System and method for secure deletion of data

US 9,749,132 B1
Filed: 11/28/2011
Issued: 08/29/2017
Est. Priority Date: 11/28/2011
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a plurality of networked storage devices of a cloud-based storage service that implement a data store configured to store encrypted data, wherein the plurality of networked storage devices is connected via a storage service network;

a separate index for each of at least two levels of a storage hierarchy for the data store, wherein each index is configured to store a plurality of metadata entries for the encrypted data stored across the plurality of networked storage devices, wherein each metadata entry is for a different data item in the data store, and wherein each metadata entry comprises an identifier, location information and a random encryption key; and

a hierarchical storage manager connected to the networked storage devices via the storage service network and configured to receive, via a web services interface and over an intermediate network, a storage request to store a data item, wherein in response to the storage request, the storage manager is configured to;

generate a random key for the data item at a first level of the storage hierarchy;

encrypt the data item, wherein the random key is usable to decrypt the encrypted data item at the first level of the storage hierarchy;

generate one or more different random keys for one or more portions of the data item at a second level of the storage hierarchy;

encrypt the respective one or more portions of the encrypted data item, wherein the one or more different random keys are usable to decrypt the respective one or more encrypted portions of the encrypted data item at the second level of the storage hierarchy;

store the respective one or more encrypted portions of the encrypted data item over the storage service network to one or more of the networked storage devices of the data store; and

store the random key in a metadata entry in an index for the first level of the storage hierarchy and store the one or more different random keys in respective metadata entries of an index for the second level of the storage hierarchy;

wherein the storage manager is further configured to receive a delete request over the intermediate network to delete, at a specified level of the storage hierarchy, one or more of a plurality of data items stored in the data store, wherein in response to the delete request, the hierarchical storage manager is configured to;

access the corresponding metadata entry in the index for the specified level of the storage hierarchy to remove at least the random key from the corresponding metadata entry in the index for each of the data items to be deleted at the specified level of the storage hierarchy, wherein after the delete request is complete;

the encrypted data for the one or more data items requested to be deleted remains on the networked storage devices that implement the data store, andone or more random keys, corresponding to the one or more data items requested to be deleted, in an index for another level of the storage hierarchy not specified in the delete request remain in respective metadata entries.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for secure deletion of data items in a storage system may support the deletion of stored data item. In response to a storage request, a storage manager may generate a key corresponding to the data item to be stored and encrypt the data item before storing the data item in a data store. The key may be stored in an index comprising metadata corresponding to the data item. In response to a delete request, the storage system may determine the corresponding metadata entry in the index and remove the key corresponding to the data item without accessing the data item.

49 Citations

View as Search Results

27 Claims

1. A system, comprising:
- a plurality of networked storage devices of a cloud-based storage service that implement a data store configured to store encrypted data, wherein the plurality of networked storage devices is connected via a storage service network;
  
  a separate index for each of at least two levels of a storage hierarchy for the data store, wherein each index is configured to store a plurality of metadata entries for the encrypted data stored across the plurality of networked storage devices, wherein each metadata entry is for a different data item in the data store, and wherein each metadata entry comprises an identifier, location information and a random encryption key; and
  
  a hierarchical storage manager connected to the networked storage devices via the storage service network and configured to receive, via a web services interface and over an intermediate network, a storage request to store a data item, wherein in response to the storage request, the storage manager is configured to;
  
  generate a random key for the data item at a first level of the storage hierarchy;
  
  encrypt the data item, wherein the random key is usable to decrypt the encrypted data item at the first level of the storage hierarchy;
  
  generate one or more different random keys for one or more portions of the data item at a second level of the storage hierarchy;
  
  encrypt the respective one or more portions of the encrypted data item, wherein the one or more different random keys are usable to decrypt the respective one or more encrypted portions of the encrypted data item at the second level of the storage hierarchy;
  
  store the respective one or more encrypted portions of the encrypted data item over the storage service network to one or more of the networked storage devices of the data store; and
  
