Simplified Deletion of Personal Private Data in Cloud Backup Storage for GDPR Compliance
Abstract
In a public cloud that stores data in a database system for a plurality of entities as primary data and as one or more secondary backup copies of the primary data, the data being stored in predefined data fields of data records, personal private data of each entity is stored encrypted using an encryption/decryption key that is unique to each different entity. The encryption/decryption keys are stored in the cloud in a key store of a key management system. To delete the personal private data of a particular entity, as to comply with the right to be forgotten pursuant to GDPR regulations, or otherwise, the encryption/decryption key for that particular entity is deleted from the key store to render permanently inaccessible all copies of that entity's personal private data.
Claims
exact text as granted — not AI-modified1 . A method of managing data stored in a cloud database system, the data comprising a primary copy of the data and one or more secondary copies of the data, said data comprising a separate data record for each of a plurality of different entities of a user, each said data record having a plurality of different data fields storing different data, the method comprising:
defining a sensitivity type for the data stored in the data fields of said data records in said cloud database system, the sensitivity type comprising, for each entity, private data having restricted access and non-private data having unrestricted access, said private data being stored in the cloud database system in encrypted form using a different encryption key for each said entity, and said non-private data being stored in unencrypted form; storing information in the cloud identifying for each said entity the data fields of a data record of said entity that contain private data in encrypted form, and storing in a key store in the cloud a decryption key for each different entity, wherein there are different classes of private data stored in said data fields of said data records, each different class of private data of an entity having a corresponding decryption key stored in said key store; and deleting a selected class of the private data of a selected entity by deleting the corresponding decryption key in said key store in said cloud to render only said selected class of private data inaccessible.
2 . The method of claim 1 , wherein all copies of said selected class of private data of the selected entity are encrypted using the same encryption key, and said deleting said decryption key renders inaccessible all of said copies of said selected class of private data of the selected entity.
3 . The method of claim 1 , wherein said cloud comprises a compute instance executing an encryption algorithm for encrypting and decrypting private data, and said deleting said private data comprises deleting a decryption key in said key store for said encryption algorithm.
4 . The method of claim 3 , wherein said compute instance further executes a user-defined cloud application, and said cloud further comprises a gateway API, the gateway API mediating requests from said cloud application for access to private entity data in said database system by invoking said encryption algorithm to encrypt and decrypt said requests.
5 . The method of claim 4 , wherein said compute instance in the cloud further executes user-selected code that responds to events and automatically manages cloud resources as required by said events.
6 . The method of claim 1 , wherein said private data is encrypted using a symmetric cryptographic algorithm that uses the same key for encryption and decryption.
7 . A method of managing data stored in a cloud database system, the data comprising a primary copy of the data and one or more secondary backup copies of the primary data, said data comprising a data record for each of a plurality of different entities, each said data record having a plurality of different data fields, the method comprising:
defining a sensitivity type for the data stored in the data fields of said data records in said cloud database system, the sensitivity type comprising, for each entity, private data having restricted access, said private data being stored in the cloud database system in encrypted form using a different encryption key for each entity, wherein there are different classes of private data stored in said data fields of said data records, each different class of private data of an entity having a corresponding unique encryption/decryption key stored in a key store in said cloud; receiving a request to delete a particular class of private data of a selected entity that is stored in said cloud database system; accessing from a fields database in said cloud information identifying for the selected entity the data fields of a data record of said selected entity that store said particular private data; and deleting from said cloud key store a decryption key that corresponds to said particular class of private data and that is necessary for decrypting the particular class of private data of the selected entity, to render inaccessible all copies of said class of private data of the selected entity stored in said database system.
8 . The method of claim 7 , wherein said deleting comprises accessing the key store and deleting the corresponding decryption key of said particular class of private data of the selected entity from said key store.
9 . The method of claim 7 further comprising servicing a request for a class of personal private data of an entity that has been deleted by returning the data record of that entity with the personal private data fields encrypted.
10 . The method of claim 7 , wherein said private data is encrypted using a symmetric cryptographic algorithm that uses the same key for encryption and decryption.
11 . Non-transitory storage medium embodying executable instructions for controlling a processor to perform a method of managing data stored in a cloud database system, the data being stored in multiple different fields of separate data records for each of a plurality of different entities of a user, said data being of different sensitivity types comprising different classes of private data having restricted access and non-private data having unrestricted access, the method comprising:
storing said different classes of private data of an entity in different fields of said data records in encrypted form using different encryption keys for each said different class of private data, and storing information identifying for each entity the fields of each data record of said each entity that contain private data in encrypted form and the class of said private data; further storing in a key store in the cloud corresponding unique decryption keys for each different entity and for each different class of private data; and deleting a selected class of private data of a selected entity by deleting a corresponding decryption key in said key store to render said selected class of private data of the selected entity inaccessible.
12 . The non-transitory storage medium of claim 11 , wherein all copies of said selected class of private data of the selected entity are encrypted using the same encryption key, and said deleting said corresponding decryption key renders inaccessible all copies of said selected class of private data of the selected entity.
13 . The non-transitory storage medium of claim 11 , wherein said cloud comprises a compute instance executing a encryption/decryption algorithm for encrypting and decrypting said selected private data of said selected entity, and a cloud gateway API that receives a request to delete said selected private data and causes said compute instance to delete said corresponding decryption key in said key store.
14 . The non-transitory storage medium of claim 13 , wherein said compute instance in the cloud further executes an application that responds to events and manages cloud resources in response to said events.Join the waitlist — get patent alerts
Track US2022012360A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.