Systems and methods for management of secure data in cloud-based network
First Claim
1. A method, comprising:
- receiving a request to access secure data in a secure data store;
translating, using a processor, data identified in the request in order to locate the secure data in the secure data store, wherein the translating comprises translating an address associated with the identified data to a location of an entry in the secure data store;
retrieving the secure data from the secure data store;
encoding the secure data to generate protected secure data;
transmitting the protected secure data from the secure data store to an instantiated virtual machine;
decoding the protected secure data in the instantiated virtual machine to generate decoded secure data;
operating on the decoded secure data in the instantiated virtual machine; and
transmitting updated secure data from the instantiated virtual machine to the secure data store.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments relate to systems and methods for the management of secure data in a cloud-based network. A secure data store can store sensitive or confidential data, such as account numbers, social security numbers, medical or other information in an on-premise data facility. Regulatory and/or operational requirements may prohibit the migration or unprotected transmission of the secure data to the cloud. An operator can instantiate a set of virtual machines to access and process the secure data, for example to process online purchase transactions. To prevent unauthorized disclosure of the secure data, the secure data store can receive data access requests via a translation module that translates the secure data. The secure data store can retrieve and transmit the secure data using a protection mechanism such as a masking and/or encryption mechanism, avoiding the unprotected transport or exposure of that data to the cloud.
109 Citations
18 Claims
-
1. A method, comprising:
-
receiving a request to access secure data in a secure data store; translating, using a processor, data identified in the request in order to locate the secure data in the secure data store, wherein the translating comprises translating an address associated with the identified data to a location of an entry in the secure data store; retrieving the secure data from the secure data store; encoding the secure data to generate protected secure data; transmitting the protected secure data from the secure data store to an instantiated virtual machine; decoding the protected secure data in the instantiated virtual machine to generate decoded secure data; operating on the decoded secure data in the instantiated virtual machine; and transmitting updated secure data from the instantiated virtual machine to the secure data store. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer system, comprising:
-
a memory; and a processor, coupled to the memory, the processor to; receive a request to access secure data in a secure data store; translate data identified in the request in order to locate the secure data in the secure data store, wherein the translating comprises translating an address associated with the identified data to a location of an entry in the secure data store; retrieve the secure data from the secure data store; encode the secure data to generate protected secure data transmit the protected secure data from the secure data store to an instantiated virtual machine; decode the protected secure data in the instantiated virtual machine to generate decoded secure data; operate on the decoded secure data in the instantiated virtual machine; and transmit updated secure data from the instantiated virtual machine to the secure data store. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer-readable storage medium programmed to include instructions that, when executed by a processor, cause the processor to perform operations, comprising:
-
receiving a request to access secure data in a secure data store; translating, using the processor, data identified in the request in order to locate the secure data in the secure data store, wherein the translating comprises translating an address associated with the identified data to a location of an entry in the secure data store; retrieving the secure data from the secure data store; encoding the secure data to generate protected secure data; transmitting the protected secure data from the secure data store to an instantiated virtual machine; decoding the protected secure data in the instantiated virtual machine to generate decoded secure data; operating on the decoded secure data in the instantiated virtual machine; and transmitting updated secure data from the instantiated virtual machine to the secure data store. - View Dependent Claims (17, 18)
-
Specification