Secure removal of sensitive data

US 10,209,907 B2
Filed: 06/14/2016
Issued: 02/19/2019
Est. Priority Date: 06/14/2016
Status: Active Grant

First Claim

Patent Images

1. A method for removal of data in a cloud environment comprising:

receiving an identifier from a user associated with a current data structure stored in a cloud environment, the current data structure comprising spilled data or comprising whitespace where spilled data was stored prior to its deletion;

responsive to receiving the identifier, identifying allocated storage locations in the cloud environment associated with the current data structure;

responsive to identifying the allocated storage locations, creating a copy of the current data structure, the copy free from any remnants of the spilled data;

disconnecting the current data structure from any entities utilizing the current data structure, and redirecting any current connections to the copy of the current data structure to the entities; and

responsive to disconnecting the current data structure from entities and redirecting any current connections, securely removing the current data structure from any physical storage devices where the allocated storage locations reside by overwriting the current data structure with ones, zeros, or a combination thereof.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Representative embodiments disclose how to remove spilled data from an unauthorized system and/or service in a cloud service. Some embodiments allow a user to remove spilled data in a secure fashion without involving an administrator. Spilled data resides in a data structure backed by allocated storage locations. The system presents a user interface allowing a user to enter information that allows identification of the allocated storage locations. The spilled data is removed from the data structure leaving whitespace in the allocated storage locations where remnants of the spilled data can reside. The system creates a copy of the data structure, removing the whitespace. The system connects the copy of the data structure in place of the original data structure. The original allocated storage locations are then overwritten in a secure manner to remove any remnants of the spilled data.

23 Citations

20 Claims

1. A method for removal of data in a cloud environment comprising:
- receiving an identifier from a user associated with a current data structure stored in a cloud environment, the current data structure comprising spilled data or comprising whitespace where spilled data was stored prior to its deletion;
  
  responsive to receiving the identifier, identifying allocated storage locations in the cloud environment associated with the current data structure;
  
  responsive to identifying the allocated storage locations, creating a copy of the current data structure, the copy free from any remnants of the spilled data;
  
  disconnecting the current data structure from any entities utilizing the current data structure, and redirecting any current connections to the copy of the current data structure to the entities; and
  
  responsive to disconnecting the current data structure from entities and redirecting any current connections, securely removing the current data structure from any physical storage devices where the allocated storage locations reside by overwriting the current data structure with ones, zeros, or a combination thereof.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - setting locks so the allocated storage locations cannot be changed prior to creating the copy of the current data structure; and
      
      restoring the locks to a prior condition after connecting the copy of the current data structure.
  - 3. The method of claim 1 further comprising:
    - setting an alert on at least one system associated with the current data structure.
  - 4. The method of claim 1 wherein creating the copy comprises creating a backup of the current data structure and restoring the backup to the copy of the current data structure.
  - 5. The method of claim 1, further comprising:
    - stopping logging and mirroring of the allocated storage locations prior to securely removing the allocated storage locations.
  - 6. The method of claim 1, further comprising:
    - detaching the allocated storage locations prior to securely removing the allocated storage locations.
  - 7. The method of claim 1, further comprising:
    - identifying created backup sets that include the spilled data; and
      
      securely removing the identified backup sets.
  - 8. The method of claim 1, further comprising:
    - creating a workflow to perform the operations of claim 1.

9. A machine-readable medium having executable instructions encoded thereon, which, when executed by at least one processor of a machine, cause the machine to perform operations comprising:
- present a user interface to a user containing a form comprising a plurality of fields one of which allowing the user to enter an identifier associated with a data structure or location where spilled data previously resided;
  
  receive information via the form from the user comprising the identifier;
  
  identify allocated storage based on the identifier;
  
  responsive to identifying allocated storage, create a workflow to securely remove the allocated storage, the workflow performing operations comprising;
  
  create a backup of a current version of the allocated storage in order to remove whitespace in the allocated storage, the whitespace previously containing spilled data;
  
  restore the backup to create a new copy of the current version of the allocated storage;
  
  responsive to creating the new copy, disconnect the allocated storage from any entities utilizing the allocated storage;
  
  connect the new copy to the entities; and
  
  securely remove the allocated storage from any physical storage devices where the allocated storage resides.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The machine-readable medium of claim 9, wherein the workflow further performs operations comprising:
    - set at least one lock on the allocated storage so the allocated storage cannot be changed prior to creating the backup; and
      
