Data security in a cloud computing environment
First Claim
1. A method of securing sensitive data in a cloud computing system, the method comprising:
- monitoring events at a node in the system;
on detection of an event of a specified type, interrupting a message associated with the event;
selecting a security template from a set of security templates based on data in the message and at least one parameter associated with the message, the at least one parameter being one of;
a User ID, a Session ID, a Server Location, a channel type, a Device ID, a Transaction Type, or a time, the security template including a location of at least one data element within the data in the message and an obfuscation method to be applied to the at least one data element;
applying the obfuscation method to the at least one data element within the data in the message according to the selected security template to create modified data;
inserting the modified data into the interrupted message in place of the data in the message; and
releasing the message.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatus for providing data security, in particular for cloud computing environments, are described. In an embodiment, a software component monitors events at a node in a computing system and on detection of an event of a particular type, interrupts a message associated with the event. Before the message is allowed to continue towards its intended destination, a security template is selected based on the message (e.g. the data in the message and identifiers within the message) and this template is used to determine what data protection methods are applied to each data element in the message. A modified data packet is created by applying the security template and then this modified data packet is inserted into the message in place of the data packet in the interrupted message.
-
Citations
19 Claims
-
1. A method of securing sensitive data in a cloud computing system, the method comprising:
-
monitoring events at a node in the system;
on detection of an event of a specified type, interrupting a message associated with the event;selecting a security template from a set of security templates based on data in the message and at least one parameter associated with the message, the at least one parameter being one of;
a User ID, a Session ID, a Server Location, a channel type, a Device ID, a Transaction Type, or a time, the security template including a location of at least one data element within the data in the message and an obfuscation method to be applied to the at least one data element;applying the obfuscation method to the at least one data element within the data in the message according to the selected security template to create modified data; inserting the modified data into the interrupted message in place of the data in the message; and releasing the message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. One or more tangible non-transitory device-readable media with device-executable instructions that, when executed by a cloud computing system, direct the cloud computing system to perform steps comprising:
-
monitoring events at a node in the cloud computing system; on detection of an event of a specified type, interrupting a message associated with the event; selecting a security template from a set of security templates based on data in the message and at least one parameter associated with the message, the at least one parameter being one of;
a User ID, a Session ID, a Server Location, a channel type, a Device ID a Transaction Type, or a time, the security template including a location of at least one data element within the data in the message and an obfuscation method to be applied to the at least one data element;applying the obfuscation method to the at least one data element within the data in the message according to the selected security template to create modified data; inserting the modified data into the interrupted message in place of the data in the message; and releasing the message.
-
-
18. A cloud computer system comprising:
-
a processor; and a memory arranged to store computer executable instructions which when executed cause the processor to; monitor events at a node in the cloud computer system to detect events of a specified type; interrupt a message associated with a detected event of a specified type; select a security template from a set of security templates based on data in the message and at least one parameter associated with the message, the at least one parameter being one of;
a User ID, a Session ID, a Server Location, a channel type, a Device ID, a Transaction Type, or a time, the security template including a location of at least one data element within the data in the message and an obfuscation method to be applied to the at least one data element;apply the obfuscation method to the at least one data element within the data in the message according to the selected security template to create modified data; insert the modified data into the interrupted message in place of the data in the message; and release the message.
-
-
19. A cloud computer system comprising:
-
a processor; and a memory arranged to store computer executable instructions which when executed cause the processor to; monitor events at a node in the system to detect events of a specified type;
interrupt a message associated with a detected event of a specified type;
select a security template from a set of security templates based on data in the message and at least one parameter associated with the message, the at least one parameter being one of;
a User ID, a Session ID, a Server Location, a channel type, a Device ID, a Transaction Type, or a time, the security template including˜
a location of at least one data element within the data in the message and an obfuscation method to be applied to the at least one data element;apply the obfuscation method to the at least one data element within the data in the message according to the selected security template to create modified data; insert the modified data into the interrupted message in place of the data in the message; and release the message.
-
Specification