Incremental secure backup and restore of user settings and data
First Claim
Patent Images
1. A method of performing a secure full backup of user settings and data, comprising:
- determining a set of objects to be backed up;
creating a manifest including a master encryption key (MEK);
encrypting, using an object encryption key (OEK), each object to be backed up, to form encrypted data;
forming a data stream for each object to be backed up to be sent to a host data processing system;
creating an object map for each object to be backed up, wherein creating the object map comprises;
computing a path hash of the object to be backed up, computing a contents hash of the data stream for the object, and mapping the path hash to the contents hash for the object to be backed up;
updating the manifest with the object map;
sending the data stream for each object to be backed up to the host data processing system, wherein the host data processing system is configured to save the data stream under the object'"'"'s respective path hash;
signing the manifest with a digital signature for authentication; and
sending the manifest to the host data processing system, wherein the host data processing system saves the signed manifest.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatuses for performing secure incremental backup and restore operations are disclosed.
-
Citations
22 Claims
-
1. A method of performing a secure full backup of user settings and data, comprising:
-
determining a set of objects to be backed up; creating a manifest including a master encryption key (MEK); encrypting, using an object encryption key (OEK), each object to be backed up, to form encrypted data; forming a data stream for each object to be backed up to be sent to a host data processing system; creating an object map for each object to be backed up, wherein creating the object map comprises; computing a path hash of the object to be backed up, computing a contents hash of the data stream for the object, and mapping the path hash to the contents hash for the object to be backed up; updating the manifest with the object map; sending the data stream for each object to be backed up to the host data processing system, wherein the host data processing system is configured to save the data stream under the object'"'"'s respective path hash; signing the manifest with a digital signature for authentication; and sending the manifest to the host data processing system, wherein the host data processing system saves the signed manifest. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A non-transitory computer-readable medium for a computer system, the non-transitory computer-readable medium having stored thereon a series of instructions executable by a processor to perform a secure full backup of user settings and data, the series of instructions comprising:
-
instructions that cause the processor to determine a set of objects to be backed up; instructions that cause the processor to create a manifest including a master encryption key (MEK); instructions that cause the processor to encrypt, using an object encryption key (OEK), each object to be backed up, to form encrypted data; instructions that cause the processor to form a data stream for each object to be backed up to be sent to a host data processing system; instructions that cause the processor to create an object map for each object to be backed up, wherein the instructions that cause the processor to create an object map comprise; instructions that cause the processor to compute a path hash of the object to be backed up, instructions that cause the processor to compute a contents hash of the data stream for the object, and instructions that cause the processor to map the path hash to the contents hash for the object; instructions that cause the processor to update the manifest with the object map; instructions that cause the processor to send the data stream for each object to be backed up to the host data processing system, wherein the host data processing system saves the data stream under the object'"'"'s respective path hash; instructions that cause the processor to sign the manifest with a digital signature for authentication; and instructions that cause the processor to send the manifest to the host data processing system, wherein the host data processing system saves the signed manifest. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification