[go: up one dir, main page]

WO2014189353A1 - A system and method for delivering sensitive contents with synchronization feature in an unsecure infrastructure - Google Patents

A system and method for delivering sensitive contents with synchronization feature in an unsecure infrastructure Download PDF

Info

Publication number
WO2014189353A1
WO2014189353A1 PCT/MY2014/000057 MY2014000057W WO2014189353A1 WO 2014189353 A1 WO2014189353 A1 WO 2014189353A1 MY 2014000057 W MY2014000057 W MY 2014000057W WO 2014189353 A1 WO2014189353 A1 WO 2014189353A1
Authority
WO
WIPO (PCT)
Prior art keywords
registered
synchronization
memory based
based encryption
flag
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/MY2014/000057
Other languages
French (fr)
Inventor
Chew Kai GAI
Abd Aziz Norazah
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Mimos Bhd
Original Assignee
Mimos Bhd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mimos Bhd filed Critical Mimos Bhd
Publication of WO2014189353A1 publication Critical patent/WO2014189353A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Definitions

  • the present invention relates to a system and method for delivering sensitive contents with synchronization feature in an unsecure infrastructure within a cloud computing environment.
  • the invention utilizes an In-Memory Based Encryption Component (IBEC) for encrypting information.
  • IBEC In-Memory Based Encryption Component
  • Discrete Encryption Component DEC
  • DEC Discrete Encryption Component
  • US 034 Publication relates generally to data transmission in a communications system specifically to automate encryption and decryption of data for transmission in a communications system.
  • separated folders are used for retrieval, for transmitting and receiving encrypted contents as compared to the present invention wherein data to be transferred is encrypted and decrypted upon reaching its destination.
  • encrypted contents are moved to a temporary folder to be verified by the system prior to moving said encrypted contents into an outgoing folder.
  • encryption is directed to the targeted encryption folder.
  • said US 034 Publication does not provide for an extended cloud synchronizer feature for encryption and does not utilize In- Memory Based Encryption Component (IBEC) module as provided in the present invention.
  • IBEC In- Memory Based Encryption Component
  • US 907 Publication discloses information security within a Cloud computing environment.
  • encryption occurs between cloud portal and cloud storage as compared to the present invention wherein encryption is directed to targeted encryption folder and encryption is not dependent on cloud portal or cloud storage.
  • the said US 907 Publication utilizes browser plugin to detect data contents to be encrypted as compared to the present invention wherein plugins are not utilized to detect dedicated types of data contents.
  • the present invention provides for direct encryption if registered events are detected on its host and folders.
  • the said US 907 Publication also does not provide for an extended cloud synchronizer feature for encryption and does not utilize In-Memory Based Encryption Component (IBEC) module as provided in the present invention.
  • IBEC In-Memory Based Encryption Component
  • the present invention relates to a system and method for delivering sensitive contents with synchronization feature in an unsecure infrastructure within a cloud computing environment.
  • the invention utilizes an In-Memory Based Encryption Component (IBEC) for encrypting information.
  • IBEC In-Memory Based Encryption Component
  • One aspect of the present invention provides a system for delivering sensitive contents with synchronization handling in an unsecure infrastructure within a cloud computing environment.
  • the system comprising at least one In-Memory Based Encryption Component (IBEC) module (104); at least one Synchronization Handler (106) which integrates with said In-Memory Based Encryption Component (IBEC) module; and at least one registration module to register and auto-load said In-Memory Based Encryption Component (IBEC) module.
  • IBEC In-Memory Based Encryption Component
  • the at least one In-Memory Based Encryption Component (IBEC) module (104) having means to perform encryption by determining if there are any existing working flags (402); initializing flags if In-Memory Based Encryption Component (IBEC) initial flag is not set to TRUE, else proceed to next step if In-Memory Based Encryption Component (IBEC) initial flag is set to TRUE (404); determining existence of path attributes of any registered object in registered storage (406); determining if said registered object requires In-Memory Based Encryption Component (IBEC) service upon confirmation of existence of path attributes of any registered object in registered storage (408), else terminate process if there is no registered object with path attributes of any registered object in registered storage; checking status of synchronization control (SC) flag if said registered object requires In-Memory Based Encryption Component (IBEC) (410); executing Synchronization Handler if synchronization control (SC) flag is set to True
  • Another aspect of the invention provides a method for delivering sensitive contents with synchronization handling in an unsecure infrastructure within a cloud computing environment.
  • the method comprising steps of installing and registering at least one In- Memory Based Encryption Component (IBEC) module (302); monitoring incoming information stored in registered storage holder (304); and executing said In-Memory Based Encryption Component (IBEC) module to process registered entities and to perform encryption (306).
  • IBEC In- Memory Based Encryption Component
  • the step of executing said In-Memory Based Encryption Component (IBEC) module to process registered entities and to perform encryption further comprises steps of determining if there are any existing working flags (402); initializing flags if In-Memory Based Encryption Component (IBEC) initial flag is not set to TRUE, else proceed to next step if In-Memory Based Encryption Component (IBEC) initial flag is set to TRUE (404); determining existence of path attributes of any registered object in registered storage (406); determining if said registered object requires In- Memory Based Encryption Component (IBEC) service upon confirmation of existence of path attributes of any registered object in registered storage (408), else terminate process if there is no registered object with path attributes of any registered object in registered storage; checking status of synchronization control (SC) flag if said registered object requires In-Memory Based Encryption Component (IBEC) (410); executing Synchronization Handler if synchronization control (SC) flag is
  • a further aspect of the invention provides further steps for executing Synchronization Handler if synchronization control (SC) flag is set to True (412). The steps are checking synchronizer status to determine if synchronizer is registered (502); setting synchronization I/O operation flag to delay operation if synchronizer is registered (504); and executing Crypto Handler if Synchronization Handler is not registered (506).
  • SC synchronization control
  • the working flags comprises of In- Memory Based Encryption Component (IBEC) initial, Synchronization Control (SC) and Crypto Process (CP).
  • IBEC In- Memory Based Encryption Component
  • SC Synchronization Control
  • CP Crypto Process
  • Still another aspect of the invention provides a method wherein said Synchronization Control (SC) flag is used to determine the need to invoke Synchronization Handler and said Crypto Process (CP) flag is used to determine the need to invoke Crypto Process (CP) Handler.
  • SC Synchronization Control
  • CP Crypto Process
  • Yet another aspect of the invention provides further steps for executing Crypto Handler if Synchronization Handler is not registered (506).
