Discarding sensitive data from persistent point-in-time image

US 9,043,614 B2
Filed: 09/20/2013
Issued: 05/26/2015
Est. Priority Date: 04/30/2008
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

creating a first Persistent Point-in-time Image (PPI) based on an Active File System (AFS), wherein the AFS references an existing dataset that is encrypted with an existing encryption key and the first PPI provides a read-only reference to the existing dataset;

generating a new encryption key in response to creating a PPI of the AFS, wherein the new encryption key is used to encrypt subsequent data writes into the AFS; and

in response to identifying a request to discard data that is stored in the existing dataset, included in the first PPI, and encrypted with the existing encryption key;

re-keying the existing dataset, other than the data to be discarded, that is referenced by the AFS and encrypted by the existing encryption key;

wherein said re-keying includes re-encrypting the existing dataset, other than the data to be discarded, with the generated new encryption key different from the existing encryption key;

writing the rekeyed data to the AFS;

shredding the existing encryption key; and

wherein the existing encryption key is encrypted with a wrapping key and wherein shredding the existing encryption key includes shredding the wrapping key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network storage server implements a method to discard sensitive data from a Persistent Point-In-Time Image (PPI). The server first efficiently identifies a dataset containing the sensitive data from a plurality of datasets managed by the PPI. Each of the plurality of datasets is read-only and encrypted with a first encryption key. The server then decrypts each of the plurality of datasets, except the dataset containing the sensitive data, with the first encryption key. The decrypted datasets are re-encrypted with a second encryption key, and copied to a storage structure. Afterward, the first encryption key is shredded.

44 Citations

8 Claims

1. A method, comprising:
- creating a first Persistent Point-in-time Image (PPI) based on an Active File System (AFS), wherein the AFS references an existing dataset that is encrypted with an existing encryption key and the first PPI provides a read-only reference to the existing dataset;
  
  generating a new encryption key in response to creating a PPI of the AFS, wherein the new encryption key is used to encrypt subsequent data writes into the AFS; and
  
  in response to identifying a request to discard data that is stored in the existing dataset, included in the first PPI, and encrypted with the existing encryption key;
  
  re-keying the existing dataset, other than the data to be discarded, that is referenced by the AFS and encrypted by the existing encryption key;
  
  wherein said re-keying includes re-encrypting the existing dataset, other than the data to be discarded, with the generated new encryption key different from the existing encryption key;
  
  writing the rekeyed data to the AFS;
  
  shredding the existing encryption key; and
  
  wherein the existing encryption key is encrypted with a wrapping key and wherein shredding the existing encryption key includes shredding the wrapping key.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein generating the new encryption key includes generating the new encryption key in response to creation of the first PPI.
  - 3. The method of claim 1, wherein generating the new encryption key includes generating the new encryption key in response to creating of a second PPI different from the first PPI.
  - 4. The method of claim 1, wherein the AFS implements a write-out-of-place policy, wherein whenever a dataset in the AFS is modified, the modified dataset is written to a new physical location on a storage device of the AFS.

5. A data storage system comprising:
- a network interface configured to receive a request to specify a target dataset to be discarded;
  
  a storage interface configured to provide access to an Active File System (AFS) and one or more Persistent Point-in-time Images (PPIs), wherein each of the PPIs is created from the AFS and at least some of which are read-only;
  
  one or more computer processors configured to identify one or more PPIs referencing the target dataset to be discarded, wherein the target dataset to be discarded is encrypted with a first encryption key;
  
  at least one of the computer processors configured to;
  
  for each of the identified PPIs, identify a subset of datasets referenced by the identified PPIs and the AFS, at least some of the datasets in the subset having been encrypted with the first encryption key;
  
  wherein the target dataset to be discarded is excluded from the identified subset, andre-key at least some of the datasets of the subset, previously encrypted with the first encryption key, by re-encrypting the at least some of the datasets with a second encryption key different from the first encryption key; and
  
  wherein at least one of the computer processors is configured to shred the first encryption key.
- View Dependent Claims (6, 7, 8)
- - 6. The data storage system as recited in claim 5, wherein at least one of the computer processors is configured to delete PPIs that reference the target dataset to be discarded.
  - 7. The data storage system as recited in claim 5, wherein at least one of the computer processors is configured to delete PPIs that have datasets encrypted with the first encryption key.
  - 8. The data storage system as recited in claim 5, wherein at least one of the computer processors is configured to generate the second encryption key in response to a PPI of the one or more PPIs having been created.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NetApp, Inc.
Original Assignee
NetApp, Inc.
Inventors
Subramanian, Ananthan
Primary Examiner(s)
Siddiqi, Mohammad A

Application Number

US14/033,071
Publication Number

US 20140025963A1
Time in Patent Office

613 Days
Field of Search

713/189, 713/193
US Class Current

713/193
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

G06F 2221/2107   File encryption

Discarding sensitive data from persistent point-in-time image

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

44 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Discarding sensitive data from persistent point-in-time image

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links