Deletion of content in digital storage systems

摘要

A data processing and storage apparatus has a hardware security module and a data storage medium storing encrypted data objects and a hierarchical data maintenance structure of encrypted partition tables and hash-nodes forming a rooted tree, where a given partition table comprises a first reference to a given encrypted data object and a first cryptographic key for decryption thereof, where a given hash-node comprises a second reference to a partition tables or hash-node and a second cryptographic key being suitable for decryption thereof, and where the root node is decipherable using a master cryptographic key stored in the hardware security module, the given data object being assigned to the root node via the first and second references of the given partition table and the given hash-nodes forming a set of successive nodes in the rooted tree.

主权项

1. A data processing and storage apparatus comprising:
a data storage medium; and a hardware security module, said hardware security module having an internal storage for securely storing a master cryptographic key, said data storage medium being configured for storing a number of individually encrypted data objects and a data maintenance structure comprising a number of individually encrypted partition tables and individually encrypted hash-nodes, the encrypted partition tables and the encrypted hash-nodes forming a hierarchical data structure via a rooted tree, wherein:
a given partition table of said partition tables comprises a first reference assigning a given encrypted data object of the encrypted data objects to the given partition table, wherein said given partition table further comprises a first cryptographic key being suitable for decryption of said given encrypted data object,a given hash-node of said hash-nodes comprises a second reference assigning one of the encrypted partition tables or one of the hash-nodes to the given hash-node, wherein said given hash-node comprises a second cryptographic key being suitable for decryption of said one of the encrypted partition tables or one of the hash-nodes assigned to the given hash node via the second reference, andthe root node of the rooted tree is decipherable using the master cryptographic key, the given data object being assigned to the root node via the first and second references of the given partition table and the given hash-nodes, wherein said given partition table and the given hash-nodes form a first set of successive nodes in the tree; and wherein the data processing and storage apparatus comprises an application program, the application program being operable for receiving an instruction for deleting said given data object, wherein the application program is further operable in response to receiving the instruction for deleting said given data object for:
traversing the first set of successive nodes in the tree by successively decrypting all hash-nodes and the partition table starting from the root node using the second cryptographic keys obtained by decrypting each of the nodes, andrecursively traversing the first set of successive nodes starting from the partition table and re-encrypting all said recursively traversed nodes with new second cryptographic keys, whereby the first cryptographic key is removed from the partition table or disregarded in the re-encryption of the partition table.