Transparent encryption/decryption gateway for cloud storage services
First Claim
Patent Images
1. A non-transitory computer-readable storage medium, comprising computer-readable program code embodied therewith which, when executed by a processor, causes the processor to:
- intercept a data file from at least a portion of stream data during transmission of the stream data in the distributed computing system;
evaluate the data file for determining a communication protocol used for the stream data transmission;
evaluate the data file based on the communication protocol for determining a destination and a source of the data file;
responsive to determining the destination is the storage and the source is the client;
select a set of analysis algorithms from a plurality of predetermined analysis algorithms;
analyze the data file using each of the analysis algorithms of the set of analysis algorithms for determining whether the data file comprises sensitive data;
in response to a determination that the data file comprises sensitive data, replace payload content of the data file with encrypted payload data; and
transmit the data file to the storage,wherein replacing payload content of the data file with encrypted payload data comprises;
creating a data container;
encrypting the payload content of the data file using at least one encryption key;
storing the at least one encryption key;
storing the encrypted payload content in the data container;
augmenting or reducing a size of the payload content of the data container such that the size of the payload content of the data container equals a size of the payload content of the data file; and
replacing the payload content of the data file with the payload content of the data container.
1 Assignment
0 Petitions
Accused Products
Abstract
A mechanism is provided for secure data storage in a distributed computing system by a client of the distributed computing system. A gateway device intercepts a data file from at least a portion of stream data during transmission. If the destination of the data file is the storage, the gateway device selects a set of analysis algorithms to determine whether the data file comprises sensitive data.
-
Citations
18 Claims
-
1. A non-transitory computer-readable storage medium, comprising computer-readable program code embodied therewith which, when executed by a processor, causes the processor to:
-
intercept a data file from at least a portion of stream data during transmission of the stream data in the distributed computing system; evaluate the data file for determining a communication protocol used for the stream data transmission; evaluate the data file based on the communication protocol for determining a destination and a source of the data file; responsive to determining the destination is the storage and the source is the client; select a set of analysis algorithms from a plurality of predetermined analysis algorithms; analyze the data file using each of the analysis algorithms of the set of analysis algorithms for determining whether the data file comprises sensitive data; in response to a determination that the data file comprises sensitive data, replace payload content of the data file with encrypted payload data; and transmit the data file to the storage, wherein replacing payload content of the data file with encrypted payload data comprises; creating a data container; encrypting the payload content of the data file using at least one encryption key; storing the at least one encryption key; storing the encrypted payload content in the data container; augmenting or reducing a size of the payload content of the data container such that the size of the payload content of the data container equals a size of the payload content of the data file; and replacing the payload content of the data file with the payload content of the data container. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A gateway device for secure data storage in a storage in a distributed computing system the gateway device comprising a memory for storing machine executable instructions and a processor for controlling the gateway device, wherein execution of the machine executable instructions causes the processor to:
-
intercept a data file from at least a portion of stream data during transmission of the stream data in the distributed computing system; evaluate the data file for determining a communication protocol used for the stream data transmission; evaluate the data file based on the communication protocol for determining a destination and a source of the data file; responsive to determining the destination is the storage and the source is the client; select a set of analysis algorithms from a plurality of predetermined analysis algorithms; analyze the data file using each of the analysis algorithms of the set of analysis algorithms for determining whether the data file comprises sensitive data; in response to a determination that the data file comprises sensitive data, replace payload content of the data file with encrypted payload data; and transmit the data file to the storage, wherein replacing payload content of the data file with encrypted payload data comprises; creating a data container; encrypting the payload content of the data file using at least one encryption key; storing the at least one encryption key; storing the encrypted payload content in the data container; augmenting or reducing a size of the payload content of the data container such that the size of the payload content of the data container equals a size of the payload content of the data file; and replacing the payload content of the data file with the payload content of the data container. - View Dependent Claims (16, 17, 18)
-
Specification