US 12,032,718 B1
System, method, and computer program for securely handling and storing customer data without enabling human access to the data
Sovane Bin, San Francisco, CA (US); Saddek Dekoum, Ris Orangis (FR); Raphaël Fonrouge, Chatenay Malabry (FR); and Francois Lopitaux, San Carlos, CA (US)
Assigned to Odaseva Technologies SAS, Neuilly-sur-Seine (FR)
Filed by Odaseva Technologies SAS, Neuilly-sur-Seine (FR)
Filed on Jan. 22, 2021, as Appl. No. 17/156,409.
Int. Cl. G06F 21/62 (2013.01); G06F 11/14 (2006.01); G06F 21/60 (2013.01); H04L 9/08 (2006.01)
CPC G06F 21/6245 (2013.01) [G06F 11/1464 (2013.01); G06F 11/1469 (2013.01); G06F 21/602 (2013.01); H04L 9/0819 (2013.01); G06F 2201/805 (2013.01)] 19 Claims
OG exemplary drawing
 
1. A method, performed by a computer system, for securely handling and storing customer data without enabling human access to the customer data, the method comprising:
receiving customer data at a server having an encrypted environment (“an encrypted server”), wherein receiving the customer data comprises extracting the customer data from an external customer application over a secure network and wherein the customer data is extracted for the purpose of providing a cloud emulator of the customer data;
processing the customer data for storage, wherein the processing is performed by a processing module on the encrypted server;
granularly encrypting the customer data without storing a key for decrypting the customer data, wherein the encryption is performed by an encryption module on the encrypted server;
transmitting the granularly-encrypted customer data over a secure network to a cloud-based data storage system, wherein the granularly-encrypted customer data is stored in an encrypted database or file system, and wherein the cloud-based data storage system has no access to the key for decrypting the granularly-encrypted customer data,
wherein granular encryption in the encryption module provides a first encryption layer for the customer data, the encrypted server in which the processing for storage, granular encryption, and decryption take place provides a second encryption layer for the customer data, and storage in the encrypted database or file system provides a third encryption layer for the customer data;
receiving a request from a customer to transmit the customer data to an external destination;
retrieving the granularly-encrypted customer data from the cloud-based data storage system over a secure network to the encrypted server;
receiving at the encrypted server the key for decrypting the granularly-encrypted customer data from the customer or a customer-controlled key management system;
decrypting the granularly-encrypted customer data using the key, wherein the decryption using the key is performed by a decryption module on the encrypted server;
discarding the key;
processing the customer data for transmission, wherein the processing is performed by the processing module on the encrypted server; and
transmitting the customer data to the external destination over a secure network.