Enhanced system security
First Claim
1. A computer program product comprising a non-transitory computer readable medium storing a plurality of instructions for controlling one or more processors of a database system to perform an operation for maintaining the confidentiality of data provided by an organization for storage on a database, the instructions being executable by the one or more processors to:
- receive, from the organization, data encrypted using a first key, wherein the first key is stored on an internal server on an internal network of the organization, the internal network being separate from a network having a server of the database system;
store the encrypted data on the database system;
associate, on the database system, metadata with the encrypted data, wherein the metadata includes an address of where the first key is stored on the internal network of the organization;
provide, by the server, a webpage allowing a user of a computing device communicating with the internal network of the organization to log in as a client of the database;
receive, at the server, a request for a page including the encrypted data from the computing device; and
send the encrypted data with the associated metadata to the computing device as part of the requested page.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for maintaining the confidentiality of data provided by an organization for storage on a third party database system are provided. The data can be encrypted on an internal network of the organization and sent to the third party database system for storage. The third party database system can associate metadata with the encrypted data and can store the encrypted data. Accordingly, when a request for the encrypted data is received from a computing device communicating with an internal network of the organization, the encrypted data and associated metadata can be sent to the computing device. A key that is stored on an internal network of the organization can be called through an applet, which utilizes information within the metadata to locate the key on the internal network of the organization.
-
Citations
24 Claims
-
1. A computer program product comprising a non-transitory computer readable medium storing a plurality of instructions for controlling one or more processors of a database system to perform an operation for maintaining the confidentiality of data provided by an organization for storage on a database, the instructions being executable by the one or more processors to:
-
receive, from the organization, data encrypted using a first key, wherein the first key is stored on an internal server on an internal network of the organization, the internal network being separate from a network having a server of the database system; store the encrypted data on the database system; associate, on the database system, metadata with the encrypted data, wherein the metadata includes an address of where the first key is stored on the internal network of the organization; provide, by the server, a webpage allowing a user of a computing device communicating with the internal network of the organization to log in as a client of the database; receive, at the server, a request for a page including the encrypted data from the computing device; and send the encrypted data with the associated metadata to the computing device as part of the requested page.
-
-
2. A method of maintaining the confidentiality of data provided by an organization to a third party server on a network, the third party server providing a webpage allowing a user of a computing device to log in as a client of a database, the method comprising:
-
encrypting data using a first key, wherein the first key is located on a first server on an internal network of the organization, the internal network being separate from the network; sending the encrypted data to the third party server for storage, wherein the data is associated with metadata including an address of where the first key is stored on the internal network of the organization; a computing device on the internal network requesting, from the third party server, a page including the encrypted data, the computing device being in communication with the first server; receiving, from the third party server, the page and associated metadata as part of the requested page; locating the first key on the first server; and decrypting the encrypted data using the first key to obtain the requested data.
-
-
3. A method of maintaining the confidentiality of data provided by an organization for storage on a database system including a server accessing a database, the method comprising:
-
receiving, through the server, data encrypted using a key, wherein the key is stored on an internal network of the organization that is separate from a network having the server; storing the encrypted data on the database; associating, on the database, metadata with the encrypted data, wherein the metadata includes key location information usable to locate the key on the internal network of the organization; providing, by the server, a webpage allowing a user of a computing device communicating on the internal network of the organization to log in as a client of the database; receiving, at the server, a request for a page including the encrypted data from the computing device; and sending the encrypted data with the associated metadata to the computing device as part of the requested page. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method of maintaining the confidentiality of data provided by an organization for storage on a database system including a server and a database, the method comprising:
-
receiving, through the server, data encrypted using a key, wherein the key is stored on an internal network of the organization, the internal network being separate from a network having the server; storing the encrypted data on the database; associating, on the database, metadata with the encrypted data, wherein the metadata includes information usable to locate the key; providing, by the server, a webpage allowing a user of a computing device communicating on the internal network of the organization to log in as a client of the database; receiving, at the server, a request for a page including the encrypted data from the computing device; determining an IP address of the computing device, and not sending the metadata to the computing device if the IP address does not meet a predetermined criteria; and sending the encrypted data with the associated metadata to the computing device as part of the requested page if the IP address does meet the predetermined criteria.
-
-
21. A method of maintaining the confidentiality of data provided by an organization for storage on a database system including a server, the method comprising:
-
receiving data encrypted using a key, wherein the key is stored on an internal network of the organization, the internal network of the organization is separate from a network having the server of the database system, and the key is inaccessible to the server; storing the encrypted data on the database system, wherein data for multiple organizations are stored on the database system; associating, on the database system, metadata with the encrypted data, wherein the metadata includes information usable to locate the key; providing, by the server, a webpage allowing a user of a computing device communicating on the internal network of the organization to log in as a client of the database; receiving, at the server, a request for a page including the encrypted data from the computing device; and sending the encrypted data with the associated metadata to the computing device as part of the requested page.
-
-
22. A system of maintaining confidentiality of data provided by an organization for storage on a database, the system comprising:
-
one or more processors; a network interface to a network; and a memory for storing instructions to control the processors, the instructions being executable by the one or more processors to; receive data encrypted using a key, wherein the key is stored on an internal server on an internal network of the organization that is separate from the network; store the encrypted data on the database; associate, on the database, metadata with the encrypted data, wherein the metadata includes an address of where the key is stored on the internal server of the organization; provide a webpage allowing a user of a computing device communicating on the internal network of the organization to log in as a client of the database; receive a request for a page including the encrypted data from the computing device; and send the encrypted data with the associated metadata to the computing device as part of the requested page. - View Dependent Claims (23, 24)
-
Specification