INCREMENTAL SECURE BACKUP AND RESTORE OF USER SETTINGS AND DATA
First Claim
Patent Images
1. A method of performing a secure full backup of user settings and data comprising:
- determining a set of objects to be backed up;
creating a manifest;
encrypting each object to be backed up to form an encrypted data;
forming a data stream for each object to be backed up to be sent to a host data processing system;
creating an object map for each object to be backed up;
updating the manifest with the object map;
sending the data stream for each object to be backed up to the host system, wherein the host system saves the data stream under the path hash for each object;
signing the manifest with a digital signature for authentication; and
sending the manifest to the host system, wherein the host system saves the signed manifest.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatuses for performing secure incremental backup and restore operations are disclosed.
198 Citations
38 Claims
-
1. A method of performing a secure full backup of user settings and data comprising:
-
determining a set of objects to be backed up; creating a manifest; encrypting each object to be backed up to form an encrypted data; forming a data stream for each object to be backed up to be sent to a host data processing system; creating an object map for each object to be backed up; updating the manifest with the object map; sending the data stream for each object to be backed up to the host system, wherein the host system saves the data stream under the path hash for each object; signing the manifest with a digital signature for authentication; and sending the manifest to the host system, wherein the host system saves the signed manifest. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of performing a secure incremental backup of user settings and data comprising:
-
receiving, over a network, an old manifest from a host data processing system including an object map of a set of encrypted objects stored on the host system, wherein the manifest includes a digital signature for authentication; performing the following for each object to be backed up if the digital signature is valid; creating a new manifest; comparing each object to be backed up with entries in the old manifest to determine a first set of objects that are new and a second set of objects that have been modified since a previous backup associated with the old manifest was performed; computing a path hash for each of the first and second set of objects; encrypting each of the first and second set of objects; computing a content hash for each of the encrypted objects; updating the new manifest; sending each of the encrypted objects to the host system; and signing and sending the new manifest to the host system, wherein the host system deletes a third set of files which have been deleted since the previous backup was performed. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method of performing a secure restore of backed-up user settings and data comprising:
-
receiving a manifest and an associated digital signature from a host data processing system where backed-up user data and settings are stored; determining a set of objects to be restored based on walking entries in the manifest; performing the following for each object to be restored if the digital signature is valid, wherein the secure restore fails if the digital signature is not valid; decrypting a master encryption key (MEK) saved in the manifest; receiving a data stream of encrypted data for each object to be restored from the host system; computing a contents hash of the data stream for each object to be restored; and performing the following for each object to be restored if the contents hash of the received encrypted data matches a corresponding entry in the manifest, wherein the secure restore fails if the contents hash of the encrypted data for each object does not match the corresponding entry in the manifest; decrypting the object to be restored; deconstructing an object data and an object path of the object from the decrypted data; saving the object data in a temporary storage location; computing a path hash for the object; and deleting the manifest entry corresponding to the path hash of the object to be restored. - View Dependent Claims (23, 24, 25, 26, 27, 28)
-
-
29. A means for performing a secure incremental backup of user settings and data comprising:
-
means for receiving an old manifest including a object map of a set of encrypted objects stored on a host data processing system, wherein the manifest includes a digital signature for authentication; means for performing the following for each object to be backed up if the digital signature is valid; means for creating a new manifest; means for comparing each object to be backed up with entries in the old manifest to determine a set of objects that have changed since a previous backup associated with the old manifest was performed; means for updating the new manifest to reflect the changes; means for encrypting all changed objects; means for sending the encrypted objects to the host system; and means for signing and sending the new manifest to the host system, wherein the host system compares the old manifest to the new manifest and deletes a set of objects that are no longer in the new manifest.
-
-
30. A means for performing a secure restore of backed-up user settings and data comprising:
-
means for receiving a manifest and an associated digital signature from a host system where backed-up user data and settings are stored; means for determining a set of objects to be restored based on walking entries in the manifest; means for performing the following for each object to be restored if the digital signature is valid, wherein the secure restore fails if the digital signature is not valid; means for decrypting a master encryption key (MEK) saved in the manifest; means for receiving a data stream of encrypted data for each object to be restored from the host system; means for computing a contents hash of the data stream for each object to be restored; and means for performing the following for each object to be restored if the contents hash of the received encrypted data matches a corresponding entry in the manifest, wherein the secure restore fails if the contents hash of the encrypted data for each object does not match the corresponding entry in the manifest; means for decrypting the object to be restored; means for deconstructing an object data and an object path of the object from the decrypted data; means for saving the object data in a temporary storage location; means for computing a path hash for the object; and means for deleting the manifest entry corresponding to the path hash of the object to be restored.
