Method and apparatus for enforcing storage encryption for data stored in a cloud

US 9,742,738 B2
Filed: 06/17/2014
Issued: 08/22/2017
Est. Priority Date: 06/17/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

providing a request to store at least a first piece of data, the at least first piece of data being included in a set of information, the set of information further including a first piece of information, the request being provided to a cloud application provider, wherein the request to store the at least first piece of data is a request to store the at least first piece of data in a first encrypted form on a cloud associated with the cloud application provider;

determining whether the cloud application provider is capable of encrypting the at least first piece of data;

providing the at least first piece of data to the cloud application provider if it is determined that the cloud application provider is capable of encrypting the at least first piece of data;

encrypting the at least first piece of data to create the first encrypted form if it is determined that the cloud application provider is not capable of encrypting the at least first piece of data;

providing the first encrypted form to the cloud application provider if it is determined that the cloud application provider is not capable of encrypting the at least first piece of data; and

providing the first piece of information to the cloud application provider, the first piece of information being in an unencrypted form;

wherein determining whether the cloud application provider is capable of encrypting the at least first piece of data includes determining whether the cloud application provider is capable of encrypting the at least first piece of data at a first level of encryption,wherein when it is determined that the cloud application provider is not capable of encrypting the at least first piece of data at the first level of encryption, the method further includes;

determining whether the cloud application provider is capable of encrypting the at least first piece of data at a second level of encryption, the second level of encryption being a minimum encryption standard.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a method includes providing a request to store at least a first piece of data. The request to store the first piece of data is a request to store the first piece of data in a first encrypted form on a cloud associated with the cloud application provider. The method also includes determining whether the cloud application provider is capable of encrypting the first piece of data, and providing the first piece of data to the cloud application provider if it is determined that the cloud application provider is capable of encrypting the first piece of data. If it is determined that the cloud application provider is not capable of encrypting the first piece of data, the method further includes encrypting the first piece of data to create the first encrypted form and providing the first encrypted form to the cloud application provider.

Citations

20 Claims

1. A method comprising:
- providing a request to store at least a first piece of data, the at least first piece of data being included in a set of information, the set of information further including a first piece of information, the request being provided to a cloud application provider, wherein the request to store the at least first piece of data is a request to store the at least first piece of data in a first encrypted form on a cloud associated with the cloud application provider;
  
  determining whether the cloud application provider is capable of encrypting the at least first piece of data;
  
  providing the at least first piece of data to the cloud application provider if it is determined that the cloud application provider is capable of encrypting the at least first piece of data;
  
  encrypting the at least first piece of data to create the first encrypted form if it is determined that the cloud application provider is not capable of encrypting the at least first piece of data;
  
  providing the first encrypted form to the cloud application provider if it is determined that the cloud application provider is not capable of encrypting the at least first piece of data; and
  
  providing the first piece of information to the cloud application provider, the first piece of information being in an unencrypted form;
  
  wherein determining whether the cloud application provider is capable of encrypting the at least first piece of data includes determining whether the cloud application provider is capable of encrypting the at least first piece of data at a first level of encryption,wherein when it is determined that the cloud application provider is not capable of encrypting the at least first piece of data at the first level of encryption, the method further includes;
  
  determining whether the cloud application provider is capable of encrypting the at least first piece of data at a second level of encryption, the second level of encryption being a minimum encryption standard.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 wherein the at least first piece of data is obtained from a first field associated with a form, wherein the first piece of information is also obtained from the form.
  - 3. The method of claim 1 wherein the request includes a request to store a second piece of data, the second piece of data being included in the set of information, the method further including:
    - determining whether the cloud application provider is capable of encrypting the second piece of data;
      
      providing the second piece of data to the cloud application provider without encrypting the second piece of data if it is determined that the cloud application provider is capable of encrypting the second piece of data;
      
      encrypting the second piece of data to create a second encrypted form if it is determined that the cloud application provider is not capable of encrypting the second piece of data, the second encrypted form being separate from the first encrypted form; and
      
