1. Field of the Invention
The present invention relates generally to a computer implemented method, data processing system, and computer program product for assuring security in file backup infrastructure. More specifically, the present invention relates to retrieval of backup files and correspondingly restoring such files to a useful state for a user.
2. Description of the Related Art
File systems provide a data structure within which to organize files. Such systems may be organized across several hard disks, and even placed across several computers in a computer network. Despite a file system being accessible through a network, computer users have found it desirable to limit which users can read or write to each file of the file system.
One limitation placed on files is ‘permissions’, whereby a user may prohibit anyone, or people not in his group from accessing the file. Still another limitation placed on some files is encrypting the file, so that even if the file were to be disassociated from the file system, the file would retain a privacy feature.
Encryption features of a file may be embedded in metadata associated with the file. Files are associated with metadata that describe statistics, and other information about the file. In an encrypting file system (EFS), a file also has crypto metadata that supports encryption features. Crypto metadata is data that provides details concerning who is authorized to access the file, and in what manner the file is encrypted. For example, crypto metadata can include a public key of the user that encrypted the file. In addition, crypto metadata can include an encrypted file encryption key.
A file encryption key is a key used to encrypt a file. The file encryption key may be abbreviated as Fk. The file encryption key may be assigned uniquely to a file. The file encryption key may be formed by a hash function that reduces the chances that a second file will share the same file encryption key. The hash function can be a randomizing function. The file encryption key may be a symmetric key such that the file encryption key may be used to decrypt the associated file.
An encrypted file encryption key is an encrypted version of Fk, the key used to encrypt the associated file. Fk is encrypted with, for example, a public key of the user. In this arrangement, where the public key is an asymmetric key or part of a public key pair, an associated private key can be used to decrypt the encrypted key to form Fk. Once Fk is obtained, decrypting the associated file becomes a trivial exercise for modern personal computers. Because Fk is stored as metadata of the file, albeit in encrypted form, Fk is considered part of the file. Thus, decrypting the encrypted Fk is considered decrypting the file.
Administrators of computer systems back up files for a number of reasons. Such reasons include, for example, guarding against accidental file deletion or corruption; mitigating human made disasters; and mitigating natural disasters. Natural disasters tend to occur across a geographic area. Such areas can be small, as in the case of a path of destruction caused by a tornado. Such areas can be large, as in the case of a zone impacted by an earthquake. To avoid subjecting a primary copy of a file and the backup copy of a file to the same disaster, administrators place backup files at a distance from the primary file that is a source for the backup file. Under such a backup regime, the backup file is offsite from the primary file. Offsite is a relative term that describes a location for an activity or apparatus as related to another activity or apparatus. One activity is offsite relative to a second activity if the two activities are sheltered under independent roofs or other shelter. Two roofs can be independent even though such roofs may be connected by a tunnel, ramp, breezeway, skybridge, utility conduit, or the like. Offsite can mean that one activity occurs in one zip code or postal code, while the second activity occurs in a second zip code or postal code.
Users can deprecate public key pairs. A public key pair is a public key and its corresponding private key. When deprecating a public key pair, a user instructs a file system to delete the public key pair, and replaces it with another public key pair, which remains an active public key pair until it too is deprecated. Unfortunately, files created with a deprecated public key pair cannot be used by the user without modification. A user would benefit if some method to modify or update the file, particularly a backed up file, were available.