Transparent encryption/decryption gateway for cloud storage services
First Claim
Patent Images
1. A computer implemented method for secure data storage in a storage in a distributed computing system by a client of the distributed computing system, the method comprising in a gateway device of the distributed computing system:
- intercepting a data file from at least a portion of stream data during transmission of the stream data in the distributed computing system;
evaluating the data file for determining a communication protocol used for the stream data transmission;
evaluating the data file based on the communication protocol for determining a destination and a source of the data file;
responsive to determining the destination is the storage and the source is the client;
selecting a set of analysis algorithms from a plurality of predetermined analysis algorithms;
analyzing the data file using each of the analysis algorithms of the set of analysis algorithms for determining whether the data file comprises sensitive data;
in response to a determination that the data file comprises sensitive data, replacing payload content of the data file with encrypted payload data; and
transmitting the data file to the storage,wherein replacing payload content of the data file with encrypted payload data comprises;
creating a data container;
encrypting the payload content of the data file using at least one encryption key;
storing the at least one encryption key;
storing the encrypted payload content in the data container;
augmenting or reducing a size of the payload content of the data container such that the size of the payload content of the data container equals a size of the payload content of the data file; and
replacing the payload content of the data file with the payload content of the data container.
1 Assignment
0 Petitions
Accused Products
Abstract
A mechanism is provided for secure data storage in a distributed computing system by a client of the distributed computing system. A gateway device intercepts a data file from at least a portion of stream data during transmission. If the destination of the data file is the storage, the gateway device selects a set of analysis algorithms to determine whether the data file comprises sensitive data.
-
Citations
14 Claims
-
1. A computer implemented method for secure data storage in a storage in a distributed computing system by a client of the distributed computing system, the method comprising in a gateway device of the distributed computing system:
-
intercepting a data file from at least a portion of stream data during transmission of the stream data in the distributed computing system; evaluating the data file for determining a communication protocol used for the stream data transmission; evaluating the data file based on the communication protocol for determining a destination and a source of the data file; responsive to determining the destination is the storage and the source is the client; selecting a set of analysis algorithms from a plurality of predetermined analysis algorithms; analyzing the data file using each of the analysis algorithms of the set of analysis algorithms for determining whether the data file comprises sensitive data; in response to a determination that the data file comprises sensitive data, replacing payload content of the data file with encrypted payload data; and transmitting the data file to the storage, wherein replacing payload content of the data file with encrypted payload data comprises; creating a data container; encrypting the payload content of the data file using at least one encryption key; storing the at least one encryption key; storing the encrypted payload content in the data container; augmenting or reducing a size of the payload content of the data container such that the size of the payload content of the data container equals a size of the payload content of the data file; and replacing the payload content of the data file with the payload content of the data container. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
Specification