  • the steps are checking status of Synchronization Control (SC) flag to determine if Synchronization Control (SC) flag status is set to true (602); checking status of Crypto Process (CP) flag if Synchronization Control (SC) flag status is set to true (608); determining Crypto Process (CP) flag status (609); if Crypto Process (CP) flag status is set to TRUE; continuing with synchronization process if Crypto Process flag status is set to true (E); determining existence of registered I/O events (605); storing identification of object in memory container and increasing counter to mark said number of objects in queue for Crypto Process (CP) operation upon confirmation of existence of registered I/O events (606); if Crypto Process (CP) flag status is set to FALSE; checking identification of object in memory container by assuming that Crypto Process (CP) is granted (610); proceeding to step (E) if object does not exist (604); executing Crypto Process (CP) operation upon confirmation
  • a further aspect of the invention provides that the step for storing identification of object in memory container and increasing counter to mark said number of objects in queue for Crypto Process (CP) operation upon confirmation of existence of registered I/O events (606) further comprises steps of setting Synchronization Control (SC) flag to TRUE and setting Crypto Process (CP) flag to FALSE.
  • SC Synchronization Control
  • CP Crypto Process
  • step for executing Crypto Process (CP) operation upon confirmation of existence of object (612) further comprises steps of setting Crypto Process (CP) flag to TRUE.
  • FIG. 1 illustrates the system overview of the present invention.
  • FIG. 2 is a flowchart illustrating the existing mechanism which utilizes Discrete Encryption Component (DEC) for management of user data.
  • FIG. 3 is a flowchart illustrating the main processes of an embodiment of the present invention.
  • DEC Discrete Encryption Component
  • FIG. 4 is a flowchart illustrating the steps of an embodiment of the method of the present invention for executing said In- emory Based Encryption Component (IBEC) module to process registered entities and to perform encryption.
  • IBEC In- emory Based Encryption Component
  • FIG. 5 is a flowchart illustrating the steps of an embodiment of the method of the present invention for executing Synchronization Handler if synchronization control (SC) flag is set to True.
  • SC synchronization control
  • FIG. 6 is a flowchart illustrating the steps of an embodiment of the method of the present invention for executing Crypto Handler if Synchronization Handler is not registered (506).
  • the present invention relates to a system and method for delivering sensitive contents with synchronization feature in an unsecure infrastructure within a cloud computing environment.
  • the invention utilizes an In-Memory Based Encryption Component (IBEC) for encrypting information.
  • IBEC In-Memory Based Encryption Component
  • FIG. 1.0 illustrates the system overview of the present invention
  • FIG. 2 is a flowchart illustrating the existing mechanism which utilizes Discrete Encryption Component (DEC) for management of user data.
  • DEC Discrete Encryption Component
  • FIG. 2.0 existing mechanism utilizes Discrete Encryption Component (DEC) for management of user data.
  • DEC Discrete Encryption Component
  • DEC is initialized and run by user manually (204) upon receipt of raw information for encryption (202).
  • Information is sent via user's storage such as local drag and drop (208) and user manually assigns the Crypto Process (CP) operation to DEC (206) for information to be encrypted (210).
  • CP Crypto Process
  • 1.0 utilizes an In-Memory Based Encryption Component (IBEC) (104) module to manage encryption of information.
  • the In-Memory Based Encryption Component (IBEC) (104) encrypts incoming contents which includes files received through File Transfer Protocol (FTP) and user drag and drop facility (108). Further, said In-Memory Based Encryption Component (IBEC) (104) interface with an extended cloud synchronizer control feature (106) prior to transmitting encrypted data to the cloud portal (112).
  • FTP File Transfer Protocol
  • IBEC extended cloud synchronizer control feature
  • the main processes (300) of an embodiment of the present invention are as illustrated in FIG. 3.0.
  • the method comprising steps of installing and registering an In-Memory Based Encryption Component (IBEC) module (302).
  • the In-Memory Based Encryption Component (IBEC) module monitors incoming information stored in registered storage holder (304) and executes said In-Memory Based Encryption Component (IBEC) module to process registered entities and to perform encryption (306).
  • Incoming information is provided through several different sources such (308) which includes user's local drag and drop facility, information sent through file transfer protocol (FTP) and information sent through both internal or external objects.
  • FTP file transfer protocol
  • the steps for executing an In-Memory Based Encryption Component (IBEC) module to process registered entities and to perform encryption is initiated by first determining if there are any existing working flags (402).
  • the working flags comprises of In-Memory Based Encryption Component (IBEC) initial, Synchronization Control (SC) and Crypto Process (CP).
  • the Synchronization Control (SC) flag is used to determine the need to invoke Synchronization Handler and the Crypto Process (CP) flag is used to determine the need to invoke Crypto Process (CP) Handler.
  • the said flags are initialized to execute In- Memory Based Encryption Component (IBEC) to determine existence of path attributes of any registered object in registered storage (406) if said IBEC initial flag is not set to TRUE by further setting IBEC initial flag as TRUE, setting Synchronization Control (SC) flag as FALSE and setting Crypto Process (CP) flag as FALSE. If the initial flag of said In-Memory Based Encryption Component (IBEC) is set to TRUE, the process will directly proceed to the next step (404) to determine the existence of path attributes of any registered object in registered storage (406). The said process terminates if there is no registered object with path attributes of any registered object in registered storage.
  • IBEC In- Memory Based Encryption Component
  • FIG. 5.0 A more detailed description to execute the Synchronization Handler (500) is illustrated in FIG. 5.0 wherein synchronizer status is first check to determine if synchronizer is registered (502). This is to confirm registration of synchronizer which includes dropbox.exe; skydrive.exe and googledrivesync.exe. Upon confirmation that the synchronizer is registered, synchronization of I/O operation flag is set to delay the operation (504) if more processing time is required. However, if the synchronizer is not registered, the process will proceed to execute the Crypto Handler (506).
  • FIG. 6.0 Execution of Crypto Handler is illustrated in FIG. 6.0 wherein the status of Synchronization Control (SC) flag is first check to determine if said Synchronization Control (SC) flag status is set to true (602). If said Synchronization Control (SC) flag status is set to true, the Crypto Process (CP) flag status is determined (608) to confirm if Crypto Process (CP) flag status is set to TRUE. If Crypto Process (CP) flag status is set to TRUE, it indicates that the Crypto Process (CP) operation is in progress and a new Crypto Process (CP) operation is not required.
  • SC Synchronization Control
  • control flags such as Synchronization Control (SC) flag and Crypto Process (CP) control flag are a monitoring mechanism to ensure a smooth Synchronization and Crypto Process (CP) handling. If Crypto Process (CP) flag status is set to FALSE; identification of object in memory container is checked by assuming that Crypto Process (CP) is granted (610). The said process proceeds to step (E) if no object exist (604). Else, upon confirmation of existence of object Crypto Process (CP) operation is executed (612) based on the captured identification of the object by setting Crypto Process (CP) flag as TRUE.
  • SC Synchronization Control
  • CP Crypto Process
  • the present invention addresses security issues and provides an automated solution for encrypting information with synchronization feature in an unsecure infrastructure within a cloud computing environment.
  • the present invention utilizes an In- Memory Based Encryption Component (IBEC) for encrypting information; said IBEC module is built with encryption engines in which the key is hidden in the memory of user's operating system and said IBEC module automatically performs Crypto Process (CP) operation upon detection of new information in registered storage holder.
  • IBEC In- Memory Based Encryption Component