      providing the second encrypted form to the cloud application provider if it is determined that the cloud application provider is not capable of encrypting the second piece of data.
  - 4. The method of claim 3 wherein determining whether the cloud application provider is capable of encrypting the at least first piece of data includes determining whether the cloud application provider is capable of encrypting the at least first piece of data at a third level of encryption, and wherein determining whether the cloud application provider is capable of encrypting the second piece of data includes determining whether the cloud application provider is capable of encrypting the second piece of data at a fourth level of encryption, the third level of encryption being different from the fourth level of encryption.
  - 5. The method of claim 1 wherein if it is determined that the cloud application provider is capable of encrypting the at least first piece of data at the first level of encryption, the method further includes:
    - providing an indication to the cloud application provider, the indication being arranged to indicate that the cloud application provider is to encrypt the at least first piece of data at the first level of encryption.
  - 6. The method of claim 1 wherein the set of information is included in a web form, the at least first piece of data is included in a first field of the web form, and the first piece of information is included in a second field of the web form.

7. A tangible, non-transitory computer-readable medium comprising computer program code, the computer program code, when executed, configured to:
- provide a request to store at least a first piece of data, the at least first piece of data being included in a set of information, the set of information further including a first piece of information, the request being provided to a cloud application provider, wherein the request to store the at least first piece of data is a request to store the at least first piece of data in a first encrypted form on a cloud associated with the cloud application provider;
  
  determine whether the cloud application provider is capable of encrypting the at least first piece of data;
  
  provide the at least first piece of data to the cloud application provider if it is determined that the cloud application provider is capable of encrypting the at least first piece of data;
  
  encrypt the at least first piece of data to create the first encrypted form if it is determined that the cloud application provider is not capable of encrypting the at least first piece of data;
  
  provide the first encrypted form to the cloud application provider if it is determined that the cloud application provider is not capable of encrypting the at least first piece of data; and
  
  providing the first piece of information to the cloud application provider, the first piece of information being in an unencrypted form;
  
  wherein the computer program code configured to determine whether the cloud application provider is capable of encrypting the at least first piece of data is configured to determine whether the cloud application provider is capable of encrypting the at least first piece of data at a first level of encryption,wherein when it is determined that the cloud application provider is not capable of encrypting the at least first piece of data at the first level of encryption, the computer program code is further configured to determine whether the cloud application provider is capable of encrypting the at least first piece of data at a second level of encryption, the second level of encryption being a minimum encryption standard.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The tangible, non-transitory computer-readable medium of claim 7 wherein the at least first piece of data is obtained from a first field associated with a web form, wherein the first piece of information is obtained from a second field associated the web form.
  - 9. The tangible, non-transitory computer-readable medium of claim 7 wherein the request includes a request to store a second piece of data, the second piece of data being included in the set of information, and wherein the computer program code is further comprised to:
    - determine whether the cloud application provider is capable of encrypting the second piece of data;
      
      provide the second piece of data to the cloud application provider if it is determined that the cloud application provider is capable of encrypting the second piece of data;
      
      encrypt the second piece of data to create the second encrypted form if it is determined that the cloud application provider is not capable of encrypting the second piece of data, the second encrypted form being separate from the first encrypted form; and
      
      provide the second encrypted form to the cloud application provider if it is determined that the cloud application provider is not capable of encrypting the second piece of data.
  - 10. The tangible, non-transitory computer-readable medium of claim 9 wherein the computer program code configured to determine whether the cloud application provider is capable of encrypting the at least first piece of data is configured to determine whether the cloud application provider is capable of encrypting the at least first piece of data at a third level of encryption, and wherein the computer program code configured to determine whether the cloud application provider is capable of encrypting the second piece of data is configured to determine whether the cloud application provider is capable of encrypting the second piece of data at a fourth level of encryption, the third level of encryption being different from the fourth level of encryption.
  - 11. The tangible, non-transitory computer-readable medium of claim 7 wherein if it is determined that the cloud application provider is capable of encrypting the at least first piece of data at the first level of encryption, the computer program code is further configured to:
    - provide an indication to the cloud application provider, the indication being arranged to indicate that the at least first piece of data is to be encrypted at the first level of encryption.
  - 12. The tangible non-transitory computer-readable medium of claim 7 wherein the tangible non-transitory computer-readable medium is embodied on a gateway.

