Monitoring and alert services and data encryption management

US 10,699,020 B2
Filed: 06/29/2016
Issued: 06/30/2020
Est. Priority Date: 07/02/2015
Status: Active Grant

First Claim

Patent Images

1. A data encryption system comprising:

a data store configured to store information related to a plurality of applications hosted in a cloud computing environment; and

one or more computing devices configured to provide one or more data encryption services, wherein at least one computing device from the one or more computing devices comprises;

one or more processors, anda memory having stored thereon a set of instructions that, when executed by the one or more processors, cause the one or more processors to;

identify an encryption object used to secure data within an application of the plurality of applications;

extract metadata information from the encryption object, wherein the metadata information comprises a corresponding value for each of one or more attributes of the encryption object and each of the corresponding values represents non-secure information about the encryption object;

identify the one or more attributes of the encryption object based at least in part on the metadata information;

expose the one or more attributes and each corresponding value for generation of a set of one or more rules;

generate the set of one or more rules defining a set of one or more conditions to be applied to the corresponding values of the one or more attributes;

generate an alert for the one or more attributes based at least in part on an execution of the set of one or more rules; and

transmit the alert to one or more users using one or more communication channels.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.

Citations

20 Claims

1. A data encryption system comprising:
- a data store configured to store information related to a plurality of applications hosted in a cloud computing environment; and
  
  one or more computing devices configured to provide one or more data encryption services, wherein at least one computing device from the one or more computing devices comprises;
  
  one or more processors, anda memory having stored thereon a set of instructions that, when executed by the one or more processors, cause the one or more processors to;
  
  identify an encryption object used to secure data within an application of the plurality of applications;
  
  extract metadata information from the encryption object, wherein the metadata information comprises a corresponding value for each of one or more attributes of the encryption object and each of the corresponding values represents non-secure information about the encryption object;
  
  identify the one or more attributes of the encryption object based at least in part on the metadata information;
  
  expose the one or more attributes and each corresponding value for generation of a set of one or more rules;
  
  generate the set of one or more rules defining a set of one or more conditions to be applied to the corresponding values of the one or more attributes;
  
  generate an alert for the one or more attributes based at least in part on an execution of the set of one or more rules; and
  
  transmit the alert to one or more users using one or more communication channels.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein the encryption object comprises at least one of an encryption key or a digital certificate used to secure the application.
  - 3. The system of claim 1, wherein the alert comprises a selectable renewal option and wherein the set of instructions comprise further instructions that, when executed by the one or more processors, cause the one or more processors to:
    - receive an indication that the selectable renewal option was selected by a user; and
      
      request, in response to receiving the indication, a renewed encryption object to replace the encryption object.
  - 4. The system of claim 1, wherein the set of instructions comprise further instructions that, when executed by the one or more processors, cause the one or more processors to:
    - extract the metadata information related to the encryption object based at least in part on an application policy related to the application.
  - 5. The system of claim 1, wherein the one or more attributes associated with the encryption object comprise at least one of a name of the encryption object, an activation date of the encryption object, an expiration date of the encryption object, a size of the encryption object, user groups associated with the encryption object, a version of the encryption object, a roll over date of the encryption object, and a renewal date of the encryption object.
  - 6. The system of claim 1, wherein the set of instructions comprise further instructions that, when executed by the one or more processors, cause the one or more processors to:
    - execute the set of one or more rules periodically.
  - 7. The system of claim 1, wherein the set of instructions comprise further instructions that, when executed by the one or more processors, cause the one or more processors to:
    - receive a definition of the set of one or more rules based at least in part on an input received from a user of the system.
  - 8. The system of claim 1, wherein the set of instructions comprise further instructions that, when executed by the one or more processors, cause the one or more processors to:
    - generate an alert for the encryption object based at least in part on identifying a violation of an application policy defined for the application associated with the encryption object.
  - 9. The system of claim 1, wherein the set of instructions comprise further instructions that, when executed by the one or more processors, cause the one or more processors to:
    - transmit the alert via at least one of email, Instant Messaging (IM), Short Message Service (SMS), Multimedia Message Service (MMS), and Application- to-Application messaging.