  store the random key in a metadata entry in an index for the first level of the storage hierarchy and store the one or more different random keys in respective metadata entries of an index for the second level of the storage hierarchy;
  
  wherein the storage manager is further configured to receive a delete request over the intermediate network to delete, at a specified level of the storage hierarchy, one or more of a plurality of data items stored in the data store, wherein in response to the delete request, the hierarchical storage manager is configured to;
  
  access the corresponding metadata entry in the index for the specified level of the storage hierarchy to remove at least the random key from the corresponding metadata entry in the index for each of the data items to be deleted at the specified level of the storage hierarchy, wherein after the delete request is complete;
  
  the encrypted data for the one or more data items requested to be deleted remains on the networked storage devices that implement the data store, andone or more random keys, corresponding to the one or more data items requested to be deleted, in an index for another level of the storage hierarchy not specified in the delete request remain in respective metadata entries.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein the storage manager further comprises an encryption module configured to generate the random key for the data item at the first level of the storage hierarchy;
    - and wherein the encryption module is further configured with an interface for receiving input for selecting one of a plurality of encryption algorithms to be used for encrypting a given data item.
  - 3. The system of claim 1, wherein the system is further configured as a multi-client network based storage system,wherein the multi-client network based storage system is configured to store a plurality of data items for a plurality of clients,wherein for the first level of the storage hierarchy the plurality of data items for each of the plurality of clients is stored in a respective client object,wherein the index for the first level of the storage hierarchy is a client object index,wherein each metadata entry of the client object index corresponds to a different client object, andwherein the random key in each metadata entry of the client object index is used to decrypt the corresponding client object.
  - 4. The system of claim 3, wherein the multi-client network based storage system is further configured to, in response to an object delete request:
    - remove at least the key from the metadata entry in the client object index for one or more of the client objects to be deleted,wherein after the client object delete request is complete, the encrypted one or more client objects remain in the data store.
  - 5. The system of claim 1, wherein the system is further configured to store each data item received for a particular client volume in a block level storage that corresponds to the second level of the storage hierarchy,wherein the index for the second level of the storage hierarchy is a block level index,wherein each metadata entry in the index for the second level of the storage hierarchy corresponds to a different block, andwherein the random key in each metadata entry in the index for the second level of the storage hierarchy is used to decrypt the corresponding block.
  - 6. The system of claim 1, wherein the separate indexes are stored on one or more devices that are distinct from the networked storage devices storing the encrypted data.

7. A system, comprising:
- one or more processors; and
  
  a memory coupled to the one or more processors and storing program instructions that when executed by the one or more processors implement a storage manager configured to;
  
  receive, by a cloud-based storage service over an intermediate network, a storage request to store a data item in a data store having a storage hierarchy, the data store implemented by one or more networked storage devices of the cloud-based storage service, wherein the one or more networked storage devices are connected via a storage service network;
  
  generate, by the cloud-based storage service, a random key for the data item at a first level of the storage hierarchy;
  
  encrypt, by the cloud-based storage service, the data item, wherein the random key is usable to decrypt the encrypted data item at the first level of the storage hierarchy;
  
  generate one or more different random keys for one or more portions of the data item at a second level of the storage hierarchy;
  
  encrypt the respective one or more portions of the encrypted data item, wherein the one or more different random keys are usable to decrypt the respective one or more encrypted portions of the encrypted data item at the second level of the storage hierarchy;
  
  store, by the cloud-based storage service, the respective one or more encrypted portions of the encrypted data item over the storage service network to the one or more networked storage devices of the data store;
  
  store the random key in a metadata entry of an index for the first level of the storage hierarchy and store the one or more random keys in respective metadata entries of an index for the second level of the storage hierarchy, wherein the indexes are configured to store a plurality of metadata entries for the encrypted data stored in the one or more networked storage devices; and
  
  in response to receipt of a delete request over the intermediate network to delete, at a specified level of the storage hierarchy, one or more of a plurality of data items stored in the data store;
  
  access the corresponding metadata entry in the index for the specified level of the storage hierarchy to both modify the corresponding metadata entry, and remove the random key from the corresponding metadata entry in the index for each of the data items to be deleted at the specified level of the storage hierarchy, wherein after the delete request is complete;
  
