Systems and methods for management of secure data in cloud-based network

US 8,639,950 B2
Filed: 12/22/2011
Issued: 01/28/2014
Est. Priority Date: 05/29/2008
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving a request to access secure data in a secure data store;

translating, using a processor, data identified in the request in order to locate the secure data in the secure data store, wherein the translating comprises translating an address associated with the identified data to a location of an entry in the secure data store;

retrieving the secure data from the secure data store;

encoding the secure data to generate protected secure data;

transmitting the protected secure data from the secure data store to an instantiated virtual machine;

decoding the protected secure data in the instantiated virtual machine to generate decoded secure data;

operating on the decoded secure data in the instantiated virtual machine; and

transmitting updated secure data from the instantiated virtual machine to the secure data store.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments relate to systems and methods for the management of secure data in a cloud-based network. A secure data store can store sensitive or confidential data, such as account numbers, social security numbers, medical or other information in an on-premise data facility. Regulatory and/or operational requirements may prohibit the migration or unprotected transmission of the secure data to the cloud. An operator can instantiate a set of virtual machines to access and process the secure data, for example to process online purchase transactions. To prevent unauthorized disclosure of the secure data, the secure data store can receive data access requests via a translation module that translates the secure data. The secure data store can retrieve and transmit the secure data using a protection mechanism such as a masking and/or encryption mechanism, avoiding the unprotected transport or exposure of that data to the cloud.

109 Citations

View as Search Results

18 Claims

1. A method, comprising:
- receiving a request to access secure data in a secure data store;
  
  translating, using a processor, data identified in the request in order to locate the secure data in the secure data store, wherein the translating comprises translating an address associated with the identified data to a location of an entry in the secure data store;
  
  retrieving the secure data from the secure data store;
  
  encoding the secure data to generate protected secure data;
  
  transmitting the protected secure data from the secure data store to an instantiated virtual machine;
  
  decoding the protected secure data in the instantiated virtual machine to generate decoded secure data;
  
  operating on the decoded secure data in the instantiated virtual machine; and
  
  transmitting updated secure data from the instantiated virtual machine to the secure data store.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the secure data store comprises an on-premise data store.
  - 3. The method of claim 1, wherein the translating comprises translating an address into a secure data table.
  - 4. The method of claim 1, wherein the secure data store is co-located with a cloud management system.
  - 5. The method of claim 1, wherein the secure data store is located external to a cloud management system.
  - 6. The method of claim 1, wherein the encoding of the secure data comprises at least one of masking the secure data and encrypting the secure data.
  - 7. The method of claim 1, wherein at least one instantiated virtual machine comprises a migrated image of an on-premise machine.
  - 8. The method of claim 1, wherein the secure data comprises at least one of user identification data, account data, medical data, technical data, and financial data.

9. A computer system, comprising:
- a memory; and
  
  a processor, coupled to the memory, the processor to;
  
  receive a request to access secure data in a secure data store;
  
  translate data identified in the request in order to locate the secure data in the secure data store, wherein the translating comprises translating an address associated with the identified data to a location of an entry in the secure data store;
  
  retrieve the secure data from the secure data store;
  
  encode the secure data to generate protected secure datatransmit the protected secure data from the secure data store to an instantiated virtual machine;
  
  decode the protected secure data in the instantiated virtual machine to generate decoded secure data;
  
  operate on the decoded secure data in the instantiated virtual machine; and
  
  transmit updated secure data from the instantiated virtual machine to the secure data store.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9, wherein the secure data store comprises an on-premise data store.
  - 11. The system of claim 9, wherein the translating comprises translating an address into a secure data table.
  - 12. The system of claim 9, wherein the management module resides in a cloud management system.
  - 13. The system of claim 9, wherein the management module is further to encode the secure data by at least one of masking the secure data and encrypting the secure data.
  - 14. The system of claim 9, wherein at least one instantiated virtual machine comprises a migrated image of an on-premise machine.
  - 15. The system of claim 9, wherein the secure data comprises at least one of user identification data, account data, medical data, technical data, and financial data.

16. A non-transitory computer-readable storage medium programmed to include instructions that, when executed by a processor, cause the processor to perform operations, comprising:
- receiving a request to access secure data in a secure data store;
  
  translating, using the processor, data identified in the request in order to locate the secure data in the secure data store, wherein the translating comprises translating an address associated with the identified data to a location of an entry in the secure data store;
  
  retrieving the secure data from the secure data store;
  
  encoding the secure data to generate protected secure data;
  
  transmitting the protected secure data from the secure data store to an instantiated virtual machine;
  
  decoding the protected secure data in the instantiated virtual machine to generate decoded secure data;
  
  operating on the decoded secure data in the instantiated virtual machine; and
  
  transmitting updated secure data from the instantiated virtual machine to the secure data store.
- View Dependent Claims (17, 18)
- - 17. The non-transitory computer-readable storage medium of claim 16, wherein the secure data store comprises an on-premise data store.
  - 18. The non-transitory computer-readable storage medium of claim 16, wherein the translating comprises translating an address into a secure data table.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Ferris, James Michael
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Cribbs, Malcolm

Application Number

US13/335,844
Publication Number

US 20120096567A1
Time in Patent Office

768 Days
Field of Search

None
US Class Current

713/193
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/606   by securing the transmissio...

G06F 21/6245   Protecting personal data, e...

G06Q 20/02   involving a neutral party, ...

G06Q 20/389   Keeping log of transactions...

H04L 63/0428   wherein the data content is...

H04L 67/10   in which an application is ...

Systems and methods for management of secure data in cloud-based network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

109 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for management of secure data in cloud-based network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

109 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others