Systems and methods for encryption and provision of information security using platform services

US 10,020,936 B1
Filed: 04/03/2017
Issued: 07/10/2018
Est. Priority Date: 02/05/2015
Status: Active Grant

First Claim

Patent Images

1. A method, comprising the steps of:

receiving, at a server, a request for encryption of data from an electronic computing device being operated by a user, wherein the request for encryption of data comprises location-related data that indicates a geographic location of the electronic computing device;

determining, at the server, a key space corresponding to the user and/or the electronic computing device based on the request for encryption, wherein the key space comprises a partitioned storage location that contains at least one encryption key;

transmitting the request for encryption from the server to a key service corresponding to the determined key space for generation of unique cryptographic information relating particularly to the request for encryption, wherein the key service provides functionalities of at least encryption key generation, encryption key management, and/or encryption key storage;

receiving, at the server, the unique cryptographic information from the key service, wherein the unique cryptographic information comprises an encryption key uniquely corresponding to the request for encryption and wherein receiving the unique cryptographic information from the key service further comprises comparing the location-related data to one or more geographic-specific policies to determine whether to transmit the unique cryptographic information to the electronic computing device; and

transmitting the unique cryptographic information from the server to the electronic computing device for unique encryption of the data.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for securing or encrypting data or other information arising from a user'"'"'s interaction with software and/or hardware, resulting in transformation of original data into ciphertext. Generally, the ciphertext is generated using context-based keys that depend on the environment in which the original data originated and/or was accessed. The ciphertext can be stored in a user'"'"'s storage device or in an enterprise database (e.g., at-rest encryption) or shared with other users (e.g., cryptographic communication). The system generally allows for secure federation across organizations, including mechanisms to ensure that the system itself and any other actor with pervasive access to the network cannot compromise the confidentially of the protected data.

89 Citations

View as Search Results

36 Claims

1. A method, comprising the steps of:
- receiving, at a server, a request for encryption of data from an electronic computing device being operated by a user, wherein the request for encryption of data comprises location-related data that indicates a geographic location of the electronic computing device;
  
  determining, at the server, a key space corresponding to the user and/or the electronic computing device based on the request for encryption, wherein the key space comprises a partitioned storage location that contains at least one encryption key;
  
  transmitting the request for encryption from the server to a key service corresponding to the determined key space for generation of unique cryptographic information relating particularly to the request for encryption, wherein the key service provides functionalities of at least encryption key generation, encryption key management, and/or encryption key storage;
  
  receiving, at the server, the unique cryptographic information from the key service, wherein the unique cryptographic information comprises an encryption key uniquely corresponding to the request for encryption and wherein receiving the unique cryptographic information from the key service further comprises comparing the location-related data to one or more geographic-specific policies to determine whether to transmit the unique cryptographic information to the electronic computing device; and
  
  transmitting the unique cryptographic information from the server to the electronic computing device for unique encryption of the data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the location-related data further indicates a particular time at which the electronic computing device was located at the geographic location.
  - 3. The method of claim 1, wherein the step of determining a key space corresponding to the user and/or the electronic computing device further comprises the step of comparing the location-related data to one or more geographic-specific policies to determine whether to generate the unique cryptographic information.
  - 4. The method of claim 1, wherein the unique cryptographic information further comprises a key tag.
  - 5. The method of claim 1, wherein the location-related data is selected or derived from the list comprising:
    - an IP address of the electronic computing device, passback of an identifier for a network to which the electronic computing device is connected, observations of other networks in proximity to the electronic computing device, coordinates for the geographic location, cell tower data for the electronic computing device, and third-party data from a location-based service.
  - 6. The method of claim 1, wherein the request for encryption comprises contextual information relating to creation and/or content of the data.
  - 7. The method of claim 1, wherein the key service comprises the key space.
  - 8. The method of claim 7, wherein at least two of the electronic computing device, server, and key service are all located within a common geographic region.
  - 9. The method of claim 8, wherein the key service is managed separately from the server.

