End-to-end encryption and backup in data protection environments

End-to-end encryption and backup in data protection environments

A computer receives a set of objects from a client (201), whereby at least one of the objects of the set are respectively associated and encrypted with a unique file encryption key (FEK). The computer encrypts each of the FEKs with a common master encryption key (MEK), resulting in respective locked...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Dominic Mueller-Wicke, Erik Rueger, Christian Mueller
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A computer receives a set of objects from a client (201), whereby at least one of the objects of the set are respectively associated and encrypted with a unique file encryption key (FEK). The computer encrypts each of the FEKs with a common master encryption key (MEK), resulting in respective locked keys. In an initial backup, the encrypted objects together with their associated locked keys are transmitted to a backup server (205) where a first module determines if locked key has changed via referencing an encryption state associated with the encrypted objects. If an MEK has changed, the existing FEKs are re-encrypted with the changed MEK to generate new locked keys, and, in a subsequent backup operation, sending the new locked keys to the backup server (205) to replace the existing locked keys, while avoiding transmitting to the backup server (205) the objects whose associated FEKs are affected by the changed MEK.