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

A system and method for delivering sensitive contents with synchronization feature in an unsecure infrastructure within a cloud computing environment is provided by utilizing an In-Memory Based Encryption Component (IBEC) (104) for encrypting information. The method to deliver sensitive contents with synchronization handling in an unsecure infrastructure within a cloud computing environment comprising steps of installing and registering an In-Memory Based Encryption Component (IBEC) module (302), monitoring incoming information stored in registered storage holder (304) and executing said In-Memory Based Encryption Component (IBEC) module to process registered entities and to perform encryption (306). The said In-Memory Based Encryption Component module is executed to process registered entities and to perform encryption. The present invention addresses security issues and provides an automated solution for encrypting information with synchronization feature in an unsecure infrastructure within a cloud computing environment. The said In-Memory Based Encryption Component (IBEC) (104) module is built with encryption engines in which the key is hidden in the memory of user's operating system and said IBEC module automatically performs Crypto Process (CP) operation upon detection of new information in registered storage holder.

Description

A SYSTEM AND METHOD FOR DELIVERING SENSITIVE CONTENTS WITH SYNCHRONIZATION FEATURE IN AN UNSECURE INFRASTRUCTURE
FIELD OF INVENTION
The present invention relates to a system and method for delivering sensitive contents with synchronization feature in an unsecure infrastructure within a cloud computing environment. In particular, the invention utilizes an In-Memory Based Encryption Component (IBEC) for encrypting information.
BACKGROUND ART
Current systems and methods for deploying sensitive data utilize an encryption service to encrypt information of all users within the Cloud computing environment. Deployment of sensitive data in the current available systems implements encryption service between cloud portals and a storage or synchronizer such as Dropbox, Google Drive and SkyDrive. Security of encryption service within a cloud computing environment is configured and processed through the use of a browser/plug-in portal. The said security process is managed for cloud computing environment users by directing traffic for which security is desired to the encryption service to enable encryption and decryption process between a user and the cloud. This approach may lead to security issues such as password leakage due to unencrypted storage when the encryption key is compromised.
Existing mechanism which utilizes Discrete Encryption Component (DEC) for management of user data poses several issues such as cloud storage synchronization issues as said Discrete Encryption Component (DEC) is not designed to interact with cloud storage synchronizer. There is no background monitoring as DEC is unable to identify information sent via its network to its destination. Further, utilization of DEC involves user intervention as encryption of multiple files using DEC requires manual editing such as running DEC, select targeted items and targeted encrypted names.
One example for automatically securing data for transmission is described in United States Patent Publication No. US 2002/0108034A1 (hereinafter denoted as US 034 Publication). The US 034 Publication relates generally to data transmission in a communications system specifically to automate encryption and decryption of data for transmission in a communications system. In the US 034 Publication, separated folders are used for retrieval, for transmitting and receiving encrypted contents as compared to the present invention wherein data to be transferred is encrypted and decrypted upon reaching its destination. As described in the US 034 Publication, encrypted contents are moved to a temporary folder to be verified by the system prior to moving said encrypted contents into an outgoing folder. In contrast, in the present invention, encryption is directed to the targeted encryption folder. Further, said US 034 Publication does not provide for an extended cloud synchronizer feature for encryption and does not utilize In- Memory Based Encryption Component (IBEC) module as provided in the present invention.
United States Patent Publication No. US 2011/0264907 A1 (hereinafter denoted as US 907 Publication) discloses information security within a Cloud computing environment. In said US 907 Publication, encryption occurs between cloud portal and cloud storage as compared to the present invention wherein encryption is directed to targeted encryption folder and encryption is not dependent on cloud portal or cloud storage. The said US 907 Publication utilizes browser plugin to detect data contents to be encrypted as compared to the present invention wherein plugins are not utilized to detect dedicated types of data contents. In contrast, the present invention provides for direct encryption if registered events are detected on its host and folders. The said US 907 Publication also does not provide for an extended cloud synchronizer feature for encryption and does not utilize In-Memory Based Encryption Component (IBEC) module as provided in the present invention.
Another example for secured file transfer is described in an IEEE Published Paper entitled "Three Tier Encryption for Secured File Transfer" authored by Bhargav Balakrishnan. The said IEEE paper utilizes encryption algorithm which is designed for having a secure file transfer in the low privilege servers and as well as in a secured environment. Encryption is based on line coding and mathematical series wherein data (words) are being converted into binary bits of 0's and 1 's. Further, encryption is provided between the administrator and user. In contrast, encryption as provided in the present invention is not dependent on any administrator as encryption is directed to targeted encryption folder. The disclosure in the IEEE paper does not provide for an extended cloud synchronizer feature for encryption and does not utilize In-Memory Based Encryption Component (IBEC) module as provided in the present invention.
