Storing data in a server computer with deployable encryption/decryption infrastructure
First Claim
1. A computer-implemented method for configuring a second computer to store data in a data-storage structure, wherein the data originates from a first computer that is communicatively connected to the second computer, and wherein the data is processed by an application in the second computer, the method comprising:
- deploying an infrastructure capable of having a first configuration or a second configuration to the second computer including deploying code to the second computer that is imported from a source external to the second computer to implement a forwarder module, a crypto module and a key control module for execution by a processor of the second computer;
responsive to deploying the infrastructure in the first configuration,receiving, by the forwarder module, the data from the first computer and identifying a data portion of the data, wherein the data portion is to be encrypted, andreading, by the forwarder module, an encrypted data portion from the application, wherein the encrypted data portion is to be decrypted and forwarding the encrypted data portion to the application;
responsive to deploying the infrastructure in the second configuration,receiving, by the forwarder module, the data from the application and identifying the data portion of the data, wherein the data portion is to be encrypted, andreading, by the forwarder module, an encrypted data portion from the data-storage structure, wherein the encrypted data portion is to be decrypted and forwarding the encrypted data portion to the data-storage structure;
encrypting, by the crypto module, the data portion with a key and decrypting, by the crypto module, the encrypted data portion with the key;
generating and storing the key by the key control module; and
providing the key into the key control module upon receiving a key trigger from the first computer.
1 Assignment
0 Petitions
Accused Products
Abstract
For storing data in a data-storage structure of a server computer, an infrastructure is deployed to a server computer. The infrastructure has a forwarder module to receive data from an application and to identify a data portion, a crypto module to encrypt the data portion with a key and key control module adapted to generate and to store the key. The infrastructure is also able to process data in the opposite direction. The key is provided into the key control module upon receiving a key trigger from the client computer.
51 Citations
18 Claims
-
1. A computer-implemented method for configuring a second computer to store data in a data-storage structure, wherein the data originates from a first computer that is communicatively connected to the second computer, and wherein the data is processed by an application in the second computer, the method comprising:
-
deploying an infrastructure capable of having a first configuration or a second configuration to the second computer including deploying code to the second computer that is imported from a source external to the second computer to implement a forwarder module, a crypto module and a key control module for execution by a processor of the second computer; responsive to deploying the infrastructure in the first configuration, receiving, by the forwarder module, the data from the first computer and identifying a data portion of the data, wherein the data portion is to be encrypted, and reading, by the forwarder module, an encrypted data portion from the application, wherein the encrypted data portion is to be decrypted and forwarding the encrypted data portion to the application; responsive to deploying the infrastructure in the second configuration, receiving, by the forwarder module, the data from the application and identifying the data portion of the data, wherein the data portion is to be encrypted, and reading, by the forwarder module, an encrypted data portion from the data-storage structure, wherein the encrypted data portion is to be decrypted and forwarding the encrypted data portion to the data-storage structure; encrypting, by the crypto module, the data portion with a key and decrypting, by the crypto module, the encrypted data portion with the key; generating and storing the key by the key control module; and providing the key into the key control module upon receiving a key trigger from the first computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A server computer, comprising:
-
a processor that is configured to execute code that is imported from a source external to the server to implement a forwarder module, a crypto module and a key control module; a data-storage structure for storing data; a gateway to establish a communication connection with a client computer; an application that processes data originating from the client computer and that provides processed data to be stored in the data-structure; an infrastructure capable of having a first configuration or a second configuration, the infrastructure including; the forwarder module that in the first configuration is configured to receive data from the client computer and configured to identify a data portion, wherein the data portion is to be encrypted, the forwarder module being configured to read an encrypted data portion from the application, wherein encrypted data portion is to be decrypted, that in the second configuration is configured to receive processed data from the application and configured to identify a data portion, wherein the data portion is to be encrypted, the forwarder module being configured to read an encrypted data portion from the data-storage structure, wherein encrypted data portion is to be decrypted, the crypto module configured to encrypt the data portion with a key and configured to decrypt the encrypted data portion with the key, and the key control module configured to generate and to store the key; and a key channel that is configured to communicate a key trigger into the key control module when the key trigger is received from the client computer. - View Dependent Claims (12, 13)
-
-
14. A computer program product that, when loaded into a non-transitory memory of a second computer and being executed by at least one processor of the second computer, performs a computer-implemented method for configuring the second computer to store data in a data-storage structure, wherein the data originates from a first computer that is communicatively connected to the second computer, and wherein the data is processed by an application in the second computer, the computer program product comprising code that is imported from a source external to the second computer that, when executed by the at least one processor, implements a forwarder module, a crypto module and a key control module and further comprising instructions, that when executed, cause the at least one processor to:
-
deploy an infrastructure to the second computer, the infrastructure capable of having a first configuration and a second configuration; responsive to deploying the infrastructure in the first configuration, receive, by the forwarder module, data from the first computer and identify, by the forwarder module, a data portion of the received data, wherein the data portion is to be encrypted, and read, by the forwarder module, an encrypted data portion from the application, wherein the encrypted data portion is to be decrypted and forward, by the forwarder module, the encrypted data portion to the application; responsive to deploying the infrastructure in the second configuration, receive, by the forwarder module, data from the application and identify, by the forwarder module, a data portion of the received data, wherein the data portion is to be encrypted, and read, by the forwarder module, an encrypted data portion from the data-storage structure, wherein the encrypted data portion is to be decrypted and forward, by the forwarder module, the encrypted data portion to the data-storage structure, encrypt, by the crypto module the data portion with a key and decrypt, by the crypto module, the encrypted data portion with the key; generate and to store the key by the key control module; and provide the key into the key control module upon receiving a key trigger from the first computer. - View Dependent Claims (15, 16, 17, 18)
-
Specification