Customer controlled data privacy protection in public cloud
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-029/06
H04L-009/00
G06F-017/30
출원번호
US-0631014
(2012-09-28)
등록번호
US-9116888
(2015-08-25)
발명자
/ 주소
Wang, Bin
Feng, Lei
Yao, Yandong
Gao, Xiaoming
출원인 / 주소
EMC Corporation
대리인 / 주소
Van Pelt, Yi & James LLP
인용정보
피인용 횟수 :
7인용 특허 :
5
초록▼
Data to be submitted to a remote node is selectively protected. In various embodiments, an indication is received to protect a data value that is to be submitted, using a browser, to a remote node. A security key that is associated with the remote node is determined automatically. The data value is
Data to be submitted to a remote node is selectively protected. In various embodiments, an indication is received to protect a data value that is to be submitted, using a browser, to a remote node. A security key that is associated with the remote node is determined automatically. The data value is selectively encrypted using the security key. The encrypted data value is provided to the browser to be submitted to the remote node.
대표청구항▼
1. A method of protecting data, comprising: receiving an indication that a data value to be submitted, using a browser, to a remote node is to be protected, wherein the remote node comprises a cloud-based application or service;receiving, via a selective data protection interface, an indication that
1. A method of protecting data, comprising: receiving an indication that a data value to be submitted, using a browser, to a remote node is to be protected, wherein the remote node comprises a cloud-based application or service;receiving, via a selective data protection interface, an indication that selective data protection is to be activated;in response to receiving the indication that selective data protection is to be activated, providing one or more fields by which the indication that the data value to be submitted is to be protected is input, wherein the one or more fields respectively correspond to one or more data values to be submitted to the remote node;receiving an input corresponding to a submission of the data value to the remote node, wherein the data value is included in a set of data values associated with a display page;in response to receiving the input corresponding to the submission of the data value to the remote node, prompting a user to select a type of encryption to be used for protection of the data value, wherein the type of encryption is related to a policy of the encryption to be used;automatically determining, by a processor, a security key at least in part by selecting a security key that is associated with the remote node to which the data value is to be submitted, wherein a plurality of security keys are stored in a key store, wherein each of at least some of the plurality of security keys in the key store are associated with an identifier of a corresponding remote node, and wherein selecting the security key that is associated with the remote node includes identifying the security key that is associated with an identifier of the remote node from the plurality of security keys in the key store;selectively encrypting, by a processor, the data value based at least in part on the security key; andproviding the encrypted data value to the browser to be submitted to the remote node. 2. The method of claim 1, wherein the encrypted data value is included by the browser in a communication sent to the remote node. 3. The method of claim 2, wherein the communication includes an HTTP GET or POST. 4. The method of claim 2, wherein the communication includes submission of a form. 5. The method of claim 1, further comprising presenting to a user a client interface to enable the user to provide the indication that the data value is to be protected. 6. The method of claim 5, wherein the client interface is provided at least in part by a browser plug in. 7. The method of claim 1, wherein the key store comprises a locally connected data protection appliance and selectively encrypting the data value includes obtaining the security key from the locally connected data protection appliance. 8. The method of claim 7, wherein the locally connected appliance stores at least one association between a security key and an URL or other identifier associated with a remote node. 9. The method of claim 1, the data value is included in a subset of one or more data values each of which has been designated by a user to be protected. 10. The method of claim 9, wherein zero or more data values not included in the subset are submitted to the remote node without first being encrypted. 11. The method of claim 1, wherein the remote node is configured to store the data value in encrypted form. 12. The method of claim 11, wherein the remote node is configured to provide the encrypted data value to a requesting node. 13. The method of claim 1, further comprising receiving a request to retrieve and display a display page with which the data value is associated. 14. The method of claim 1, further comprising retrieving, decrypting, and displaying the data value. 15. The method of claim 14, further comprising obtaining a secret key to decrypt the encrypted data value. 16. The method of claim 15, wherein the secret key is obtained from a locally connected appliance. 17. A system to protect data, comprising: a communication interface; anda processor coupled to the communication interface and configured to: receive an indication that a data value to be submitted to a remote node via the communication interface is to be protected, wherein the remote node comprises a cloud-based application or service;receive, via a selective data protection interface, an indication that selective data protection is to be activated;in response to receiving the indication that selective data protection is to be activated, provide one or more fields by which the indication that the data value to be submitted is to be protected is input, wherein the one or more fields respectively correspond to one or more data values to be submitted to the remote node;receive an input corresponding to a submission of the data value to the remote node, wherein the data value is included in a set of data values associated with a display page;in response to receiving the input corresponding to the submission of the data value to the remote node, prompt a user to select a type of encryption to be used for protection of the data value, wherein the type of encryption is related to a policy of the encryption to be used;automatically determine a security key at least in part by selecting a security key that is associated with the remote node to which the data value is to be submitted, wherein a plurality of security keys are stored in a key store, wherein each of at least some of the plurality of security keys in the key store are associated with an identifier of a corresponding remote node, and wherein selecting the security key that is associated with the remote node includes identifying the security key that is associated with an identifier of the remote node from the plurality of security keys in the key store;selectively encrypting the data value based at least in part on the security key; andproviding the encrypted data value to a browser to be submitted to the remote node; anda memory coupled to the processor and configured to provide instructions to the processor. 18. The system of claim 17, wherein the processor is further configured to obtain from a locally connected appliance security key to be used to encrypt the data value. 19. A computer program product to protect data, the computer program product being embodied in a tangible and non-transitory computer readable storage medium and comprising computer instructions for: receiving an indication that a data value to be submitted, using a browser, to a remote node is to be protected, wherein the remote node comprises a cloud-based application or service;receiving, via a selective data protection interface, an indication that selective data protection is to be activated;in response to receiving the indication that selective data protection is to be activated, providing one or more fields by which the indication that the data value to be submitted is to be protected is input, wherein the one or more fields respectively correspond to one or more data values to be submitted to the remote node;receiving an input corresponding to a submission of the data value to the remote node, wherein the data value is included in a set of data values associated with a display page;in response to receiving the input corresponding to the submission of the data value to the remote node, prompting a user to select a type of encryption to be used for protection of the data value, wherein the type of encryption is related to a policy of the encryption to be used;automatically determining a security key at least in part by selecting a security key that is associated with the remote node to which the data value is to be submitted, wherein a plurality of security keys are stored in a key store, wherein each of at least some of the plurality of security keys in the key store are associated with an identifier of a corresponding remote node, and wherein selecting the security key that is associated with the remote node includes identifying the security key that is associated with an identifier of the remote node from the plurality of security keys in the key store;selectively encrypting the data value based at least in part on the security key; andproviding the encrypted data value to the browser to be submitted to the remote node. 20. The method of claim 1, wherein the identifier of the remote node comprises an URL. 21. The method of claim 1, wherein the type of security key is one of the following: a tenant-based security key, an account-based security key, a session-based security key, and a transaction-based security key.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (5)
Durgin, Cyrus J.; Dave, Pratik S.; Martin, Eric J., Encryption key management.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Bosko, Christopher Michael; Osenbach, Bryan Daniel; Sloyer, Jeffrey S.; Beerse, Chelsea Christine, Multi-tenant secure separation of data in a cloud-based application.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.