The subject matter claimed herein is not limited to embodiments that solve any disadvantages or that operate only in environments such as those described above. Rather, this background is only provided to illustrate one exemplary technology area where some embodiments described herein may be practiced.
SUMMARY OF INVENTION
The present invention relates to a system and method for delivering sensitive contents with synchronization feature in an unsecure infrastructure within a cloud computing environment. In particular, the invention utilizes an In-Memory Based Encryption Component (IBEC) for encrypting information.
One aspect of the present invention provides a system for delivering sensitive contents with synchronization handling in an unsecure infrastructure within a cloud computing environment. The system comprising at least one In-Memory Based Encryption Component (IBEC) module (104); at least one Synchronization Handler (106) which integrates with said In-Memory Based Encryption Component (IBEC) module; and at least one registration module to register and auto-load said In-Memory Based Encryption Component (IBEC) module. The at least one In-Memory Based Encryption Component (IBEC) module (104) having means to perform encryption by determining if there are any existing working flags (402); initializing flags if In-Memory Based Encryption Component (IBEC) initial flag is not set to TRUE, else proceed to next step if In-Memory Based Encryption Component (IBEC) initial flag is set to TRUE (404); determining existence of path attributes of any registered object in registered storage (406); determining if said registered object requires In-Memory Based Encryption Component (IBEC) service upon confirmation of existence of path attributes of any registered object in registered storage (408), else terminate process if there is no registered object with path attributes of any registered object in registered storage; checking status of synchronization control (SC) flag if said registered object requires In-Memory Based Encryption Component (IBEC) (410); executing Synchronization Handler if synchronization control (SC) flag is set to True (412); and executing Crypto Handler if Synchronization Handler is not registered (414).
Another aspect of the invention provides a method for delivering sensitive contents with synchronization handling in an unsecure infrastructure within a cloud computing environment. The method comprising steps of installing and registering at least one In- Memory Based Encryption Component (IBEC) module (302); monitoring incoming information stored in registered storage holder (304); and executing said In-Memory Based Encryption Component (IBEC) module to process registered entities and to perform encryption (306). The step of executing said In-Memory Based Encryption Component (IBEC) module to process registered entities and to perform encryption further comprises steps of determining if there are any existing working flags (402); initializing flags if In-Memory Based Encryption Component (IBEC) initial flag is not set to TRUE, else proceed to next step if In-Memory Based Encryption Component (IBEC) initial flag is set to TRUE (404); determining existence of path attributes of any registered object in registered storage (406); determining if said registered object requires In- Memory Based Encryption Component (IBEC) service upon confirmation of existence of path attributes of any registered object in registered storage (408), else terminate process if there is no registered object with path attributes of any registered object in registered storage; checking status of synchronization control (SC) flag if said registered object requires In-Memory Based Encryption Component (IBEC) (410); executing Synchronization Handler if synchronization control (SC) flag is set to True (412); and executing Crypto Handler if Synchronization Handler is not registered (414).
A further aspect of the invention provides further steps for executing Synchronization Handler if synchronization control (SC) flag is set to True (412). The steps are checking synchronizer status to determine if synchronizer is registered (502); setting synchronization I/O operation flag to delay operation if synchronizer is registered (504); and executing Crypto Handler if Synchronization Handler is not registered (506).
Yet another aspect of the invention provides that the working flags comprises of In- Memory Based Encryption Component (IBEC) initial, Synchronization Control (SC) and Crypto Process (CP).
Still another aspect of the invention provides a method wherein said Synchronization Control (SC) flag is used to determine the need to invoke Synchronization Handler and said Crypto Process (CP) flag is used to determine the need to invoke Crypto Process (CP) Handler.
Yet another aspect of the invention provides further steps for executing Crypto Handler if Synchronization Handler is not registered (506). The steps are checking status of Synchronization Control (SC) flag to determine if Synchronization Control (SC) flag status is set to true (602); checking status of Crypto Process (CP) flag if Synchronization Control (SC) flag status is set to true (608); determining Crypto Process (CP) flag status (609); if Crypto Process (CP) flag status is set to TRUE; continuing with synchronization process if Crypto Process flag status is set to true (E); determining existence of registered I/O events (605); storing identification of object in memory container and increasing counter to mark said number of objects in queue for Crypto Process (CP) operation upon confirmation of existence of registered I/O events (606); if Crypto Process (CP) flag status is set to FALSE; checking identification of object in memory container by assuming that Crypto Process (CP) is granted (610); proceeding to step (E) if object does not exist (604); executing Crypto Process (CP) operation upon confirmation of existence of object (612); removing identification of object from memory container and object counter is reduced by one (614); determining if memory container is empty (616); resetting Synchronization Control (SC) and Crypto Process (CP) flags to FALSE if said memory container is empty (618); and proceeding to step (E) until completion of objects in said memory container (620).
