Apparatus and method for continuous data protection in a distributed computing network

US 9,971,906 B2
Filed: 05/22/2015
Issued: 05/15/2018
Est. Priority Date: 09/29/2006
Status: Active Grant

First Claim

Patent Images

1. A method for data protection comprising:

receiving, at a database system comprising one or more hardware processors, a request for access to unobfuscated data from a requesting entity, the database system associated with a first set of security parameters such that data stored by the database system must be encrypted with a first set of encryption keys, the requesting entity associated with a second set of security parameters such that data stored by the requesting entity must be encrypted with a second set of encryption keys, at least one encryption key in the second set of encryption keys not included within the first set of encryption keys;

in response to the request;

accessing, by the database system, unobfuscated data stored by the database system;

producing, by the database system, obfuscated data by performing a first decryption operation on a first portion of the unobfuscated data using the first set of encryption keys and performing a data masking operation on a second portion of the unobfuscated data, the data masking operation comprising a replacement of each character of the second portion of unobfuscated data with a same masking character;

generating, by the database system, a report comprising the obfuscated data representative of the unobfuscated data; and

providing, by the database system, the generated report to the requesting entity;

receiving, by the database system from the requesting entity, an identification of a portion of the obfuscated data included within the generated report; and

in response to receiving the identification of the portion of the obfuscated data, providing, by the database system, the requesting entity access to a third portion of the unobfuscated data corresponding to the identified portion of the obfuscated data by performing a second decryption operation on the third portion of the obfuscated data using the first set of encryption keys, the requesting entity configured to encrypt the third portion of the unobfuscated data with the second set of encryption keys prior to storing the third portion of the unobfuscated data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for secure data storage and transmission is provided. The system comprises a first security module for protecting data in a first data at rest system and a second security module for protecting data in a second data at rest system. At least one encryption parameter for the second data at rest system differs from at least one encryption parameter for the first data at rest system so that a datum is reencrypted when the datum is transferred from the first data at rest system to the second data at rest system.

62 Citations

21 Claims

1. A method for data protection comprising:
- receiving, at a database system comprising one or more hardware processors, a request for access to unobfuscated data from a requesting entity, the database system associated with a first set of security parameters such that data stored by the database system must be encrypted with a first set of encryption keys, the requesting entity associated with a second set of security parameters such that data stored by the requesting entity must be encrypted with a second set of encryption keys, at least one encryption key in the second set of encryption keys not included within the first set of encryption keys;
  
  in response to the request;
  
  accessing, by the database system, unobfuscated data stored by the database system;
  
  producing, by the database system, obfuscated data by performing a first decryption operation on a first portion of the unobfuscated data using the first set of encryption keys and performing a data masking operation on a second portion of the unobfuscated data, the data masking operation comprising a replacement of each character of the second portion of unobfuscated data with a same masking character;
  
  generating, by the database system, a report comprising the obfuscated data representative of the unobfuscated data; and
  
  providing, by the database system, the generated report to the requesting entity;
  
  receiving, by the database system from the requesting entity, an identification of a portion of the obfuscated data included within the generated report; and
  
  in response to receiving the identification of the portion of the obfuscated data, providing, by the database system, the requesting entity access to a third portion of the unobfuscated data corresponding to the identified portion of the obfuscated data by performing a second decryption operation on the third portion of the obfuscated data using the first set of encryption keys, the requesting entity configured to encrypt the third portion of the unobfuscated data with the second set of encryption keys prior to storing the third portion of the unobfuscated data.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the obfuscated data is capable of pronunciation by the requesting entity.
  - 3. The method of claim 1, wherein producing obfuscated data further comprises performing a substitution cipher on the unobfuscated data.
  - 4. The method of claim 1, wherein the unobfuscated data and the obfuscated data comprise the same data category.
  - 5. The method of claim 1, wherein the report includes obfuscated data comprising one or more of:
    - names, social security numbers, indications of treatment, and telephone numbers.
  - 6. The method of claim 1, wherein the generated report is encrypted using a first encryption method before providing the report to the requesting entity.
  - 7. The method of claim 6, wherein the requesting entity is configured to encrypt the generated report using a second encryption method before storing the generated report.

