Digital data retention management

US 9,613,038 B2
Filed: 08/21/2014
Issued: 04/04/2017
Est. Priority Date: 11/08/2013
Status: Active Grant

First Claim

Patent Images

1. A method for operating a storage system, a retention management system and a trusted component, said storage system being configured for storing data objects and metadata associated thereto, said retention management system being operable for data processing, said trusted component being operable for providing access to a secure date or time basis and for performing cryptographic operations by using internally stored secret data, said method comprising:

generating a cryptographic key pair in said trusted component, the cryptographic key pair is generated in an asymmetric cryptographic scheme;

receiving a storage request by the retention management system associated with a data object;

calculating a retention date associated with a data object in said retention management system and associating said data object with metadata comprising the retention data;

generating a digital signature for said metadata in said trusted component utilizing the cryptographic key pair;

storing said metadata and said digital signature; and

based on receiving a request to perform a deletion transaction on said data object for deleting said data object from the storage system;

verifying metadata validity by checking the digital signature for the metadata associated with said data object to detect possible tampering of the metadata;

verifying retention expiration by determining that a current date is past the retention date comprised in said metadata; and

based on successful verification of metadata validity and retention expiration, authorizing deletion of said data object by the storage system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments relate to digital data retention management. An aspect includes calculating a retention date associated with a data object in a storage system. Another aspect includes generating a cryptographic checksum for metadata relating to said data object, the metadata comprising the retention date. Another aspect includes storing said metadata and said cryptographic checksum. Another aspect includes, based on receiving a request to perform a deletion transaction on said data object for deleting said data object from the storage system: verifying metadata validity by checking the cryptographic checksum for the metadata associated with said data object to detect possible tampering of the metadata; verifying retention expiration by determining that a current date is past the retention date comprised in said metadata; and based on successful verification of metadata validity and retention expiration, authorizing deletion of said data object by the storage system.

24 Citations

View as Search Results

20 Claims

1. A method for operating a storage system, a retention management system and a trusted component, said storage system being configured for storing data objects and metadata associated thereto, said retention management system being operable for data processing, said trusted component being operable for providing access to a secure date or time basis and for performing cryptographic operations by using internally stored secret data, said method comprising:
- generating a cryptographic key pair in said trusted component, the cryptographic key pair is generated in an asymmetric cryptographic scheme;
  
  receiving a storage request by the retention management system associated with a data object;
  
  calculating a retention date associated with a data object in said retention management system and associating said data object with metadata comprising the retention data;
  
  generating a digital signature for said metadata in said trusted component utilizing the cryptographic key pair;
  
  storing said metadata and said digital signature; and
  
  based on receiving a request to perform a deletion transaction on said data object for deleting said data object from the storage system;
  
  verifying metadata validity by checking the digital signature for the metadata associated with said data object to detect possible tampering of the metadata;
  
  verifying retention expiration by determining that a current date is past the retention date comprised in said metadata; and
  
  based on successful verification of metadata validity and retention expiration, authorizing deletion of said data object by the storage system.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method according to claim 1, wherein the current date is derived from a secure time basis by said trusted component, and wherein, based on receiving said request to perform said deletion transaction, as an additional upstream validation it is determined that the retention date is past a date taken from an internal clock of the storage system.
  - 3. The method according to claim 1, wherein, in a recurring operation, for a data object stored in said storage system, said retention date is compared to a date taken from an internal clock of the storage system and a request to perform a deletion operation on the respective data object is issued when a date derived from the internal clock is found to be past the retention date.
  - 4. The method according to claim 1, wherein authorizing deletion of said data object by the storage system is performed by sending the storage system a deletion authorization code generated in said trusted component as confirmation to delete said data object, and wherein said deletion authorization code is appended to an audit log for later reference, said audit log being built-up in a structure of a signed hash-chain.
  - 5. The method according to claim 1, wherein, as part of a transaction of storing a data object in said storage system, transaction specific data is appended to a storage log.
  - 6. The method according to claim 1, wherein said metadata and said digital signature are stored in said storage system.

