公开(公告)号：GB2520489A

公开(公告)日：2015-05-27

申请号：GB201320459

申请日：2013-11-20

Applicant: IBM

Inventor： LEBUTSCH DAVID ,  WAIZENEGGER TIM ,  MEGA CATALDO ,  BARNEY JONATHAN M ,  SCHLEIPEN STEFAN

IPC: G06F21/62 ,  G06F3/06 ,  G06F21/78

Abstract: Data processing and storage apparatus comprises a hardware security module and a data storage medium 2 storing encrypted data objects in a hierarchical data maintenance structure of encrypted partition tables and hash-nodes forming a rooted tree, where: a partition table comprises a first reference to an encrypted data object and a first cryptographic key for its decryption; a hash-node comprises a second reference to a partition table or hash-node and a second cryptographic key for its decryption; the root node is decipherable using a master cryptographic key stored in internal storage 4 of the hardware security module; a data object is assigned to the root node via first and second references of a partition table and hash-nodes forming a set of successive nodes in the rooted tree; and a secure deletion of a data object is performed by: traversing the set of successive nodes in the tree by successively decrypting all hash-nodes and the partition table starting from the root node; and recursively traversing the set of successive nodes starting from the partition table and re-encrypting all the traversed nodes with new second cryptographic keys, with the first cryptographic key being removed or disregarded in the re-encryption.