Digital data retention management
First Claim
1. A method for operating a storage system, a retention management system and a trusted component, said storage system being configured for storing data objects and metadata associated thereto, said retention management system being operable for data processing, said trusted component being operable for providing access to a secure date or time basis and for performing cryptographic operations by using internally stored secret data, said method comprising:
- generating a cryptographic key pair in said trusted component, the cryptographic key pair is generated in an asymmetric cryptographic scheme;
receiving a storage request by the retention management system associated with a data object;
calculating a retention date associated with a data object in said retention management system and associating said data object with metadata comprising the retention data;
generating a digital signature for said metadata in said trusted component utilizing the cryptographic key pair;
storing said metadata and said digital signature; and
based on receiving a request to perform a deletion transaction on said data object for deleting said data object from the storage system;
verifying metadata validity by checking the digital signature for the metadata associated with said data object to detect possible tampering of the metadata;
verifying retention expiration by determining that a current date is past the retention date comprised in said metadata; and
based on successful verification of metadata validity and retention expiration, authorizing deletion of said data object by the storage system.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments relate to digital data retention management. An aspect includes calculating a retention date associated with a data object in a storage system. Another aspect includes generating a cryptographic checksum for metadata relating to said data object, the metadata comprising the retention date. Another aspect includes storing said metadata and said cryptographic checksum. Another aspect includes, based on receiving a request to perform a deletion transaction on said data object for deleting said data object from the storage system: verifying metadata validity by checking the cryptographic checksum for the metadata associated with said data object to detect possible tampering of the metadata; verifying retention expiration by determining that a current date is past the retention date comprised in said metadata; and based on successful verification of metadata validity and retention expiration, authorizing deletion of said data object by the storage system.
24 Citations
20 Claims
-
1. A method for operating a storage system, a retention management system and a trusted component, said storage system being configured for storing data objects and metadata associated thereto, said retention management system being operable for data processing, said trusted component being operable for providing access to a secure date or time basis and for performing cryptographic operations by using internally stored secret data, said method comprising:
-
generating a cryptographic key pair in said trusted component, the cryptographic key pair is generated in an asymmetric cryptographic scheme; receiving a storage request by the retention management system associated with a data object; calculating a retention date associated with a data object in said retention management system and associating said data object with metadata comprising the retention data; generating a digital signature for said metadata in said trusted component utilizing the cryptographic key pair; storing said metadata and said digital signature; and based on receiving a request to perform a deletion transaction on said data object for deleting said data object from the storage system; verifying metadata validity by checking the digital signature for the metadata associated with said data object to detect possible tampering of the metadata; verifying retention expiration by determining that a current date is past the retention date comprised in said metadata; and based on successful verification of metadata validity and retention expiration, authorizing deletion of said data object by the storage system. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A data processing and storage apparatus comprising:
-
a storage system, said storage system being configured for storing data objects and metadata associated thereto; a retention management system, said retention management system being operable for data processing; and a trusted component, said trusted component being operable for providing access to a secure date or time basis and for performing cryptographic operations by using internally stored secret data, said data processing and storage apparatus being configured for; generating a cryptographic key pair in said trusted component, the cryptographic key pair is generated in an asymmetric cryptographic scheme; receiving a storage request by the retention management system associated with a data object; calculating a retention date associated with a data object in said retention management system and associating said data object with metadata comprising the retention data; generating a digital signature for said metadata in said trusted component utilizing the cryptographic key pair; storing said metadata and said digital signature; and based on receiving a request to perform a deletion transaction on said data object for deleting said data object from the storage system; verifying metadata validity by checking the digital signature for the metadata associated with said data object to detect possible tampering of the metadata; verifying retention expiration by determining that a current date is past the retention date comprised in said metadata; and based on successful verification of metadata validity and retention expiration, authorizing deletion of said data object by the storage system. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer program product for operating a storage system, a retention management system and a trusted component, said storage system being configured for storing data objects and metadata associated thereto, said retention management system being operable for data processing, said trusted component being operable for providing access to a secure date or time basis and for performing cryptographic operations by using internally stored secret data, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a processing circuit to cause the processing circuit to:
-
generating a cryptographic key pair in said trusted component, the cryptographic key pair is generated in an asymmetric cryptographic scheme; receiving a storage request by the retention management system associated with a data object; calculating a retention date associated with a data object in said retention management system and associating said data object with metadata comprising the retention data; generating a digital signature for said metadata in said trusted component utilizing the cryptographic key pair; storing said metadata and said digital signature; and based on receiving a request to perform a deletion transaction on said data object for deleting said data object from the storage system; verifying metadata validity by checking the digital signature for the metadata associated with said data object to detect possible tampering of the metadata; verifying retention expiration by determining that a current date is past the retention date comprised in said metadata; and based on successful verification of metadata validity and retention expiration, authorizing deletion of said data object by the storage system. - View Dependent Claims (17, 18, 19, 20)
-
Specification