Cloud computing services, that is, the provision of computing resources on demand via a computer network, have acquired increasing prominence in recent years. Services provided to a client by a contemporary ‘cloud’ service provider may encompass a wide variety of discrete business models. These range from such models as Software-as-a-Service which may include application delivery across a browser, for example, to, notably, utility computing models that include Storage-as-a-Service—a service that provides data storage capability to a client or user.
Storage based service models in remote, cloud-based, computing platforms are predicated on the availability to the provider of a large pool of easily usable and accessible virtualized resources that can be dynamically re-configured to adjust to variable loads, i.e. scale as necessary. Access to these services is generally controlled by an SLA, which may specify a variety of differentiated service levels in exchange for tiered compensation. The core idea, then, is that a user of the service may store a limited number of files, dependent on his agreed upon service level, in the remote cloud platform, and is then able to retrieve those files, on demand, at any time or place, unaffected by such factors as aggregate traffic or local disasters.
This model is open to a number of privacy concerns, however. One such prominent concern involves potential access to a client's data by the cloud provider. While any such access is usually proscribed by the relevant SLA during the term of the client's contract with the cloud provider, these terms may expire on withdrawal from the service. A client may choose to delete his data prior to withdrawal, but there is no verifiable guarantee that the provider's standard deletion mechanisms are sufficient to render the data unusable and inaccessible to the provider. One mechanism available to the client that may address this concern is data encryption—that is, to encrypt all data prior to storage in the cloud. This is a wide-ranging, catch-all solution in which any effective implementation would impose a large cost, however, by requiring, among other things, significant computational time and resources. Such constraints are particularly marked when the client is a small to medium enterprise for whom data security is vital, but is, nonetheless, unable to afford its own storage architecture.
A further concern is that any large-scale removal of data, even encrypted data, by a client may alert the service provider of an intention to withdraw from the cloud service, which may, sometimes, encourage the service provider to extract or otherwise tamper with any data that remains on the cloud platform. It is important, therefore, that any move to destroy the data by the client, prior to withdrawal, is as discreet as possible to avoid alerting the service provider of his intentions.
What is needed, then, is a method for secure, client-verifiable, deletion of data from a remote cloud computing platform that is, at the same time, invisible to the service provider. Given the ability to self-verify, the client may be satisfied that his data has been rendered unusable going forward, giving him the flexibility to transition to a different service provider without any reservations about the state of data left behind.