SYSTEM AND METHOD FOR ENCRYPTING SECONDARY COPIES OF DATA
First Claim
Patent Images
1. A system for re-encrypting data stored as secondary copies on secondary storage media under a first encryption scheme, comprising:
- an encryption tracking component, wherein the encryption tracking component monitors encryption schemes associated with data stored as secondary copies on secondary storage media;
a media retrieval component, wherein the media retrieval component receives an indication from the encryption tracking component to change an encryption scheme for a secondary copy of data associated with a first encryption scheme, and retrieves a storage medium containing the secondary copy of data associated with the first encryption scheme;
an encryption component, wherein the encryption component decrypts the secondary copy of data associated with the first encryption scheme and encrypts at least a portion of the secondary copy with a second encryption scheme.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method for encrypting secondary copies of data is described. In some examples, the system encrypts a secondary copy of data after the secondary copy is created. In some examples, the system looks to information about a data storage system, and determines when and where to encrypt data based on the information.
177 Citations
21 Claims
-
1. A system for re-encrypting data stored as secondary copies on secondary storage media under a first encryption scheme, comprising:
-
an encryption tracking component, wherein the encryption tracking component monitors encryption schemes associated with data stored as secondary copies on secondary storage media; a media retrieval component, wherein the media retrieval component receives an indication from the encryption tracking component to change an encryption scheme for a secondary copy of data associated with a first encryption scheme, and retrieves a storage medium containing the secondary copy of data associated with the first encryption scheme; an encryption component, wherein the encryption component decrypts the secondary copy of data associated with the first encryption scheme and encrypts at least a portion of the secondary copy with a second encryption scheme. - View Dependent Claims (2, 3, 4)
-
-
5. A method of dynamically choosing a time to encrypt a copy of data created from data included in an original data set, the method comprising:
-
receiving information related to a completion time of a data storage operation starting before a first time and required to be completed before the first time, wherein the data storage operation creates copies of at least a portion of the original data set; estimating a modified completion time based on the completion time and based on a time required to encrypt the created copies of the at least portion of the data set; and when the modified completion time occurs after the first time, encrypting data contained in the created copies after creation of the copies; and when the modified completion time occurs before the first time, encrypting data contained in the created copies during creation of the copies. - View Dependent Claims (6, 7)
-
-
8. A method of dynamically choosing a resource to encrypt a copy of data created from data included in an original data set, the method comprising:
-
receiving information related to a completion time of a data storage operation starting before a first time and required to finish before the first time, wherein the data storage operation creates copies of at least a portion of the original data set; estimating a modified completion time based on the completion time and based on a time required to encrypt the created copies of the at least portion of the data set; and when the estimated completion time occurs after the first time, encrypting data contained in the created copies using resources not employed by the data storage operation.
-
-
9. A system for encrypting secondary copies of a data store created by a file system, comprising:
-
two or more data reception components, wherein the two or more data reception components communicate with a data server containing the data store and receive data from the data store to be stored into secondary copies; two or more data storage components, wherein the two or more data storage components receive the data to be stored into secondary copies, create the secondary copies, and transfer the secondary copies to be stored to storage media; and an encryption component, wherein the encryption component receives at least a portion of the secondary copies from the two or more data storage components;
encrypts at least a portion of the secondary copies; and
transfers the at least portion of the secondary copies to the storage media. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A method of producing a secondary copy of data from an original set of data, the method comprising:
-
creating a first copy of the data from the original set of the data, wherein the first copy contains data in a format similar to a format of the data contained in the original data set; creating a second copy of the data from the first copy, wherein the second copy contains data in a different format than the format of the data contained in the original data set; and encrypting the second copy the data after the second copy of the data has been created. - View Dependent Claims (15, 16, 17)
-
-
18. A method of encrypting data to be stored as a secondary copy of a data set, the method comprising:
-
determining storage operations to be performed in creating the secondary copy of the data set, wherein determining storage operations includes identifying storage resources to be utilized by the storage operations; identifying from amongst the determined storage operations one or more storage operations to be used to encrypt the secondary copy; calculating a time to performing the determined storage operations including the identified storage operations to be used to encrypt the secondary copy; when the calculated time exceeds a threshold time for creating the secondary copy of the data set; identifying data within the data set to be stored without encryption, wherein identifying the data includes reviewing characteristics of the data to determine whether the data requires encryption under a pre-determined encryption criteria; storing the identified data within the data set to be stored without encryption, wherein storing the identified data includes utilizing the identified storage resources; and encrypting the non-identified data within the data set using storage resources not utilized by the storage operations. - View Dependent Claims (19, 20, 21)
-
Specification