Data encryption service and customized encryption management
First Claim
1. A system comprising:
- one or more computing devices configured to provide one or more cloud-based data encryption services; and
a memory configured to store information related to a plurality of applications;
wherein at least one computing device from the one or more computing devices is configured to;
receive, from a first customer system of a plurality of customer systems, a request for data encryption service for an application hosted by the first customer system;
responsive to the request, provide, to the first customer system, a user interface comprising a selectable list of a plurality of application policies, related to the application, to be applied to future requests for data from the application;
receive, via the user interface, a selection of an application policy from the selectable list of the plurality of application policies, wherein the application policy specifies a cryptographic policy and one or more encryption objects to be used to secure data in the application for the future requests;
generate a mapping between the application policy and the application;
determine an encryption to be applied to secure the data in the application based at least in part on the cryptographic policy and the one or more encryption objects specified in the application policy; and
store, in a first customer data store of a plurality of customer data stores, encryption information related to the application based at least in part on the determined encryption and the application policy, wherein each customer data store is specific to one of a plurality of customers.
1 Assignment
0 Petitions
Accused Products
Abstract
A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.
-
Citations
20 Claims
-
1. A system comprising:
-
one or more computing devices configured to provide one or more cloud-based data encryption services; and a memory configured to store information related to a plurality of applications; wherein at least one computing device from the one or more computing devices is configured to; receive, from a first customer system of a plurality of customer systems, a request for data encryption service for an application hosted by the first customer system; responsive to the request, provide, to the first customer system, a user interface comprising a selectable list of a plurality of application policies, related to the application, to be applied to future requests for data from the application; receive, via the user interface, a selection of an application policy from the selectable list of the plurality of application policies, wherein the application policy specifies a cryptographic policy and one or more encryption objects to be used to secure data in the application for the future requests; generate a mapping between the application policy and the application; determine an encryption to be applied to secure the data in the application based at least in part on the cryptographic policy and the one or more encryption objects specified in the application policy; and store, in a first customer data store of a plurality of customer data stores, encryption information related to the application based at least in part on the determined encryption and the application policy, wherein each customer data store is specific to one of a plurality of customers. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method comprising:
-
receiving, from at least a first customer system of a plurality of customer systems, a request for cloud-based data encryption service for an application hosted by the at least the first customer system; responsive to the request, providing, to the first customer system, a user interface comprising a selectable list of a plurality of application policies, related to the application, to be applied to future requests for data from the application; receiving, via the user interface, a selection of an application policy from the selectable list of the plurality of application policies, wherein the application policy specifies a cryptographic policy and one or more encryption objects to be used to secure data in the application for the future requests; generate a mapping between the application policy and the application; determining an encryption to be applied to secure the data in the application based at least in part on the cryptographic policy and the one or more encryption objects specified in the application policy; and storing, in a first customer data store of a plurality of customer data stores, encryption information related to the application based at least in part on the determined encryption and the application policy, wherein each customer data store is specific to one of a plurality of customers. - View Dependent Claims (14, 15, 16, 17)
-
-
18. One or more non-transitory computer-readable media storing computer-executable instructions executable by one or more processors, the computer-executable instructions comprising:
-
instructions that cause the one or more processors to receive, from a first customer system of a plurality of customer systems, a request for data encryption service for an application hosted by the first customer system; responsive to the request, instructions that cause the one or more processors to provide, to the first customer system, a user interface comprising a selectable list of a plurality of application policies, related to the application, to be applied to future requests for data from the application; instructions that cause the one or more processors to receive, via the user interface, a selection of an application policy from the selectable list of the plurality of application policies, wherein the application policy specifies a cryptographic policy and one or more encryption objects to be used to secure data in the application for the future requests; instructions that cause the one or more processors to generate a mapping between the application policy and the application; instructions that cause the one or more processors to determine an encryption to be applied to secure the data in the application based at least in part on the cryptographic policy and the one or more encryption objects specified in the application policy; and instructions that cause the one or more processors to store, in a first customer data store of a plurality of customer data stores, encryption information related to the application based at least in part on the determined encryption and the application policy, wherein each customer data store is specific to one of a plurality of customers. - View Dependent Claims (19, 20)
-
Specification