Data Computation in a Multi-Domain Cloud Environment

US 20180234389A1
Filed: 04/11/2018
Published: 08/16/2018
Est. Priority Date: 10/22/2014
Status: Active Grant

First Claim

Patent Images

1. A gateway device coupled between a client device and a server, the gateway device and the client device within a trusted domain comprising a pre-determined network of systems subject to one or more security policies corresponding to the trusted domain, the server external to the trusted domain, the gateway device comprising:

an input configured to intercept encoded data and a set of operation identifiers sent by a server to a client device in response to a request for cloud services by the client device, each operation identifier uniquely identifying a computational operation, the encoded data and the set of operation identifiers selected by the server based on the requested cloud services and based on a set of operations that the gateway device is able to perform such that computational operations identified by the set of operation identifiers, when performed in a particular order, produce an operation result equivalent to an operation result produced by a cloud computation operation associated with the requested cloud services;

a hardware processor configured to decode the encoded data and to perform the computational operations identified by the set of operation identifiers; and

an output configured to;

provide the operation result data to the client device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A gateway device for implementing data security is described herein. The gateway device is coupled between a client device and a server device, and is configured to receive encoded data and a set of operations from the server device in response to a request for cloud services from the client device. The gateway device is configured to decode the encoded data, and to provide the decoded data and the set of operations to the client device. The client device is configured to perform the set of operations on the decoded data, and to incorporate the operation results into an application or interface corresponding to the requested cloud service. The gateway device is configured to encode the operation result data, and to provide the encoded operation result data to the server device for storage.

13 Citations

View as Search Results

20 Claims

1. A gateway device coupled between a client device and a server, the gateway device and the client device within a trusted domain comprising a pre-determined network of systems subject to one or more security policies corresponding to the trusted domain, the server external to the trusted domain, the gateway device comprising:
- an input configured to intercept encoded data and a set of operation identifiers sent by a server to a client device in response to a request for cloud services by the client device, each operation identifier uniquely identifying a computational operation, the encoded data and the set of operation identifiers selected by the server based on the requested cloud services and based on a set of operations that the gateway device is able to perform such that computational operations identified by the set of operation identifiers, when performed in a particular order, produce an operation result equivalent to an operation result produced by a cloud computation operation associated with the requested cloud services;
  
  a hardware processor configured to decode the encoded data and to perform the computational operations identified by the set of operation identifiers; and
  
  an output configured to;
  
  provide the operation result data to the client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The gateway device of claim 1, wherein the gateway device is configured to intercept the encoded data and the set of operation identifiers before the client device receives the encoded data and the set of operation identifiers.
  - 3. The gateway device of claim 1, wherein the client device is configured to execute an application or interface provided by the server, and to incorporate the operation result data into the executed application or interface.
  - 4. The gateway device of claim 1, wherein decoding the encoded data comprises one or both of decrypting the encoded data and detokenizing the encoded data.
  - 5. The gateway device of claim 1, wherein the cloud computation operation comprise a set of computational operations different than the computation operations identified by the set of operation identifiers.
  - 6. The gateway device of claim 1, wherein the server is configured to query the gateway device to identify operations available to the gateway device, and to select one or more of the identified operations.
  - 7. The gateway device of claim 1, wherein the server is configured to provide executable code to the gateway device, and wherein the gateway device is configured to execute the code.

8. A method comprising:
- intercepting, by a gateway device coupled between a server and a client device, encoded data and a set of operation identifiers sent by the server to the client device in response to a request for cloud services by the client device, each operation identifier uniquely identifying a computational operation, the encoded data and the set of operation identifiers selected by the server based on the requested cloud services and based on a set of operations that the gateway device is able to perform such that computational operations identified by the set of operation identifiers, when performed in a particular order, produce an operation result equivalent to an operation result produced by a cloud computation operation associated with the requested cloud services;
  
  decoding, by the gateway device, the encoded data to produce decoded data;
  
  performing, by the gateway device, the computational operations identified by the set of operation identifiers to produce an operation result; and
  
  providing, by the gateway device, the operation result to the client device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the gateway device is configured to intercept the encoded data and the set of operation identifiers before the client device receives the encoded data and the set of operation identifiers.
  - 10. The method of claim 8, wherein the client device is configured to execute an application or interface provided by the server, and to incorporate the operation result data into the executed application or interface.
  - 11. The method of claim 8, wherein decoding the encoded data comprises one or both of decrypting the encoded data and detokenizing the encoded data.
  - 12. The method of claim 8, wherein the cloud computation operation comprise a set of computational operations different than the computation operations identified by the set of operation identifiers.
  - 13. The method of claim 8, wherein the server is configured to query the gateway device to identify operations available to the gateway device, and to select one or more of the identified operations.
  - 14. The method of claim 8, wherein the server is configured to provide executable code to the gateway device, and wherein the gateway device is configured to execute the code.

15. A non-transitory computer-readable storage medium storing executable computer instructions that, when executed by a processor of a gateway device coupled between a server and a client device, cause the processor to perform steps comprising:
- intercepting, by the gateway device, encoded data and a set of operation identifiers sent by the server to the client device in response to a request for cloud services by the client device, each operation identifier uniquely identifying a computational operation, the encoded data and the set of operation identifiers selected by the server based on the requested cloud services and based on a set of operations that the gateway device is able to perform such that computational operations identified by the set of operation identifiers, when performed in a particular order, produce an operation result equivalent to an operation result produced by a cloud computation operation associated with the requested cloud services;
  
  decoding, by the gateway device, the encoded data to produce decoded data;
  
  performing, by the gateway device, the computational operations identified by the set of operation identifiers to produce an operation result; and
  
  providing, by the gateway device, the operation result to the client device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable storage medium of claim 15, wherein the gateway device is configured to intercept the encoded data and the set of operation identifiers before the client device receives the encoded data and the set of operation identifiers.
  - 17. The non-transitory computer-readable storage medium of claim 15, wherein the client device is configured to execute an application or interface provided by the server, and to incorporate the operation result data into the executed application or interface.
  - 18. The non-transitory computer-readable storage medium of claim 15, wherein decoding the encoded data comprises one or both of decrypting the encoded data and detokenizing the encoded data.
  - 19. The non-transitory computer-readable storage medium of claim 15, wherein the cloud computation operation comprise a set of computational operations different than the computation operations identified by the set of operation identifiers.
  - 20. The non-transitory computer-readable storage medium of claim 15, wherein the server is configured to query the gateway device to identify operations available to the gateway device, and to select one or more of the identified operations.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Original Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Inventors
Jain, Rajnish, Levy, Vichai, Mattsson, Ulf, Rozenberg, Yigal

Granted Patent

US 10,541,975 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0281   Proxies

H04L 63/0435   wherein the sending and rec...

H04L 63/0471   applying encryption by an i...

H04L 63/08   for authentication of entit...

H04L 63/1408   by monitoring network traff...

H04L 67/34   involving the movement of s...

H04L 67/51   Discovery or management the...

H04L 69/08   Protocols for interworking;...

Data Computation in a Multi-Domain Cloud Environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

13 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Data Computation in a Multi-Domain Cloud Environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links