| CPC G06F 21/602 (2013.01) [G06F 21/6218 (2013.01); G06F 21/107 (2023.08)] | 20 Claims |
|
1. A computer-implemented method of providing content-based encryption to content data having disparate file formats in a data processing system, comprising:
defining protection policies to protect the content data using different protection policies depending on a respective file format;
creating datasets by grouping metadata for data objects that are intended to be encrypted with a common encryption key, wherein each dataset spans multiple storage devices of different storage types for the respective file format, and wherein each dataset defines a single data encryption unit for the data objects referenced by a respective dataset;
iteratively processing each dataset to tag constituent data objects according to a native file format;
attaching multiple tags to the dataset to indicate that the data objects of the dataset are of different file types according to the disparate file formats;
merging the protection policies to protect the dataset under a merged protection policy utilizing a most restrictive policy of the different protection policies;
further tagging each dataset with an encryption tag to enable or disable use of a self-selected encryption key;
accessing encryption keys stored in or made available to the system for encrypting the data objects using an encryption process;
mapping each dataset to a corresponding encryption key of the encryption keys; and
encrypting, for each dataset, referenced data objects using a corresponding mapped encryption key.
|