End-to-end encryption and backup in data protection environments
US10121012B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Oct 18, 2017 |
| Grant date | Nov 6, 2018 |
| Priority date | — |
| Expiry date | Oct 18, 2037 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2201/80
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A computer receives a set of objects from a client, whereby at least one of the objects of the set are respectively associated and encrypted with a unique file encryption key (FEK). The computer encrypts each of the FEKs with a common master encryption key, MEK, resulting in respective locked keys. In an initial backup, the encrypted objects together with their associated locked keys are transmitted to a backup server where a first module determines if locked key has changed via referencing an encryption state associated with the encrypted objects. If an MEK has changed, the existing FEKs are re-encrypted with the changed MEK to generate new locked keys, and, in a subsequent backup operation, sending the new locked keys to the backup server to replace the existing locked keys, while avoiding transmitting to the backup server the objects whose associated FEKs are affected by the changed MEK.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.