10. A system, comprising:
- an electronic computing device that generates or receives data and is associated with a user, wherein the electronic computing device generates a request for encryption of the data, the request for encryption of data comprising location-related data that indicates a geographic location of the electronic computing device, and wherein the electronic computing device transmits the request for encryption to a server;
  
  the server that receives the request for encryption from the electronic computing device, wherein the server determines a key space corresponding to the user and/or the electronic computing device based on the request for encryption, wherein the key space comprises a partitioned storage location that contains at least one encryption key, and transmits the request for encryption to a key service corresponding to the determined key space, wherein the key service provides functionalities of at least encryption key generation, encryption key management, and/or encryption key storage;
  
  the key service that receives the request for encryption from the server, wherein the key service generates unique cryptographic information relating particularly to the request for encryption and transmits the unique cryptographic information to the server, wherein the unique cryptographic information comprises an encryption key uniquely corresponding to the request for encryption;
  
  the server that receives the unique cryptographic information from the key service, wherein the server compares the location-related data to one or more geographic-specific policies to determine whether to transmit the unique cryptographic information to the electronic computing device and transmits the unique cryptographic information to the electronic computing device; and
  
  the electronic computing device that receives the unique cryptographic information from the server, wherein the electronic computing device uniquely encrypts the data using the unique cryptographic information.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein the location-related data further indicates a particular time at which the electronic computing device was located at the geographic location.
  - 12. The system of claim 10, wherein the server, to determine the key space corresponding to the user and/or the electronic computing device, compares the location-related data to one or more geographic-specific policies to determine whether to generate the unique cryptographic information.
  - 13. The system of claim 10, wherein the unique cryptographic information further comprises a key tag.
  - 14. The system of claim 10, wherein the location-related data is selected or derived from the list comprising:
    - an IP address of the electronic computing device, passback of an identifier for a network to which the electronic computing device is connected, observations of other networks in proximity to the electronic computing device, coordinates for the geographic location, cell tower data for the electronic computing device, and third-party data from a location-based service.
  - 15. The system of claim 10, wherein the request for encryption comprises contextual information relating to creation and/or content of the data.
  - 16. The system of claim 10, wherein the key service comprises the key space.
  - 17. The system of claim 16, wherein at least two of the electronic computing device, server, and key service are all located within a common geographic region.
  - 18. The system of claim 17, wherein the key service is managed separately from the server.

19. A method, comprising the steps of:
- receiving, at a server, a request for decryption of data from an electronic computing device being operated by a user, wherein the request for decryption of data comprises location-related data that indicates a geographic location of the electronic computing device;
  
  determining, at the server, a key space corresponding to the user and/or the electronic computing device based on the request for decryption, wherein the key space comprises a partitioned storage location that contains at least one decryption key;
  
  transmitting the request for decryption from the server to a key service corresponding to the determined key space for retrieval of unique cryptographic information relating particularly to the request for decryption, wherein the key service provides functionalities of at least decryption key generation, decryption key management, and/or decryption key storage;
  
  receiving, at the server, the unique cryptographic information from the key service, wherein the unique cryptographic information comprises a decryption key uniquely corresponding to the request for decryption and wherein receiving the unique cryptographic information from the key service further comprises comparing the location-related data to one or more geographic-specific policies to determine whether to transmit the unique cryptographic information to the electronic computing device; and
  
  transmitting the unique cryptographic information from the server to the electronic computing device for decryption of the data.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The method of claim 19, wherein the location-related data further indicates a particular time at which the electronic computing device was located at the geographic location.
  - 21. The method of claim 19, wherein the step of determining a key space corresponding to the user and/or the electronic computing device further comprises the step of comparing the location-related data to one or more geographic-specific policies to determine whether to release the unique cryptographic information.
  - 22. The method of claim 19, wherein the unique cryptographic information further comprises a key tag.
  - 23. The method of claim 19, wherein the location-related data is selected or derived from the list comprising:
    - an IP address of the electronic computing device, passback of an identifier for a network to which the electronic computing device is connected, observations of other networks in proximity to the electronic computing device, coordinates for the geographic location, cell tower data for the electronic computing device, and third-party data from a location-based service.
  - 24. The method of claim 19, wherein the request for decryption comprises contextual information relating to creation and/or content of the data.
  - 25. The method of claim 19, wherein the key service comprises the key space.
  - 26. The method of claim 25, wherein at least two of the electronic computing device, server, and key service are all located within a common geographic region.
  - 27. The method of claim 26, wherein the key service is managed separately from the server.