10. A method comprising:
- identifying an encryption object used to secure data within an application of a plurality of applications, wherein the plurality of applications are hosted in a cloud computing environment;
  
  extracting metadata information from the encryption object, wherein the metadata information comprises a corresponding value for each of one or more attributes of the encryption object and each of the corresponding values represents non-secure information about the encryption object;
  
  identifying the one or more attributes of the encryption object based at least in part on the metadata information;
  
  exposing the one or more attributes and each corresponding value for generation of a set of one or more rules;
  
  generating the set of one or more rules defining a set of one or more conditions to be applied to the corresponding values of the one or more attributes;
  
  generating an alert for the one or more attributes based at least in part on an execution of the set of one or more rules; and
  
  transmitting the alert to one or more users, using one or more communication channels.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10, wherein the encryption object comprises at least one of an encryption key or a digital certificate used to secure the application.
  - 12. The method of claim 10, wherein the alert comprises a selectable renewal option, the method further comprising:
    - receiving an indication that the selectable renewal option was selected by a user; and
      
      requesting, in response to receiving the indication, a renewed encryption object to replace the encryption object.
  - 13. The method of claim 10, further comprising extracting the metadata information related to the encryption object based at least in part on an application policy related to the application.
  - 14. The method of claim 10, wherein the one or more attributes associated with the encryption object to be exposed comprise at least one of a name of the encryption object, an activation date of the encryption object, an expiration date of the encryption object, a size of the encryption object, user groups associated with the encryption object, a version of the encryption object, a roll over date of the encryption object, and a renewal date of the encryption object.
  - 15. The method of claim 10, further comprising executing the set of one or more rules periodically.
  - 16. The method of claim 10 further comprising receiving a definition of the set of one or more rules based at least in part on an input received from a user.
  - 17. The method of claim 10 further comprising generating an alert for the encryption object based at least in part on identifying a violation of an application policy defined for the application associated with the encryption object.

18. One or more non-transitory computer-readable media storing computer-executable instructions executable by one or more processors, the computer-executable instructions comprising:
- instructions that cause the one or more processors to identify an encryption object used to secure data within an application of a plurality of applications, wherein the plurality of applications are hosted in a cloud computing environment;
  
  instructions that cause the one or more processors to extract metadata information from the encryption object, wherein the metadata information comprises a corresponding value for each of one or more attributes of the encryption object and each of the corresponding values represents non-secure information about the encryption object;
  
  instructions that cause the one or more processors to identify the one or more attributes of the encryption object based at least in part on the metadata information;
  
  instructions that cause the one or more processors to expose the one or more attributes and each corresponding value for generation of a set of one or more rules;
  
  instructions that cause the one or more processors to generate the set of one or more rules defining a set of one or more conditions to be applied to the corresponding values of the one or more attributes;
  
  instructions that cause the one or more processors to generate an alert for the one or more attributes based at least in part on an execution of the set of one or more rules; and
  
  instructions that cause the one or more processors to transmit the alert to one or more users, using one or more communication channels.
- View Dependent Claims (19, 20)
- - 19. The computer-readable media of claim 18, wherein the alert comprises a selectable renewal option and wherein the computer-executable instructions further comprise:
    - instructions that cause the one or more processors to receive an indication that the selectable renewal option was selected by a user; and
      
      instructions that cause the one or more processors to request, in response to receiving the indication, a renewed encryption object to replace the encryption object.
  - 20. The computer-readable media of claim 18, wherein the computer-executable instructions further comprise instructions that cause the one or more processors to transmit the alert via at least one of email, Instant Messaging (IM), Short Message Service (SMS), Multimedia Message Service (MMS), and Application- to-Application messaging.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Agarwal, Amit, Tirumalai, Srikant Krishnapuram, Sriramadhesikan, Krishnakumar
Primary Examiner(s)
Kabir, Jahangir

Application Number

US15/197,463
Publication Number

US 20170004312A1
Time in Patent Office

1,462 Days
Field of Search

713164-168, 726 1- 4, 726 16, 726 17
US Class Current
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/629   to features or functions of...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 9/3263   involving certificates, e.g...

H04W 12/02   Protecting privacy or anony...

H04W 12/03   Protecting confidentiality,...

H04W 4/12   Messaging; Mailboxes; Annou...

H04W 4/60   Subscription-based services...

Monitoring and alert services and data encryption management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Monitoring and alert services and data encryption management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links