Method and system for policy-based secure destruction of data

US 8,793,457 B2
Filed: 01/22/2007
Issued: 07/29/2014
Est. Priority Date: 01/22/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A method for policy-based secure destruction of data, the method comprising:

storing a data destruction policy, wherein the data destruction policy defines at least one predetermined data destruction parameter, wherein the data destruction policy pertains to a particular storage device;

referencing the data destruction policy to obtain the at least one predetermined data destruction parameter in response to a predetermined data operation;

identifying an entire stored data object to be destroyed based on the data destruction policy in response to the predetermined data operation, the entire stored data object associated with a stored object header; and

executing a data destruction process of the entire stored data object in accordance with the at least one data destruction parameter, wherein the data destruction process comprises overwriting the entire stored data object with a predetermined and random bit pattern, checking a value of the object header to ensure that physical data in a location of the entire stored data object corresponds to the overwritten entire stored data object, and overwriting the stored object header associated with the entire stored data object with a dummy header in response to validating the value of the object header, the dummy header comprising metadata indicating that the entire stored data object has been destroyed by the data destruction process, the dummy header further comprising metadata indicating the bit pattern used by the data destruction process to destroy the entire stored data object, wherein the entire stored data object is unusable; and

auditing a selected storage volume to determine whether the data destruction policy has been accurately applied, the selected storage volume comprising the entire stored data object, wherein auditing includes determining whether the stored object header has been overwritten with the dummy header.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus, system, and method are disclosed for policy-based secure destruction of data. The method for policy-based secure destruction of data is provided. In one embodiment, the method includes storing a data destruction policy, wherein the data destruction policy defines at least one predetermined data destruction parameter. The method may also include referencing the data destruction policy to obtain the data destruction parameters in response to a predetermined data operation. In a further embodiment, the method may include executing a data destruction process in accordance with the data destruction parameters.

14 Citations

View as Search Results

16 Claims

1. A method for policy-based secure destruction of data, the method comprising:
- storing a data destruction policy, wherein the data destruction policy defines at least one predetermined data destruction parameter, wherein the data destruction policy pertains to a particular storage device;
  
  referencing the data destruction policy to obtain the at least one predetermined data destruction parameter in response to a predetermined data operation;
  
  identifying an entire stored data object to be destroyed based on the data destruction policy in response to the predetermined data operation, the entire stored data object associated with a stored object header; and
  
  executing a data destruction process of the entire stored data object in accordance with the at least one data destruction parameter, wherein the data destruction process comprises overwriting the entire stored data object with a predetermined and random bit pattern, checking a value of the object header to ensure that physical data in a location of the entire stored data object corresponds to the overwritten entire stored data object, and overwriting the stored object header associated with the entire stored data object with a dummy header in response to validating the value of the object header, the dummy header comprising metadata indicating that the entire stored data object has been destroyed by the data destruction process, the dummy header further comprising metadata indicating the bit pattern used by the data destruction process to destroy the entire stored data object, wherein the entire stored data object is unusable; and
  
  auditing a selected storage volume to determine whether the data destruction policy has been accurately applied, the selected storage volume comprising the entire stored data object, wherein auditing includes determining whether the stored object header has been overwritten with the dummy header.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the data destruction policy further comprises an identification parameter for identifying the stored data object selected for destruction.
  - 3. The method of claim 1, wherein the data destruction policy further comprises a timing parameter for determining when the data destruction process is to initiate.
  - 4. The method of claim 1, wherein the data destruction policy further comprises a bit pattern parameter for determining the predetermined and random bit pattern to be utilized by the data destruction process, the method further comprising overwriting the entire stored data object with a first bit pattern based on a first value for the bit pattern parameter and overwriting a second entire stored data object with a second bit pattern based on a second value for the bit pattern parameter.
  - 5. The method of claim 1, wherein the data destruction policy further comprises a repeat parameter indicating a predetermined number of times the data destruction process overwrites the entire stored data object, the data destruction process comprising overwriting the entire stored data object a first predetermined number of times according to a first value for the repeat parameter and overwriting a second entire stored data object a second predetermined number of times according to a second value for the repeat parameter.
  - 6. The method of claim 1, wherein the data destruction process further comprises validating the entire stored data object prior to destroying the entire stored data object, wherein validating comprises comparing the value of the stored object header of the entire stored data object with an expected data object header value.
  - 7. The method of claim 6, wherein the data destruction process further comprises repeating the overwrite of the entire stored data object in accordance with the data destruction parameter.

8. A system for policy-based secure destruction of data, the system comprising:
- a storage server configured to;
  
  store a data destruction policy, wherein the data destruction policy defines at least one predetermined data destruction parameter, wherein the data destruction policy pertains to a particular storage device;
  
  reference the data destruction policy to obtain the at least one data destruction parameter in response to a predetermined data operation, the at least one data destruction parameter specifying at least how the stored data is to be destroyed according to one of a plurality of data destruction protocols in response to the predetermined data operation;
  
  identify an entire data object to be destroyed based on the data destruction policy in response to the predetermined data operation, the entire stored data object associated with a stored object header; and
  