28. A system, comprising:
- an electronic computing device that receives data and is associated with a user, wherein the electronic computing device generates a request for decryption of the data, the request for decryption of data comprising location-related data that indicates a geographic location of the electronic computing device, and wherein the electronic computing device transmits the request for decryption to a server;
  
  the server that receives the request for decryption from the electronic computing device, wherein the server determines a key space corresponding to the user and/or the electronic computing device based on the request for decryption, wherein the key space comprises a partitioned storage location that contains at least one decryption key, and transmits the request for decryption to a key service corresponding to the determined key space, wherein the key service provides functionalities of at least decryption key generation, decryption key management, and/or decryption key storage;
  
  the key service that receives the request for decryption from the server, wherein the key service determines unique cryptographic information relating particularly to the request for decryption and transmits the unique cryptographic information to the server, wherein the unique cryptographic information comprises a decryption key uniquely corresponding to the request for decryption;
  
  the server that receives the unique cryptographic information from the key service, wherein the server compares the location-related data to one or more geographic-specific policies to determine whether to transmit the unique cryptographic information to the electronic computing device and transmits the unique cryptographic information to the electronic computing device; and
  
  the electronic computing device that receives the unique cryptographic information from the server, wherein the electronic computing device decrypts the data using the unique cryptographic information.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36)
- - 29. The system of claim 28, wherein the location-related data further indicates a particular time at which the electronic computing device was located at the geographic location.
  - 30. The system of claim 28, wherein the server, to determine the key space corresponding to the user and/or the electronic computing device, compares the location-related data to one or more geographic-specific policies to determine whether to transmit the unique cryptographic information.
  - 31. The system of claim 28, wherein the unique cryptographic information further comprises a key tag.
  - 32. The system of claim 28, wherein the location-related data is selected or derived from the list comprising:
    - an IP address of the electronic computing device, passback of an identifier for a network to which the electronic computing device is connected, observations of other networks in proximity to the electronic computing device, coordinates for the geographic location, cell tower data for the electronic computing device, and third-party data from a location-based service.
  - 33. The system of claim 28, wherein the request for decryption comprises contextual information relating to creation and/or content of the data.
  - 34. The system of claim 28, wherein the key service comprises the key space.
  - 35. The system of claim 34, wherein at least two of the electronic computing device, server, and key service are all located within a common geographic region.
  - 36. The system of claim 35, wherein the key service is managed separately from the server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ionic Security, Inc. (Twilio, Inc.)
Original Assignee
Ionic Security, Inc. (Twilio, Inc.)
Inventors
Ghetti, Adam, Jordan, James, Silva, Kenneth, Eckman, Jeremy, McColl, Robert, Speers, Ryan
Primary Examiner(s)
Reza, Mohammad W

Application Number

US15/477,541
Time in Patent Office

463 Days
Field of Search

713168
US Class Current
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 21/602   Providing cryptographic fac...

G06F 21/62   Protecting access to data v...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2133   Verifying human interaction...

H04L 63/04   for providing a confidentia...

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/065   for group communications cr...

H04L 63/0815   providing single-sign-on or...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 9/0819   Key transport or distributi...

H04L 9/0822   using key encryption key

H04L 9/083   involving central third par...

H04L 9/0861   Generation of secret inform...

Systems and methods for encryption and provision of information security using platform services

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

89 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for encryption and provision of information security using platform services

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

89 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links