Systems and methods for containerized data security
First Claim
1. A system useful in facilitating containerized data security, the system comprising:
- a data store containing at least a plurality of N encrypted containers each having a respective virtual middle-tier server and virtual data store, including a first virtual middle-tier server and a first virtual data store in a first container of said N encrypted containers, said first container including data associated with a unit of interest to the system and encrypted instructions corresponding to at least one application hosted by said first virtual middle-tier server;
a computer processing unit;
a network interface in data communication with said computer processing unit and said data store; and
memory in data communication with said computer processing unit and containing executable instructions for causing said computer processing unit to perform a containerized data security method including;
(a) obtaining a first external communication from a source external to the system;
(b) associating said first external communication with said first container;
(c) authenticating a login attempt via said first external communication with respect to said first container and obtaining a decryption key from said source external to the system;
(d) after creating an unencrypted instance of said first container using said decryption key from said source external to the system and after establishing an encrypted communication channel between said unencrypted instance of said first container and said source external to the system, providing said first external communication to said unencrypted instance of said first container in said memory;
(e) obtaining a first responsive communication from said unencrypted instance of said first container;
(f) providing said first responsive communication to said source external to the system via said encrypted communication channel between said unencrypted instance of said first container and said source external to the system; and
(g) according to a traffic monitoring protocol, discarding some or all middle-tier applications each having a respective version instantiated in said unencrypted instance of said first container and replacing said discarded applications with new randomized instantiations of the same applications each having a version that is different from its respective version, causing a failure of attacks that may have succeeded in compromising code inside said unencrypted instance of said first container as a conditional response to determining that tracked traffic to or from said unencrypted instance of said first container has diverged from legitimate traffic patterns.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided herein are systems and methods useful in facilitating containerized data security. The system may include a data store, a computer processing unit, a network interface, and memory. The memory may contain executable instructions for causing the system to perform a containerized data security method including obtaining a first external communication from a source external to the system; associating the first external communication with the first container; authenticating the first external communication with respect to the first container; providing the first external communication to an unencrypted instance of the first container in the memory; obtaining a first responsive communication from the unencrypted instance of the first container; and providing the first responsive communication to the source external to the system.
-
Citations
9 Claims
-
1. A system useful in facilitating containerized data security, the system comprising:
-
a data store containing at least a plurality of N encrypted containers each having a respective virtual middle-tier server and virtual data store, including a first virtual middle-tier server and a first virtual data store in a first container of said N encrypted containers, said first container including data associated with a unit of interest to the system and encrypted instructions corresponding to at least one application hosted by said first virtual middle-tier server; a computer processing unit; a network interface in data communication with said computer processing unit and said data store; and memory in data communication with said computer processing unit and containing executable instructions for causing said computer processing unit to perform a containerized data security method including; (a) obtaining a first external communication from a source external to the system; (b) associating said first external communication with said first container; (c) authenticating a login attempt via said first external communication with respect to said first container and obtaining a decryption key from said source external to the system; (d) after creating an unencrypted instance of said first container using said decryption key from said source external to the system and after establishing an encrypted communication channel between said unencrypted instance of said first container and said source external to the system, providing said first external communication to said unencrypted instance of said first container in said memory; (e) obtaining a first responsive communication from said unencrypted instance of said first container; (f) providing said first responsive communication to said source external to the system via said encrypted communication channel between said unencrypted instance of said first container and said source external to the system; and (g) according to a traffic monitoring protocol, discarding some or all middle-tier applications each having a respective version instantiated in said unencrypted instance of said first container and replacing said discarded applications with new randomized instantiations of the same applications each having a version that is different from its respective version, causing a failure of attacks that may have succeeded in compromising code inside said unencrypted instance of said first container as a conditional response to determining that tracked traffic to or from said unencrypted instance of said first container has diverged from legitimate traffic patterns. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
Specification