Systems and methods for cloud data security

US 10,135,799 B2
Filed: 08/21/2017
Issued: 11/20/2018
Est. Priority Date: 03/04/2013
Status: Expired

First Claim

Patent Images

1. A system for protecting data-at-rest in a cloud-based service platform, the system comprising:

a network connection;

a working memory device;

a persistent data storage medium; and

one or more processors coupled to the working memory device, the network connection and the persistent data storage medium, the persistent data storage medium containing instructions that, when executed on the system, cause the system to perform operations including;

performing, using the one or more processors, a first action involving a document stored in the working memory device of the system;

upon completion of the first action, transmitting, over the network connection, the document to a remote system operated by a security service provider for persistent storage, wherein prior to transmitting, the document being retained within the working memory device and not written to the persistent data storage medium;

deleting the document from the working memory device in response to receiving a confirmation of receipt of the document from the remote system operated by the security service provider;

determining, after deleting the document, that a second action requires access to the document;

receiving in response to a request, over the network connection using the one or more processors, the document from the remote system operated by the security service provider;

in response to receiving the document, maintaining the document within the working memory device, without writing the document to the persistent data storage medium;

performing, using the one or more processors, the second action involving the document; and

upon completion of the second action involving the document, deleting the document from the working memory device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for providing data security services with respect to cloud-based services are described. Examples include a security service provider (“SSP”) configured to perform or provide one or more security-related services or functions with respect to or on behalf of some other system or service. The other system or service may be, for example, a cloud-based system that provides network-accessible services. The SSP allows a user of the cloud-based service to provide and manage one or more security-related services, such as data storage, encryption, decryption, key management, and the like. By using and controlling the SSP, the user can be confident that his or her data is being securely represented and stored, even though it is being operated upon by a cloud-based service that is not under the user'"'"'s control.

32 Citations

View as Search Results

20 Claims

1. A system for protecting data-at-rest in a cloud-based service platform, the system comprising:
- a network connection;
  
  a working memory device;
  
  a persistent data storage medium; and
  
  one or more processors coupled to the working memory device, the network connection and the persistent data storage medium, the persistent data storage medium containing instructions that, when executed on the system, cause the system to perform operations including;
  
  performing, using the one or more processors, a first action involving a document stored in the working memory device of the system;
  
  upon completion of the first action, transmitting, over the network connection, the document to a remote system operated by a security service provider for persistent storage, wherein prior to transmitting, the document being retained within the working memory device and not written to the persistent data storage medium;
  
  deleting the document from the working memory device in response to receiving a confirmation of receipt of the document from the remote system operated by the security service provider;
  
  determining, after deleting the document, that a second action requires access to the document;
  
  receiving in response to a request, over the network connection using the one or more processors, the document from the remote system operated by the security service provider;
  
  in response to receiving the document, maintaining the document within the working memory device, without writing the document to the persistent data storage medium;
  
  performing, using the one or more processors, the second action involving the document; and
  
  upon completion of the second action involving the document, deleting the document from the working memory device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein the determining that the second action requires access to the document includes receiving a signature completion request from a second user.
  - 3. The system of claim 2, wherein the performing the second action includes presenting at least a representation of the document to the second user for signature.
  - 4. The system of claim 3, wherein the performing the second action includes receiving signature data from the second user representative of the second user applying a digital or electronic signature to the document.
  - 5. The system of claim 4, wherein the persistent storage medium further comprises instructions that cause the system to perform the operation of storing the signature data in association with the document and the first action or the second action prior to deleting the document from the working memory.
  - 6. The system of claim 1, wherein the performing the second action includes collecting and maintaining metadata confirming the second action associated with the document.
  - 7. The system of claim 1, wherein the deleting the document from working memory device occurs in response to the following conditions:
    - no actions requiring access to the document are pending processing on the cloud-based service platform; and
      
      receipt of a confirmation from the remote system operated by the security service provider of receipt and storage of a current copy of the document.
  - 8. The system of claim 1, wherein the persistent data storage medium further comprises instructions that cause the system to perform operations including:
    - accessing a policy associated with a first user;
      
      evaluating the first action or the second action and the document against the policy; and
      
      determining whether to persistently store the document with the security service provider based on results of evaluating the first action or the second action and the document.
  - 9. The system of claim 8, wherein evaluating the document against the policy includes evaluating a status associated with the document against the policy.

