Intelligent file encryption and secure backup system
First Claim
1. A method implemented in a computer system including a memory, the method comprising:
- hashing a data block in a file comprising one or more data blocks;
encrypting the data block;
including the hash of the data block and encrypted key elements in a header associated with the encrypted data block;
storing the encrypted data block and the header including the hash and the encrypted key elements in a memory on a computer system;
using the hash of the data block in the header associated with the encrypted data block to identify redundant copies of the data block;
receiving a request to access a particular file from the operating system;
identifying the data blocks associated with the particular file, and locations of the data blocks, wherein the locations of the data blocks are on the computer system or on a remote system;
transparently to the operating system, routing a subset of the data blocks responsive to the request through an encryption driver to decrypt the subset of the data blocks using the encrypted key elements prior to providing the requested data blocks to the operating system, thereby enabling the operating system to treat the encrypted data blocks as a readable file;
providing backup system with an incremental backup, in which only those encrypted data blocks which have been changed are backed up;
keeping an older version of the encrypted data block, when a newer version of the encrypted data block is added to the backup system; and
enabling restoration of a prior version of a file from the backup system, to reverse changes made to the file, the restoration using the hash in the header of each of the encrypted data blocks to restore the prior version of the file.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for secure transparent backup and encryption of data including compression, elimination of redundant information, all working integrated whether data is stored locally or shared in networks. When data is shared in networks, several computers may access encrypted objects simultaneously with the same limitations as for non-encrypted objects. The method and apparatus can automatically and invisible take backups and can easily restore any object to the exact content as it existed for a selected point in time using a snapshot capability in combination with the user interface described that has its focus on making the use very easy for the end user. The invention offers security and performance enhancements when used with tables containing approved hashes for executables and other objects based on company policy and virus scanning. Specific objects may also be easily detected even if they are encrypted.
118 Citations
20 Claims
-
1. A method implemented in a computer system including a memory, the method comprising:
-
hashing a data block in a file comprising one or more data blocks; encrypting the data block; including the hash of the data block and encrypted key elements in a header associated with the encrypted data block; storing the encrypted data block and the header including the hash and the encrypted key elements in a memory on a computer system; using the hash of the data block in the header associated with the encrypted data block to identify redundant copies of the data block; receiving a request to access a particular file from the operating system; identifying the data blocks associated with the particular file, and locations of the data blocks, wherein the locations of the data blocks are on the computer system or on a remote system; transparently to the operating system, routing a subset of the data blocks responsive to the request through an encryption driver to decrypt the subset of the data blocks using the encrypted key elements prior to providing the requested data blocks to the operating system, thereby enabling the operating system to treat the encrypted data blocks as a readable file; providing backup system with an incremental backup, in which only those encrypted data blocks which have been changed are backed up; keeping an older version of the encrypted data block, when a newer version of the encrypted data block is added to the backup system; and enabling restoration of a prior version of a file from the backup system, to reverse changes made to the file, the restoration using the hash in the header of each of the encrypted data blocks to restore the prior version of the file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. An apparatus comprising:
-
a processor to create one or more blocks from a file, and to hash each data block; the processor to encrypt the one or more data blocks; the processor to insert the hash and encrypted key element into a header associated with the encrypted data block, the hash in the header used to identify redundant copies of the data block and the encrypted key elements used in decrypting the data block; a memory to store the one or more encrypted data blocks and the associated header; an operating system to request the data blocks associated with the file; and an encryption driver to intercept the encrypted data blocks requested by the operating system, and decrypt the encrypted data blocks, using the encrypted key element, transparently to the operating system, allowing the operating system to treat the encrypted data blocks as a readable file; a backup system to provide incremental backup, the backup system to maintain a prior version of an encrypted data block, when an updated version of the data block is received; the processor using the one or more encrypted data blocks in the backup system to restore of a prior version of a file, the file having been divided into the one or more encrypted data blocks, the processor using the hash in the header of each of the plurality of data blocks to restore the prior version of the file. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification