Data encryption service and customized encryption management

US 10,489,599 B2
Filed: 06/29/2016
Issued: 11/26/2019
Est. Priority Date: 07/02/2015
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

one or more computing devices configured to provide one or more cloud-based data encryption services; and

a memory configured to store information related to a plurality of applications;

wherein at least one computing device from the one or more computing devices is configured to;

receive, from a first customer system of a plurality of customer systems, a request for data encryption service for an application hosted by the first customer system;

responsive to the request, provide, to the first customer system, a user interface comprising a selectable list of a plurality of application policies, related to the application, to be applied to future requests for data from the application;

receive, via the user interface, a selection of an application policy from the selectable list of the plurality of application policies, wherein the application policy specifies a cryptographic policy and one or more encryption objects to be used to secure data in the application for the future requests;

generate a mapping between the application policy and the application;

determine an encryption to be applied to secure the data in the application based at least in part on the cryptographic policy and the one or more encryption objects specified in the application policy; and

store, in a first customer data store of a plurality of customer data stores, encryption information related to the application based at least in part on the determined encryption and the application policy, wherein each customer data store is specific to one of a plurality of customers.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.

Citations

20 Claims

1. A system comprising:
- one or more computing devices configured to provide one or more cloud-based data encryption services; and
  
  a memory configured to store information related to a plurality of applications;
  
  wherein at least one computing device from the one or more computing devices is configured to;
  
  receive, from a first customer system of a plurality of customer systems, a request for data encryption service for an application hosted by the first customer system;
  
  responsive to the request, provide, to the first customer system, a user interface comprising a selectable list of a plurality of application policies, related to the application, to be applied to future requests for data from the application;
  
  receive, via the user interface, a selection of an application policy from the selectable list of the plurality of application policies, wherein the application policy specifies a cryptographic policy and one or more encryption objects to be used to secure data in the application for the future requests;
  
  generate a mapping between the application policy and the application;
  
  determine an encryption to be applied to secure the data in the application based at least in part on the cryptographic policy and the one or more encryption objects specified in the application policy; and
  
  store, in a first customer data store of a plurality of customer data stores, encryption information related to the application based at least in part on the determined encryption and the application policy, wherein each customer data store is specific to one of a plurality of customers.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, wherein the at least one computing device of the one or more computing devices is further configured to:
    - identify the plurality of application policies based on a type of the application.
  - 3. The system of claim 1, wherein the at least one computing device of the one or more computing devices is further configured to:
    - store, in the first customer data store, the mapping between the application policy and the application.
  - 4. The system of claim 1, wherein the at least one computing device of the one or more computing devices is further configured to provide the one or more encryption objects for encrypting the data in the application via a second user interface of the system.
  - 5. The system of claim 4, wherein the at least one computing device of the one or more computing devices is further configured to receive, via the second user interface, a selection of an encryption object of the one or more encryption objects via the second user interface.
  - 6. The system of claim 5, wherein the at least one computing device of the one or more computing devices is further configured to determine the encryption to be applied to secure the data in the application based at least in part on the application policy and the encryption object.
  - 7. The system of claim 1, wherein the at least one computing device of the one or more computing devices is further configured to:
    - retrieve, for the first customer system, the cryptographic policy for securing the data in the application from a cryptographic policy data store used to store cryptographic policies for each of the plurality of customers.
  - 8. The system of claim 7, wherein the at least one computing device of the one or more computing devices is further configured to:
    - generate a mapping between the application policy, the cryptographic policy and an encryption object related to the application; and
      
      store, in the first customer data store, the mapping between the application policy, the cryptographic policy, and the encryption object related to the application.
  - 9. The system of claim 1, wherein at least one of the one or more encryption objects comprises at least one of an encryption key or a digital certificate.
  - 10. The system of claim 1, wherein the encryption information related to the application comprises at least one of the application policy, the cryptographic policy, and an encryption object of the one or more encryption objects related to the application.
  - 11. The system of claim 1, wherein the at least one computing device of the one or more computing devices is further configured to transmit notification information to a user of the first customer system, the notification information comprising at least one of a roll-over date of an encryption object used to secure the application, an expiry date of an encryption object and a renewal date of an encryption object.
  - 12. The system of claim 1, wherein the at least one computing device of the one or more computing devices is further configured to:
    - receive a request related to the application; and
      
      responsive to the request, secure the data in the application in accordance with the determined encryption for the application.