  the encrypted data for the one or more data items requested to be deleted remains on the networked storage devices that implement the data store andone or more random keys, corresponding to the one or more data items requested to be deleted, in an index for another level of the storage hierarchy not specified in the delete request remain in respective metadata entries.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
- - 8. The system of claim 7, wherein said store the random key in a metadata entry for the first level of the storage hierarchy further comprises store the random key in the index for the first level of the storage hierarchy, the index comprising a plurality of metadata entries, wherein each metadata entry is for a different data item in the data store, and wherein each metadata entry comprises an identifier, location information and a random encryption key.
  - 9. The system of claim 7, wherein said remove the random key from the index for each of the data items to be deleted comprises over-write the key in each metadata entry for each of the data items to be deleted.
  - 10. The system of claim 7, wherein the data store comprises a Flash memory, Phase Change Memory (PRAM), magnetic hard disk drive, tape disk drive or optical disk drive.
  - 11. The system of claim 10, wherein the magnetic hard disk drive is further configured as a Shingled Magnetic Recording hard disk drive.
  - 12. The system of claim 7, wherein the program instructions when executed by the one or more processors cause the one or more processors to:
    - receive a read request to read one or more of the plurality of data items stored in the data store;
      
      locate the metadata entry for the data item in the index; and
      
      decrypt the data item using the random key stored in the index.
  - 13. The system of claim 7, wherein the indexes are stored on one or more devices that are distinct from the one or more networked storage devices that store the encrypted data.
  - 14. The system of claim 7, further comprising mark for re-use one or more locations in the data store storing the encrypted data for the one or more data items requested to be deleted.
  - 15. The system of claim 7, wherein said store the random key in a metadata entry further comprises store the random key with the encrypted data item in the data store.

16. A method, comprising:
- performing, by one or more computers;
  
  receiving, over an intermediate network by a cloud-based storage service, a storage request to store a data item in a data store having a storage hierarchy, the data store implemented by a plurality of networked storage devices of the cloud-based storage service, wherein the plurality of networked storage devices is connected via a storage service network; and
  
  in response to said receiving;
  
  generating a random key for the data item at a first level of the storage hierarchy;
  
  encrypting the data item, wherein the random key is useable to decrypt the encrypted data item at the first level of the storage hierarchy;
  
  generate one or more different random keys for one or more portions of the data item at a second level of the storage hierarchy;
  
  encrypt the respective one or more portions of the encrypted data item, wherein the one or more different random keys are usable to decrypt the respective one or more encrypted portions of the encrypted data item at the second level of the storage hierarchy;
  
  storing the respective one or more encrypted portions of the encrypted data item over the storage service network to one or more of the plurality of networked storage devices of the data store;
  
  accessing an index for the first level of the storage hierarchy to store the random key in a corresponding metadata entry in the first level index, and store the one or more random keys in respective metadata entries of an index for the second level of the storage hierarchy, the indexes configured to store a plurality of metadata entries for the encrypted data stored in the plurality of networked storage devices, wherein the metadata entries in the indexes comprise an identifier, location information and the random key for the data item;
  
  receiving a delete request over the intermediate network to delete, at a specified level of the storage hierarchy, one or more of a plurality of data items stored in the data store, wherein the plurality of data items is stored in an encrypted form in the data store; and
  
  subsequent to said receiving;
  
  determining a metadata entry for each of the one or more of a plurality of encrypted data items from the index for the specified level of the storage hierarchy;
  
  removing at least the random key from the metadata entry in the index for each of the data items to be deleted for the specified level of the storage hierarchy, wherein after the delete request is complete;
  
