File backup with selective encryption
First Claim
1. A system for backing up an encrypted file, the system comprising:
- a primary storage system;
a secondary storage device residing in a secondary storage system; and
a data agent implemented in computer hardware of a computing system within the primary storage system, the data agent configured to;
receive an indication to backup an encrypted file stored in the primary storage system to the secondary storage device, the encrypted file comprising an encrypted version of a file and a plurality of encrypted keys, wherein a first encrypted key of the plurality of encrypted keys is an encrypted data encryption key assigned to the computing system and a second encrypted key of the plurality of encrypted keys is an encrypted data encryption key assigned to a user; and
in response to the indication;
extract the first encrypted key from the encrypted file;
decrypt the first encrypted key to obtain a copy of a data encryption key;
discard the first encrypted key;
decrypt the encrypted file using the copy of the data encryption key to obtain a decrypted file; and
provide the decrypted file to a secondary storage system for backup to the secondary storage device.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for automatically encrypting files is disclosed. In some cases, the method may be performed by computer hardware comprising one or more processors. The method can include detecting access to a first file, which may be stored in a primary storage system. Further, the method can include determining whether the access comprises a write access. In response to determining that the access comprises a write access, the method can include accessing file metadata associated with the first file and accessing a set of encryption rules. In addition, the method can include determining whether the file metadata satisfies the set of encryption rules. In response to determining that the file metadata satisfies the set of encryption rules, the method can include encrypting the first file to obtain a first encrypted file and modifying an extension of the first encrypted file to include an encryption extension.
-
Citations
18 Claims
-
1. A system for backing up an encrypted file, the system comprising:
-
a primary storage system; a secondary storage device residing in a secondary storage system; and a data agent implemented in computer hardware of a computing system within the primary storage system, the data agent configured to; receive an indication to backup an encrypted file stored in the primary storage system to the secondary storage device, the encrypted file comprising an encrypted version of a file and a plurality of encrypted keys, wherein a first encrypted key of the plurality of encrypted keys is an encrypted data encryption key assigned to the computing system and a second encrypted key of the plurality of encrypted keys is an encrypted data encryption key assigned to a user; and in response to the indication; extract the first encrypted key from the encrypted file; decrypt the first encrypted key to obtain a copy of a data encryption key; discard the first encrypted key; decrypt the encrypted file using the copy of the data encryption key to obtain a decrypted file; and provide the decrypted file to a secondary storage system for backup to the secondary storage device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for backing up an encrypted file, the method comprising:
by a computing system comprising one or more hardware processors; receiving an indication to backup an encrypted file stored in a primary storage system to a secondary storage device, the encrypted file comprising an encrypted version of a file and a plurality of encrypted keys, wherein a first encrypted key of the plurality of encrypted keys is an encrypted data encryption key assigned to the computing system and a second encrypted key of the plurality of encrypted keys is an encrypted data encryption key assigned to a user; and in response to the indication; extracting the first encrypted key from the encrypted file; decrypting the first encrypted key to obtain a copy of a data encryption key; discarding the first encrypted key; decrypting the encrypted file using the copy of the data encryption key to obtain a decrypted file; and providing the decrypted file to a secondary storage system for backup to the secondary storage device. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
Specification