Encryption load balancing and distributed policy enforcement
First Claim
Patent Images
1. An encryption load balancing and distributed policy enforcement system comprising:
- one or more engines for communicating with one or more devices and for executing cryptographic operations on data; and
a dispatcher, in communication with the one or more engines, that receives one or more requests from a client and delegates at least one of the one or more requests to the one or more engines.
1 Assignment
0 Petitions
Accused Products
Abstract
To achieve encryption load balancing, a dispatcher, in communication with one or more engines, delegates one or more requests to the one or more engines. The engines execute cryptographic operations on data. The dispatcher may implement one or more load balancing algorithms to delegate requests to engines in accordance with data protection classes and rules for improved efficiency, performance, and security. To achieve distributed policy enforcement, the engines may also analyze whether the request violates an item access rule.
-
Citations
40 Claims
-
1. An encryption load balancing and distributed policy enforcement system comprising:
-
one or more engines for communicating with one or more devices and for executing cryptographic operations on data; and
a dispatcher, in communication with the one or more engines, that receives one or more requests from a client and delegates at least one of the one or more requests to the one or more engines. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An encryption load balancing system comprising:
-
(a) one or more devices;
(b) a client having an application for generating one or more requests for data residing on the devices;
(c) a key management system, in communication with a policy database;
(d) one or more engines, in communication with the one or more devices, for executing cryptographic operations on data contained in or produced in response to the one or more requests; and
(e) a dispatcher, in communication with the client, the key management system, and the one or more engines, that (i) receives the requests from the client;
(ii) communicates with the key management system to verify the authenticity and authorization of the requests; and
(iii) delegates the requests to the one or more engines using a load balancing algorithm.
-
-
20. An encryption load balancing method comprising:
-
receiving a request for information residing on a device from a client; and
delegating the request to one or more engines configured to execute cryptographic operations on data. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
-
34. An encryption load balancing method comprising:
-
(a) receiving a request for information residing on a device from a client;
(b) verifying authorization of the request and determining a key class of the request by communicating with a key management system; and
(c) delegating, through use of a load balancing algorithm, the request to one or more engines configured to execute cryptographic operations on data, wherein the engine;
(i) generates encrypted data from the data in the request;
(ii) amends the request to replace the data with the encrypted data; and
(iii) forwards the request to the device.
-
-
35. An encryption load balancing method comprising:
-
(a) receiving a request for information residing on a device from a client;
(b) verifying authorization of the request and determining a key class of the request by communicating with a key management system; and
(c) delegating, through use of a load balancing algorithm, the request to one or more engines configured to execute cryptographic operations on data, wherein the engine;
(i) forwards the request to the device;
(ii) receives encrypted data from the device;
(iii) decrypts the encrypted data; and
(iv) returns unencrypted data to the client.
-
-
36. A computer-readable medium whose contents cause a computer to perform an encryption load balancing method comprising:
-
receiving a request for information residing on a device from a client; and
delegating the request to one or more engines configured to execute cryptographic operations on data.
-
-
37. An encryption load balancing system comprising:
-
a first preprocessor for communicating with one or more devices and for receiving requests from a client;
a second preprocessor for executing cryptographic operations on data contained in and produced in response to the requests; and
a dispatcher arranged to divide a request into at least a first and a second sub-request, and to delegate the first sub-request to the first preprocessor and the second sub-request to the second preprocessor. - View Dependent Claims (38)
-
-
39. An encryption load balancing system comprising:
-
(a) one or more storage devices having;
(i) a first portion encrypted at a first encryption level; and
(ii) a second portion encrypted at a second encryption level that differs from the first encryption level;
(b) a first preprocessor configured to receive a request for information residing on one or more of the storage devices from a client application, the request;
(i) seeking interaction with first data from the first portion; and
(ii) seeking interaction with second data from the second portion;
(c) a second preprocessor in communication with the first preprocessor, the second preprocessor configured to execute a cryptographic operations on data contained in or produced in response to the request; and
(d) a dispatcher in communication with the first preprocessor, the dispatcher being configured;
(i) to separate a database request into a first sub-request for interaction with the first data and a second sub-request for interaction with the second data;
(ii) to delegate the first sub-request to the first preprocessor; and
(iiI) to delegate the second sub-request to the second preprocessor. - View Dependent Claims (40)
-
Specification