METHOD FOR SECURING DATA AND/OR APPLICATIONS IN A CLOUD COMPUTING ARCHITECTURE

US 20110247047A1
Filed: 04/04/2011
Published: 10/06/2011
Est. Priority Date: 04/02/2010
Status: Active Grant

First Claim

Patent Images

1. A method for securing data and/or applications within a cloud computing architecture, which comprises:

a set of virtual servers identified by server identifiers, each virtual server being associated with one or more virtual memory disks, each virtual memory disk being materialized in the form of one or more memory spaces in one or more physical memory disks,an interface for allowing a remote user to access, via an Internet-type network, one or more virtual servers which are dedicated to said user in the set of virtual servers by means of an access key which is specific to the user and/or each virtual server, and to administer said dedicated virtual servers,interface components for creating and managing the set of virtual servers,comprising the following steps;

a security module is provided, said security module being administered by the user of the virtual server(s) which is/are dedicated to said user;

said security module is provided with one or more security policies to be applied to the data and/or applications managed by the virtual servers dedicated to said user;

said security module is provided with said access key which is specific to the user and/or each dedicated virtual server, for accessing the user'"'"'s dedicated virtual servers;

the security module accesses said dedicated virtual servers of the user by means of said provided access key; and

the dedicated virtual servers apply the security policies, which have been provided to said security module, to the data and/or applications they manage.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for securing data and/or applications within a cloud computing architecture is provided. According to the invention, a security module is provided, the security module being administered by the user of said virtual server(s) which is/are dedicated to said user; said security module is provided with one or more security policies to be applied to the data managed by the virtual servers dedicated to said user; said security module is provided with identifiers as well as keys to access the user'"'"'s dedicated virtual servers; the security module accesses the user'"'"'s dedicated virtual server; the security module exports the security policies, which have been provided to it, to the dedicated virtual servers; and the dedicated virtual servers apply the security policies, which have been provided to them by the security module, to the data they manage.

64 Citations

View as Search Results

14 Claims

1. A method for securing data and/or applications within a cloud computing architecture, which comprises:
- a set of virtual servers identified by server identifiers, each virtual server being associated with one or more virtual memory disks, each virtual memory disk being materialized in the form of one or more memory spaces in one or more physical memory disks,an interface for allowing a remote user to access, via an Internet-type network, one or more virtual servers which are dedicated to said user in the set of virtual servers by means of an access key which is specific to the user and/or each virtual server, and to administer said dedicated virtual servers,interface components for creating and managing the set of virtual servers,comprising the following steps;
  
  a security module is provided, said security module being administered by the user of the virtual server(s) which is/are dedicated to said user;
  
  said security module is provided with one or more security policies to be applied to the data and/or applications managed by the virtual servers dedicated to said user;
  
  said security module is provided with said access key which is specific to the user and/or each dedicated virtual server, for accessing the user'"'"'s dedicated virtual servers;
  
  the security module accesses said dedicated virtual servers of the user by means of said provided access key; and
  
  the dedicated virtual servers apply the security policies, which have been provided to said security module, to the data and/or applications they manage.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method according to claim 1, further comprising the following steps:
    - an agent is installed on the dedicated virtual server; and
      
      the security module exports the security policies which have been provided to it to the dedicated server on which the agent is installed.
  - 3. The method according to claim 1, wherein the security policies provided to the security module are applied through a secure channel to the dedicated virtual servers by remote execution, from said security module.
  - 4. The method according to claim 1, wherein existing network restrictions, which are applied to the virtual servers, are extended to a security policy which will be applied to the data and/or applications managed by the dedicated virtual servers.
  - 5. The method according to claim 1, further comprising the following steps:
    - new dedicated virtual servers are dynamically created within the cloud computing architecture;
      
      the key which is specific to the user and/or each newly created dedicated virtual server is provided to the security module; and
      
      the new dedicated virtual servers apply the security policies, which have been provided to them by the security module, to the data and/or applications they manage.
  - 6. The method according to claim 5, wherein the security policies applied to the data and/or applications of the new virtual servers are applied automatically.
  - 7. The method according to claim 1, wherein the security module is itself a dedicated virtual server contained within the cloud computing architecture.
  - 8. The method according to claim 1, wherein the security module is provided by a software provider as a service within the cloud computing architecture.
  - 9. The method according to claim 1, wherein the security module is a software module installed on a user'"'"'s physical computer station.
  - 10. The method according to claim 1, wherein the architecture further comprises an event-recording module and in that the security module accesses events recorded by said event-recording module for the dedicated virtual servers and checks whether the security policies have been applied by said dedicated virtual servers based on said events.
  - 11. The method according to claim 1, wherein the key specific to the user and/or each dedicated virtual server is stored in the security module, in a trusted platform'"'"'s module, in a smart card, or with a trusted third party.
  - 12. The method according to claim 1, wherein it is implemented within a computing architecture which comprises a plurality of clouds.
  - 13. The method according to claim 1, wherein the data is encrypted in the dedicated virtual servers in compliance with the application of a security policy applied to said servers.
  - 14. The method according to claim 1, wherein the data is encrypted according to the security policies applied within the dedicated virtual servers so that, after the dedicated virtual servers have been deleted, said data is no longer readable, and/or so as to thwart side-channel attacks.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OUTPOST 24 FRANCE
Original Assignee
Matthias Jung, Sergio Loureiro
Inventors
Jung, Matthias, Loureiro, Sergio

Granted Patent

US 8,819,767 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/10 for controlling access to d...

H04L 63/20 for managing network securi...

METHOD FOR SECURING DATA AND/OR APPLICATIONS IN A CLOUD COMPUTING ARCHITECTURE

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

64 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD FOR SECURING DATA AND/OR APPLICATIONS IN A CLOUD COMPUTING ARCHITECTURE

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links