-
-
31. A machine-readable medium that provides instructions, which when executed by a machine, cause the machine to perform a secure incremental backup of user settings and data comprising:
-
receiving, over a network, an old manifest from a host data processing system including an object map of a set of encrypted objects stored on the host system, wherein the manifest includes a digital signature for authentication; performing the following for each object to be backed up if the digital signature is valid; creating a new manifest; comparing each object to be backed up with entries in the old manifest to determine a first set of objects that are new and a second set of objects that have been modified since a previous backup associated with the old manifest was performed; computing a path hash for each of the first and second set of objects; encrypting each of the first and second set of objects; computing a content hash for each of the encrypted objects; updating the new manifest; sending each of the encrypted objects to the host system; and signing and sending the new manifest to the host system, wherein the host system deletes a third set of files which have been deleted since the previous backup was performed.
-
-
32. A machine-readable medium that provides instructions, which when executed by a machine, cause the machine to perform a secure restore of backed-up user settings and data comprising:
-
receiving a manifest and an associated digital signature from a host data processing system where backed-up user data and settings are stored; determining a set of objects to be restored based on walking entries in the manifest; performing the following for each object to be restored if the digital signature is valid, wherein the secure restore fails if the digital signature is not valid; decrypting a master encryption key (MEK) saved in the manifest; receiving a data stream of encrypted data for each object to be restored; computing a contents hash of the data stream for each object to be restored; and performing the following for each object to be restored if the contents hash of the received encrypted data matches a corresponding entry in the manifest, wherein the secure restore fails if the contents hash of the encrypted data for each object does not match the corresponding entry in the manifest; decrypting the object to be restored; deconstructing an object data and an object path of the object from the decrypted data; saving the object data in a temporary storage location; computing a path hash for the object; and deleting the manifest entry corresponding to the path hash of the object to be restored.
-
-
33. A method of performing a secure incremental backup of user settings and data comprising:
-
determining, at a host data processing system, if there is a valid manifest corresponding to a previous backup of a data processing device stored in a memory of the host system; and performing the following for each of a set of objects to be backed up if the manifest is valid; sending the manifest, including a digital signature for authentication, to a data processing device, wherein the data processing device validates the manifest and performs a secure incremental backup by backing up only those objects which have changed since a previous backup associated with the manifest was performed.
-
-
34. A method of performing a secure restore of backed-up user settings and data comprising:
-
sending, from a host data processing system where a backup set is stored, a manifest and digital signature to a data processing device, wherein the data processing device validates the manifest using the digital signature; and sending a data stream of encrypted data for each object to be restored to the data processing device, wherein the data processing device hashes the data stream and determines whether each received data stream corresponds to an entry in the manifest, and wherein if the data stream for each object to be restored corresponds to an entry in the manifest, the data processing device decrypts and deconstructs the received data stream to form the object to be restored and stores the object into a final destination.
-
-
35. A machine-readable medium that provides instructions, which when executed by a machine, cause the machine to perform a secure incremental backup of user settings and data comprising:
-
determining, at a host data processing system, if there is a valid manifest corresponding to a previous backup stored in a memory of the host system; and performing the following for each of a set of objects to be backed up if the manifest is valid; sending the manifest, including a digital signature for authentication, to a data processing device, wherein the data processing device validates the manifest and performs a secure incremental backup by backing up only those objects which have changed since a previous backup associated with the manifest was performed.
-
-
36. A machine-readable medium that provides instructions, which when executed by a machine, cause the machine to perform a secure restore of backed-up user settings and data comprising:
-
sending, from a host data processing system where a backup set is stored, a manifest and digital signature to a data processing device, wherein the data processing device validates the manifest using the digital signature; and sending a data stream of encrypted data for each object to be restored to the data processing device, wherein the data processing device hashes the data stream and determines whether each received data stream corresponds to an entry in the manifest, and wherein if the data stream for each object to be restored corresponds to an entry in the manifest, the data processing device decrypts and deconstructs the received data stream to form the object to be restored and stores the object into a final destination.
-
-
37. A means for performing a secure incremental backup of user settings and data comprising:
-
means for determining, at a host data processing system, if there is a valid manifest corresponding to a previous backup stored in a memory of the host system; and means for performing the following for each of a set of objects to be backed up if the manifest is valid; means for sending the manifest, including a digital signature for authentication, to a data processing device, wherein the data processing device validates the manifest and performs a secure incremental backup by backing up only those objects which have changed since a previous backup associated with the manifest was performed.
-
-
38. A means for performing a secure restore of backed-up user settings and data comprising:
-
means for sending, from a host data processing system where a backup set is stored, a manifest and digital signature to a data processing device, wherein the data processing device validates the manifest using the digital signature; and means for sending a data stream of encrypted data for each object to be restored to the data processing device, wherein the data processing device hashes the data stream and determines whether each received data stream corresponds to an entry in the manifest, and wherein if the data stream for each object to be restored corresponds to an entry in the manifest, the data processing device decrypts and deconstructs the received data stream to form the object to be restored and stores the object into a final destination.
-
Specification