Apparatus and method for continuous data protection in a distributed computing network
First Claim
Patent Images
1. A method for data protection comprising:
- receiving, at a database system comprising one or more hardware processors, a request for access to unobfuscated data from a requesting entity, the database system associated with a first set of security parameters such that data stored by the database system must be encrypted with a first set of encryption keys, the requesting entity associated with a second set of security parameters such that data stored by the requesting entity must be encrypted with a second set of encryption keys, at least one encryption key in the second set of encryption keys not included within the first set of encryption keys;
in response to the request;
accessing, by the database system, unobfuscated data stored by the database system;
producing, by the database system, obfuscated data by performing a first decryption operation on a first portion of the unobfuscated data using the first set of encryption keys and performing a data masking operation on a second portion of the unobfuscated data, the data masking operation comprising a replacement of each character of the second portion of unobfuscated data with a same masking character;
generating, by the database system, a report comprising the obfuscated data representative of the unobfuscated data; and
providing, by the database system, the generated report to the requesting entity;
receiving, by the database system from the requesting entity, an identification of a portion of the obfuscated data included within the generated report; and
in response to receiving the identification of the portion of the obfuscated data, providing, by the database system, the requesting entity access to a third portion of the unobfuscated data corresponding to the identified portion of the obfuscated data by performing a second decryption operation on the third portion of the obfuscated data using the first set of encryption keys, the requesting entity configured to encrypt the third portion of the unobfuscated data with the second set of encryption keys prior to storing the third portion of the unobfuscated data.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for secure data storage and transmission is provided. The system comprises a first security module for protecting data in a first data at rest system and a second security module for protecting data in a second data at rest system. At least one encryption parameter for the second data at rest system differs from at least one encryption parameter for the first data at rest system so that a datum is reencrypted when the datum is transferred from the first data at rest system to the second data at rest system.
62 Citations
21 Claims
-
1. A method for data protection comprising:
-
receiving, at a database system comprising one or more hardware processors, a request for access to unobfuscated data from a requesting entity, the database system associated with a first set of security parameters such that data stored by the database system must be encrypted with a first set of encryption keys, the requesting entity associated with a second set of security parameters such that data stored by the requesting entity must be encrypted with a second set of encryption keys, at least one encryption key in the second set of encryption keys not included within the first set of encryption keys; in response to the request; accessing, by the database system, unobfuscated data stored by the database system; producing, by the database system, obfuscated data by performing a first decryption operation on a first portion of the unobfuscated data using the first set of encryption keys and performing a data masking operation on a second portion of the unobfuscated data, the data masking operation comprising a replacement of each character of the second portion of unobfuscated data with a same masking character; generating, by the database system, a report comprising the obfuscated data representative of the unobfuscated data; and providing, by the database system, the generated report to the requesting entity; receiving, by the database system from the requesting entity, an identification of a portion of the obfuscated data included within the generated report; and in response to receiving the identification of the portion of the obfuscated data, providing, by the database system, the requesting entity access to a third portion of the unobfuscated data corresponding to the identified portion of the obfuscated data by performing a second decryption operation on the third portion of the obfuscated data using the first set of encryption keys, the requesting entity configured to encrypt the third portion of the unobfuscated data with the second set of encryption keys prior to storing the third portion of the unobfuscated data. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for data protection comprising:
-
a non-transitory computer-readable storage medium storing executable computer instructions that, when executed, are configured to perform steps comprising; receiving a request for access to unobfuscated data from a requesting entity, the system associated with a first set of security parameters such that data stored by the system must be encrypted with a first set of encryption keys, the requesting entity associated with a second set of security parameters such that data stored by the requesting entity must be encrypted with a second set of encryption keys, at least one encryption key in the second set of encryption keys not included within the first set of encryption keys; in response to the request; accessing unobfuscated data stored by the database system; producing obfuscated data by performing a first decryption operation on a first portion of the unobfuscated data using the first set of encryption keys and performing a data masking operation on a second portion of the unobfuscated data, the data masking operation comprising a replacement of each character of the second portion of unobfuscated data with a same masking character; generating a report comprising the obfuscated data representative of the unobfuscated data; and providing the generated report to the requesting entity; receiving, from the requesting entity, an identification of a portion of the obfuscated data included within the generated report; and in response to receiving the identification of the portion of the obfuscated data, provide the requesting entity access to a third portion of the unobfuscated data corresponding to the identified portion of the obfuscated data by performing a second decryption operation on the third portion of the obfuscated data using the first set of encryption keys, the requesting entity configured to encrypt the third portion of the unobfuscated data with the second set of encryption keys prior to storing the third portion of the unobfuscated data; and a processor configured to execute the computer instructions. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable storage medium storing executable computer instructions for data protection, the instructions configured to, when executed by a processor, perform steps comprising:
-
receiving, at a database system, a request for access to unobfuscated data from a requesting entity, the database system associated with a first set of security parameters such that data stored by the database system must be encrypted with a first set of encryption keys, the requesting entity associated with a second set of security parameters such that data stored by the requesting entity must be encrypted with a second set of encryption keys, at least one encryption key in the second set of encryption keys not included within the first set of encryption keys; in response to the request; accessing unobfuscated data stored by the database system; producing obfuscated data by performing a first decryption operation on a first portion of the unobfuscated data using the first set of encryption keys and performing a data masking operation on a second portion of the unobfuscated data, the data masking operation comprising a replacement of each character of the second portion of unobfuscated data with a same masking character; generating a report comprising the obfuscated data representative of the unobfuscated data; and providing the generated report to the requesting entity; receiving, from the requesting entity, an identification of a portion of the obfuscated data included within the generated report; and in response to receiving the identification of the portion of the obfuscated data, provide the requesting entity access to a third portion of the unobfuscated data corresponding to the identified portion of the obfuscated data by performing a second decryption operation on the third portion of the obfuscated data using the first set of encryption keys, the requesting entity configured to encrypt the third portion of the unobfuscated data with the second set of encryption keys prior to storing the third portion of the unobfuscated data. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification