Systems and methods for encryption and provision of information security using platform services
First Claim
1. A method, comprising the steps of:
- retrieving a secure enrollment profile, wherein the secure enrollment profile comprises cryptographic identity data corresponding to a particular electronic computing device that is enrolled with a federated security platform associated with a plurality of tenants;
determining, based on the cryptographic identity data, a particular tenant corresponding to the particular electronic computing device for enabling secure tenant-specific tracking, by the platform, of electronic activities of the particular electronic computing device;
receiving, from the platform, one or more policies defining whether to perform a cryptographic operation with respect to one or more data items generated by the particular electronic computing device according to tenant-defined criteria corresponding to the particular electronic computing device;
automatically identifying the one or more data items;
automatically comparing the one or more data items to the one or more policies to determine whether to perform the cryptographic operation with respect to the one or more data items; and
automatically performing the cryptographic operation with respect to at least one of the one or more data items.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for securing or encrypting data or other information arising from a user'"'"'s interaction with software and/or hardware, resulting in transformation of original data into ciphertext. Generally, the ciphertext is generated using context-based keys that depend on the environment in which the original data originated and/or was accessed. The ciphertext can be stored in a user'"'"'s storage device or in an enterprise database (e.g., at-rest encryption) or shared with other users (e.g., cryptographic communication). The system generally allows for secure federation across organizations, including mechanisms to ensure that the system itself and any other actor with pervasive access to the network cannot compromise the confidentially of the protected data.
11 Citations
22 Claims
-
1. A method, comprising the steps of:
-
retrieving a secure enrollment profile, wherein the secure enrollment profile comprises cryptographic identity data corresponding to a particular electronic computing device that is enrolled with a federated security platform associated with a plurality of tenants; determining, based on the cryptographic identity data, a particular tenant corresponding to the particular electronic computing device for enabling secure tenant-specific tracking, by the platform, of electronic activities of the particular electronic computing device; receiving, from the platform, one or more policies defining whether to perform a cryptographic operation with respect to one or more data items generated by the particular electronic computing device according to tenant-defined criteria corresponding to the particular electronic computing device; automatically identifying the one or more data items; automatically comparing the one or more data items to the one or more policies to determine whether to perform the cryptographic operation with respect to the one or more data items; and automatically performing the cryptographic operation with respect to at least one of the one or more data items. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system, comprising:
-
a federated security platform associated with a plurality of tenants, the platform comprising a server; and an electronic computing device enrolled with the platform, the electronic computing device comprising a processor, the processor operative to; retrieve, from the platform, a secure enrollment profile, wherein the secure enrollment profile comprises cryptographic identity data corresponding to the electronic computing device; determine, based on the cryptographic identity data, a particular tenant corresponding to the electronic computing device for enabling secure tenant-specific tracking, by the platform, of electronic activities of the electronic computing device; receive, from the platform, one or more policies defining whether to perform a cryptographic operation with respect to one or more data items generated by the electronic computing device according to tenant-defined criteria corresponding to the electronic computing device; automatically identify the one or more data items; automatically compare the one or more data items to the one or more policies to determine whether to perform the cryptographic operation with respect to the one or more data items; and automatically perform the cryptographic operation with respect to at least one of the one or more data items. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification