Data encryption service
First Claim
1. A system comprising:
- a central data store comprising;
information related to a plurality of applications hosted in a cloud computing environment,information related to a plurality of cryptographic policies used to secure the plurality of applications, andinformation related to a plurality of encryption objects used to secure the plurality of applications; and
one or more computing devices configured to provide one or more data encryption services, wherein at least one computing device from the one or more computing devices comprises;
one or more processors, anda memory having stored thereon a set of instructions that, when executed by the one or more processors, cause the one or more processors to;
receive an application policy to apply to an application of the plurality of applications, the application policy specifying a type of encryption for securing at least a portion of data in the application;
in response to receiving the application policy;
identify the portion of the data in the application to be secured based on the application policy;
determine, based at least in part on the application policy, a cryptographic policy from the plurality of cryptographic policies for securing the portion of the data in the application, wherein the cryptographic policy specifies an encryption object of the plurality of encryption objects for securing the portion of the data in the application, and wherein the cryptographic policy is stored in the central data store; and
generate and store, in the central data store, a mapping between the application policy and the cryptographic policy for the portion of the data in the application;
receive, from a user device, a request for the portion of the data; and
in response to receiving the request;
acquire the encryption object from the central data store, based at least in part on the cryptographic policy;
secure the portion of the data in the application using the encryption object in accordance with the application policy and the cryptographic policy;
transmit the secured portion of the data to the user device; and
transmit notification information related to the application to a remote computing device, wherein the notification information comprises at least one of a roll-over date of the encryption object used to secure the portion of the data in the application, an expiry date of the encryption object, and a renewal date of the encryption object.
1 Assignment
0 Petitions
Accused Products
Abstract
A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.
-
Citations
17 Claims
-
1. A system comprising:
-
a central data store comprising; information related to a plurality of applications hosted in a cloud computing environment, information related to a plurality of cryptographic policies used to secure the plurality of applications, and information related to a plurality of encryption objects used to secure the plurality of applications; and one or more computing devices configured to provide one or more data encryption services, wherein at least one computing device from the one or more computing devices comprises; one or more processors, and a memory having stored thereon a set of instructions that, when executed by the one or more processors, cause the one or more processors to; receive an application policy to apply to an application of the plurality of applications, the application policy specifying a type of encryption for securing at least a portion of data in the application; in response to receiving the application policy; identify the portion of the data in the application to be secured based on the application policy; determine, based at least in part on the application policy, a cryptographic policy from the plurality of cryptographic policies for securing the portion of the data in the application, wherein the cryptographic policy specifies an encryption object of the plurality of encryption objects for securing the portion of the data in the application, and wherein the cryptographic policy is stored in the central data store; and generate and store, in the central data store, a mapping between the application policy and the cryptographic policy for the portion of the data in the application; receive, from a user device, a request for the portion of the data; and in response to receiving the request; acquire the encryption object from the central data store, based at least in part on the cryptographic policy; secure the portion of the data in the application using the encryption object in accordance with the application policy and the cryptographic policy; transmit the secured portion of the data to the user device; and transmit notification information related to the application to a remote computing device, wherein the notification information comprises at least one of a roll-over date of the encryption object used to secure the portion of the data in the application, an expiry date of the encryption object, and a renewal date of the encryption object. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
receiving an application policy to apply to an application of a plurality of applications hosted in a cloud computing environment, the application policy specifying a type of encryption for securing at least a portion of data in the application; in response to receiving the application policy; identifying the portion of the data in the application to be secured based on the application policy; determining, based at least in part on the application policy, a cryptographic policy of a plurality of cryptographic policies for securing the portion of the data in the application, wherein; the cryptographic policy specifies an encryption object of a plurality of encryption objects for securing the portion of the data in the application, the plurality of cryptographic policies and the plurality of encryption objects are stored in a central data store of the cloud computing environment, and the central data store further stores information related to the plurality of applications hosted in the cloud computing environment; and generating and storing, in the central data store, a mapping between the application policy and the cryptographic policy for the portion of the data in the application; receiving, from a user device, a request for the portion of the data; and in response to receiving the request; acquiring the encryption object from the central data store, based at least in part on the cryptographic policy; securing the portion of the data in the application using the encryption object in accordance with the application policy and the cryptographic policy; transmitting the secured portion of the data to the user device; and transmitting notification information related to the application to a remote computing device, wherein the notification information comprises at least one of a roll-over date of the encryption object used to secure the portion of the data in the application, an expiry date of the encryption object, and a renewal date of the encryption object. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. One or more non-transitory computer-readable media storing computer-executable instructions executable by one or more processors, the computer-executable instructions comprising:
-
instructions that cause the one or more processors to receive an application policy to apply to an application of a plurality of applications hosted in a cloud computing environment, the application policy specifying a type of encryption for securing at least a portion of data in the application; instructions that cause the one or more processors to, in response to receiving the application policy; identify the portion of the data in the application to be secured based on the application policy; determine, based at least in part on the application policy, a cryptographic policy of a plurality of cryptographic policies for securing the portion of the data in the application, wherein; the cryptographic policy specifies an encryption object of a plurality of encryption objects for securing the portion of the data in the application, the plurality of cryptographic policies and the plurality of encryption objects are stored in a central data store of the cloud computing environment, and the central data store further stores information related to the plurality of applications hosted in the cloud computing environment; and generate and store, in the central data store, a mapping between the application policy and the cryptographic policy for at least the portion of the data in the application; instructions that cause the one or more processors to receive, from a user device, a request for the portion of the data; and instructions that cause the one or more processors to, in response to receiving the request; acquire the encryption object from the central data store, based at least in part on the cryptographic policy; secure the portion of the data in the application using the encryption object in accordance with the application policy and the cryptographic policy; transmit the secured portion of the data to the user device; and transmit notification information related to the application to a remote computing device, wherein the notification information comprises at least one of a roll-over date of the encryption object used to secure the portion of the data in the application, an expiry date of the encryption object, and a renewal date of the encryption object. - View Dependent Claims (16, 17)
-
Specification