  the encrypted data for the one or more data items requested to be deleted remains on the networked storage devices that implement the data store andone or more random keys, corresponding to the one or more data items requested to be deleted, in an index for another level of the storage hierarchy not specified in the delete request remain in respective metadata entries.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. The method of claim 16, wherein said removing at least the random key from the metadata entry in the index for each of the data items to be deleted comprises over-writing the key for each of the data items to be deleted.
  - 18. The method of claim 16, wherein said delete request is a client object delete request.
  - 19. The method of claim 16, wherein said delete request is a block level delete request.
  - 20. The method of claim 16, wherein the data store is configured as a multi-client network based storage system, wherein said storage request is a client object storage request.
  - 21. The method of claim 16, wherein said storage request is a block level storage request.
  - 22. The method of claim 16, further comprising:
    - receiving a read request over the intermediate network to read one or more of a plurality of data items stored in the data store;
      
      in response to said receiving the read request;
      
      locating the one or more metadata entries for the one or more data items in one or more of the indexes; and
      
      decrypting the one or more data items using the corresponding one or more random keys stored in the one or more indexes.
  - 23. The method of claim 16, wherein the indexes are stored on one or more devices that are distinct from the networked storage devices that store the encrypted data item.

24. A non-transitory, computer-readable storage medium storing program instructions computer executable to implement a storage manager configured to:
- receive a storage request over an intermediate network by a cloud-based storage service to store a data item in a data store having a storage hierarchy, the data store implemented by a plurality of networked storage devices of the cloud-based storage service that are connected via a storage service network; and
  
  in response to said receive the storage request;
  
  generate a random key for the data item at a first level of the storage hierarchy;
  
  encrypt the data item, wherein the random key is usable to decrypt the encrypted data item at the first level of the storage hierarchy;
  
  generate one or more different random keys for one or more portions of data item at a second level of the storage hierarchy;
  
  encrypt the respective one or more portions of the encrypted data item, wherein the one or more different random keys are usable to decrypt the respective one or more encrypted portions of the encrypted data item at the second level of the storage hierarchy;
  
  store the respective one or more encrypted portions of the encrypted data item over the storage service network to one or more of the networked storage devices of the data store;
  
  access an index for the first level of the storage hierarchy to store the random key in a corresponding metadata entry in the first level index, and store the one or more random keys in respective metadata entries of an index for the second level of the storage hierarchy the indexes configured to store a plurality of metadata entries for the encrypted data stored in the plurality of networked storage devices;
  
  receive a delete request over the intermediate network to delete, at a specified level of the storage hierarchy, one or more of a plurality of data items stored in a data store;
  
  subsequent to said receive the delete request;
  
  determine a metadata entry for each of the one or more of a plurality of encrypted data items from the index for the specified level of the storage hierarchy, wherein the metadata entry in the index comprises an identifier and a random encryption key for the data item; and
  
  remove at least the encryption key from the index for each of the data items to be deleted for the specified level of the storage hierarchy, wherein after the delete request is complete;
  
  the encrypted data for the one or more data items requested to be deleted remains on the networked storage devices that implement data store, andone or more random keys, corresponding to the one or more data items requested to be deleted, in an index for another level of the storage hierarchy not specified in the delete request remain in respective metadata entries.
- View Dependent Claims (25, 26, 27)
- - 25. The storage medium of claim 24, wherein the program instructions are further executable to:
    - select one of a plurality of encryption algorithms to be used for said encrypt the data item.
  - 26. The storage medium of claim 24, wherein the program instructions are further executable to:
    - receive, over the intermediate network a read request to read one or more of a plurality of data items stored in the first level of the storage hierarchy in the data store;
      
      in response to said receive the read request;
      
      locate the data item in the first level index; and
      
      decrypt the data item using the random key stored in the metadata entry of the first level index.
  - 27. The storage medium of claim 24, wherein the indexes are stored on one or more devices that are distinct from the networked storage devices that store the encrypted data item.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Hamilton, James R.
Primary Examiner(s)
Lesniewski, Victor

Application Number

US13/305,340
Time in Patent Office

2,101 Days
Field of Search

380 44, 380 46, 713193, 726 30, 707741, 707827, 707830
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/602   Providing cryptographic fac...

H04L 9/0869   involving random numbers or...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/14   using a plurality of keys o...

System and method for secure deletion of data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

49 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for secure deletion of data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links