7. A data processing and storage apparatus comprising:
- a storage system, said storage system being configured for storing data objects and metadata associated thereto;
  
  a retention management system, said retention management system being operable for data processing; and
  
  a trusted component, said trusted component being operable for providing access to a secure date or time basis and for performing cryptographic operations by using internally stored secret data, said data processing and storage apparatus being configured for;
  
  generating a cryptographic key pair in said trusted component, the cryptographic key pair is generated in an asymmetric cryptographic scheme;
  
  receiving a storage request by the retention management system associated with a data object;
  
  calculating a retention date associated with a data object in said retention management system and associating said data object with metadata comprising the retention data;
  
  generating a digital signature for said metadata in said trusted component utilizing the cryptographic key pair;
  
  storing said metadata and said digital signature; and
  
  based on receiving a request to perform a deletion transaction on said data object for deleting said data object from the storage system;
  
  verifying metadata validity by checking the digital signature for the metadata associated with said data object to detect possible tampering of the metadata;
  
  verifying retention expiration by determining that a current date is past the retention date comprised in said metadata; and
  
  based on successful verification of metadata validity and retention expiration, authorizing deletion of said data object by the storage system.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
- - 8. The data processing and storage apparatus according to claim 7, further configured for appending said deletion authorization code to an audit log for later reference, said audit log being stored in a secured or tamper proof storage environment.
  - 9. The data processing and storage apparatus according to claim 7, further configured to adjust said secure clock by performing a secure synchronization protocol with a secured master time service.
  - 10. The data processing and storage apparatus according to claim 7, wherein the secure synchronization protocol is a Network Time Protocol (NTP).
  - 11. The data processing and storage apparatus according to claim 7, where said trusted component is an external validation system separate from said storage system and said retention management system.
  - 12. The data processing and storage apparatus according to claim 7, said trusted component being a hardware security module.
  - 13. The data processing and storage apparatus according to claim 11, said hardware security module comprising a high precision clock to be used as the secure date/time basis.
  - 14. The data processing and storage apparatus according to claim 7, said storage system being a cloud-based remote storage.
  - 15. The data processing and storage apparatus according to claim 14, said cloud-based remote storage being connected to the trusted component via an access control component, said access control component being configured for performing additional monitoring, logging, or auditing functions.

16. A computer program product for operating a storage system, a retention management system and a trusted component, said storage system being configured for storing data objects and metadata associated thereto, said retention management system being operable for data processing, said trusted component being operable for providing access to a secure date or time basis and for performing cryptographic operations by using internally stored secret data, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a processing circuit to cause the processing circuit to:
- generating a cryptographic key pair in said trusted component, the cryptographic key pair is generated in an asymmetric cryptographic scheme;
  
  receiving a storage request by the retention management system associated with a data object;
  
  calculating a retention date associated with a data object in said retention management system and associating said data object with metadata comprising the retention data;
  
  generating a digital signature for said metadata in said trusted component utilizing the cryptographic key pair;
  
  storing said metadata and said digital signature; and
  
  based on receiving a request to perform a deletion transaction on said data object for deleting said data object from the storage system;
  
  verifying metadata validity by checking the digital signature for the metadata associated with said data object to detect possible tampering of the metadata;
  
  verifying retention expiration by determining that a current date is past the retention date comprised in said metadata; and
  
  based on successful verification of metadata validity and retention expiration, authorizing deletion of said data object by the storage system.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer program product according to claim 16, wherein the current date is derived from a secure time basis by said trusted component, and wherein, based on receiving said request to perform said deletion transaction, as an additional upstream validation it is determined that the retention date is past a date taken from an internal clock of the storage system.
  - 18. The computer program product according to claim 16, wherein, in a recurring operation, for a data object stored in said storage system, said retention date is compared to a date taken from an internal clock of the storage system and a request to perform a deletion operation on the respective data object is issued when a date derived from the internal clock is found to be past the retention date.
  - 19. The computer program product according to claim 16, wherein authorizing deletion of said data object by the storage system is performed by sending the storage system a deletion authorization code generated in said trusted component as confirmation to delete said data object, and wherein said deletion authorization code is appended to an audit log for later reference, said audit log being built-up in a structure of a signed hash-chain.
  - 20. The computer program product according to claim 16, wherein, as part of a transaction of storing a data object in said storage system, transaction specific data is appended to a storage log.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Waizenegger, Tim, Factor, Michael E., Kurtz, Bernhard, Lebutsch, David, Mega, Cataldo, Shulman-Peleg, Alexandra
Primary Examiner(s)
LEROUX, ETIENNE PIERRE

Application Number

US14/464,855
Publication Number

US 20150134619A1
Time in Patent Office

957 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/125   characterised by the use of...

G06F 16/162   Delete operations erasing i...

G06F 16/164   File meta data generation

G06F 21/6209   to a single file or object,...

Digital data retention management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Digital data retention management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links