SYSTEMS AND METHODS FOR CONTAINERIZED DATA SECURITY

US 20160301676A1
Filed: 03/10/2016
Published: 10/13/2016
Est. Priority Date: 03/10/2015
Status: Active Grant

First Claim

Patent Images

1. A system useful in facilitating containerized data security, the system comprising:

a data store containing at least an encrypted plurality of N containers, including a first container, said first container including data associated with a unit of interest to the system and encrypted instructions corresponding to at least one application; and

a computer processing unit;

a network interface in data communication with said computer processing unit and said data store; and

memory in data communication with said computer processing unit and containing executable instructions for causing said computer processing unit to perform a containerized data security method including;

(a) obtaining a first external communication from a source external to the system;

(b) associating said first external communication with said first container;

(c) authenticating said first external communication with respect to said first container;

(d) providing said first external communication to an unencrypted instance of said first container in said memory;

(e) obtaining a first responsive communication from said unencrypted instance of said first container; and

(f) providing said first responsive communication to said source external to the system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided herein are systems and methods useful in facilitating containerized data security. The system may include a data store, a computer processing unit, a network interface, and memory. The memory may contain executable instructions for causing the system to perform a containerized data security method including obtaining a first external communication from a source external to the system; associating the first external communication with the first container; authenticating the first external communication with respect to the first container; providing the first external communication to an unencrypted instance of the first container in the memory; obtaining a first responsive communication from the unencrypted instance of the first container; and providing the first responsive communication to the source external to the system.

Citations

20 Claims

1. A system useful in facilitating containerized data security, the system comprising:
- a data store containing at least an encrypted plurality of N containers, including a first container, said first container including data associated with a unit of interest to the system and encrypted instructions corresponding to at least one application; and
  
  a computer processing unit;
  
  a network interface in data communication with said computer processing unit and said data store; and
  
  memory in data communication with said computer processing unit and containing executable instructions for causing said computer processing unit to perform a containerized data security method including;
  
  (a) obtaining a first external communication from a source external to the system;
  
  (b) associating said first external communication with said first container;
  
  (c) authenticating said first external communication with respect to said first container;
  
  (d) providing said first external communication to an unencrypted instance of said first container in said memory;
  
  (e) obtaining a first responsive communication from said unencrypted instance of said first container; and
  
  (f) providing said first responsive communication to said source external to the system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 13)
- - 2. The system of claim 1, wherein step (b) of said containerized data security method includes:
    - obtaining an encrypted version of said first container from said data store;
      
      decrypting encrypted version of said first container; and
      
      instantiating said unencrypted instance of said first container in said memory.
  - 3. The system of claim 2, wherein said containerized data security method further includes using information contained in said first external communication to identify a decryption key associated with said first container.
  - 4. The system of claim 1, wherein said first container includes only data associated with a first unit of interest to the system and said containerized data security method further includes:
    - (a) obtaining a second external communication from said source external to the system;
      
      (b) associating said second external communication with said first container;
      
      (c) determining said second external communication is associated with a second unit of interest to the system; and
      
      (d) flagging said source external to the system as a security risk.
  - 5. The system of claim 1, wherein said containerized data security method further includes, subsequent to step (e):
    - encrypting said unencrypted instance of said first container, thereby creating a new encrypted version of said first container; and
      
      providing said new encrypted version of said first container to said data store.
  - 6. The system of claim 1, wherein said containerized data security method includes, prior to step (f):
    - performing a security analysis of said first external communication and said first responsive communication; and
      
      obtaining a favorable result from said security analysis.
  - 7. The system of claim 1, wherein said first container includes a virtual middle tier server and a virtual data center.
  - 8. The system of claim 1, wherein said first container is a private container.
  - 9. The system of claim 1, wherein said first container is a shared container.
  - 10. The system of claim 1, wherein said first container is a public container.
  - 13. The system of claim 7, wherein said unencrypted instance of said second container:
    - obtains said third external communication;
      
      authenticates said third external communication in accordance with said second authentication step;
      
      decrypts said encrypted version of said third container; and
      
      instantiates an unencrypted instance of said third container within said unencrypted instance of said second container.