10. A method for protecting data-at-rest in a cloud-based service platform, the method comprising:
- on a computing system within the cloud-based document management service platform performing operations including;
  
  performing, using the one or more processors, a first action involving a document stored in the working memory device;
  
  upon completion of the first action, transmitting, over the network connection, the document to a remote system operated by a security service provider for persistent storage, wherein prior to transmitting, the document being retained within the working memory device and not written to the persistent data storage medium;
  
  deleting the document from the working memory device in response to receiving a confirmation of receipt of the document from the remote system operated by the security service provider;
  
  determining, after deleting the document, that a second action requires access to the document;
  
  receiving in response to a request, over the network connection using the one or more processors, the document from the remote system operated by the security service provider;
  
  in response to receiving the document, maintaining the document within the working memory device, without writing the document to the persistent data storage medium;
  
  performing, using the one or more processors, the second action involving the document; and
  
  upon completion of the second action involving the document, deleting the document from the working memory device.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method of claim 10, wherein the determining that the second action requires access to the document includes receiving a signature completion request from a second user.
  - 12. The method of claim 11, wherein the performing the second action includes presenting at least a representation of the document to the second user for signature.
  - 13. The method of claim 12, wherein the performing the second action includes receiving signature data from the second user representative of the second user applying a digital or electronic signature to the document.
  - 14. The method of claim 13, further comprising storing the signature data in association with the document and the first action or the second action prior to deleting the document from the working memory.
  - 15. The method of claim 10, wherein the performing the second action includes collecting and maintaining metadata confirming the second action associated with the document.
  - 16. The method of claim 10, wherein the deleting the document from the cloud-based service platform occurs in response to the following conditions:
    - no actions requiring access to the document are pending processing on the cloud-based service platform; and
      
      receipt of a confirmation from the remote system operated by the security service provider of receipt and storage of a current copy of the document.
  - 17. The method of claim 10, wherein the receiving the document as part of a service request includes:
    - accessing a policy associated with a first user;
      
      evaluating the first action or the second action and the document against the policy; and
      
      determining whether to persistently store the document with the security service provider based on results of evaluating the first action or the second action and the document.
  - 18. The method of claim 17, wherein evaluating the document against the policy includes evaluating a status associated with the document against the policy.

19. A non-transitory computer-readable storage medium containing instructions that, when executed on a computer system within a cloud-based service platform, cause the computer system to perform operations including:
- performing, using the one or more processors, a first action involving a document stored in the working memory device;
  
  upon completion of the first action, transmitting, over the network connection, the document to a remote system operated by a security service provider for persistent storage, wherein prior to transmitting, the document being retained within the working memory device and not written to the persistent data storage medium;
  
  deleting the document from the working memory device in response to receiving a confirmation of receipt of the document from the remote system operated by the security service provider;
  
  determining, after deleting the document, that a second action requires access to the document;
  
  receiving in response to a request, over the network connection using the one or more processors, the document from the remote system operated by the security service provider;
  
  in response to receiving the document, maintaining the document within the working memory device, without writing the document to the persistent data storage medium;
  
  performing, using the one or more processors, the second action involving the document; and
  
  upon completion of the second action involving the document, deleting the document from the working memory device.
- View Dependent Claims (20)
- - 20. The non-transitory computer-readable storage medium of claim 19, wherein the determining that the second action requires access to the document includes receiving a signature completion request from a second user;
    - andwherein the performing the second action includes presenting at least a representation of the document to the second user for signature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
DocuSign Incorporated
Original Assignee
DocuSign Incorporated
Inventors
Fleischman, Eric, Wald, Duane, Peterson, Donald G.
Primary Examiner(s)
King, John B

Application Number

US15/682,061
Publication Number

US 20170374048A1
Time in Patent Office

456 Days
Field of Search
US Class Current
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/64   Protecting data integrity, ...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0876   based on the identity of th...

H04L 63/20   for managing network securi...

H04L 9/3247   involving digital signatures

Systems and methods for cloud data security

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

32 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for cloud data security

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links