Protection of data stored in the cloud
First Claim
Patent Images
1. A system comprising:
- a client device that is configured to receive a credential from a customer who uses a cloud application hosted by a cloud computer system, to forward the credential to a remotely located intermediary computer system, to run a cloud application client, and to forward plaintext data from the cloud application client to the intermediary computer system;
the intermediary computer system that is configured to receive the credential, to receive the plaintext data, to locally generate a plaintext encryption key for the customer, to use the plaintext encryption key to encrypt the plaintext data into encrypted data, to use the credential to encrypt the plaintext encryption key to generate an encrypted encryption key, to forward the encrypted encryption key to a remotely located key server computer system, and to forward the encrypted data to the cloud computer system; and
the key server computer system that is configured to receive the encrypted encryption key and to store the encrypted encryption key.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for protecting data stored in the cloud includes a computing device that generates a plaintext encryption key and encrypts the plaintext encryption key using a credential of a customer that uses a cloud application. The computing device encrypts plaintext data using the encryption key and forwards the encrypted data to a cloud computer system that hosts the cloud application. The plaintext data can be received from a cloud application client that runs in the computing device or from another computing device that hosts the cloud application client. The encrypted encryption key can be stored in and retrieved from a key server.
-
Citations
20 Claims
-
1. A system comprising:
-
a client device that is configured to receive a credential from a customer who uses a cloud application hosted by a cloud computer system, to forward the credential to a remotely located intermediary computer system, to run a cloud application client, and to forward plaintext data from the cloud application client to the intermediary computer system; the intermediary computer system that is configured to receive the credential, to receive the plaintext data, to locally generate a plaintext encryption key for the customer, to use the plaintext encryption key to encrypt the plaintext data into encrypted data, to use the credential to encrypt the plaintext encryption key to generate an encrypted encryption key, to forward the encrypted encryption key to a remotely located key server computer system, and to forward the encrypted data to the cloud computer system; and the key server computer system that is configured to receive the encrypted encryption key and to store the encrypted encryption key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-implemented method of protecting data stored in the cloud, the method comprising:
-
receiving, from a client device over a computer network, plaintext data of a cloud application client of a cloud application hosted by a cloud computer system; locally generating a plaintext encryption key for the customer; encrypting plaintext data of the cloud application client using the plaintext encryption key to generate encrypted data; forwarding the encrypted data to the cloud computer system; encrypting the plaintext encryption key using a credential of the customer to generate an encrypted encryption key; and forwarding the encrypted encryption key to a key server computer system. - View Dependent Claims (12, 13, 14)
-
-
15. A system comprising:
an intermediary computer system that receives a credential of a customer who uses a cloud application hosted by a cloud computer system, receives plaintext data of a cloud application running on a client device that is employed by the customer to access the cloud application, uses a plaintext encryption key to encrypt the plaintext data into encrypted data, uses the credential of the customer to encrypt the plaintext encryption key to generate an encrypted encryption key, provides the encrypted encryption key to a remotely located key server computer system, and forwards the encrypted data to the cloud computer system. - View Dependent Claims (16, 17, 18, 19, 20)
Specification