公开(公告)号：MY175074A

公开(公告)日：2020-06-04

申请号：MYPI2013004236

申请日：2013-11-25

Applicant: MIMOS BERHAD

Inventor： SEA CHONG SEAK ,  NOR IZYANI DAUD ,  GALOH RASHIDAH BINTI HARON ,  NG KANG SIONG ,  DHARMADHARSHNI MANIAM ,  WONG HON LOON

Abstract: Secure transaction log is used as an audit trail mechanism as said secure logging system is a centralized system that logs all application transactions from different servers wherein it provides an authentication method for client to login to the logging system and an authorization method to verify that only registered servers are able to record and view data to or from the storage. The system comprising at least one client platform (102); at least one application platform (104) and at least one storage device (106) having capacity for storing information. The at least one client platform (102) further comprising at least one user token (102a) for identifying user credentials; and at least one physical machine (102c) for processing client transaction while the at least one application platform (104) further comprising log information which at least comprises a set of data containing user credentials, server identity, IP address, server distinguish name and timestamp; and at least one secure transaction web service (104a, 104b) for validating client transaction and processing log data. To enable secure transaction log for server logging, the general methodology of the present invention comprising steps of obtaining user credentials to authenticate client for server logging (202); logging into server for transaction log (204); and enabling viewing of logging information of authorized users to record and view information to or from at least one storage. Further, storage information is protected and secured by using hash function (716) wherein hash function is used for authorization of user (718) to ensure that only validated user is able to log in or retrieve log information to and from said storage.

公开(公告)号：MY164087A

公开(公告)日：2017-11-30

申请号：MYPI2012004046

申请日：2012-09-11

Applicant: MIMOS BERHAD

Inventor： SEA CHONG SEAK ,  NOR IZYANI DAUD

IPC: G06F21/62 ,  G06F3/06

Abstract: THE SYSTEM AND METHOD OF THE PRESENT INVENTION MANAGES STORAGE ENCRYPTION OVER NETWORK-BASED OR CLOUD BASED ELASTIC BLOCK STORE, EBS VOLUME SO AS TO PROVIDE FLEXIBILITY AND TRANSPARENCY ON THE ENCRYPTION ALGORITHM THAT CAN BE UNIVERSALLY ACCEPTABLE TO ANY PROVIDER AND USER. THE SYSTEM (100) OF THE PRESENT INVENTION MANAGES STORAGE ENCRYPTION OVER NETWORK BASED ELASTIC-BLOCK STORE, EBS VOLUME (118) WITH A USER MODE (102) AND A KERNEL MODE (104); SAID USER MODE (102) COMPRISING OF AN APPLICATION (106) AND A BLOCK DEVICE (108); SAID KERNEL MODE (104) COMPRISING OF AT AN I/O MANAGER (110) FOR RECEIVING MOUNTING INSTRUCTION AND PRESENTING DECRYPTED DATA TO REQUESTER; A CRYPTO KERNEL MODULE (112) FOR RETRIEVING ENCRYPTION KEY FROM KEY FILE; A FILE SYSTEM (116) AN EBS VOLUME (118). THE METHODOLOGY OF THE PRESENT INVENTION IS BEING INITIATED BY INITIALIZING AND CONFIGURING EBS VOLUME (202). THEREAFTER, ENCRYPTED EBS VOLUME (204) IS MOUNTED ON THE SYSTEM AND DATA IS WRITTEN ON EBS VOLUME AND SAID DATA IS FURTHER ENCRYPTED (206). THE ENCRYPTED DATA IS READ FROM EBS VOLUME AND SAID ENCRYPTED DATA WILL BE DECRYPTED TO OBTAIN DECRYPTED DATA (208). THE ENCRYPTED EBS VOLUME (210) CAN BE UNMOUNTED FROM THE SYSTEM WHEN THE VOLUMES ARE NOT REQUIRED. THE PRESENT INVENTION IS TRANSPARENT TO USER IN WHICH THE DATA THAT IS WRITTEN TO THE EBS DISK ARE ENCRYPTED TRANSPARENTLY WITH THE RANDOM GENERATION OF ENCRYPTION KEY AND STORED IN THE DISK. CONFIDENTIALITY IS ALLOWED AND REINFORCED IN THE EBS VOLUME BY ENCRYPTION OF THE DATA BEING STORED IN THE DATA STORAGE AND DECRYPTION OF THE ENCRYPTED DATA USING CORRECT SYMMETRIC KEY PROVIDED BY THE AUTHORIZED USER DURING RETRIEVAL PROCESS. THE MOST ILLUSTRATIVE DRAWING IS

公开(公告)号：WO2014042512A1

公开(公告)日：2014-03-20

申请号：PCT/MY2013/000156

申请日：2013-09-05

Applicant: MIMOS BERHAD

Inventor： SEA CHONG SEAK ,  NOR IZYANI DAUD

IPC: G06F21/62 ,  G06F3/06

CPC classification number: G06F21/6218 ,  G06F3/0623 ,  G06F3/067

Abstract: The system and method of the present invention manages storage encryption over network-based or cloud based Elastic Block Store (EBS) Volume so as to provide flexibility and transparency on the encryption algorithm that can be universally acceptable to any provider and user. The system (100) of the present invention manages storage encryption over network based Elastic-Block Store (EBS) Volume (118) with a user mode (102) and a kernel mode (104); said user mode (102) comprising of an application (106) and a block device (108); said kernel mode (104) comprising of at an I/O Manager (110) for receiving mounting instruction and presenting decrypted data to requester; a crypto kernel module (112) for retrieving encryption key from key file; a file system (116) an EBS Volume (118). The methodology of the present invention is being initiated by initializing and configuring EBS Volume (202). Thereafter, encrypted EBS Volume (204) is mounted on the system and data is written on EBS Volume and said data is further encrypted (206). The encrypted data is read from EBS Volume and said encrypted data will be decrypted to obtain decrypted data (208). The encrypted EBS Volume (210) can be unmounted from the system when the volumes are not required. The present invention is transparent to user in which the data that is written to the EBS disk are encrypted transparently with the random generation of encryption key and stored in the disk. Confidentiality is allowed and reinforced in the EBS Volume by encryption of the data being stored in the data storage and decryption of the encrypted data using correct symmetric key provided by the authorized user during retrieval process.

Abstract translation: 本发明的系统和方法通过基于网络或基于云的弹性块存储（EBS）卷管理存储加密，以便为任何提供者和用户普遍接受的加密算法提供灵活性和透明度。 本发明的系统（100）利用用户模式（102）和内核模式（104）来管理基于网络的弹性块存储（EBS）卷（118）的存储加密; 所述用户模式（102）包括应用（106）和块设备（108）; 所述内核模式（104）包括在I / O管理器（110）上，用于接收安装指令并将请求者提供解密数据; 用于从密钥文件检索加密密钥的加密内核模块（112） 文件系统（116）EBS卷（118）。 通过初始化和配置EBS卷（202）来启动本发明的方法。 此后，将加密的EBS卷（204）安装在系统上，并将数据写入EBS卷，并且所述数据被进一步加密（206）。 从EBS卷读取加密数据，并且所述加密数据将被解密以获得解密数据（208）。 当不需要卷时，可以从系统中卸载加密的EBS卷（210）。 本发明对用户来说是透明的，其中写入EBS磁盘的数据通过随机生成加密密钥被透明加密并被存储在磁盘中。 在EBS卷中允许和加强保密性，通过使用正确的对称密钥在授权用户进行检索过程中提供的正确对称密钥，对存储在加密数据的数据存储和解密中的数据进行加密。