8. A system for data protection comprising:
- a non-transitory computer-readable storage medium storing executable computer instructions that, when executed, are configured to perform steps comprising;
  
  receiving a request for access to unobfuscated data from a requesting entity, the system associated with a first set of security parameters such that data stored by the system must be encrypted with a first set of encryption keys, the requesting entity associated with a second set of security parameters such that data stored by the requesting entity must be encrypted with a second set of encryption keys, at least one encryption key in the second set of encryption keys not included within the first set of encryption keys;
  
  in response to the request;
  
  accessing unobfuscated data stored by the database system;
  
  producing obfuscated data by performing a first decryption operation on a first portion of the unobfuscated data using the first set of encryption keys and performing a data masking operation on a second portion of the unobfuscated data, the data masking operation comprising a replacement of each character of the second portion of unobfuscated data with a same masking character;
  
  generating a report comprising the obfuscated data representative of the unobfuscated data; and
  
  providing the generated report to the requesting entity;
  
  receiving, from the requesting entity, an identification of a portion of the obfuscated data included within the generated report; and
  
  in response to receiving the identification of the portion of the obfuscated data, provide the requesting entity access to a third portion of the unobfuscated data corresponding to the identified portion of the obfuscated data by performing a second decryption operation on the third portion of the obfuscated data using the first set of encryption keys, the requesting entity configured to encrypt the third portion of the unobfuscated data with the second set of encryption keys prior to storing the third portion of the unobfuscated data; and
  
  a processor configured to execute the computer instructions.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the obfuscated data is capable of pronunciation by the requesting entity.
  - 10. The system of claim 8, wherein produced obfuscated data further comprises performing a substitution cipher on the request data.
  - 11. The system of claim 8, wherein the unobfuscated data and the obfuscated data comprise the same data category.
  - 12. The system of claim 8, wherein the report includes obfuscated data comprising one or more of:
    - names, social security numbers, indications of treatment, and telephone numbers.
  - 13. The system of claim 8, wherein the generated report is encrypted using a first encryption method before providing the report to the requesting entity.
  - 14. The system of claim 13, wherein the requesting entity is configured to encrypt the generated report using a second encryption method before storing the generated report.

15. A non-transitory computer readable storage medium storing executable computer instructions for data protection, the instructions configured to, when executed by a processor, perform steps comprising:
- receiving, at a database system, a request for access to unobfuscated data from a requesting entity, the database system associated with a first set of security parameters such that data stored by the database system must be encrypted with a first set of encryption keys, the requesting entity associated with a second set of security parameters such that data stored by the requesting entity must be encrypted with a second set of encryption keys, at least one encryption key in the second set of encryption keys not included within the first set of encryption keys;
  
  in response to the request;
  
  accessing unobfuscated data stored by the database system;
  
  producing obfuscated data by performing a first decryption operation on a first portion of the unobfuscated data using the first set of encryption keys and performing a data masking operation on a second portion of the unobfuscated data, the data masking operation comprising a replacement of each character of the second portion of unobfuscated data with a same masking character;
  
  generating a report comprising the obfuscated data representative of the unobfuscated data; and
  
  providing the generated report to the requesting entity;
  
  receiving, from the requesting entity, an identification of a portion of the obfuscated data included within the generated report; and
  
  in response to receiving the identification of the portion of the obfuscated data, provide the requesting entity access to a third portion of the unobfuscated data corresponding to the identified portion of the obfuscated data by performing a second decryption operation on the third portion of the obfuscated data using the first set of encryption keys, the requesting entity configured to encrypt the third portion of the unobfuscated data with the second set of encryption keys prior to storing the third portion of the unobfuscated data.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The computer readable storage medium of claim 15, wherein the obfuscated data is capable of pronunciation by the requesting entity.
  - 17. The computer readable storage medium of claim 15, wherein producing the obfuscated data further comprises performing a substitution cipher on the request data.
  - 18. The computer readable storage medium of claim 15, wherein the unobfuscated data and the obfuscated data comprise the same data category.
  - 19. The computer readable storage medium of claim 15, wherein the report includes obfuscated data comprising one or more of:
    - names, social security numbers, indications of treatment, and telephone numbers.
  - 20. The computer readable storage medium of claim 15, wherein the generated report is encrypted using a first encryption method before providing the report to the requesting entity.
  - 21. The computer readable storage medium of claim 20, wherein the requesting entity is configured to encrypt the generated report using a second encryption method before storing the generated report.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Original Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Inventors
Mattsson, Ulf
Primary Examiner(s)
Wang, Harris C

Application Number

US14/720,303
Publication Number

US 20150278536A1
Time in Patent Office

1,089 Days
Field of Search

726 26
US Class Current
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/602   Providing cryptographic fac...

G06F 21/6209   to a single file or object,...

G06F 21/6227   where protection concerns t...

G06F 21/6245   Protecting personal data, e...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0464   using hop-by-hop encryption...

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/3236   using cryptographic hash fu...

Apparatus and method for continuous data protection in a distributed computing network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

62 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for continuous data protection in a distributed computing network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

62 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links