公开(公告)号：GB2564318B

公开(公告)日：2019-07-31

申请号：GB201815487

申请日：2017-02-15

Applicant: IBM

Inventor： CHRISTIAN MUELLER ,  DOMINIC MUELLER-WICKE ,  ERIK RUEGER

IPC: H04L9/08 ,  G06F11/14 ,  G06F21/60 ,  G06F21/62

Abstract: A computer receives a set of objects from a client, whereby at least one of the objects of the set are respectively associated and encrypted with a unique file encryption key (FEK). The computer encrypts each of the FEKs with a common master encryption key, MEK, resulting in respective locked keys. In an initial backup, the encrypted objects together with their associated locked keys are transmitted to a backup server where a first module determines if locked key has changed via referencing an encryption state associated with the encrypted objects. If an MEK has changed, the existing FEKs are re-encrypted with the changed MEK to generate new locked keys, and, in a subsequent backup operation, sending the new locked keys to the backup server to replace the existing locked keys, while avoiding transmitting to the backup server the objects whose associated FEKs are affected by the changed MEK.

公开(公告)号：GB2564318A

公开(公告)日：2019-01-09

申请号：GB201815487

申请日：2017-02-15

Applicant: IBM

Inventor： CHRISTIAN MUELLER ,  DOMINIC MUELLER-WICKE ,  ERIK RUEGER

IPC: H04L9/08 ,  G06F11/14 ,  G06F21/60 ,  G06F21/62

Abstract: A computer receives a set of objects from a client (201), whereby at least one of the objects of the set are respectively associated and encrypted with a unique file encryption key (FEK). The computer encrypts each of the FEKs with a common master encryption key (MEK), resulting in respective locked keys. In an initial backup, the encrypted objects together with their associated locked keys are transmitted to a backup server (205) where a first module determines if locked key has changed via referencing an encryption state associated with the encrypted objects. If an MEK has changed, the existing FEKs are re-encrypted with the changed MEK to generate new locked keys, and, in a subsequent backup operation, sending the new locked keys to the backup server (205) to replace the existing locked keys, while avoiding transmitting to the backup server (205) the objects whose associated FEKs are affected by the changed MEK.

公开(公告)号：GB2529436B

公开(公告)日：2016-05-18

申请号：GB201414750

申请日：2014-08-20

Applicant: IBM

Inventor： DOMINIC MUELLER-WICKE ,  THOMAS SCHREIBER ,  FABIAN KUHL ,  NILS HAUSTEIN ,  CHRISTIAN MUELLER

IPC: G06F11/14 ,  G06F17/30

Abstract: Operating a data processing and storage apparatus to perform continuous backup monitoring for a collection of stored file system objects. In response to changes respective to a number of the file system objects, a set of Data Management Application Program Interface (DMAPI) events is created. For each of the events, accessory file system object information relative to a file system object subject to the change is determined. The events are grouped into an event group and a unique group identifier and an overall group size count are assigned to each of the events included in the event group. The events are sent together with the respective accessory file system object information, the respective group identifier and the respective group size to a number of backup clients registered as applications. The backup clients are to process the events together with the respective accessory file system object information, the respective group identifier and the respective group size into a number of backup requests.