News Column

Patent Application Titled "System and Method for Multi-Layered Sensitive Data Protection in a Virtual Computing Environment" Published Online

August 5, 2014



By a News Reporter-Staff News Editor at Information Technology Newsweekly -- According to news reporting originating from Washington, D.C., by VerticalNews journalists, a patent application by the inventors Korthny, Alex (Etrog, IL); Barak, Nir (Karmi Yosef, IL); Jerbi, Amir (Givatayim, IL), filed on March 14, 2014, was made available online on July 24, 2014.

The assignee for this patent application is CA, Inc.

Reporters obtained the following quote from the background information supplied by the inventors: "When users in virtual computing environments obtain guest virtual machines for their use, protection of sensitive data equal to or above that provided in a traditional computing environment is beneficial. However, because the user's data on the guest virtual machine exists in the cloud environment, certain security risks for sensitive data may be heightened. Data security policies internal to a cloud provider apply to the virtual machine environment only. Accordingly, an intruder may copy the guest virtual machine's virtual disc, mount it on a separate machine and attempt to access the data. Accordingly, the intruder is able to bypass the file protection rules that apply inside the running virtual machine."

In addition to obtaining background information on this patent application, VerticalNews editors also obtained the inventors' summary information for this patent application: "Provided herein are systems and methods for providing sensitive data protection in a virtual computing environment. The systems and methods utilize a sensitive data control monitor on a virtual appliance machine administering to guest virtual machines in a virtual computing environment, wherein each of the guest virtual machines may include a local sensitive data control agent. The sensitive data control monitor generates encryption keys for each guest virtual machine which are sent to the local sensitive data control agents and used to encrypt data locally on a protected guest virtual machine. In this manner the data itself on the virtual (or physical) disc associated with the guest virtual machine is encrypted while access attempts are gated by a combination of the local agent and the environment-based monitor, providing for secure yet administrable sensitive data protection.

"In an embodiment, there is provided a method for providing sensitive data protection in a virtual computing environment, the method executed by a processing device configured to perform a plurality of operations, the method comprising: activating a guest virtual machine in the virtual computing environment, wherein the guest virtual machine comprises a local sensitive data control agent, wherein the guest virtual machine is associated with a virtual appliance machine that administers sensitive data controls for the virtual computing environment, and wherein the virtual appliance machine comprises a sensitive data control monitor; generating a certificate that uniquely identifies the guest virtual machine; identifying, at the sensitive data control monitor, a sensitive data protection policy for the guest virtual machine; associating, at the sensitive data control monitor, an encryption key with the certificate, wherein the encryption key is generated in accordance with the identified sensitive data protection policy; and passing the generated encryption key, the sensitive data protection policy, and the certificate from the virtual appliance machine to the guest virtual machine, wherein sensitive data stored by the guest virtual machine is encrypted on a virtual disc of the guest virtual machine using the generated encryption key and the sensitive data protection policy and encryption of the sensitive data is maintained when the guest virtual machine is deactivated.

"In an embodiment, there is provided a system to provide sensitive data protection in a virtual computing environment, the system comprising: a processing device configured to: activate a guest virtual machine in a virtual computing environment, wherein the guest virtual machine comprises a local sensitive data control agent, wherein the guest virtual machine is associated with a virtual appliance machine that administers sensitive data controls for the virtual computing environment, and wherein the virtual appliance machine comprises a sensitive data control monitor, generate a certificate that uniquely identifies the guest virtual machine, identify, at the sensitive data control monitor, a sensitive data protection policy for the guest virtual machine, associate, at the sensitive data control monitor, an encryption key with the certificate, wherein the encryption key is generated in accordance with the identified sensitive data protection policy, and pass the generated encryption key, the sensitive data protection policy, and the certificate from the virtual appliance machine to the guest virtual machine, wherein sensitive data stored by the guest virtual machine is encrypted on a virtual disc of the guest virtual machine using the generated encryption key and the sensitive data protection policy and encryption of the sensitive data is maintained when the guest virtual machine is deactivated.

"In an embodiment, there is provided a computer-readable medium having computer-executable instructions thereon that, when executed by a processing device, configure the processing device to perform a method for providing sensitive data protection in a virtual computing environment, the method comprising: activating a guest virtual machine in a virtual computing environment, wherein the guest virtual machine comprises a local sensitive data control agent, wherein the guest virtual machine is associated with a virtual appliance machine that administers sensitive data controls for the virtual computing environment, and wherein the virtual appliance machine comprises a sensitive data control monitor; generating a certificate that uniquely identifies the guest virtual machine; identifying, at the sensitive data control monitor, a sensitive data protection policy for the guest virtual machine; associating, at the sensitive data control monitor, an encryption key with the certificate, wherein the encryption key is generated in accordance with the identified sensitive data protection policy; and passing the generated encryption key, the sensitive data protection policy, and the certificate from the virtual appliance machine to the guest virtual machine, wherein sensitive data stored by the guest virtual machine is encrypted on a virtual disc of the guest virtual machine using the generated encryption key and the sensitive data protection policy and encryption of the sensitive data is maintained when the guest virtual machine is deactivated.

"It is to be understood that both the foregoing general description and the following detailed description are exemplary and not restrictive of the scope of the invention.

BRIEF DESCRIPTION OF THE DRAWINGS

"FIG. 1 is an illustration of an environment wherein an example system for providing sensitive data protection in a virtual computing environment resides, according to various implementations.

"FIGS. 2A and 2B are an illustration of an example process for providing sensitive data protection in a virtual computing environment, according to various implementations.

"FIG. 3 is an illustration of an example system for providing sensitive data protection in a virtual computing environment, according to various implementations.

"FIG. 4 is an illustration of an example state diagram illustrating activities of a sensitive data control monitor and a sensitive data control agent, according to various implementations."

For more information, see this patent application: Korthny, Alex; Barak, Nir; Jerbi, Amir. System and Method for Multi-Layered Sensitive Data Protection in a Virtual Computing Environment. Filed March 14, 2014 and posted July 24, 2014. Patent URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&u=%2Fnetahtml%2FPTO%2Fsearch-adv.html&r=353&p=8&f=G&l=50&d=PG01&S1=20140717.PD.&OS=PD/20140717&RS=PD/20140717

Keywords for this news article include: CA Inc., Information Technology, Information and Data Protection, Information and Data Encoding and Encryption.

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC


For more stories covering the world of technology, please see HispanicBusiness' Tech Channel



Source: Information Technology Newsweekly


Story Tools






HispanicBusiness.com Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters