Method and system for ensuring compliance in public clouds using fine-grained data ownership based encryption
First Claim
1. A computing system implemented process for ensuring compliance in public clouds using fine-grained encryption based on data ownership comprising:
- a private network having at least two parties generating data wherein the at least two parties are generating their particular generated data on behalf of a first entity;
receiving, at a gateway computing system, first and second generated data from respective ones of the two or more parties at a gateway computing system, the gateway computing system being coupled between the private network and a public network, the public network being accessible by the private network only through the gateway computing system;
analyzing, using one or more processors, the first and second generated data and determining whether either or both of the first and second generated data is within the scope of one or more regulatory policies, the analysis resulting in a first determination that the first generated data is within the scope of one or more regulatory policies, and a second determination that the second generated data is not within the scope of one of more regulatory policies;
transferring the second generated data to the public cloud without further processing; and
using one or more processors to;
determine, at the gateway computing system before the first generated data is transferred to the public network, using a data ownership determination system, the ownership of the first generated data to be a first entity;
access ownership based encryption key data associated with the determined owner of the first generated data;
obtain, at the gateway computing system before the first generated data is transferred to the public network, data representing the encryption keys associated with the determined owner of the first generated data at the gateway computing system;
encrypt, at the gateway computing system before the first data is transferred to the public network, the generated data in accordance with the encryption keys associated with the determined owner of the first data, thereby transforming the data into ownership based fine-grained encrypted data; and
transfer the ownership based fine-grained encrypted data from the gateway computing system to the public cloud.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for ensuring compliance in public clouds using fine-grained encryption based on data ownership that includes a process for ensuring compliance in public clouds using fine-grained encryption based on data ownership that is implemented, at least in part, at a gateway computing system through which data passes from the enterprise, and/or one or more end users, prior to being sent to the public cloud. In one embodiment, the data is classified, the ownership of the data is determined, the associated encryption keys are obtained, and the data is encrypted, automatically at the gateway computing system before the data is transferred to the public cloud, and in a manner that is transparent to end-users.
43 Citations
17 Claims
-
1. A computing system implemented process for ensuring compliance in public clouds using fine-grained encryption based on data ownership comprising:
-
a private network having at least two parties generating data wherein the at least two parties are generating their particular generated data on behalf of a first entity; receiving, at a gateway computing system, first and second generated data from respective ones of the two or more parties at a gateway computing system, the gateway computing system being coupled between the private network and a public network, the public network being accessible by the private network only through the gateway computing system; analyzing, using one or more processors, the first and second generated data and determining whether either or both of the first and second generated data is within the scope of one or more regulatory policies, the analysis resulting in a first determination that the first generated data is within the scope of one or more regulatory policies, and a second determination that the second generated data is not within the scope of one of more regulatory policies; transferring the second generated data to the public cloud without further processing; and using one or more processors to; determine, at the gateway computing system before the first generated data is transferred to the public network, using a data ownership determination system, the ownership of the first generated data to be a first entity; access ownership based encryption key data associated with the determined owner of the first generated data; obtain, at the gateway computing system before the first generated data is transferred to the public network, data representing the encryption keys associated with the determined owner of the first generated data at the gateway computing system; encrypt, at the gateway computing system before the first data is transferred to the public network, the generated data in accordance with the encryption keys associated with the determined owner of the first data, thereby transforming the data into ownership based fine-grained encrypted data; and transfer the ownership based fine-grained encrypted data from the gateway computing system to the public cloud. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for ensuring compliance in public clouds using fine-grained encryption based on data ownership comprising:
-
receiving, at a gateway computing system, first and second generated data from respective ones of two or more users, the gateway computing system being disposed between a private network having two or more computing systems operated by respective ones of the two or more users and a public network having one or more computing systems wherein the two or more users are generating their respective generated data on behalf of a first entity; analyzing the first and second generated data and determining whether either or both of the first and second generated data is within the scope of one or more regulatory policies, the analysis resulting in a first determination that the first generated data is within the scope of one or more regulatory policies, and a second determination that the second generated data is not within the scope of one of more regulatory policies; transferring the second generated data to the public cloud without further processing; determining, at the gateway computing system before the first generated data is transferred to the public network, using a data ownership determination system, the ownership of the first generated data to be the first entity; accessing ownership based encryption key data associated with the determined owner of the first generated data; obtaining, at the gateway computing system before the first generated data is transferred to the public network, data representing the encryption keys associated with the determined owner of the generated data at the gateway computing system; encrypting, at the gateway computing system before the first generated data is transferred to the public network, the first generated data in accordance with the encryption keys associated with the determined owner of the first generated data, thereby transforming the first generated data into ownership based fine-grained encrypted data; and transferring the ownership based fine-grained encrypted data from the gateway computing system to the public cloud. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system for ensuring compliance in public clouds using fine-grained encryption based on data ownership comprising:
-
two or more user/application computing systems, each respective user/application computing system being under the control of individual ones of two or more parties; a gateway computing system; data representing one or more data security system requirements; a data ownership determination system; an encryption key server computing system, the encryption key server computing system including ownership based encryption key data associated with one or more owners of data associated with the two or more user/application computing systems; a public cloud; and at least one processor associated with the gateway computing system, the at least one processor associated with the gateway computing system executing at least part of a process for ensuring compliance in public clouds using fine-grained encryption based on data ownership, the process comprising; receiving, first and second generated data from respective ones of the two or more user/application computing systems, at the gateway computing system, the gateway computing system being coupled between the private network and the public cloud, the public cloud being accessible by the private network only through the gateway computing system wherein at least two parties are generating respective first and second generated data on behalf of a first entity; analyzing the first and second generated data and the data representing one or more data security system requirements to determine and determining that the generated data is within the scope of the one or more regulatory policies, the analysis resulting in a first determination that the first generated data is within the scope of one or more regulatory policies, and a second determination that the second generated data is not within the scope of one of more regulatory policies; transferring the second generated data to the public cloud without further processing; determining, at the gateway computing system, the ownership of the first generated data to be a first entity, before the first generated data is transferred to the public cloud; accessing the encryption key server computing system and the ownership based encryption key data associated with the determined owner of the first generated data; obtaining, at the gateway computing system before the first generated data is transferred to the public cloud, data representing the encryption keys associated with the determined owner of the first generated data from the encryption key server computing system; encrypting, at the gateway computing system before the data is transferred to the public cloud, the first generated data in accordance with the encryption keys associated with the determined owners of the first generated data, thereby transforming the first generated data into ownership based fine-grained encrypted data; and transferring the ownership based fine-grained encrypted data from the gateway computing system to the public cloud. - View Dependent Claims (14, 15, 16, 17)
-
Specification