×

Data encryption service

  • US 10,395,042 B2
  • Filed: 06/29/2016
  • Issued: 08/27/2019
  • Est. Priority Date: 07/02/2015
  • Status: Active Grant
First Claim
Patent Images

1. A system comprising:

  • a central data store comprising;

    information related to a plurality of applications hosted in a cloud computing environment,information related to a plurality of cryptographic policies used to secure the plurality of applications, andinformation related to a plurality of encryption objects used to secure the plurality of applications; and

    one or more computing devices configured to provide one or more data encryption services, wherein at least one computing device from the one or more computing devices comprises;

    one or more processors, anda memory having stored thereon a set of instructions that, when executed by the one or more processors, cause the one or more processors to;

    receive an application policy to apply to an application of the plurality of applications, the application policy specifying a type of encryption for securing at least a portion of data in the application;

    in response to receiving the application policy;

    identify the portion of the data in the application to be secured based on the application policy;

    determine, based at least in part on the application policy, a cryptographic policy from the plurality of cryptographic policies for securing the portion of the data in the application, wherein the cryptographic policy specifies an encryption object of the plurality of encryption objects for securing the portion of the data in the application, and wherein the cryptographic policy is stored in the central data store; and

    generate and store, in the central data store, a mapping between the application policy and the cryptographic policy for the portion of the data in the application;

    receive, from a user device, a request for the portion of the data; and

    in response to receiving the request;

    acquire the encryption object from the central data store, based at least in part on the cryptographic policy;

    secure the portion of the data in the application using the encryption object in accordance with the application policy and the cryptographic policy;

    transmit the secured portion of the data to the user device; and

    transmit notification information related to the application to a remote computing device, wherein the notification information comprises at least one of a roll-over date of the encryption object used to secure the portion of the data in the application, an expiry date of the encryption object, and a renewal date of the encryption object.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×