13. An apparatus comprising:
- a communications interface, the communications interface configured to enable network communications with a cloud application provider;
  
  a hardware processing arrangement; and
  
  logic embodied on a tangible, non-transitory computer-readable medium, the logic configured to be executed by the hardware processing arrangement, wherein the logic includes communications logic and encryption logic,the communications logic being configured to determine whether the cloud application provider is capable of encrypting a first piece of data included in a set of information that also includes a first piece of information, and configured to provide the first piece of data to the cloud application provider when it is determined that the cloud application provider is capable of encrypting the first piece of data,the encryption logic being configured to encrypt the first piece of data to form a first encrypted piece of data when it is determined that the cloud application provider is not capable of encrypting the first piece of data, and wherein the communications logic is further configured to provide the first encrypted piece of data to the cloud application provider and to provide the first piece of information to the cloud application provider in an unencrypted form;
  
  wherein determining whether the cloud application provider is capable of encrypting the first piece of data includes determining whether the cloud application provider is capable of encrypting the first piece of data at a first level of encryption,wherein when it is determined that the cloud application provider is not capable of encrypting the first piece of data at the first level of encryption, determining whether the cloud application provider is capable of encrypting the first piece of data at a second level of encryption, the second level of encryption being a minimum encryption standard.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The apparatus of claim 13 wherein the logic further includes field sensitivity identification logic, the field sensitivity identification logic being configured to identify the first piece of data as needing encryption.
  - 15. The apparatus of claim 14 wherein the communications logic is further configured to determine whether the cloud application provider is capable of encrypting a second piece of data included in the set of information and configured to provide the second piece of data to the cloud application provider when it is determined that the cloud application provider is capable of encrypting the second piece of data, wherein the encryption logic is further configured to encrypt the second piece of data to form a second encrypted piece of data when it is determined that the cloud application provider is not capable of encrypting the second piece of data and wherein the communications logic is further configured to provide the second encrypted piece of data to the cloud application provider.
  - 16. The apparatus of claim 15 wherein the communications logic configured to determine whether the cloud application provider is capable of encrypting the first piece of data is configured to determine whether the cloud application provider is capable of encrypting the first piece of data at a third level of encryption, and wherein the communications logic configured to determine whether the cloud application provider is capable of encrypting the second piece of data is configured to determine whether the cloud application provider is capable of encrypting the second piece of data at a fourth level of encryption, the fourth level of encryption being different from the third level of encryption.
  - 17. The apparatus of claim 13 wherein the apparatus is a gateway.
  - 18. The apparatus of claim 17 wherein the communications interface is further configured to communicate with a user device, and wherein the communications interface is configured to obtain the first piece of data from a field of a web form through the user device.
  - 19. The apparatus of claim 13 wherein the first piece of data is associated with a field in a form, and wherein the first piece of information is also associated with the form.

20. A method comprising:
- providing a request to store a set of information, the set of information including a first piece of data and a second set of data, the first piece of data being sensitive, the second piece of data being not sensitive, the request being provided from a gateway to a cloud application provider, wherein the request to store the set of information includes a request to store the first piece of data in a first encrypted form on a cloud associated with the cloud application provider;
  
  determining whether the cloud application provider is capable of encrypting the first piece of data to a first level of encryption;
  
  providing the a first piece of data from the gateway to the cloud application provider if it is determined that the cloud application provider is capable of encrypting the first piece of data to the first level of encryption;
  
  encrypting the first piece of data at the gateway to create the first encrypted form if it is determined that the cloud application provider is not capable of encrypting the first piece of data to the first level of encryption;
  
  providing the first encrypted form to the cloud application provider if it is determined that the cloud application provider is not capable of encrypting the first piece of data to the first level of encryption; and
  
  providing the second piece of data to the cloud application provider, the second piece of data being in an unencrypted form;
  
  wherein when it is determined that the cloud application provider is not capable of encrypting the first piece of data to the first level of encryption, determining whether the cloud application provider is capable of encrypting the first piece of data to a second level of encryption, the second level of encryption being a minimum encryption standard.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Balakrishnan, Raja Suresh Krishna, Bhan, Vineet, Gopi, Rahul
Primary Examiner(s)
LWIN, MAUNG T

Application Number

US14/307,418
Publication Number

US 20150365382A1
Time in Patent Office

1,162 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 63/0428   wherein the data content is...

H04L 63/0471   applying encryption by an i...

H04L 67/10   in which an application is ...

H04L 67/1097   for distributed storage of ...

H04W 4/14   Short messaging services, e...

H04W 4/60   Subscription-based services...

Method and apparatus for enforcing storage encryption for data stored in a cloud

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for enforcing storage encryption for data stored in a cloud

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links