      restore the at least one lock on the allocated storage to a prior state after connecting the new copy.
  - 11. The machine-readable medium of claim 10, wherein the workflow further performs operations comprising:
    - terminating logging and mirroring of the allocated storage prior to securely removing the allocated storage.
  - 12. The machine-readable medium of claim 10, wherein the workflow further performs operations comprising:
    - identifying at least one previously created backup set;
      
      securely removing the at least one previously created backup set.
  - 13. The machine-readable medium of claim 9, wherein the workflow further performs operations comprising setting at least one system into maintenance mode.
  - 14. The machine-readable medium of claim 9, wherein executable instructions further cause the machine to perform operations comprising obfuscating that the workflow is removing spilled data when executing.
  - 15. The machine-readable medium of claim 9 wherein executable instructions further cause the machine to perform operations comprising:
    - prior to executing the workflow;
      
      evaluate an impact of executing the workflow;
      
      present the impact of the workflow to the user;
      
      receive authorization from the user to execute the workflow;
      
      identify whether the allocated storage is currently being processed by another workflow; and
      
      responsive to identifying that the allocated storage is not currently being processed by another workflow, initiating execution of the workflow.
  - 16. The machine-readable medium of claim 9 wherein securely removing the allocated storage comprises overwriting physical storage locations on physical devices containing the allocated storage with at least one of:
    - all zeros;
      
      all ones; and
      
      a pattern of ones and zeros.

17. A computing system implementing secure removal of spilled data comprising:
- a processor and executable instructions accessible on a machine-readable medium that, when executed, cause the system to perform operations comprising;
  
  present a user interface to a user containing a form that allows the user to identify at least one of;
  
  an identifier associated with a site where spilled data previously resided; and
  
  a date that a data spill occurred;
  
  receive the identifier and/or date from the user;
  
  identify an allocated storage in a cloud service architecture where the spilled data was previously stored based on the received identifier and date;
  
  create a workflow executed in the cloud service architecture to remove allocated storage from the site, the workflow performing operations comprising;
  
  create a backup of the allocated storage in order to remove whitespace that previously contained the spilled data in the allocated storage;
  
  restore the backup to create a new copy of the allocated storage;
  
  disconnect the allocated storage from any entities utilizing the allocated storage;
  
  connect the new copy to the entities; and
  
  securely remove the allocated storage from any physical storage devices where the allocated storage resides.
- View Dependent Claims (18, 19, 20)
- - 18. The computing system of claim 17, wherein prior to executing the workflow the computing system performs operations further comprising:
    - assess impact of removal of the spilled data;
      
      receive authorization from the user to execute the workflow;
      
      identify whether the allocated storage is currently being processed by another workflow; and
      
      responsive to identifying that the allocated storage is not currently being processed by another workflow, initiating execution of the workflow.
  - 19. The computing system of claim 18 wherein the operations performed by the workflow further comprise:
    - set at least one lock on the allocated storage so the allocated storage cannot be changed prior to creating the backup; and
      
      restore the at least one lock on the allocated storage to a prior state after connecting the new copy; and
      
      terminating logging and mirroring of the allocated storage prior to securely removing the allocated storage.
  - 20. The computing system of claim 17 wherein the operations performed by the workflow further comprise:
    - identifying at least one previously created backup set that may contain the spilled data;
      
      securely removing the at least one previously created backup set.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
DeFilippi, Geoffrey Naismith, Tipke, Joel D., Bailey, Michael Ernest, Gardner, Charles Clayton, Goodall, Grant D.
Primary Examiner(s)
Bertram, Ryan
Assistant Examiner(s)
Ta, Trang K

Application Number

US15/182,382
Publication Number

US 20170357456A1
Time in Patent Office

980 Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/1448   Management of the data invo...

G06F 12/1466   Key-lock mechanism

G06F 16/162   Delete operations erasing i...

G06F 21/6218   to a system of files or obj...

G06F 21/64   Protecting data integrity, ...

G06F 2212/1052   Security improvement

G06F 2221/2143   Clearing memory, e.g. to pr...

G06F 3/0619   in relation to data integri...

G06F 3/0631   by allocating resources to ...

G06F 3/065   Replication mechanisms

G06F 3/067   Distributed or networked st...

Secure removal of sensitive data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure removal of sensitive data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links