High performance data encryption server and method for transparently encrypting/decrypting data
First Claim
1. A method for transparently applying a cryptographic operation to application-specific data, the method comprising:
- providing an application program interface (API) coupled between a cryptographic server and a data store of an information processing device, the information processing device running at least one of an operating system (OS) and a native database management system (DBMS) that natively contains at least one hook corresponding to a pre-defined OS or native DBMS data flow event or location and operable to invoke third party-provided computer program code when data flow of the OS or DBMS reaches the pre-defined data flow event or location;
providing the third-party computer program code; and
responsive to a request from an application related to an input/output (I/O) operation on a storage mechanism that causes data flow of the OS or DBMS to reach the pre-defined data flow event or location, initiating via the API, by the computer program code invoked by the hook, cryptographic processing of an application-specific data item corresponding to the I/O operation request by a cryptographic appliance (CA) coupled to the cryptographic server.
11 Assignments
0 Petitions
Accused Products
Abstract
High-performance data encryption/decryption server and method for transparently encrypting/decrypting data. System and method for encryption and/or decryption cryptographic services that have applicability small and large databases and especially to encryption and/or decryption of bulk data. Method for transparently applying a cryptographic operation to application-specific data. Encryption server for transparent encryption and decryption of application specific data. Method for transparently encrypting application specific data. Computer program stored on a computer readable media for modifying the operation of a computer process implementing a method for transparently encrypting application specific data. System and appliance for transparently encrypting application specific data. System for transparently applying a cryptographic operation to application-specific data.
-
Citations
24 Claims
-
1. A method for transparently applying a cryptographic operation to application-specific data, the method comprising:
-
providing an application program interface (API) coupled between a cryptographic server and a data store of an information processing device, the information processing device running at least one of an operating system (OS) and a native database management system (DBMS) that natively contains at least one hook corresponding to a pre-defined OS or native DBMS data flow event or location and operable to invoke third party-provided computer program code when data flow of the OS or DBMS reaches the pre-defined data flow event or location; providing the third-party computer program code; and responsive to a request from an application related to an input/output (I/O) operation on a storage mechanism that causes data flow of the OS or DBMS to reach the pre-defined data flow event or location, initiating via the API, by the computer program code invoked by the hook, cryptographic processing of an application-specific data item corresponding to the I/O operation request by a cryptographic appliance (CA) coupled to the cryptographic server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. An encryption server for use in transparent encryption and decryption of application specific data, the server comprising an information processing device having:
-
(a) a first interface for coupling with a cryptographic appliance; and (b) an application programming interlace (API) configured to be called by computer program code invoked for execution by at least one hook natively provided by one of an operating system (OS) and a native database management system (DBMS), the hook corresponding to a pre-defined OS or native DBMS data flow event or location and operable to invoke the computer program code when, responsive to a request from an application related to an input/output (I/O) operation on a storage mechanism, data now of the OS or DBMS reaches the pre-defined data now event or location, the API used by the computer program code to initiate cryptographic processing of an application-specific data item corresponding to the I/O operation request by the cryptographic appliance; wherein the server acts as a cryptographic requests broker between the API and the cryptographic appliance. - View Dependent Claims (19, 20, 21)
-
-
22. A method for transparently encrypting application specific data, the method comprising:
-
providing computer program code which, in operation, is invoked by at least one-hook provided natively by and specific to a particular type of operating system (OS) or native database management system (DBMS), the hook corresponding to a pre-defined OS or native DBMS data flow event or location and operable to invoke the provided computer program code; and responsive to a request from an application related to an input/output (I/O) operation on a storage mechanism that causes data flow of the OS or DBMS to reach the pre-defined data flow event or location, using the hook to invoke execution of the computer program code to initiate, via an application program interface (API) in cooperation with a cryptographic server, cryptographic processing of data corresponding to the I/O operation request.
-
-
23. A non-transitory computer readable storage medium storing computer readable instructions which, when read by a computer, cause the computer to perform a method for transparently encrypting application specific data, the method comprising:
-
providing an application program interface (API) coupled between a cryptographic server and a data store of an information processing device, the information processing device running at least one of an operating system (OS) and a native database management system (DBMS) that natively contains at least one hook corresponding to a pre-defined OS or native DBMS data flow event or location and operable to invoke third party-provided computer program code when data flow of the OS or DBMS reaches the pre-defined data flow event or location; providing the third-party computer program code; and responsive to a request from an application related to an input/output (I/O) operation on a storage mechanism that causes data flow of the OS or DMBS to reach the pre-defined data flow event or location, initiating via the API, by the computer program code invoked by the hook, cryptographic processing of an application-specific data item corresponding to the I/O operation request by a cryptographic appliance (CA) coupled to the cryptographic server.
-
-
24. A system for transparently encrypting application specific data, the system comprising:
-
an information processing device having; an operating system (OS) natively providing at least one exit routine corresponding to a pre-defined OS data flow event or location, the exit routine associated with at least one of a native data access method, a native database management system, and a memory resident data store, the exit routine responsive to a request from an application related to an input/output (I/O) operation on a storage mechanism that causes data flow of the OS to reach the pre-defined data flow event or location; and an application program interface (API) adapted to send a cryptographic service request based on the at least one exit routine; an encryption server (ES) initiating a cryptographic service responsive to the cryptographic service request; and a cryptographic appliance (CA) performing the initiated cryptographic service.
-
Specification