&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=12244603.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 12,244,603 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Encryption and decryption of data in a cloud storage based on indications in metadata</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Matthew G. Borlick,  Tucson, AZ (US);  Lokesh M. Gupta,  Tucson, AZ (US); and  Micah Robison,  Tucson, AZ (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  INTERNATIONAL BUSINESS MACHINES CORPORATION,  Armonk, NY (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  INTERNATIONAL BUSINESS MACHINES CORPORATION,  Armonk, NY (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Mar.  23, 2016, as Appl. No. 15/078,187.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2017/0279812 A1, Sep.  28, 2017</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 9/40</b></i> (2022.01); <i><b>G06F 21/62</b></i> (2013.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 63/107</b></i> (2013.01)&#xa0;[<i><b>G06F 21/6218</b></i> (2013.01); <i><b>G06F 21/6236</b></i> (2013.01); <i><b>H04L 63/0428</b></i> (2013.01)]</td>
            <td class="table_data" align="right"><b>18 Claims</b></td>
          </tr>
        </table>
        <center><img src="US12244603-20250304-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A method, comprising:<div class="claim_text">storing encrypted data in a first cloud server of a plurality of cloud servers in a cloud computing environment;</div>
                <div class="claim_text">configuring a controller having at least a first processor complex and a second processor complex that function redundantly of each other, wherein the first processor complex is able to take over operations performed by the second processor complex, wherein the controller includes a data distribution and security preservation application and a data structure that stores information on where a plurality of storage clouds are maintained, and wherein the plurality of storage clouds include the plurality of cloud servers;</div>
                <div class="claim_text">maintaining metadata associated with the encrypted data in the controller in the cloud computing environment, wherein the controller is communicatively coupled via an interface to the first cloud server of the plurality of cloud servers, wherein the metadata indicates geographical restrictions and policies on the encrypted data, wherein the geographical restrictions and the policies indicate that the encrypted data is allowed to be stored in a first geographical location only until a predetermined date, wherein the first cloud server of the plurality of cloud servers is located in a second geographical location and is maintained by a first vendor and has a first operating system, wherein a second cloud server of the plurality of cloud servers is located in a third geographical location and is maintained by a second vendor and has a second operating system, wherein the second operating system is different from the first operating system, and wherein the geographical restrictions include first restrictions that require storing health related data of an individual in a country in which the individual resides, second restrictions that require storing employee data of a corporation within a firewall of the corporation, and third restrictions that require storing electronic mail data of residents of a group of countries in storage that is located in the group of countries;</div>
                <div class="claim_text">sending a request from the first cloud server to the controller for a decryption code for the encrypted data;</div>
                <div class="claim_text">in response to receiving, by the controller, the request from the first cloud server, determining by the data distribution and security preservation application and the data structure included in the controller from the metadata whether the metadata indicates that reading of information in the encrypted data is allowed in the second geographical location where the first cloud server that stores the encrypted data is located;</div>
                <div class="claim_text">in response to determining, by the data distribution and security preservation application and the data structure included in the controller, that the metadata indicates that the reading of information in the encrypted data is allowed in the second geographical location where the first cloud server that stores the encrypted data is located, transmitting the decryption code from the controller to the first cloud server, wherein on receiving the decryption code the first cloud server decrypts the encrypted data; and</div>
                <div class="claim_text">in response to determining, by the data distribution and security preservation application and the data structure included in the controller, that the metadata indicates that the reading of information in the encrypted data is not allowed in the second geographical location where the first cloud server that stores the encrypted data is located, declining to provide the decryption code to the first cloud server, wherein in response to the encrypted data being copied in an unauthorized manner to a third cloud server of the plurality of cloud servers the controller declines to provide the decryption code to the third cloud server, and wherein the controller allows a plurality of host computational devices to perform Input/Output (I/O) operations with logical storage maintained in the controller, wherein physical storage corresponding to the logical storage is maintained in the plurality of cloud servers.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>