摘要 |
In a data storage system, content-containing objects to be stored are added to a storage hierarchy that is based on content relationships. The content of each stored object is encrypted and a stub is associated with that object. For each stored object other than a root object, the stub comprises a function of a decryption key for the content of that object and the stubs of all of the ancestors of that object. The stubs can be used to calculate a new stub for a data object to be inserted into the storage hierarchy and to generate a decryption key for an existing object. Since these latter calculations for an object involve the stubs of all ancestors of that object, deleting a stub for an object securely deletes that object and all its descendants. An object can be moved by recalculating its stub.
|