (AFS) with a corresponding encryption key; generating a new encryption key in response to creating a Persistent Point-in- time Image (PPI) of the AFS, wherein data written to the AFS after the PPI is created is encrypted with the new encryption key; identifying data to be discarded and data not to be discarded, the data to be discarded being read-only, encrypted with a first encryption key, and selected from a first plurality of datasets included in a first PPI; determining whether to re-encrypt a portion of datasets in the AFS corresponding to a subset of the first plurality of datasets in the first PPI by comparing the first plurality of datasets with the AFS to determine whether the AFS references the subset both encrypted with the first encryption key and corresponding to the data not to be discarded; decrypting each dataset of the subset corresponding to ˜
the data not to be discarded, with the first encryption key;re-encrypting each of the decrypted datasets of the first PPI with the new encryption key; in response to determining whether to re-encrypt the portion of datasets in the AFS corresponding to the subset of the first plurality of datasets in the first PPI, copying each of the re-encrypted datasets of the first PPI to the AFS; and shredding the first encryption key to render the data to be discarded unrecoverable. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method, comprising:
-
creating a Persistent Point-in-time Image (PPI) based on an Active File System (AFS), wherein the AFS references a plurality of datasets each of which is encrypted with a corresponding encryption key, and the PPI provides read-only references to the plurality of datasets; generating a new encryption key in response to the creation of the PPI, wherein the new encryption key is to encrypt newly allocated datasets in the AFS; in response to a user request to discard sensitive data stored in a dataset included in a first PPI encrypted with a first encryption key; determining whether to re-encrypt a portion of the AFS by comparing the first PPI with the AFS to determine whether the AFS references data, other than the sensitive data in the first PPI, that is encrypted with the first encryption key; in response to determining whether to re-encrypt the portion of the AFS, re-keying the data referenced by the AFS, other than the sensitive data, with the new encryption key; writing the re-keyed data to the AFS; and shredding the first encryption key to render the sensitive data unrecoverable. - View Dependent Claims (8, 9)
-
-
10. A method to discard a dataset, comprising:
-
encrypting an Active File System (AFS) with a first encryption key; generating a new encryption key in response to creating a Persistent Point-in- time Image (PPI) of the AFS, wherein data written to the AFS after the PPI is created is encrypted with the new encryption key; identifying data to be discarded, wherein the data to be discarded is read-only and is encrypted with the first encryption key; identifying a first PPI referencing the data to be discarded, wherein the first PPI references a plurality of datasets each of which is read-only and encrypted with the first encryption key; determining whether to re-encrypt a portion of the AFS by comparing the first PPI referencing the data to be discarded with the AFS to identify a subset of datasets referenced by the first PPI and the AFS, wherein the data to be discarded identified in the first PPI is not part of the subset, and each dataset in the subset is encrypted with the first encryption key; decrypting each dataset of the subset with the first encryption key; encrypting each dataset of the subset with the new encryption key; in response to determining whether to re-encrypt the portion of the AFS, writing each re-encrypted dataset of the subset to the AFS; and shredding the first encryption key to render the data to be discarded unrecoverable. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A storage server system comprising:
-
a network interface through which to receive data access requests from a plurality of storage clients; a storage interface through which to communicate with a storage facility that stores one or more Persistent Point-in-time Images (PPIs) and an Active File System (AFS), wherein each of the PPIs is created from the AFS and references a corresponding plurality of datasets on the storage facility, each of the corresponding plurality of datasets being read-only; a processor; and a machine-readable medium that stores instructions which, when executed by the processor, cause the processor to perform a process comprising; encrypting an Active File System (AFS); generating a new encryption key in response to creating a Persistent Point-in-time Image (PPI) of the AFS, wherein data written to the AFS after the PPI is created is encrypted with the new encryption key; identifying all PPIs referencing data to be discarded, wherein the data to be discarded is encrypted with a first encryption key; for each of the identified PPIs, determining whether to re-encrypt the portion of the AFS by comparing an identified PPI with the AFS to identify a subset of datasets referenced by the identified PPI and the AFS, wherein the data to be discarded referenced in the identified PPI is not part of the subset, and each dataset of the subset is encrypted with the first encryption key; decrypting each dataset of the subset with the first encryption key; encrypting each dataset of the subset with the new encryption key uniquely associated with the AFS; in response to determining whether to re-encrypt a portion of the AFS, writing each re-encrypted dataset of the subset to the AFS; and shredding the first encryption key. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A data storage system, comprising:
-
a storage unit that stores one or more Persistent Point-in-time Images (PPIs) and an Active File System (AFS), wherein each of the PPIs is created from the AFS and references a corresponding plurality of datasets on the storage unit, each of the corresponding plurality of datasets being read-only; an encryption engine to encrypt the AFS with a corresponding encryption key, generate a new encryption key in response to the creation of a PPI, wherein data written to the AFS after the PPI is created is encrypted with the new encryption key, and to decrypt a dataset with the dataset'"'"'s corresponding encryption key in response to a request for the dataset; and wherein, in response to a request to discard sensitive data referenced by a first PPI and stored in a dataset that is encrypted with a first encryption key, the encryption engine; determines whether to re-encrypt the portion of the AFS by comparing the first PPI with the AFS to identify a subset of the plurality of datasets in the AFS wherein the subset does not include the sensitive data referenced in the first PPI; decrypts the subset of the plurality of datasets using the first encryption key; re-encrypts the subset of the plurality of datasets with a second encryption key; and in response to determining whether to re-encrypt a portion of the AFS, writing each re-encrypted dataset of the subset of the plurality of datasets to the AFS. - View Dependent Claims (21, 22)
-
Specification