A further aspect of the invention provides that the step for storing identification of object in memory container and increasing counter to mark said number of objects in queue for Crypto Process (CP) operation upon confirmation of existence of registered I/O events (606) further comprises steps of setting Synchronization Control (SC) flag to TRUE and setting Crypto Process (CP) flag to FALSE.
Yet another aspect of the invention provides that the step for executing Crypto Process (CP) operation upon confirmation of existence of object (612) further comprises steps of setting Crypto Process (CP) flag to TRUE.
The present invention consists of features and a combination of parts hereinafter fully described and illustrated in the accompanying drawings, it being understood that various changes in the details may be made without departing from the scope of the invention or sacrificing any of the advantages of the present invention. BRIEF DESCRIPTION OF ACCOMPANYING DRAWINGS
To further clarify various aspects of some embodiments of the present invention, a more particular description of the invention will be rendered by references to specific embodiments thereof, which are illustrated in the appended drawings. It is appreciated that these drawings depict only typical embodiments of the invention and are therefore not to be considered limiting of its scope. The invention will be described and explained with additional specificity and detail through the accompanying drawings in which: FIG. 1 illustrates the system overview of the present invention.
FIG. 2 is a flowchart illustrating the existing mechanism which utilizes Discrete Encryption Component (DEC) for management of user data. FIG. 3 is a flowchart illustrating the main processes of an embodiment of the present invention.
FIG. 4 is a flowchart illustrating the steps of an embodiment of the method of the present invention for executing said In- emory Based Encryption Component (IBEC) module to process registered entities and to perform encryption.
FIG. 5 is a flowchart illustrating the steps of an embodiment of the method of the present invention for executing Synchronization Handler if synchronization control (SC) flag is set to True.
FIG. 6 is a flowchart illustrating the steps of an embodiment of the method of the present invention for executing Crypto Handler if Synchronization Handler is not registered (506).
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
The present invention relates to a system and method for delivering sensitive contents with synchronization feature in an unsecure infrastructure within a cloud computing environment. In particular, the invention utilizes an In-Memory Based Encryption Component (IBEC) for encrypting information.
Hereinafter, this specification will describe the present invention according to the preferred embodiments. It is to be understood that limiting the description to the preferred embodiments of the invention is merely to facilitate discussion of the present invention and it is envisioned without departing from the scope of the appended claims.
Reference is first made to FIGs. 1.0 and 2.0. FIG. 1.0 illustrates the system overview of the present invention and FIG. 2 is a flowchart illustrating the existing mechanism which utilizes Discrete Encryption Component (DEC) for management of user data. As illustrated in FIG. 2.0, existing mechanism utilizes Discrete Encryption Component (DEC) for management of user data. At present, Discrete Encryption Component (DEC) is initialized and run by user manually (204) upon receipt of raw information for encryption (202). Information is sent via user's storage such as local drag and drop (208) and user manually assigns the Crypto Process (CP) operation to DEC (206) for information to be encrypted (210). In contrast, the present invention as illustrated in FIG. 1.0 utilizes an In-Memory Based Encryption Component (IBEC) (104) module to manage encryption of information. The In-Memory Based Encryption Component (IBEC) (104) encrypts incoming contents which includes files received through File Transfer Protocol (FTP) and user drag and drop facility (108). Further, said In-Memory Based Encryption Component (IBEC) (104) interface with an extended cloud synchronizer control feature (106) prior to transmitting encrypted data to the cloud portal (112).
The main processes (300) of an embodiment of the present invention are as illustrated in FIG. 3.0. To deliver sensitive contents with synchronization handling in an unsecure infrastructure within a cloud computing environment, the method comprising steps of installing and registering an In-Memory Based Encryption Component (IBEC) module (302). The In-Memory Based Encryption Component (IBEC) module monitors incoming information stored in registered storage holder (304) and executes said In-Memory Based Encryption Component (IBEC) module to process registered entities and to perform encryption (306). Incoming information is provided through several different sources such (308) which includes user's local drag and drop facility, information sent through file transfer protocol (FTP) and information sent through both internal or external objects.
As will be discussed in detail below with reference to FIG. 4.0, the steps for executing an In-Memory Based Encryption Component (IBEC) module to process registered entities and to perform encryption is initiated by first determining if there are any existing working flags (402). The working flags comprises of In-Memory Based Encryption Component (IBEC) initial, Synchronization Control (SC) and Crypto Process (CP). The Synchronization Control (SC) flag is used to determine the need to invoke Synchronization Handler and the Crypto Process (CP) flag is used to determine the need to invoke Crypto Process (CP) Handler. The said flags are initialized to execute In- Memory Based Encryption Component (IBEC) to determine existence of path attributes of any registered object in registered storage (406) if said IBEC initial flag is not set to TRUE by further setting IBEC initial flag as TRUE, setting Synchronization Control (SC) flag as FALSE and setting Crypto Process (CP) flag as FALSE. If the initial flag of said In-Memory Based Encryption Component (IBEC) is set to TRUE, the process will directly proceed to the next step (404) to determine the existence of path attributes of any registered object in registered storage (406). The said process terminates if there is no registered object with path attributes of any registered object in registered storage.
