METHODS, DEVICES, AND MEDIA FOR SECURELY UTILIZING A NON-SECURED, DISTRIBUTED, VIRTUALIZED NETWORK RESOURCE WITH APPLICATIONS TO CLOUD-COMPUTING SECURITY AND MANAGEMENT

US 20110072489A1
Filed: 09/22/2010
Published: 03/24/2011
Est. Priority Date: 09/23/2009
Status: Abandoned Application

First Claim

Patent Images

1. A method for securely utilizing a network resource, the method comprising the steps of:

(a) receiving, by a deployed security mechanism, a user request over a network;

(b) parsing said user request by said deployed security mechanism;

(c) preparing, by said deployed security mechanism, said user request to transmit to a computing-service resource; and

(d) submitting, by said deployed security mechanism, said user request to said computing-service resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention discloses methods, devices, and media for securely utilizing a non-secured, distributed, virtualized network resource with applications to cloud-computing security and management. Methods including the steps of: receiving, by a deployed security mechanism, a user request over a network; parsing the user request by the deployed security mechanism; preparing, including applying security measures, the user request to transmit to a computing-service resource; and submitting, by the deployed security mechanism, the user request to the computing-service resource. Methods further including the steps of: dividing an original data stream into a set of split data streams; applying a first invertible transformation function to the split data streams, which produces an intermediate set of data streams; and extracting a final set of data streams from the intermediate set by applying a selection rule which produces the final set, thereby transforming the original data stream into individually-unintelligible parts.

116 Citations

39 Claims

1. A method for securely utilizing a network resource, the method comprising the steps of:
- (a) receiving, by a deployed security mechanism, a user request over a network;
  
  (b) parsing said user request by said deployed security mechanism;
  
  (c) preparing, by said deployed security mechanism, said user request to transmit to a computing-service resource; and
  
  (d) submitting, by said deployed security mechanism, said user request to said computing-service resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein said steps of receiving and submitting are performed over an encrypted communication channel.
  - 3. The method of claim 1, wherein said deployed security mechanism is a mechanism selected from the group consisting of:
    - a resource interface proxy, a network gateway, a network router, a computer operating-system driver, a computer plug-in, a computer software hook, a computer software filter, a hardware device with embedded software, a hardware appliance with embedded software, a hardware extension device for extending computer capabilities, and a computer software application.
  - 4. The method of claim 1, wherein said deployed security mechanism is implemented in a configuration environment selected from the group consisting of:
    - a computing-service server, a user-network server, a client computing-device, and a third-party server.
  - 5. The method of claim 1, wherein said step of parsing includes at least one process selected from the group consisting of:
    - interpreting said user request, applying a security measure, validating request elements, sanitizing said request elements, applying a rule, and storing descriptive metadata in said user request.
  - 6. The method of claim 1, wherein said step of preparing includes at least one process selected from the group consisting of:
    - calculating a resource-compatible signature, modifying request elements for resource compatibility, processing a request body, streaming said request body to said computing-service resource, and applying a rule.
  - 7. The method of claim 1, the method further comprising the steps of:
    - (e) upon receiving a request response from said computing-service resource, processing response elements by said deployed security mechanism; and
      
      (f) processing a response body by said deployed security mechanism.
  - 8. The method of claim 7, wherein said steps of processing include at least one process selected from the group consisting of:
    - applying a security measure, streaming said response body from said computing-service resource, interpreting said request response, retrieving descriptive metadata from said request response, and applying a rule.
  - 9. The method of claim 1, the method further comprising the step of:
    - (e) preventing, by said deployed security mechanism, unauthorized manipulation, modification, or tampering of data within request elements of said user request while said data resides on said computing-service resource.

10. A computer-readable storage medium having computer-readable code embodied on the computer-readable storage medium, the computer-readable code comprising:
- (a) program code for receiving a user request over a computer network;
  
  (b) program code for parsing said user request;
  
  (c) program code for preparing said user request to transmit to a computing-service resource; and
  
  (d) program code for submitting said user request to said computing-service resource.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The storage medium of claim 10, wherein said program code for receiving and submitting is operable to enable said receiving and said submitting over an encrypted communication channel.
  - 12. The storage medium of claim 10, wherein said program code is configured to be deployed as an item selected from the group consisting of:
    - a resource interface proxy, a network gateway, a network router, a computer operating-system driver, a computer plug-in, a computer software hook, a computer software filter, a hardware device with embedded software, a hardware appliance with embedded software, a hardware extension device for extending computer capabilities, and a computer software application.
  - 13. The storage medium of claim 10, wherein said program code is configured to be implemented in a configuration environment selected from the group consisting of:
    - a computing-service server, a user-network server, a client computing-device, and a third-party server.
  - 14. The storage medium of claim 10, wherein said program code for parsing includes code for processing at least one process selected from the group consisting of:
    - interpreting said user request, applying a security measure, validating request elements, sanitizing said request elements, applying a rule, and storing descriptive metadata in said user request.
  - 15. The storage medium of claim 10, wherein said program code for preparing includes code for processing at least one process selected from the group consisting of:
    - calculating a resource-compatible signature, modifying request elements for resource compatibility, processing a request body, streaming said request body to said computing-service resource, and applying a rule.
  - 16. The storage medium of claim 10, the computer-readable code further comprising:
    - (e) program code for, upon receiving a request response from said computing-service resource, processing response elements; and
      
      (f) program code for processing a response body.
  - 17. The storage medium of claim 16, wherein said program code for processing include code for processing at least one process selected from the group consisting of:
    - applying a security measure, streaming said response body from said computing-service resource, interpreting said request response, retrieving descriptive metadata from said request response, and applying a rule.
  - 18. The storage medium of claim 10, the computer-readable code further comprising:
    - (e) program code for preventing unauthorized manipulation, modification, or tampering of data within request elements of said user request while said data resides on said computing-service resource.

19. A device for securely utilizing a network resource, the device comprising:
- (a) a server including;
  
  (i) a CPU for performing computational operations;
  
  (ii) a memory module for storing data; and
  
  (iii) a network connection for communicating across a network; and
  
  (b) a deployed security mechanism, residing on said server, configured for;
  
  (i) receiving a user request over a network;
  
  (ii) parsing said user request;
  
  (iii) preparing said user request to transmit to a computing-service resource; and
  
  (iv) submitting said user request to said computing-service resource.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The device of claim 19, wherein said deployed security mechanism is operable to enable said receiving and said submitting over an encrypted communication channel.
  - 21. The device of claim 19, wherein said deployed security mechanism is configured to be deployed as an item selected from the group consisting of:
    - a resource interface proxy, a network gateway, a network router, a computer operating-system driver, a computer plug-in, a computer software hook, a computer software filter, a hardware device with embedded software, a hardware appliance with embedded software, a hardware extension device for extending computer capabilities, and a computer software application.
  - 22. The device of claim 19, wherein said server is implemented in a configuration environment selected from the group consisting of:
    - a computing-service server, a user-network server, a client computing-device, and a third-party server.
  - 23. The device of claim 19, wherein said parsing includes processing at least one process selected from the group consisting of:
    - interpreting said user request, applying a security measure, validating request elements, sanitizing said request elements, applying a rule, and storing descriptive metadata in said user request.
  - 24. The device of claim 19, wherein said preparing includes processing at least one process selected from the group consisting of:
    - calculating a resource-compatible signature, modifying request elements for resource compatibility, processing a request body, streaming said request body to said computing-service resource, and applying a rule.
  - 25. The device of claim 19, wherein said deployed security mechanism is further configured for:
    - (v) upon receiving a request response from said computing-service resource, processing response elements; and
      
      (vi) processing a response body.
  - 26. The device of claim 25, wherein said processing includes processing at least one process selected from the group consisting of:
    - applying a security measure, streaming said response body from said computing-service resource, interpreting said request response, retrieving descriptive metadata from said request response, and applying a rule.
  - 27. The device of claim 19, wherein said deployed security mechanism is further configured for:
    - (v) preventing unauthorized manipulation, modification, or tampering of data within request elements of said user request while said data resides on said computing-service resource.

28. A method for securing information by transforming the information into individually-unintelligible parts, the method comprising the steps of:
- (a) dividing an original data stream into a set of split data streams;
  
  (b) applying a first invertible transformation function to said split data streams, said step of applying producing an intermediate set of data streams; and
  
  (c) extracting a final set of data streams from said intermediate set by applying a selection rule which produces said final set, thereby transforming said original data stream into individually-unintelligible parts in said final set.
- View Dependent Claims (29, 30, 31)
- - 29. The method of claim 28, wherein said first invertible transformation function requires all elements of said final set to be available in order to reconstruct said original data stream.
  - 30. The method of claim 28, the method further comprising the steps of:
    - (d) applying a second invertible transformation function to said final set to produce said intermediate set, wherein said second invertible transformation is an inverse function of said first invertible transformation;
      
      (e) extracting said split streams from said intermediate set by applying a selection rule which produces said split data streams; and
      
      (f) reconstructing said original data stream from said split data streams.
  - 31. The method of claim 28, the method further comprising the steps of:
    - (d) associating a key set with said final set such that every element of said final set has an associated key;
      
      (e) storing said final set on a computing-service resource, wherein said key set specifies locations of said elements in said computing-service resource; and
      
      (f) ensuring that no intelligible reference regarding a key relationship between said key set and said final set is present on said computing-service resource, thereby preventing detection of said elements by masking an element relationship among said elements.

