Client(s) to cloud or remote server secure data or file object encryption gateway
First Claim
1. A system, comprising:
- at least one memory to store at least one key associated to a first client of a plurality of clients;
a first computing device configured as an encryption gateway to communicate with the first client using a client-side transport protocol, and to communicate with a remote cloud storage or server using a remote-side transport protocol, the first computing device comprising at least one processor, and the first computing device further configured to;
authenticate the first client using at least one authentication factor,receive data in a payload from the first client,decrypt the received data using the client-side transport protocol to provide first decrypted data,encrypt the first decrypted data using the at least one key to provide first encrypted data,encrypt the first encrypted data using the remote-side transport protocol to provide second encrypted data, andsend the second encrypted data to the remote cloud storage or server; and
a key manager configured to provide the at least one key to the encryption gateway for storage in the at least one memory.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods to send or write data or file objects to a remote cloud storage or data server using an encryption gateway. In one embodiment, a communication system includes: an encryption gateway configured to receive TLS (or an equivalent security) encrypted data in a payload from a client application, to terminate the client TLS connection, and to extract the payload and encrypt the payload data with keys from the key manager. The encryption gateway establishes a TLS connection and inserts the encrypted-authenticated data into the TLS payload and sends or writes the TLS encrypted data to a remote cloud storage or data server for storage. The system further includes a key manager configured to provide at least one key to the encryption gateway for encryption of the data in the payload.
131 Citations
19 Claims
-
1. A system, comprising:
-
at least one memory to store at least one key associated to a first client of a plurality of clients; a first computing device configured as an encryption gateway to communicate with the first client using a client-side transport protocol, and to communicate with a remote cloud storage or server using a remote-side transport protocol, the first computing device comprising at least one processor, and the first computing device further configured to; authenticate the first client using at least one authentication factor, receive data in a payload from the first client, decrypt the received data using the client-side transport protocol to provide first decrypted data, encrypt the first decrypted data using the at least one key to provide first encrypted data, encrypt the first encrypted data using the remote-side transport protocol to provide second encrypted data, and send the second encrypted data to the remote cloud storage or server; and a key manager configured to provide the at least one key to the encryption gateway for storage in the at least one memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method, comprising:
-
storing, in a memory of an encryption gateway, a key associated to a first client of a plurality of clients, the first client communicating with the encryption gateway using a client-side transport protocol; receiving, by the encryption gateway from the first client, a first request to read data or a file object from a remote cloud storage or server, the remote cloud storage or server communicating with the encryption gateway using a remote-side transport protocol; in response to the first request, sending, by the encryption gateway, a second request to the remote cloud storage or server for the data or file object; in response to the second request, receiving, by the encryption gateway, the data or the file object in a first payload from the remote cloud storage or server, wherein the data or the file object has been encrypted using the remote-side transport protocol; decrypting, by at least one processor of the encryption gateway, the received data or the file object in the first payload using the remote-side transport protocol to provide first decrypted data; decrypting, by the encryption gateway, the first decrypted data using the key associated to the first client to provide second decrypted data, wherein the key is retrieved from the memory of the encryption gateway; encrypting, by the encryption gateway, the second decrypted data using the client-side transport protocol to provide first encrypted data; and sending, from the encryption gateway to the first client, the first encrypted data. - View Dependent Claims (16)
-
-
17. A system, comprising:
-
at least one processor of an encryption gateway; and memory storing instructions configured to instruct the at least one processor to; receive, from a first client communicating with the encryption gateway using a client-side transport protocol, data in a payload; decrypt the received data using the client-side transport protocol to provide first decrypted data; receive, from a key manager, at least one key associated to the first client; encrypt the first decrypted data using the at least one key to provide first encrypted data; encrypt the first encrypted data using a remote-side transport protocol associated with a remote cloud storage or server to provide second encrypted data; and send the second encrypted data to the remote cloud storage or server. - View Dependent Claims (18, 19)
-
Specification