Apparatus and method for continuous data protection in a distributed computing network

US 20080082837A1
Filed: 09/27/2007
Published: 04/03/2008
Est. Priority Date: 09/29/2006
Status: Abandoned Application

First Claim

Patent Images

1. A system for secure data storage and transmission comprising:

a first security module for protecting data in a first data at rest system, at least a subset of data stored in the first data at rest system being encrypted, the first security module associated with a first key domain defining encryption parameters for the first data at rest system; and

a second security module for protecting data in a second data at rest system, at least a subset of data stored in the second data at rest system being encrypted, the second security module associated with a second key domain defining encryption parameters for the second data at rest system, at least one encryption parameter for the second data at rest system differing from at least one encryption parameter for the first data at rest system so that a datum is reencrypted when the datum is transferred from the first data at rest system to the second data at rest system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for secure data storage and transmission is provided. The system comprises a first security module for protecting data in a first data at rest system and a second security moducle for protecting data in a second data at rest system. At least one encryption parameter for the second data at rest system differs from at least one encryption parameter for the first data at rest system so that a datum is reencrypted when the datum is transferred from the first data at rest system to the second data at rest system.

89 Citations

View as Search Results

24 Claims

1. A system for secure data storage and transmission comprising:
- a first security module for protecting data in a first data at rest system, at least a subset of data stored in the first data at rest system being encrypted, the first security module associated with a first key domain defining encryption parameters for the first data at rest system; and
  
  a second security module for protecting data in a second data at rest system, at least a subset of data stored in the second data at rest system being encrypted, the second security module associated with a second key domain defining encryption parameters for the second data at rest system, at least one encryption parameter for the second data at rest system differing from at least one encryption parameter for the first data at rest system so that a datum is reencrypted when the datum is transferred from the first data at rest system to the second data at rest system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1 wherein encryption parameters comprise encryption keys or encryption algorithms.
  - 3. The system of claim 1 wherein the first security module encrypts data stored on the first data at rest system.
  - 4. The system of claim 1 wherein the second security module encrypts data stored on the second data at rest system.
  - 5. The system of claim 1 further comprising:
    - a security management module, wherein the security management module promulgates a security policy.
  - 6. The system of claim 5, wherein the security management module is communicatively coupled with the first security module and the second security module.
  - 7. The system of claim 5, wherein the security management module stores an audit log.
  - 8. The system of claim 1, wherein encryption parameters in the first key domain may be altered independently of encryption parameters in the second key domain.

9. A selective data access system comprising:
- a first data field encrypted with a first encryption key; and
  
  a second data field encrypted with a second encryption key, wherein a first user has access to the first encryption key and a second user has access to a second encryption key.
- View Dependent Claims (10, 11, 12)
- - 10. The system of claim 9, wherein a third user has access to both the first and the second encryption keys.
  - 11. The system of claim 9, wherein the first data field and the second data field reside in the same database.
  - 12. The system of claim 9, wherein the first data field and the second data field reside in the same table.

13. A method of data transfer comprising:
- storing data and encryption status information for the data in a first data at rest system;
  
  examining the encryption status information when transferring the data from the first data at rest system to a second data at rest system; and
  
  reencrypting the data if the first data at rest system and the second data at rest system are associated with different key domains.
- View Dependent Claims (14, 15)
- - 14. The method of claim 13, wherein the key domains define encryption parameters.
  - 15. The method of claim 14, wherein encryption parameters comprise encryption keys or encryption algorithms.

16. A method for providing partial access to data comprising:
- generating a report for a third party, wherein the report includes obfuscated sensitive information;
  
  allowing the third party to examine the report; and
  
  providing access to unobfuscated sensitive information if the third party identifies information of interest.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, wherein the obfuscated sensitive information is pronouncable.
  - 18. The method of claim 16, wherein generating a report comprises obtaining obfuscated data from a substitution cipher.
  - 19. The method of claim 16, wherein the obfuscated sensitive data is of the same data category as the unobfuscated sensitive data.
  - 20. A method as recited in claim 16, wherein the report includes obfuscated sensitive data selected from the group consisting of names, social security numbers, indications of treatment, telephone numbers and combinations thereof.

21. A method of secure data transport comprising:
- encrypting a datum;
  
  storing the datum in a first data at rest system; and
  
  transferring the datum to a second data at rest system, wherein the datum remains encrypted during transfer and storage.
- View Dependent Claims (22, 23, 24)
- - 22. The method of claim 21, wherein the first data at rest system is associated with a first domain and the second data at rest system is associated with a second domain.
  - 23. The method of claim 22, wherein the datum is encrypted in accordance with the second domain before transfer.
  - 24. The method of claim 22, wherein the datum is encrypted in accordance with the second domain after transfer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Original Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Inventors
Mattsson, Ulf

Application Number

US11/904,684
Publication Number

US 20080082837A1
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/602   Providing cryptographic fac...

G06F 21/6209   to a single file or object,...

G06F 21/6227   where protection concerns t...

G06F 21/6245   Protecting personal data, e...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0464   using hop-by-hop encryption...

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/3236   using cryptographic hash fu...

Apparatus and method for continuous data protection in a distributed computing network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

89 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for continuous data protection in a distributed computing network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

89 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links