SECURING INFORMATION IN A CLOUD COMPUTING SYSTEM

US 20130117563A1
Filed: 08/13/2012
Published: 05/09/2013
Est. Priority Date: 11/09/2011
Status: Active Grant

First Claim

Patent Images

1. A system for securing information on a virtual server in a cloud environment, comprising:

a cloud encoder associated with the virtual server, comprising a communication module, a configuration service, a background service and an encoder filter, as well as a protection policy database and an event logger, all of which are interconnected, anda key manager and a configuration manager associated with an owner of the information and connected to the communication module of the cloud encoder via a secured communication link, wherein;

upon initiation of the virtual server, the cloud encoder is arranged to receive and store a protection policy from the configuration manager, andduring operation of the virtual server, the encoder filter is arranged to receive at least one encryption key from the key manager, place the received at least one encryption key in a memory of the virtual server and use the placed at least one encryption key to encrypt and decrypt information within the virtual server according to the received protection policy.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The method and system for secure data (information) inside a cloud computing system, allow data to be encrypted everywhere in the cloud on storage devices and in communication lines so that only the information owner has the encryption key and may decrypt the data. The main idea is using software filter technology inside the cloud virtual machine for encrypting and decrypting data and keeping the encryption key(s) only in the hand of the owner of the information outside the cloud. The encryption key is loaded into the appropriate filter only by permission of the information owner or an allowed user. The method allows combination of data encryption with application control and user control.

Citations

16 Claims

1. A system for securing information on a virtual server in a cloud environment, comprising:
- a cloud encoder associated with the virtual server, comprising a communication module, a configuration service, a background service and an encoder filter, as well as a protection policy database and an event logger, all of which are interconnected, anda key manager and a configuration manager associated with an owner of the information and connected to the communication module of the cloud encoder via a secured communication link, wherein;
  
  upon initiation of the virtual server, the cloud encoder is arranged to receive and store a protection policy from the configuration manager, andduring operation of the virtual server, the encoder filter is arranged to receive at least one encryption key from the key manager, place the received at least one encryption key in a memory of the virtual server and use the placed at least one encryption key to encrypt and decrypt information within the virtual server according to the received protection policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the information is file encrypted and the protection policy comprises trusted applications and trusted users.
  - 3. The system of claim 1, wherein the information is user encrypted, the at least one encryption key comprises a plurality of user specific encryption keys, and the protection policy comprises an association of information segments with trusted users and respective trusted applications.
  - 4. The system of claim 1, wherein the at least one encryption key comprises a single encryption key with which all information on the virtual server is encrypted and decrypted.
  - 5. The system of claim 1, wherein a part of the cloud that includes the virtual server is encrypted and the communication module is realized in a loadable partition outside the encrypted part of the cloud.
  - 6. The system of claim 1, wherein the protection policy comprises rules for audited information and the event logger is arranged to log information according to the rules.
  - 7. The system of claim 1, wherein the cloud encoder is arranged to move with the virtual server upon transferring the virtual server to a different cloud environment.
  - 8. The system of claim 1, wherein the encoder filter is arranged to place the received at least one encryption key in a secure manner comprising at least one of:
    - obfuscating the at least one encryption key, segmenting at least one encryption key and encrypting at least one encryption key with a key stored on the virtual server.
  - 9. The system of claim 1, wherein the cloud encoder is realized on the virtual server.
  - 10. The system of claim 1, wherein the cloud encoder is realized on a client computer.

11. A method of securing information on a virtual server in a cloud environment, comprising:
- upon initiation of the virtual server, transmitting a protection policy thereto, andduring operation of the virtual server, placing at least one encryption key in a memory thereof and using the at least one encryption key to encrypt and decrypt information within the virtual server according to the transmitted protection policy.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The method of claim 11, wherein the protection policy comprises a list of trusted applications and trusted users.
  - 13. The method of claim 11, wherein the at least one encryption key comprises a plurality of user specific encryption keys and the protection policy comprises an association of trusted users, user related information segments and user related trusted applications.
  - 14. The method of claim 11, wherein the placing at least one encryption key on the virtual server is carried out in a secure manner comprising at least one of:
    - obfuscating the at least one encryption key, segmenting at least one encryption key and encrypting at least one encryption key with a key stored on the virtual server.
  - 15. The method of claim 11, further comprising encrypting a part of the cloud that includes the virtual server and realizing a communication module in a loadable partition outside the encrypted part of the cloud.
  - 16. The method of claim 11, further comprising logging events relating to specified segments of the information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Safer Point Limited
Original Assignee
Safer Point Limited
Inventors
GRABELKOVSKY, Michael

Granted Patent

US 8,990,558 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/165
CPC Class Codes

G06F 15/173   using an interconnection ne...

G06F 16/00   Information retrieval; Data...

G06F 21/6218   to a system of files or obj...

SECURING INFORMATION IN A CLOUD COMPUTING SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

SECURING INFORMATION IN A CLOUD COMPUTING SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links