13. A method comprising:
- receiving, from at least a first customer system of a plurality of customer systems, a request for cloud-based data encryption service for an application hosted by the at least the first customer system;
  
  responsive to the request, providing, to the first customer system, a user interface comprising a selectable list of a plurality of application policies, related to the application, to be applied to future requests for data from the application;
  
  receiving, via the user interface, a selection of an application policy from the selectable list of the plurality of application policies, wherein the application policy specifies a cryptographic policy and one or more encryption objects to be used to secure data in the application for the future requests;
  
  generate a mapping between the application policy and the application;
  
  determining an encryption to be applied to secure the data in the application based at least in part on the cryptographic policy and the one or more encryption objects specified in the application policy; and
  
  storing, in a first customer data store of a plurality of customer data stores, encryption information related to the application based at least in part on the determined encryption and the application policy, wherein each customer data store is specific to one of a plurality of customers.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method of claim 13, further comprising:
    - identifying the plurality of application policies based on a type of the application.
  - 15. The method of claim 13, further comprising:
    - storing, in the first customer data store, the mapping between the application policy and the application.
  - 16. The method of claim 13, further comprising:
    - providing the one or more encryption objects for encrypting the data in the application via a second user interface of the system; and
      
      receiving, via the second user interface, a selection of an encryption object of the one or more encryption objects via the second user interface.
  - 17. The method of claim 16, further comprising determining the encryption to be applied to secure the data in the application based at least in part on the application policy and the encryption object.

18. One or more non-transitory computer-readable media storing computer-executable instructions executable by one or more processors, the computer-executable instructions comprising:
- instructions that cause the one or more processors to receive, from a first customer system of a plurality of customer systems, a request for data encryption service for an application hosted by the first customer system;
  
  responsive to the request, instructions that cause the one or more processors to provide, to the first customer system, a user interface comprising a selectable list of a plurality of application policies, related to the application, to be applied to future requests for data from the application;
  
  instructions that cause the one or more processors to receive, via the user interface, a selection of an application policy from the selectable list of the plurality of application policies, wherein the application policy specifies a cryptographic policy and one or more encryption objects to be used to secure data in the application for the future requests;
  
  instructions that cause the one or more processors to generate a mapping between the application policy and the application;
  
  instructions that cause the one or more processors to determine an encryption to be applied to secure the data in the application based at least in part on the cryptographic policy and the one or more encryption objects specified in the application policy; and
  
  instructions that cause the one or more processors to store, in a first customer data store of a plurality of customer data stores, encryption information related to the application based at least in part on the determined encryption and the application policy, wherein each customer data store is specific to one of a plurality of customers.
- View Dependent Claims (19, 20)
- - 19. The non-transitory computer-readable media of claim 18, wherein the plurality of instructions further comprise instructions that cause the one or more processors to identify the plurality of application policies based on a type of the application.
  - 20. The non-transitory computer-readable media of claim 18, wherein the encryption information related to the application comprises at least one of the application policy, the cryptographic policy, and an encryption object of the one or more encryption objects related to the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Agarwal, Amit, Tirumalai, Srikant Krishnapuram, Sriramadhesikan, Krishnakumar
Primary Examiner(s)
Giddins, Nelson S.

Application Number

US15/197,472
Publication Number

US 20170004313A1
Time in Patent Office

1,245 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/629   to features or functions of...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 9/3263   involving certificates, e.g...

H04W 12/02   Protecting privacy or anony...

H04W 12/03   Protecting confidentiality,...

H04W 4/12   Messaging; Mailboxes; Annou...

H04W 4/60   Subscription-based services...

Data encryption service and customized encryption management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Data encryption service and customized encryption management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links