If registered object exist, it is further determined if said registered object requires In- Memory Based Encryption Component (IBEC) service upon confirmation of existence of path attributes of any registered object in registered storage (408). Thereafter, the status of synchronization control (SC) flag is check if said registered object requires In-Memory Based Encryption Component (IBEC) (410). Subsequently, if Synchronization Control (SC) flag is set as TRUE, said Synchronization Handler is executed (412) and thereafter executes Crypto Handler if Synchronization Handler is not registered (414). The said step (410) of determining if IBEC Service is required serves as a filtering option to determine if certain objects or files are required to be processed. If registered object does not require IBEC service, the said process is terminated. A more detailed description to execute the Synchronization Handler (500) is illustrated in FIG. 5.0 wherein synchronizer status is first check to determine if synchronizer is registered (502). This is to confirm registration of synchronizer which includes dropbox.exe; skydrive.exe and googledrivesync.exe. Upon confirmation that the synchronizer is registered, synchronization of I/O operation flag is set to delay the operation (504) if more processing time is required. However, if the synchronizer is not registered, the process will proceed to execute the Crypto Handler (506).
Execution of Crypto Handler is illustrated in FIG. 6.0 wherein the status of Synchronization Control (SC) flag is first check to determine if said Synchronization Control (SC) flag status is set to true (602). If said Synchronization Control (SC) flag status is set to true, the Crypto Process (CP) flag status is determined (608) to confirm if Crypto Process (CP) flag status is set to TRUE. If Crypto Process (CP) flag status is set to TRUE, it indicates that the Crypto Process (CP) operation is in progress and a new Crypto Process (CP) operation is not required. Therefore it continues with the current synchronization process if Crypto Process (CP) flag status is set to true (E).Thus, if Synchronization Control (SC) flag status is set to true and if Crypto Process (CP) flag status is set to TRUE, the said step proceeds to determine the existence of registered I/O events (605) and identification of object is stored in memory container and counter is increased to mark number of objects in queue for Crypto Process (CP) operation upon confirmation of existence of registered I/O events (606). In this stage, the Synchronization Control (SC) flag is set to TRUE and the Crypto Process (CP) flag is set to FALSE to divert the attention of the Synchronizer before proceeding with the operation of the Crypto Process (CP). The said process occurs at an asynchronous environment during current Crypto Process (CP) operation wherein new object or file interval may arrive concurrently. Therefore, control flags such as Synchronization Control (SC) flag and Crypto Process (CP) control flag are a monitoring mechanism to ensure a smooth Synchronization and Crypto Process (CP) handling. If Crypto Process (CP) flag status is set to FALSE; identification of object in memory container is checked by assuming that Crypto Process (CP) is granted (610). The said process proceeds to step (E) if no object exist (604). Else, upon confirmation of existence of object Crypto Process (CP) operation is executed (612) based on the captured identification of the object by setting Crypto Process (CP) flag as TRUE. Upon completion of said Crypto Process, identification of object is removed from memory container and object counter is reduced by one (Count= Count -1) (614). The said counter is essential to ensure that Crypto Process operation is totally completed. The next Crypto Process operation will be held once said counter value is zero. It is further determined if the memory container is empty (616). If the memory container is empty, Synchronization Control (SC) and Crypto Process (CP) flags status are reset to FALSE (618) and proceeds to step (E) until completion of objects in said memory container (620). If the memory container is not empty, the process proceeds directly to step (E) until completion of objects in said memory container (620).
In short, the present invention addresses security issues and provides an automated solution for encrypting information with synchronization feature in an unsecure infrastructure within a cloud computing environment. The present invention utilizes an In- Memory Based Encryption Component (IBEC) for encrypting information; said IBEC module is built with encryption engines in which the key is hidden in the memory of user's operating system and said IBEC module automatically performs Crypto Process (CP) operation upon detection of new information in registered storage holder.
Unless the context requires otherwise or specifically stated to the contrary, integers, steps or elements of the invention recited herein as singular integers, steps or elements clearly encompass both singular and plural forms of the recited integers, steps or elements.
Throughout this specification, unless the context requires otherwise, the word "comprise", or variations such as "comprises" or "comprising", will be understood to imply the inclusion of a stated step or element or integer or group of steps or elements or integers, but not the exclusion of any other step or element or integer or group of steps, elements or integers. Thus, in the context of this specification, the term "comprising" is used in an inclusive sense and thus should be understood as meaning "including principally, but not necessarily solely".
It will be appreciated that the foregoing description has been given by way of illustrative example of the invention and that all such modifications and variations thereto as would be apparent to persons of skill in the art are deemed to fall within the broad scope and ambit of the invention as herein set forth.

