US 12,457,230 B2
Intelligent hybrid cloud orchestration engine leveraging 3 layered secured data gateway
Bikash Dash, Hyderabad (IN); and Meera Lakshmi, Tamilnadu (IN)
Assigned to Bank of America Corporation, Charlotte, NC (US)
Filed by Bank of America Corporation, Charlotte, NC (US)
Filed on May 17, 2023, as Appl. No. 18/198,388.
Prior Publication US 2024/0388592 A1, Nov. 21, 2024
Int. Cl. G06F 21/00 (2013.01); H04L 9/06 (2006.01); H04L 9/32 (2006.01); H04L 9/40 (2022.01)
CPC H04L 63/1425 (2013.01) [H04L 9/0631 (2013.01); H04L 9/3242 (2013.01)] 19 Claims
OG exemplary drawing
 
19. A hybrid cloud orchestration process comprising the steps of:
storing, in a private cloud, critical data;
retrieving, by a first security layer in a gateway, data elements from the critical data;
cognitively analyzing, the data elements by the first security layer using a spectral clustering algorithm (SCA), to determine risk levels associated with transferring the data elements to a public cloud based on data sensitivity and security threats;
determining, by the first security layer using user and entity behavior analytics (UEBA), whether the data elements qualify for transfer based on an initial threat analysis;
encrypting, into encrypted data by the first security layer using AES or RSA encryption in order to optimize speed, based on the risk levels, the data elements that qualified for transfer based on the initial threat analysis;
removing, from the encrypted data by a second security layer in the gateway, any redundant data;
detecting, by the second security layer, security threats in the encrypted data by analyzing the encrypted data with a convolution neural network-long/short-term memory (CNN-LSTM) algorithm without decrypting the encrypted data;
removing, by the CNN-LSTM in the second security layer, the detected security threats from the encrypted data without decrypting the encrypted data;
hashing, the encrypted data by a SHA-256 cryptographic hash function in a third security layer in the gateway, into hash keys and corresponding hashed data, each of said hash keys being unique and corresponding to a datum of said hashed data, said hashed data being unrestricted in size;
storing, by the third security layer, the hash keys and the hashed data in nodes in a decentralized distributed hash table (DHT), each of said nodes being directly connected to all others of said nodes;
receiving, from an application in a public cloud, data requests for the hashed data, said data requests including request keys;
locating, by the third security layer, the nodes with the hash keys corresponding to the request keys;
validating, by the third security layer, the data requests by comparing the request keys with the hash keys;
retrieving, by the third security layer from the nodes, the hashed data if the request keys match the hash keys; and
transferring, from the third security layer to the application in the public cloud through an encrypted tunnel, the hashed data if the request keys match the hash keys.