  execute a data destruction process of the entire stored data object in accordance with the at least one data destruction parameter, wherein the data destruction process comprises overwriting the entire stored data object with a predetermined and random bit pattern, checking a value of the object header to ensure that physical data in a location of the entire stored data object corresponds to the overwritten entire stored data object, and overwriting the stored object header associated with the entire stored data object with a dummy header in response to validating the value of the object header, the dummy header comprising metadata indicating that the stored data object has been destroyed by the data destruction process, the dummy header further comprising metadata indicating the bit pattern used by the data destruction process to destroy the entire stored data object, wherein the entire data object is unusable;
  
  audit a selected storage volume to determine whether the data destruction policy has been accurately applied, the selected storage volume comprising the entire stored data object, wherein auditing includes determining whether the stored object header has been overwritten with the dummy header; and
  
  a storage medium in communication with the storage server, configured to store data objects for the storage server.
- View Dependent Claims (9, 10)
- - 9. The system of claim 8, wherein the storage manager is further configured to validate the entire stored data object prior to destroying the entire stored data object, wherein validating comprises comparing the value of the stored header of the entire stored data object with an expected data object header value.
  - 10. The system of claim 9, wherein the data destruction process further comprises repeating the overwrite of the entire stored data object in accordance with the data destruction parameters.

11. A computer program product comprising a non-transitory computer useable medium having a computer readable program, wherein the computer readable program when executed on a computer causes the computer to perform operations for policy-based secure destruction of data, the operations comprising:
- storing a data destruction policy, wherein the data destruction policy defines at least one predetermined data destruction parameter, wherein the data destruction policy pertains to a particular storage device;
  
  referencing the data destruction policy to obtain the at least one predetermined data destruction parameter in response to a predetermined data operation, the at least one data destruction parameter specifying at least how the stored data is to be destroyed according to one of a plurality of data destruction protocols in response to the predetermined data operation;
  
  identifying an entire stored data object to be destroyed based on the data destruction policy in response to the predetermined data operation, the entire stored data object associated with a stored object header;
  
  executing a data destruction process of the entire stored data object in accordance with the at least one data destruction parameter, wherein the data destruction process comprises overwriting the entire stored data object with a predetermined and random bit pattern, checking a value of the object header to ensure that physical data in a location of the entire stored data object corresponds to the over overwritten entire stored data object, and overwriting the stored object header associated with the entire stored data object with a dummy header in response to validating the value of the object header, the dummy header comprising metadata indicating that the stored data object has been destroyed by the data destruction process, the dummy header further comprising metadata indicating the bit pattern used by the data destruction process to destroy the entire stored data object; and
  
  auditing a selected storage volume to determine whether the data destruction policy has been accurately applied, the selected storage volume comprising the entire stored data object, wherein auditing includes determining whether the stored object header has been overwritten with the dummy header.
- View Dependent Claims (12, 13)
- - 12. The computer program product of claim 11, wherein the data destruction process further comprises validating the entire stored data object prior to destroying the entire stored data object, wherein validating comprises comparing the value of the stored header of the entire stored data object with an expected data object header value.
  - 13. The computer program product of claim 12, wherein the data destruction process further comprises repeating the overwrite of the entire stored data object in accordance with the data destruction parameters.

14. An apparatus for policy-based secure destruction of data, the apparatus comprising:
- a memory configured to store a data destruction policy, wherein the data destruction policy defines at least one predetermined data destruction parameter, wherein the data destruction policy pertains to a particular storage device;
  
  a referencing module configured to identify an stored entire data object to be destroyed based on the data destruction policy and reference the data destruction policy to obtain the at least one data destruction parameter in response to a predetermined data operation, the at least one data destruction parameter specifying at least how the stored data is to be destroyed according to one of a plurality of data destruction protocols in response to the predetermined data operation;
  
  a processor configured to execute a data destruction process of the entire stored data object in accordance with the at least one data destruction parameter, wherein the data destruction process comprises overwriting the entire stored data object with a predetermined and random bit pattern, checking a value of the object header to ensure that physical data in a location of the entire stored data object corresponds to the overwritten entire stored data object, and overwriting the stored object header associated with the entire stored data object with a dummy header in response to validating the value of the object header, the dummy header comprising metadata indicating that the entire stored data object has been overwritten by the data destruction process, the dummy header further comprising metadata indicating the bit pattern used by the data destruction process to destroy the entire stored data object; and
  
  an audit module configured to audit a selected storage volume to determine whether the data destruction policy has been accurately applied, wherein auditing includes determining whether data object header values associated with data objects match expected data object header values.
- View Dependent Claims (15, 16)
- - 15. The apparatus of claim 14, further comprising a validation module configured to validate the entire stored data object prior to destroying the entire stored data object, wherein validating comprises comparing the value of the stored header of the entire stored data object with an expected data object header value.
  - 16. The apparatus of claim 15, wherein the data destruction process further comprises repeating the overwrite of the entire stored data object in accordance with the data destruction parameters.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Cannon, David Maxwell, Marek, Toby Lyn, Haye, Mark Alan
Primary Examiner(s)
McNally, Michael S
Assistant Examiner(s)
Johnson, Carlton

Application Number

US11/625,740
Publication Number

US 20080177811A1
Time in Patent Office

2,745 Days
Field of Search
US Class Current

711/163
CPC Class Codes

G06F 16/125   characterised by the use of...

G06F 16/162   Delete operations erasing i...

G06F 3/0623   in relation to content

G06F 3/0652   Erasing, e.g. deleting, dat...

G06F 3/067   Distributed or networked st...

Method and system for policy-based secure destruction of data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

14 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for policy-based secure destruction of data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links