32. A computer-readable storage medium having computer-readable code embodied on the computer-readable storage medium, the computer-readable code comprising:
- (a) program code for dividing an original data stream into a set of split data streams;
  
  (b) program code for applying a first invertible transformation function to said split data streams, said applying producing an intermediate set of data streams; and
  
  (c) program code for extracting a final set of data streams from said intermediate set by applying a selection rule which produces said final set, thereby transforming said original data stream into individually-unintelligible parts in said final set.
- View Dependent Claims (33, 34, 35)
- - 33. The storage medium of claim 32, wherein said first invertible transformation function requires all elements of said final set to be available in order to reconstruct said original data stream.
  - 34. The storage medium of claim 32, the computer-readable code further comprising:
    - (d) program code for applying a second invertible transformation function to said final set to produce said intermediate set, wherein said second invertible transformation is an inverse function of said first invertible transformation;
      
      (e) program code for extracting said split streams from said intermediate set by applying a selection rule which produces said split data streams; and
      
      (f) program code for reconstructing said original data stream from said split data streams.
  - 35. The storage medium of claim 32, the computer-readable code further comprising:
    - (d) program code for associating a key set with said final set such that every element of said final set has an associated key;
      
      (e) program code for storing said final set on a computing-service resource, wherein said key set specifies locations of said elements in said computing-service resource; and
      
      (f) program code for ensuring that no intelligible reference regarding a key relationship between said key set and said final set is present on said computing-service resource, thereby preventing detection of said elements by masking an element relationship among said elements.

36. A device for securing information by transforming the information into individually-unintelligible parts, the device comprising:
- (a) a data-processing unit including;
  
  (i) a CPU for performing computational operations; and
  
  (ii) a memory module for storing data; and
  
  (b) a deployed security mechanism, residing on said data-processing unit, configured for;
  
  (i) dividing an original data stream into a set of split data streams;
  
  (ii) applying a first invertible transformation function to said split data streams, said step of applying producing an intermediate set of data streams; and
  
  (iii) extracting a final set of data streams from said intermediate set by applying a selection rule which produces said final set, thereby transforming said original data stream into individually-unintelligible parts in said final set.
- View Dependent Claims (37, 38, 39)
- - 37. The device of claim 36, wherein said first invertible transformation function requires all elements of said final set to be available in order to reconstruct said original data stream.
  - 38. The device of claim 36, wherein said deployed security mechanism is further configured for:
    - (iv) applying a second invertible transformation function to said final set to produce said intermediate set, wherein said second invertible transformation is an inverse function of said first invertible transformation;
      
      (v) extracting said split streams from said intermediate set by applying a selection rule which produces said split data streams; and
      
      (vi) reconstructing said original data stream from said split data streams.
  - 39. The device of claim 36, wherein said deployed security mechanism is further configured for:
    - (iv) associating a key set with said final set such that every element of said final set has an associated key;
      
      (v) storing said final set on a computing-service resource, wherein said key set specifies locations of said elements in said computing-service resource; and
      
      (vi) ensuring that no intelligible reference regarding a key relationship between said key set and said final set is present on said computing-service resource, thereby preventing detection of said elements by masking an element relationship among said elements.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Porticor Ltd. (Intuit, Inc.)
Original Assignee
Porticor Ltd. (Intuit, Inc.)
Inventors
Parann-Nissany, Gilad

Application Number

US12/887,547
Publication Number

US 20110072489A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06F 2221/2149   Restricted operating enviro...

H04L 63/10   for controlling access to d...

H04L 65/765   intermediate

METHODS, DEVICES, AND MEDIA FOR SECURELY UTILIZING A NON-SECURED, DISTRIBUTED, VIRTUALIZED NETWORK RESOURCE WITH APPLICATIONS TO CLOUD-COMPUTING SECURITY AND MANAGEMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

116 Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS, DEVICES, AND MEDIA FOR SECURELY UTILIZING A NON-SECURED, DISTRIBUTED, VIRTUALIZED NETWORK RESOURCE WITH APPLICATIONS TO CLOUD-COMPUTING SECURITY AND MANAGEMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

116 Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links