Apparatus and method for continuous data protection in a distributed computing network
First Claim
Patent Images
1. A system for secure data storage and transmission comprising:
- a first security module for protecting data in a first data at rest system, at least a subset of data stored in the first data at rest system being encrypted, the first security module associated with a first key domain defining encryption parameters for the first data at rest system; and
a second security module for protecting data in a second data at rest system, at least a subset of data stored in the second data at rest system being encrypted, the second security module associated with a second key domain defining encryption parameters for the second data at rest system, at least one encryption parameter for the second data at rest system differing from at least one encryption parameter for the first data at rest system so that a datum is reencrypted when the datum is transferred from the first data at rest system to the second data at rest system.
2 Assignments
0 Petitions
Accused Products
Abstract
A system for secure data storage and transmission is provided. The system comprises a first security module for protecting data in a first data at rest system and a second security moducle for protecting data in a second data at rest system. At least one encryption parameter for the second data at rest system differs from at least one encryption parameter for the first data at rest system so that a datum is reencrypted when the datum is transferred from the first data at rest system to the second data at rest system.
89 Citations
24 Claims
-
1. A system for secure data storage and transmission comprising:
-
a first security module for protecting data in a first data at rest system, at least a subset of data stored in the first data at rest system being encrypted, the first security module associated with a first key domain defining encryption parameters for the first data at rest system; and a second security module for protecting data in a second data at rest system, at least a subset of data stored in the second data at rest system being encrypted, the second security module associated with a second key domain defining encryption parameters for the second data at rest system, at least one encryption parameter for the second data at rest system differing from at least one encryption parameter for the first data at rest system so that a datum is reencrypted when the datum is transferred from the first data at rest system to the second data at rest system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A selective data access system comprising:
-
a first data field encrypted with a first encryption key; and a second data field encrypted with a second encryption key, wherein a first user has access to the first encryption key and a second user has access to a second encryption key. - View Dependent Claims (10, 11, 12)
-
-
13. A method of data transfer comprising:
-
storing data and encryption status information for the data in a first data at rest system; examining the encryption status information when transferring the data from the first data at rest system to a second data at rest system; and reencrypting the data if the first data at rest system and the second data at rest system are associated with different key domains. - View Dependent Claims (14, 15)
-
-
16. A method for providing partial access to data comprising:
-
generating a report for a third party, wherein the report includes obfuscated sensitive information; allowing the third party to examine the report; and providing access to unobfuscated sensitive information if the third party identifies information of interest. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A method of secure data transport comprising:
-
encrypting a datum; storing the datum in a first data at rest system; and transferring the datum to a second data at rest system, wherein the datum remains encrypted during transfer and storage. - View Dependent Claims (22, 23, 24)
-
Specification