11. A system useful in facilitating containerized data security, the system comprising:
- a data store containing at least;
  
  an encrypted version of a first container, said first container including instructions corresponding to a first authentication step and an encrypted version of a second container, said second container including instructions corresponding to a second authentication step and an encrypted version of a third container;
  
  a computer processing unit;
  
  a network interface in data communication with said computer processing unit and said data store; and
  
  memory in data communication with said computer processing unit and containing executable instructions for causing said computer processing unit to perform a containerized data security method comprising;
  
  (a) obtaining a first external communication from a source external to the system;
  
  (b) associating said first external communication with said first container;
  
  (c) authenticating said first external communication with respect to said first container;
  
  (d) obtaining said new encrypted version of said first container from said data store;
  
  (e) decrypting said encrypted version of said first container; and
  
  (f) instantiating an unencrypted instance of said first container in said memory;
  
  (g) obtaining a first responsive communication from said unencrypted instance of said first container, said first responsive communication being associated with said first authentication step;
  
  (h) providing said first responsive communication to said source external to the system;
  
  (i) obtaining a second external communication from said source external to the system;
  
  (j) associating said second external communication with said first container;
  
  (k) providing said second external communication to said unencrypted instance of said first container;
  
  (l) obtaining a second responsive communication from said unencrypted instance of said first container, said second responsive communication being associated with said second authentication step;
  
  (m) providing said second responsive communication to said source external to the system;
  
  (n) obtaining a third external communication from said source external to the system;
  
  (o) associating said third external communication with said first container; and
  
  (p) providing said third external communication to said unencrypted instance of said first container.
- View Dependent Claims (12, 14)
- - 12. The system of claim 11, wherein said unencrypted instance of said first container:
    - obtains said second external communication;
      
      authenticates said second external communication in accordance with said first authentication step;
      
      decrypts said encrypted version of said second container;
      
      instantiates an unencrypted instance of said second container within said unencrypted instance of said first container;
      
      obtains said third external communication; and
      
      provides said third external communication to said unencrypted instance of said second container.
  - 14. The system of claim 11, wherein said containerized data security method further includes using information contained in said first external communication to identify a decryption key associated with said first container.

15. A system useful in facilitating containerized data security, the system comprising:
- a data store containing at least an encrypted plurality of N containers, including afirst container, said first container including publicly accessible data associated with the system and encrypted instructions corresponding to at least one application; and
  
  a computer processing unit;
  
  a network interface in data communication with said computer processing unit and said data store; and
  
  memory in data communication with said computer processing unit and said data store and containing executable instructions for causing said computer processing unit to perform a containerized data security method including;
  
  (a) obtaining an encrypted version of said first container from said data store;
  
  (b) decrypting said encrypted version of said first container; and
  
  (c) instantiating an unencrypted instance of said first container in said memory(d) obtaining a first external communication from a source external to the system;
  
  (e) associating said first external communication with said first container;
  
  (f) providing said first external communication to an unencrypted instance of said first container in said memory; and
  
  (g) obtaining a first responsive communication from said unencrypted instance of said first container.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein said containerized data security method further includes, providing said first responsive communication to said source external to the system.
  - 17. The system of claim 15, wherein said containerized data security method further includes:
    - (i) discarding unencrypted instance of said first container;
      
      (j) obtaining said encrypted version of said first container from said data store;
      
      (k) decrypting encrypted version of said first container; and
      
      (l) instantiating a second unencrypted instance of said first container in said memory.
  - 18. The system of claim 17, wherein said containerized data security method further includes, prior to step (i):
    - performing a security analysis of said first external communication and said first responsive communication; and
      
      identifying a security risk to the system.
  - 19. The system of claim 17, wherein said containerized data security method further includes:
    - providing said first responsive communication to said source external to the system; and
      
      instantiating a monitored version of said first container; and
      
      wherein any additional external communications obtained from said source external to the system are directed to said monitored version of said first container.
  - 20. The system of claim 17, wherein steps (i) through (l) are repeated at a regular interval.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Polyverse Corporation
Original Assignee
Polyverse Corporation
Inventors
GOUNARES, Alexander G.

Granted Patent

US 9,807,077 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/6209   to a single file or object,...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 67/14   Session management for real...

SYSTEMS AND METHODS FOR CONTAINERIZED DATA SECURITY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR CONTAINERIZED DATA SECURITY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links