Storing data in a server computer with deployable encryption/decryption infrastructure
First Claim
1. A computer-implemented method for configuring a second computer to store data in a data-storage structure, wherein the data originates from a first computer that is communicatively connected to the second computer, and wherein the data is processed by an application in the second computer, the method comprising:
- deploying an infrastructure having two configurations and configured to be deployed in a first configuration or a second configuration to the second computer, the infrastructure including implementing a forwarder module, a crypto module and a key control module;
receiving a key trigger from the first computer;
generating and storing a key by the key control module based upon receiving the key trigger from the first computer;
responsive to deploying the infrastructure in the first configuration,receiving, by the forwarder module, the data from the first computer and identifying a data portion of the data for encryption,encrypting, by the crypto module, the data portion with the key,forwarding, by the forwarder module, the encrypted data portion to the application,reading, by the forwarder module, an encrypted data portion from the application for decryption,decrypting, by the crypto module, the encrypted data portion with the key, andforwarding, by the forwarder module, the decrypted data portion to the first computer;
responsive to deploying the infrastructure in the second configuration,receiving, by the forwarder module, the data from the application and identifying the data portion of the data for encryption,encrypting, by the crypto module, the data portion with the key,forwarding, by the forwarder module, the encrypted data portion to the data-storage structure,reading, by the forwarder module, an encrypted data portion from the data-storage structure for decryption,decrypting, by the crypto module, the encrypted data portion with the key, andforwarding, by the forwarder module, the decrypted data portion to the application.
1 Assignment
0 Petitions
Accused Products
Abstract
For storing data in a data-storage structure of a server computer, an infrastructure is deployed to a server computer. The infrastructure has a forwarder module to receive data from an application and to identify a data portion, a crypto module to encrypt the data portion with a key and key control module adapted to generate and to store the key. The infrastructure is also able to process data in the opposite direction. The key is provided into the key control module upon receiving a key trigger from the client computer.
-
Citations
20 Claims
-
1. A computer-implemented method for configuring a second computer to store data in a data-storage structure, wherein the data originates from a first computer that is communicatively connected to the second computer, and wherein the data is processed by an application in the second computer, the method comprising:
-
deploying an infrastructure having two configurations and configured to be deployed in a first configuration or a second configuration to the second computer, the infrastructure including implementing a forwarder module, a crypto module and a key control module; receiving a key trigger from the first computer; generating and storing a key by the key control module based upon receiving the key trigger from the first computer; responsive to deploying the infrastructure in the first configuration, receiving, by the forwarder module, the data from the first computer and identifying a data portion of the data for encryption, encrypting, by the crypto module, the data portion with the key, forwarding, by the forwarder module, the encrypted data portion to the application, reading, by the forwarder module, an encrypted data portion from the application for decryption, decrypting, by the crypto module, the encrypted data portion with the key, and forwarding, by the forwarder module, the decrypted data portion to the first computer; responsive to deploying the infrastructure in the second configuration, receiving, by the forwarder module, the data from the application and identifying the data portion of the data for encryption, encrypting, by the crypto module, the data portion with the key, forwarding, by the forwarder module, the encrypted data portion to the data-storage structure, reading, by the forwarder module, an encrypted data portion from the data-storage structure for decryption, decrypting, by the crypto module, the encrypted data portion with the key, and forwarding, by the forwarder module, the decrypted data portion to the application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A server computer, comprising:
-
a processor that is configured to execute code to implement a forwarder module, a crypto module and a key control module; a data-storage structure for storing data; a gateway to establish a communication connection with a client computer; an application that processes data originating from the client computer and that provides processed data to be stored in the data-structure; an infrastructure having two configurations and configured to be deployed in a first configuration or a second configuration, the infrastructure including; the forwarder module that in the first configuration is configured to receive data from the client computer and configured to identify a data portion for encryption, the forwarder module being configured to read an encrypted data portion from the application for decryption, that in the second configuration is configured to receive processed data from the application and configured to identify a data portion for encryption, the forwarder module being configured to read an encrypted data portion from the data-storage structure for decryption, the crypto module configured to encrypt the data portion with a key and configured to decrypt the encrypted data portion with the key, and the key control module configured to generate and to store the key; and a key channel that is configured to communicate a key trigger into the key control module when the key trigger is received from the client computer. - View Dependent Claims (13, 14, 15)
-
-
16. A computer program product that, when loaded into a non-transitory memory of a second computer and being executed by at least one processor of the second computer, performs a computer-implemented method for configuring the second computer to store data in a data-storage structure, wherein the data originates from a first computer that is communicatively connected to the second computer, and wherein the data is processed by an application in the second computer, the computer program product comprising code that, when executed by the at least one processor, implements a forwarder module, a crypto module and a key control module and further comprising instructions, that when executed, cause the at least one processor to:
-
deploy an infrastructure to the second computer, the infrastructure having two configurations and configured to be deployed in a first configuration and a second configuration; receive a key trigger from the first computer; generate and store a key by the key control module based upon receiving the key trigger from the first computer; responsive to deploying the infrastructure in the first configuration, receive, by the forwarder module, the data from the first computer and identify, by the forwarder module, a data portion of the received data for encryption, encrypt, by the crypto module, the data portion with the key, forward, by the forwarder module, the encrypted data portion to the application, read, by the forwarder module, an encrypted data portion from the application for decryption, decrypt, by the crypto module, the encrypted data portion with the key, and forward, by the forwarder module, the decrypted data portion to the first computer; responsive to deploying the infrastructure in the second configuration, receive, by the forwarder module, the data from the application and identify, by the forwarder module, a data portion of the received data for encryption, encrypt, by the crypto module, the data portion with the key, forward, by the forwarder module, the encrypted data portion to the data-storage structure, read, by the forwarder module, an encrypted data portion from the data-storage structure for decryption, decrypt, by the crypto module, the encrypted data portion with the key, and forward, by the forwarder module, the decrypted data portion to the application. - View Dependent Claims (17, 18, 19, 20)
-
Specification