Customer controlled data privacy protection in public cloud

US 9,116,888 B1
Filed: 09/28/2012
Issued: 08/25/2015
Est. Priority Date: 09/28/2012
Status: Active Grant

First Claim

Patent Images

1. A method of protecting data, comprising:

receiving an indication that a data value to be submitted, using a browser, to a remote node is to be protected, wherein the remote node comprises a cloud-based application or service;

receiving, via a selective data protection interface, an indication that selective data protection is to be activated;

in response to receiving the indication that selective data protection is to be activated, providing one or more fields by which the indication that the data value to be submitted is to be protected is input, wherein the one or more fields respectively correspond to one or more data values to be submitted to the remote node;

receiving an input corresponding to a submission of the data value to the remote node, wherein the data value is included in a set of data values associated with a display page;

in response to receiving the input corresponding to the submission of the data value to the remote node, prompting a user to select a type of encryption to be used for protection of the data value, wherein the type of encryption is related to a policy of the encryption to be used;

automatically determining, by a processor, a security key at least in part by selecting a security key that is associated with the remote node to which the data value is to be submitted, wherein a plurality of security keys are stored in a key store, wherein each of at least some of the plurality of security keys in the key store are associated with an identifier of a corresponding remote node, and wherein selecting the security key that is associated with the remote node includes identifying the security key that is associated with an identifier of the remote node from the plurality of security keys in the key store;

selectively encrypting, by a processor, the data value based at least in part on the security key; and

providing the encrypted data value to the browser to be submitted to the remote node.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Data to be submitted to a remote node is selectively protected. In various embodiments, an indication is received to protect a data value that is to be submitted, using a browser, to a remote node. A security key that is associated with the remote node is determined automatically. The data value is selectively encrypted using the security key. The encrypted data value is provided to the browser to be submitted to the remote node.

40 Citations

View as Search Results

21 Claims

1. A method of protecting data, comprising:
- receiving an indication that a data value to be submitted, using a browser, to a remote node is to be protected, wherein the remote node comprises a cloud-based application or service;
  
  receiving, via a selective data protection interface, an indication that selective data protection is to be activated;
  
  in response to receiving the indication that selective data protection is to be activated, providing one or more fields by which the indication that the data value to be submitted is to be protected is input, wherein the one or more fields respectively correspond to one or more data values to be submitted to the remote node;
  
  receiving an input corresponding to a submission of the data value to the remote node, wherein the data value is included in a set of data values associated with a display page;
  
  in response to receiving the input corresponding to the submission of the data value to the remote node, prompting a user to select a type of encryption to be used for protection of the data value, wherein the type of encryption is related to a policy of the encryption to be used;
  
  automatically determining, by a processor, a security key at least in part by selecting a security key that is associated with the remote node to which the data value is to be submitted, wherein a plurality of security keys are stored in a key store, wherein each of at least some of the plurality of security keys in the key store are associated with an identifier of a corresponding remote node, and wherein selecting the security key that is associated with the remote node includes identifying the security key that is associated with an identifier of the remote node from the plurality of security keys in the key store;
  
  selectively encrypting, by a processor, the data value based at least in part on the security key; and
  
  providing the encrypted data value to the browser to be submitted to the remote node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 20, 21)
- - 2. The method of claim 1, wherein the encrypted data value is included by the browser in a communication sent to the remote node.
  - 3. The method of claim 2, wherein the communication includes an HTTP GET or POST.
  - 4. The method of claim 2, wherein the communication includes submission of a form.
  - 5. The method of claim 1, further comprising presenting to a user a client interface to enable the user to provide the indication that the data value is to be protected.
  - 6. The method of claim 5, wherein the client interface is provided at least in part by a browser plug in.
  - 7. The method of claim 1, wherein the key store comprises a locally connected data protection appliance and selectively encrypting the data value includes obtaining the security key from the locally connected data protection appliance.
  - 8. The method of claim 7, wherein the locally connected appliance stores at least one association between a security key and an URL or other identifier associated with a remote node.
  - 9. The method of claim 1, the data value is included in a subset of one or more data values each of which has been designated by a user to be protected.
  - 10. The method of claim 9, wherein zero or more data values not included in the subset are submitted to the remote node without first being encrypted.
  - 11. The method of claim 1, wherein the remote node is configured to store the data value in encrypted form.
  - 12. The method of claim 11, wherein the remote node is configured to provide the encrypted data value to a requesting node.
  - 13. The method of claim 1, further comprising receiving a request to retrieve and display a display page with which the data value is associated.
  - 14. The method of claim 1, further comprising retrieving, decrypting, and displaying the data value.
  - 15. The method of claim 14, further comprising obtaining a secret key to decrypt the encrypted data value.
  - 16. The method of claim 15, wherein the secret key is obtained from a locally connected appliance.
  - 20. The method of claim 1, wherein the identifier of the remote node comprises an URL.
  - 21. The method of claim 1, wherein the type of security key is one of the following:
    - a tenant-based security key, an account-based security key, a session-based security key, and a transaction-based security key.