Claims

1. A method (300) for delivering sensitive contents with synchronization handling in an unsecure infrastructure within a cloud computing environment, the method comprising steps of:
installing and registering at least one In-Memory Based Encryption Component module (302);
monitoring incoming information stored in registered storage holder (304); and
executing said In-Memory Based Encryption Component module to process registered entities and to perform encryption (306) characterized in that
executing said In-Memory Based Encryption Component module to process registered entities and to perform encryption (306) further comprises steps of:
determining if there are any existing working flags (402);
initializing flags if In-Memory Based Encryption Component initial flag is not set to TRUE, else proceed to next step if In- Memory Based Encryption Component initial flag is set to TRUE (404);
determining existence of path attributes of any registered object in registered storage (406);
determining if said registered object requires In-Memory Based Encryption Component service upon confirmation of
existence of path attributes of any registered object in
registered storage (408), else terminate process if there is no registered object with path attributes of any registered object in registered storage;
checking status of synchronization control flag if said registered object requires In-Memory Based Encryption Component (410); executing Synchronization Handler if synchronization control flag is set to True (412); and
executing Crypto Handler if Synchronization Handler is not registered (414). A method according to Claim 1 , wherein executing Synchronization Handler if synchronization control flag is set to True (412) further comprises steps of:
checking synchronizer status to determine if synchronizer is registered
(502);
setting synchronization I/O operation flag to delay operation if synchronizer is registered (504); and
executing Crypto Handler if Synchronization Handler is not registered (506).
A method according to Claim 1 , wherein the working flags comprises of In- Memory Based Encryption Component initial, Synchronization Control and Crypto Process.
A method according to Claim 3, wherein said Synchronization Control flag is used to determine the need to invoke Synchronization Handler.
A method according to Claim 3, wherein said Crypto Process flag is used to determine the need to invoke Crypto Process Handler.
A method according to Claim 1 , wherein executing Crypto Handler if Synchronization Handler is not registered (506) further comprises steps of:
checking status of Synchronization Control flag to determine if
Synchronization Control flag status is set to true (602);
checking status of Crypto Process flag if Synchronization Control flag status is set to true (608);
determining Crypto Process flag status (609);
if Crypto Process flag status is set to TRUE;
continuing with synchronization process if Crypto Process flag status is set to true (E);
determining existence of registered Input/Output events (605); storing identification of object in memory container and increasing counter to mark said number of objects in queue for Crypto Process operation upon confirmation of existence of registered Input/Output events (606); if Crypto Process flag status is set to FALSE;
checking identification of object in memory container by assuming that Crypto Process is granted (610);
proceeding to step (E) if object does not exist (604); executing Crypto Process operation upon confirmation of existence of object (612);
removing identification of object from memory container and object counter is reduced by one (614);
determining if memory container is empty (616);
resetting Synchronization Control and Crypto Process flags to
FALSE if said memory container is empty (618); and proceeding to step (E) until completion of objects in said memory container (620).
A method according to Claim 6, wherein storing identification of object in memory container and increasing counter to mark said number of objects in queue for Crypto Process operation upon confirmation of existence of registered I/O events (606) further comprises steps of setting Synchronization Control flag to TRUE and setting Crypto Process flag to FALSE .
A method according to Claim 6, wherein executing Crypto Process operation upon confirmation of existence of object (612) further comprises steps of setting Crypto Process flag to TRUE.
A system (100) for delivering sensitive contents with synchronization handling in an unsecure infrastructure within a cloud computing environment comprising: at least one In-Memory Based Encryption Component module (104); at least one Synchronization Handler (106) which integrates with said In- Memory Based Encryption Component module; and
at least one registration module to register and auto-load said In-Memory Based Encryption Component module
characterized in that
the at least one In-Memory Based Encryption Component module (104) having means to perform encryption by: determining if there are any existing working flags (402);
initializing flags if In-Memory Based Encryption Component initial flag is not set to TRUE, else proceed to next step if In- Memory Based Encryption Component initial flag is set to TRUE (404);
determining existence of path attributes of any registered object in registered storage (406);
determining if said registered object requires In-Memory Based Encryption Component service upon confirmation of
existence of path attributes of any registered object in
registered storage (408), else terminate process if there is no registered object with path attributes of any registered object in registered storage;
checking status of synchronization control flag if said registered object requires In-Memory Based Encryption Component (410); executing Synchronization Handler if synchronization control flag is set to True (412); and
executing Crypto Handler if Synchronization Handler is not registered (414).
20
PCT/MY2014/000057 2013-05-23 2014-04-15 A system and method for delivering sensitive contents with synchronization feature in an unsecure infrastructure Ceased WO2014189353A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
MYPI2013001910 2013-05-23
MYPI2013001910A MY155817A (en) 2013-05-23 2013-05-23 A system and method for delivering sensitive contents with synchronization feature in an unsecure infrastructure

