| 发明名称 | Cryptographic erasure of selected encrypted data | ||
| 摘要 | Exemplary method, system, and computer program product embodiments for cryptographic erasure of selected encrypted data are provided. In one embodiment, by way of example only, data files are configured with a derived key. The derived keys adapted to be individually shredded in a subsequent erasure operation. The derived key allows for cryptographic erasure of the selected encrypted data in the data files without necessitating at least one of removal and rewrite of retained data. Additional system and computer program product embodiments are disclosed and provide related advantages. | ||
| 申请公布号 | US8918651(B2) | 申请公布日期 | 2014.12.23 |
| 申请号 | US201213471005 | 申请日期 | 2012.05.14 |
| 申请人 | International Business Machines Corporation | 发明人 | Greco Paul Merrill;Jaquette Glen Alan |
| 分类号 | H04L9/14;H04L9/00;G06F12/14;H04L9/08;G06F21/62;G06F3/06 | 主分类号 | H04L9/14 |
| 代理机构 | Griffiths & Seaton PLLC | 代理人 | Griffiths & Seaton PLLC |
| 主权项 | 1. A method for cryptographic erasure of selected encrypted data by a processor device in a computing environment, the method comprising: encrypting data files with a plurality of derived keys, wherein: each derived key comprises both a shred key for deleting the data files and a served key for encrypting the data files, andthe plurality of derived keys are adapted to be individually shredded in a subsequent erasure operation; placing the plurality of derived keys in a key store data set (KSDS); encrypting the KSDS with a different key than any of the plurality of derived keys; providing a label for each of the shred key and the served key in the KSDS; shredding the label, the shred key, and the served key, wherein failure to shred the shred key and the served key does not prohibit the shredding; and rewriting the KSDS without the deleted label, the shred key, and the served key. | ||
| 地址 | Armonk NY US | ||