System and method for encrypting secondary copies of data
First Claim
Patent Images
1. A method of dynamically choosing a time to encrypt a copy of data created from unencrypted data, the method comprising:
- receiving information related to a first completion time, wherein the first completion time is within a storage window to complete a data storage operation, wherein the data storage operation creates one or more copies of at least a portion of an unencrypted data set, and transmits the one or more copies to at least one storage device;
estimating with one or more computer processors comprising computer hardware, a second completion time, wherein the second completion time is based on an estimated amount of time it will take to encrypt at least a portion of the one or more copies;
when the second completion time occurs after the first completion time, creating and transferring the one or more copies to the at least one storage device without encrypting the data contained in the one or more copies, and after transfer, encrypting at least a portion of the one or more copies; and
when the second completion time occurs before the first completion time, encrypting at least a portion of the data contained in the one or more copies in association with performing the storage operation.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method for encrypting secondary copies of data is described. In some examples, the system encrypts a secondary copy of data after the secondary copy is created. In some examples, the system looks to information about a data storage system, and determines when and where to encrypt data based on the information.
274 Citations
7 Claims
-
1. A method of dynamically choosing a time to encrypt a copy of data created from unencrypted data, the method comprising:
-
receiving information related to a first completion time, wherein the first completion time is within a storage window to complete a data storage operation, wherein the data storage operation creates one or more copies of at least a portion of an unencrypted data set, and transmits the one or more copies to at least one storage device; estimating with one or more computer processors comprising computer hardware, a second completion time, wherein the second completion time is based on an estimated amount of time it will take to encrypt at least a portion of the one or more copies; when the second completion time occurs after the first completion time, creating and transferring the one or more copies to the at least one storage device without encrypting the data contained in the one or more copies, and after transfer, encrypting at least a portion of the one or more copies; and when the second completion time occurs before the first completion time, encrypting at least a portion of the data contained in the one or more copies in association with performing the storage operation. - View Dependent Claims (2, 3)
-
-
4. A method of dynamically choosing a resource to encrypt a copy of data created from unencrypted data, the method comprising:
-
receiving information related to a first completion time, wherein the first completion time is within a storage window to complete a data storage operation, wherein the data storage operation creates one or more copies of at least a portion of an unencrypted data set, and transmits the one or more copies to at least one storage device; estimating with one or more computer processors comprising computer hardware, a second completion time, wherein the second completion time is based on an estimated amount of time it will take to encrypt the one or more copies; and when the second completion time occurs after the first completion time, creating and transferring the one or more copies to the at least one storage device without encrypting the data contained in the one or more copies.
-
-
5. A method of encrypting data to be stored as a secondary copy of an unencrypted data set, the method comprising:
-
determining storage operations to be performed in creating the secondary copy of at least a portion of an unencrypted data set, wherein determining storage operations includes identifying storage resources to be utilized by the storage operations; identifying from amongst the determined storage operations one or more storage operations to be used to encrypt the secondary copy; calculating a first completion time, wherein the first completion time is within a storage window to perform the determined storage operations including the identified storage operations to be used to encrypt the secondary copy; when the first completion time exceeds a threshold time for creating the secondary copy of the at least a portion of the unencrypted data set; identifying with one or more computer processors comprising computer hardware, data within the unencrypted data set to be stored without encryption, wherein identifying the data includes reviewing characteristics of the data to determine whether the data requires encryption under a pre-determined encryption criteria; storing the identified data within the unencrypted data set to be stored without encryption, wherein storing the identified data includes utilizing the identified storage resources; and encrypting the non-identified data within the unencrypted data set using storage resources not utilized by the storage operations. - View Dependent Claims (6, 7)
-
Specification