SECURING INFORMATION IN A CLOUD COMPUTING SYSTEM
First Claim
1. A system for securing information on a virtual server in a cloud environment, comprising:
- a cloud encoder associated with the virtual server, comprising a communication module, a configuration service, a background service and an encoder filter, as well as a protection policy database and an event logger, all of which are interconnected, anda key manager and a configuration manager associated with an owner of the information and connected to the communication module of the cloud encoder via a secured communication link, wherein;
upon initiation of the virtual server, the cloud encoder is arranged to receive and store a protection policy from the configuration manager, andduring operation of the virtual server, the encoder filter is arranged to receive at least one encryption key from the key manager, place the received at least one encryption key in a memory of the virtual server and use the placed at least one encryption key to encrypt and decrypt information within the virtual server according to the received protection policy.
1 Assignment
0 Petitions
Accused Products
Abstract
The method and system for secure data (information) inside a cloud computing system, allow data to be encrypted everywhere in the cloud on storage devices and in communication lines so that only the information owner has the encryption key and may decrypt the data. The main idea is using software filter technology inside the cloud virtual machine for encrypting and decrypting data and keeping the encryption key(s) only in the hand of the owner of the information outside the cloud. The encryption key is loaded into the appropriate filter only by permission of the information owner or an allowed user. The method allows combination of data encryption with application control and user control.
-
Citations
16 Claims
-
1. A system for securing information on a virtual server in a cloud environment, comprising:
-
a cloud encoder associated with the virtual server, comprising a communication module, a configuration service, a background service and an encoder filter, as well as a protection policy database and an event logger, all of which are interconnected, and a key manager and a configuration manager associated with an owner of the information and connected to the communication module of the cloud encoder via a secured communication link, wherein; upon initiation of the virtual server, the cloud encoder is arranged to receive and store a protection policy from the configuration manager, and during operation of the virtual server, the encoder filter is arranged to receive at least one encryption key from the key manager, place the received at least one encryption key in a memory of the virtual server and use the placed at least one encryption key to encrypt and decrypt information within the virtual server according to the received protection policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of securing information on a virtual server in a cloud environment, comprising:
-
upon initiation of the virtual server, transmitting a protection policy thereto, and during operation of the virtual server, placing at least one encryption key in a memory thereof and using the at least one encryption key to encrypt and decrypt information within the virtual server according to the transmitted protection policy. - View Dependent Claims (12, 13, 14, 15, 16)
-
Specification