System and method for secured backup of data
Abstract
A system and method of selectively providing encrypted data is provided. Embodiments of the invention may store data in encrypted form on a storage device. Embodiments of the invention may selectively provide encrypted or decrypted data to a requestor of data based on configuration or other parameters. A filter driver or other module or unit may examine a request for, or communication of data from the storage device and may determine if data is to be provided in encrypted or decrypted form. Decrypted data may be provided to a caching system. A filter driver or other module or unit may examine a request for, or communication of data from the caching system. Data provided from the caching system may be selectively encrypted based on configuration or other parameters.
Claims
exact text as granted — not AI-modified1 - 14 . (canceled)
15 . A method comprising:
by a computerized platform, selectively providing data to different computerized processes that are associated with said computerized platform, wherein said providing comprises selectively providing data to a data-requesting process either in encrypted form or in decrypted form, by performing:
(A) analyzing a request, that was received from said data-requesting process, which requests said data from said local storage unit;
(B) retrieving a set of one or more parameters that are associated with said data-requesting process; and further retrieving a pre-defined security policy that is associated with at least one parameter of said set of one or more parameters of said data-requesting process;
(C) determining whether (I) the set of one or more parameters of said data-requesting process, corresponds to (II) said security policy applied to at least one of said parameters;
(D) based on an aggregate combination of: (i) said one or more parameters of said data-requesting process, and (ii) said pre-defined security policy, and (iii) destination of said data, selectively delivering said data either in encrypted format or in decrypted format to said destination.
16 . The method of claim 15 ,
wherein the delivering of step (D) comprises: determining which encryption key to utilize if said data is to be provided in encrypted form to said data-requesting process.
17 . The method of claim 15 ,
wherein the delivering of step (D) comprises: if it is determined that said destination is part of a backup system then: delivering said data in encrypted format to said destination; if it is determined that said destination is not part of a backup system then: delivering said data in decrypted format to said destination.
18 . The method of claim 15 , wherein the analyzing of step (A) comprises: intercepting a data-access request of said data-requesting process.
19 . The method of claim 15 , comprising:
concurrently providing a data item in two different formats to two different requesting processes, by: (a) determining that a first requesting process is an authorized logged-in user; (b) delivering said data item in decrypted format to said authorized logged-in user; (c) determining that a second, concurrent, requesting process is a backup module; (d) delivering said data item in encrypted format to said second, concurrent, requesting process.
20 . The method of claim 15 , comprising:
selectively determining whether to provide a data item to a requesting process, either in decrypted format or in encrypted format, based on classifying the requesting process as one of: (i) the requesting process is an authorized logged-in user, or (ii) the requesting process is a locally-running backup module, or (iii) the requesting process is a remote backup module that is requesting the data item through a shared network drive mechanism, or (iv) the requesting process is a non-backup requesting process.
21 . The method of claim 15 , comprising:
applying a particular security policy rule to step (D), from a set of two or more security rules that comprise at least two of the following four rules:
(i) a first security policy rule that applies when the requesting process is an authorized logged-in user,
(ii) a second security policy rule that applies when the requesting process is a locally-running backup module,
(iii) a third security policy rule that applies when the requesting process is a remote backup module that is requesting the data item through a shared network drive mechanism,
(iv) a fourth security policy rule that applies when the requesting process is a non-backup data-requesting process.
22 . The method of claim 15 , comprising:
selectively determining whether to deliver a requested data item, either in decrypted format or in encrypted format, to said data requesting process, based on classification of said data requesting process into either a backup module or a non-backup module.
23 . The method of claim 15 , comprising:
selectively determining whether to deliver a requested data item, either in decrypted format or in encrypted format, to said data requesting process, based cumulatively on both: (a) classification of said data requesting process into either a backup module or a non-backup module, and (b) a pre-defined security policy rule that indicates a first time-window in which data is provided in encrypted form and further indicates a second time-window in which data is provided in decrypted form.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.