×

Secure and control data migrating between enterprise and cloud services

  • US 10,027,637 B2
  • Filed: 03/12/2015
  • Issued: 07/17/2018
  • Est. Priority Date: 03/12/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method for operating a cloud gateway, comprising:

  • generating a plurality of rules relating users and groups to data access at a plurality of cloud service providers;

    encrypting, at one of a plurality of pass-through connectors, outgoing data that is moving through a cloud gateway en route from a proxy server to one of the plurality of cloud service providers, responsive to a data write request associated with a first user, the encrypting in accordance to one of the plurality of rules as related to the first user,wherein the plurality of pass-through connectors includes a first pass-through connector that is coupled to the proxy server and associated to a first cloud service provider and has a first encryption/decryption module, and a second pass-through connector that is coupled to the proxy server and associated to a second cloud service provider and has a second encryption/decryption module, there being in the cloud gateway one pass-through connector per cloud service provider,wherein the first encryption/decryption module and the second encryption/decryption module are implemented in hardware, firmware, software executing on a processor or combination thereof; and

    decrypting, at one of the plurality of pass-through connectors, incoming data that is moving through the cloud gateway en route from one of the plurality of cloud service providers to the server, responsive to a data read request associated with a second user, the decrypting in accordance to one of the plurality of rules as related to the second user,wherein the incoming data includes padding information and encryption status; and

    wherein, the encrypting includes encrypting an outgoing file via application of a first key in accordance with the one of the plurality of rules, encrypting the first key or a key name of the first key and file information via application of a master key, and combining the encrypted file and the encrypted first key or key name and file information as the encrypted outgoing data.

View all claims
  • 4 Assignments
Timeline View
Assignment View
    ×
    ×