SYSTEM AND METHOD FOR AUTOMATICALLY SECURING SENSITIVE DATA IN PUBLIC CLOUD USING A SERVERLESS ARCHITECTURE

US 20200134220A1
Filed: 11/22/2019
Published: 04/30/2020
Est. Priority Date: 04/11/2018
Status: Active Grant

First Claim

Patent Images

1-20. -20. (canceled)

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided executing jobs immediately upon receipt of a notification. The systems and methods may include receiving, at a cloud compute service, a notification that a sensitive file comprising sensitive data has been received at a file receipt location, the sensitive file being sent by a client device; generating, by the cloud compute service, a container instance in response to the notification; retrieving, by the container instance, the sensitive file from the file receipt location; generating, by the container instance, a stripped file by stripping the sensitive data from the sensitive file based on a configuration file; transmitting, by the container instance, the stripped file to a storage location; deleting the sensitive file and associated file pointers from the file receipt location; and terminating the container instance, wherein terminating the container instance comprises deleting files comprising sensitive data and associated file pointers.

Citations

40 Claims

1-20. -20. (canceled)

21. A file receipt location system, comprising:
- one or more first memory units containing instructions; and
  
  one or more processors configured to execute the instructions to perform operations comprising;
  
  receiving a file from a client device, the file comprising sensitive information;
  
  transmitting, to a cloud compute service, a notification comprising a tag associated with the file, the tag identifying one of a vendor or service provider;
  
  receiving, from the cloud compute service in response to the notification, a request to access the file;
  
  transmitting the file to the cloud compute service based on the request; and
  
  deleting the file.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 22. The system of claim 21, wherein receiving a file comprises receiving a file which was manually transmitted from the client device by a user of the client device.
  - 23. The system of claim 22, wherein receiving a file comprises receiving a file that originated externally from the client device.
  - 24. The system of claim 21, wherein deleting the file comprises:
    - permanently deleting the file; and
      
      permanently deleting a file pointer associated with the file.
  - 25. The system of claim 24, wherein permanently deleting the file comprises wiping data by overwriting memory associated with the file.
  - 26. The system of claim 24, wherein permanently deleting the file comprises marking the file for permanent deletion at a later time.
  - 27. The system of claim 21, wherein:
    - the operations further comprise receiving, from the cloud compute service, an instruction to delete the file; and
      
      deleting the file comprises deleting the file based on the instruction.
  - 28. The system of claim 21, wherein the tag comprises an indication that the file is at least one of tagged as restricted, tagged for aggregation, tagged for encryption, tagged as relating to a configuration file, or tagged as belonging to a file class.
  - 29. The system of claim 21, wherein transmitting a notification comprises transmitting an instruction for the cloud compute service to select a warm container instance to strip the sensitive information from the file.
  - 30. The system of claim 21, wherein transmitting a notification comprises transmitting an instruction for the cloud compute service to generate a new container instance to strip the sensitive information from the file.
  - 31. The system of claim 21, further comprising one or more second memory units residing on a plurality of physical facilities separated by a distance;
    - andwherein the operations further comprise storing the file on at least one of the second memory units.
  - 32. The system of claim 21, wherein receiving a file comprises receiving a file comprising information associated with a transaction.

33. A method for processing a job at a file receipt location, the method comprising:
- receiving a file from a client device, the file comprising sensitive information;
  
  transmitting, to a cloud compute service, a notification comprising a tag associated with the file, the tag identifying one of a vendor or service provider;
  
  receiving, from the cloud compute service in response to the notification, a request to access the file;
  
  transmitting the file to the cloud compute service based on the request; and
  
  deleting the file.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40)
- - 34. The method of claim 33, wherein receiving a file from a client device comprises receiving a file which was manually transmitted from the client device by a user of the client device.
  - 35. The method of claim 34, wherein receiving a file from a client device comprises receiving a file that originated externally from the client device.
  - 36. The method of claim 33, wherein deleting the file comprises:
    - permanently deleting the file; and
      
      permanently deleting a file pointer associated with the file.
  - 37. The method of claim 33, further comprising receiving, from the cloud compute service, an instruction to delete the file;
    - andwherein deleting the file comprises deleting the file based on the instruction.
  - 38. The method of claim 33, wherein transmitting a notification comprises transmitting an instruction for the cloud compute service to select a warm container instance to strip the sensitive information from the file.
  - 39. The method of claim 33, wherein transmitting a notification comprises transmitting an instruction for the cloud compute service to generate a new container instance to strip the sensitive information from the file.
  - 40. The method of claim 33, further comprising storing the file on one or more memory units residing on a plurality of physical facilities separated by a distance.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Capital One Services LLC (Capital One Financial Corporation)
Original Assignee
Capital One Services LLC (Capital One Financial Corporation)
Inventors
FONSEKA, Nathal L., PANSARI, Ankit

Granted Patent

US 10,956,596 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/162   Delete operations erasing i...

G06F 21/602   Providing cryptographic fac...

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2115   Third party

SYSTEM AND METHOD FOR AUTOMATICALLY SECURING SENSITIVE DATA IN PUBLIC CLOUD USING A SERVERLESS ARCHITECTURE

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR AUTOMATICALLY SECURING SENSITIVE DATA IN PUBLIC CLOUD USING A SERVERLESS ARCHITECTURE

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links