17. A system to protect data, comprising:
- a communication interface; and
  
  a processor coupled to the communication interface and configured to;
  
  receive an indication that a data value to be submitted to a remote node via the communication interface is to be protected, wherein the remote node comprises a cloud-based application or service;
  
  receive, via a selective data protection interface, an indication that selective data protection is to be activated;
  
  in response to receiving the indication that selective data protection is to be activated, provide one or more fields by which the indication that the data value to be submitted is to be protected is input, wherein the one or more fields respectively correspond to one or more data values to be submitted to the remote node;
  
  receive an input corresponding to a submission of the data value to the remote node, wherein the data value is included in a set of data values associated with a display page;
  
  in response to receiving the input corresponding to the submission of the data value to the remote node, prompt a user to select a type of encryption to be used for protection of the data value, wherein the type of encryption is related to a policy of the encryption to be used;
  
  automatically determine a security key at least in part by selecting a security key that is associated with the remote node to which the data value is to be submitted, wherein a plurality of security keys are stored in a key store, wherein each of at least some of the plurality of security keys in the key store are associated with an identifier of a corresponding remote node, and wherein selecting the security key that is associated with the remote node includes identifying the security key that is associated with an identifier of the remote node from the plurality of security keys in the key store;
  
  selectively encrypting the data value based at least in part on the security key; and
  
  providing the encrypted data value to a browser to be submitted to the remote node; and
  
  a memory coupled to the processor and configured to provide instructions to the processor.
- View Dependent Claims (18)
- - 18. The system of claim 17, wherein the processor is further configured to obtain from a locally connected appliance security key to be used to encrypt the data value.

19. A computer program product to protect data, the computer program product being embodied in a tangible and non-transitory computer readable storage medium and comprising computer instructions for:
- receiving an indication that a data value to be submitted, using a browser, to a remote node is to be protected, wherein the remote node comprises a cloud-based application or service;
  
  receiving, via a selective data protection interface, an indication that selective data protection is to be activated;
  
  in response to receiving the indication that selective data protection is to be activated, providing one or more fields by which the indication that the data value to be submitted is to be protected is input, wherein the one or more fields respectively correspond to one or more data values to be submitted to the remote node;
  
  receiving an input corresponding to a submission of the data value to the remote node, wherein the data value is included in a set of data values associated with a display page;
  
  in response to receiving the input corresponding to the submission of the data value to the remote node, prompting a user to select a type of encryption to be used for protection of the data value, wherein the type of encryption is related to a policy of the encryption to be used;
  
  automatically determining a security key at least in part by selecting a security key that is associated with the remote node to which the data value is to be submitted, wherein a plurality of security keys are stored in a key store, wherein each of at least some of the plurality of security keys in the key store are associated with an identifier of a corresponding remote node, and wherein selecting the security key that is associated with the remote node includes identifying the security key that is associated with an identifier of the remote node from the plurality of security keys in the key store;
  
  selectively encrypting the data value based at least in part on the security key; and
  
  providing the encrypted data value to the browser to be submitted to the remote node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Wang, Bin, Feng, Lei, Gao, Xiaoming, Yao, Yandong
Primary Examiner(s)
Sholeman, Abu

Application Number

US13/631,014
Time in Patent Office

1,061 Days
Field of Search

713/150, 713/153, 713/154, 713/155, 380/277
US Class Current

1/1
CPC Class Codes

G06F 16/00   Information retrieval; Data...

G06F 21/6272   by registering files or doc...

G06F 2221/2107   File encryption

H04L 63/0428   wherein the data content is...

H04L 67/02   based on web technology, e....

Customer controlled data privacy protection in public cloud

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

40 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Customer controlled data privacy protection in public cloud

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links