System and method for automatically securing sensitive data in public cloud using a serverless architecture

US 10,242,221 B1
Filed: 10/01/2018
Issued: 03/26/2019
Est. Priority Date: 04/11/2018
Status: Active Grant

First Claim

Patent Images

1. A system comprising a file receipt location for processing a job immediately upon receipt of a file, the file receipt location comprising:

one or more memory units for storing instructions; and

one or more processors configured to execute the instructions to perform operations comprising;

receiving, from a client device, a file comprising sensitive information;

tagging the file with a tag identifying a vendor or service provider;

transmitting a notification, comprising the tag, to a cloud compute service;

receiving, from the cloud compute service, a request to access the tagged file;

transmitting the tagged file to the cloud compute service based on the request; and

destroying the tagged file.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided executing jobs immediately upon receipt of a notification. The systems and methods may include receiving, at a cloud compute service, a notification that a sensitive file comprising sensitive data has been received at a file receipt location, the sensitive file being sent by a client device; generating, by the cloud compute service, a container instance in response to the notification; retrieving, by the container instance, the sensitive file from the file receipt location; generating, by the container instance, a stripped file by stripping the sensitive data from the sensitive file based on a configuration file; transmitting, by the container instance, the stripped file to a storage location; deleting the sensitive file and associated file pointers from the file receipt location; and terminating the container instance, wherein terminating the container instance comprises deleting files comprising sensitive data and associated file pointers.

17 Citations

18 Claims

1. A system comprising a file receipt location for processing a job immediately upon receipt of a file, the file receipt location comprising:
- one or more memory units for storing instructions; and
  
  one or more processors configured to execute the instructions to perform operations comprising;
  
  receiving, from a client device, a file comprising sensitive information;
  
  tagging the file with a tag identifying a vendor or service provider;
  
  transmitting a notification, comprising the tag, to a cloud compute service;
  
  receiving, from the cloud compute service, a request to access the tagged file;
  
  transmitting the tagged file to the cloud compute service based on the request; and
  
  destroying the tagged file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The system of claim 1, wherein:
    - transmitting the notification causes the cloud compute service to generate a container instance, andthe request is received from the container instance.
  - 3. The system of claim 1, wherein destroying the tagged file comprises:
    - permanently deleting the tagged file; and
      
      permanently deleting a file pointer associated with the tagged file.
  - 4. The system of claim 3, wherein permanently deleting the tagged file comprises wiping data by overwriting memory associated with the tagged file.
  - 5. The system of claim 3, wherein permanently deleting the tagged file comprises marking the tagged file for permanent deletion at a later time.
  - 6. The system of claim 1, the operations further comprising:
    - receiving, from the cloud compute service, an instruction to destroy the tagged file; and
      
      wherein destroying the tagged file is based on the instruction.
  - 7. The system of claim 5, wherein the instruction is generated by the file container location at a predetermined time.
  - 8. The system of claim 1, wherein the tagging further comprises at least one of tagging as restricted, tagging for aggregation, tagging for encryption, tagging as relating to a configuration file, or tagging as belonging to a file class.
  - 9. The system of claim 1, the operations further comprising:
    - storing the file using a method of encryption prior to tagging the file.
  - 10. The system of claim 1, wherein receiving the request comprises receiving an authentication credential.
  - 11. The system of claim 1, wherein the notification comprises a file identifier associated with the tagged file.
  - 12. The system of claim 1, wherein:
    - transmitting the notification causes the cloud compute service to select a warm container instance, andthe request is received from the selected warm container instance.
  - 13. The system of claim 1, wherein the file receipt location comprises a distributed computer system.
  - 14. The system of claim 1, the operations further comprising:
    - storing at least one of the received file or the tagged file on a second set of memory units, the second set of memory units residing on a plurality of physical facilities separated by a distance.
  - 15. The system of claim 1, wherein the received file is encrypted.
  - 16. The system of claim 1, wherein the sensitive data comprises information associated with a transaction.
  - 17. The system of claim 1, wherein the cloud compute service comprises a serverless architecture.

18. A method for processing a job immediately upon receipt of a file, the method comprising:
- receiving, at a file receipt location and from a client device, a file comprising sensitive information;
  
  tagging the file with a tag relating to a vendor or service provider;
  
  transmitting a notification, comprising the tag, to a cloud compute service;
  
  receiving, from the cloud compute service, a request to access the tagged file;
  
  transmitting the tagged file to the cloud compute service based on the request; and
  
  destroying the tagged file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Capital One Services LLC (Capital One Financial Corporation)
Original Assignee
Capital One Services LLC (Capital One Financial Corporation)
Inventors
Fonseka, Nathal L, Pansari, Ankit
Primary Examiner(s)
Dinh, Minh

Application Number

US16/147,989
Time in Patent Office

176 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/162   Delete operations erasing i...

G06F 21/602   Providing cryptographic fac...

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2115   Third party

System and method for automatically securing sensitive data in public cloud using a serverless architecture

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

17 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for automatically securing sensitive data in public cloud using a serverless architecture

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links