Paragraph Number

253

In one embodiment, erasing the encryption key includes erasing the encryption key from the requesting device. In another embodiment, erasing the encryption key includes erasing the encryption key from a server, key vault, or other location where the encryption key is stored. Erasing the encryption key may include replacing the encryption key with other data or with a series of characters so that the encryption key cannot be recovered in any way. Erasing the encryption key typically makes the existing data on the storage device 150 non-recoverable where an encryption routine was used to encrypt the existing data that is robust enough to thwart attempts to decrypt the existing data. The request to overwrite the existing data could be a secure erase directive where the data is overwritten for security reasons, a request to overwrite data to erase the data, a request that seeks to replace the existing data with the repeated, identical characters or character strings, or the like. In one embodiment, a secure erase directive causes devices to both securely erase the encryption key and securely erase the existing data. In one embodiment, erasure of the encryption key may allow secure erasure of the data on the storage device 150 to be postponed until a garbage collection process erases the data as part of a storage space recovery process. One of skill in the art will recognize other ways to erase an encryption key and other ways to receive a request to overwrite existing data.

Added by DJM 3 2021