Differential Encryption Utilizing Trust Modes
First Claim
Patent Images
1. A method of data security comprising:
- generating a plurality of trust modes, each trust mode associated with data stored at a security device and defining one or more data access requirements to access data stored at the security device, wherein each data access requirement is specific to at least one of a user or a user device;
receiving a request from a user device to access data stored at the security device;
implementing at the security device one or more of the trust modes based on the data access request;
for each data access requirement defined by the implemented one or more trust modes, determining whether the user or the user device satisfies the data access requirement; and
granting the user permission to access to the requested data via the user device responsive to a determination that the user or the user device satisfies each of the access requirements.
0 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are provided for data protection across connected, disconnected, attended, and unattended environments. Embodiments of the inventions may include differential encryption based on network connectivity, attended/unattended status, or a combination thereof. Additional embodiments of the invention incorporate “trust windows” that provide granular and flexible data access as function of the parameters under which sensitive data is accessed. Further embodiments refine the trust windows concept by incorporating dynamic intrusion detection techniques.
65 Citations
21 Claims
-
1. A method of data security comprising:
-
generating a plurality of trust modes, each trust mode associated with data stored at a security device and defining one or more data access requirements to access data stored at the security device, wherein each data access requirement is specific to at least one of a user or a user device; receiving a request from a user device to access data stored at the security device; implementing at the security device one or more of the trust modes based on the data access request; for each data access requirement defined by the implemented one or more trust modes, determining whether the user or the user device satisfies the data access requirement; and granting the user permission to access to the requested data via the user device responsive to a determination that the user or the user device satisfies each of the access requirements. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A non-transitory computer-readable storage medium having executable computer program instructions embodied therein for data security, the computer program instructions configured to, when executed, cause a computer to:
-
generate a plurality of trust modes, each trust mode associated with data stored at a security device and defining one or more data access requirements to access data stored at the security device, wherein each data access requirement is specific to at least one of a user or a user device; receive a request from a user device to access data stored at the security device; implement at the security device one or more of the trust modes based on the data access request; for each data access requirement defined by the implemented one or more trust modes, determine whether the user or the user device satisfies the data access requirement; and grant the user permission to access to the requested data via the user device responsive to a determination that the user or the user device satisfies each of the access requirements. - View Dependent Claims (15, 16, 17)
-
-
18. A computer system for data security, the system comprising:
-
a computer processor; and a non-transitory computer-readable storage medium storing executable computer program instructions configured to, when executed by the processor, cause the computer system to; generate a plurality of trust modes, each trust mode associated with data stored at a security device and defining one or more data access requirements to access data stored at the security device, wherein each data access requirement is specific to at least one of a user or a user device; receive a request from a user device to access data stored at the security device; implement at the security device one or more of the trust modes based on the data access request; for each data access requirement defined by the implemented one or more trust modes, determine whether the user or the user device satisfies the data access requirement; and grant the user permission to access to the requested data via the user device responsive to a determination that the user or the user device satisfies each of the access requirements. - View Dependent Claims (19, 20, 21)
-
Specification