Publications (1)

Publication Number Publication Date
WO2014189353A1 true WO2014189353A1 (en) 2014-11-27

Family

ID=50942733

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/MY2014/000057 Ceased WO2014189353A1 (en) 2013-05-23 2014-04-15 A system and method for delivering sensitive contents with synchronization feature in an unsecure infrastructure

Country Status (2)

Country Link
MY (1) MY155817A (en)
WO (1) WO2014189353A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020108034A1 (en) 2001-02-02 2002-08-08 Tony Hashem System and method for automatically securing data for transmission
US20110264907A1 (en) 2010-04-27 2011-10-27 International Business Machines Corporation Securing information within a cloud computing environment
US20120297188A1 (en) * 2011-05-20 2012-11-22 Van Der Linden Robert Providing multiple layers of security to file storage by an external storage provider
US20130022201A1 (en) * 2011-07-19 2013-01-24 Gerrity Daniel A Encrypted memory

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020108034A1 (en) 2001-02-02 2002-08-08 Tony Hashem System and method for automatically securing data for transmission
US20110264907A1 (en) 2010-04-27 2011-10-27 International Business Machines Corporation Securing information within a cloud computing environment
US20120297188A1 (en) * 2011-05-20 2012-11-22 Van Der Linden Robert Providing multiple layers of security to file storage by an external storage provider
US20130022201A1 (en) * 2011-07-19 2013-01-24 Gerrity Daniel A Encrypted memory

Also Published As

Publication number Publication date
MY155817A (en) 2015-12-02

Similar Documents

Publication Publication Date Title
US10050982B1 (en) Systems and methods for reverse-engineering malware protocols
RU2680736C1 (en) Malware files in network traffic detection server and method
US10375086B2 (en) System and method for detection of malicious data encryption programs
US9882924B2 (en) Systems and methods for malware analysis of network traffic
US9411975B2 (en) Methods and apparatus to securely share data
US7900265B1 (en) Method and/or system to authorize access to stored data
EP3234856B1 (en) Method for diffracted data retrieval
US9059974B2 (en) Secure mobile app connection bus
US9843594B1 (en) Systems and methods for detecting anomalous messages in automobile networks
CN102932349B (en) Data transmission method, device and system
US9215251B2 (en) Apparatus, systems, and methods for managing data security
US9690598B2 (en) Remotely establishing device platform integrity
US20170019388A1 (en) Security key generator module for security sensitive applications
US10581819B1 (en) Network traffic scanning of encrypted data
KR20190033716A (en) Apparatus and method for communication using message history-based security key using blockchain
US11544393B2 (en) Securely accessing offline data with indirect communication
US20140344931A1 (en) Systems and methods for extracting cryptographic keys from malware
JP7680575B2 (en) Containerized cross-domain solutions
EP4084484A1 (en) Method and device for encryption of video stream, communication equipment, and storage medium
CN113328979A (en) Method and device for recording access behaviors
US11064026B2 (en) Apparatus and method for sharing security threat information
US9146950B1 (en) Systems and methods for determining file identities
CN113658709A (en) Method, device, computer equipment and storage medium for medical data information query
WO2014189353A1 (en) A system and method for delivering sensitive contents with synchronization feature in an unsecure infrastructure
CN105099930A (en) Method and device for controlling traffic of encrypted data flow

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14730216

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14730216

Country of ref document: EP

Kind code of ref document: A1