DATA ENCRYPTION SERVICE AND CUSTOMIZED ENCRYPTION MANAGEMENT

US 20170004313A1
Filed: 06/29/2016
Published: 01/05/2017
Est. Priority Date: 07/02/2015
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

one or more computing devices configured to provide one or more data encryption services; and

a memory configured to store information related to a plurality of applications;

wherein at least one computing device from the one or more computing devices is configured to;

receive, from at least a first customer system of a plurality of customer systems, a request related to an application;

responsive to the request, provide, to at least the first customer system, one or more application policies related to the application;

receive, from a user of at least the first customer system, a selection of an application policy from the one or more application policies;

determine an encryption to be applied to secure data in the application based at least in part on the application policy; and

store, in a first customer data store, encryption information related to the application based at least in part on the determined encryption and the application policy.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.

Citations

20 Claims

1. A system comprising:
- one or more computing devices configured to provide one or more data encryption services; and
  
  a memory configured to store information related to a plurality of applications;
  
  wherein at least one computing device from the one or more computing devices is configured to;
  
  receive, from at least a first customer system of a plurality of customer systems, a request related to an application;
  
  responsive to the request, provide, to at least the first customer system, one or more application policies related to the application;
  
  receive, from a user of at least the first customer system, a selection of an application policy from the one or more application policies;
  
  determine an encryption to be applied to secure data in the application based at least in part on the application policy; and
  
  store, in a first customer data store, encryption information related to the application based at least in part on the determined encryption and the application policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, wherein the computing device of the one or more computing devices is further configured to provide, to the user of the first customer system, the one or more application policies related to the application via a first user interface of the system.
  - 3. The system of claim 1, wherein the computing device of the one or more computing devices is further configured to:
    - generate a mapping between the application policy and the application; and
      
      store, in the first customer data store, the mapping between the application policy and the application.
  - 4. The system of claim 1, wherein a computing device of the one or more computing devices is further configured to provide, to the user of the first customer system, one or more encryption objects for encrypting the data in the application via a second user interface of the system.
  - 5. The system of claim 4, wherein the computing device of the one or more computing devices is further configured to receive, from the user of the first customer system, a selection of an encryption object of the one or more encryption objects via the second user interface.
  - 6. The system of claim 5, wherein a computing device of the one or more computing devices is further configured to determine the encryption to be applied to secure the data in the application based at least in part on the application policy and the encryption object.
  - 7. The system of claim 1, wherein the computing device of the one or more computing devices is further configured to:
    - determine, for the first customer system, a cryptographic policy for securing the data in the application, wherein the encryption to be applied to secure the application is further determined based on the cryptographic policy.
  - 8. The system of claim 7, wherein the computing device of the one or more computing devices is further configured to:
    - generate a mapping between the application policy, the cryptographic policy and an encryption object related to the application; and
      
      store, in the first customer data store, the mapping between the application policy, the cryptographic policy, and the encryption object related to the application.
  - 9. The system of claim 1, wherein the encryption object comprises at least one of an encryption key or a digital certificate.
  - 10. The system of claim 1, wherein the encryption information related to the application comprises at least one of the application policy, a cryptographic policy, and an encryption object related to the application.
  - 11. The system of claim 1, wherein a computing device of the one or more computing devices is further configured to transmit notification information to the user of the first customer system, the notification information comprising at least one of a roll-over date of an encryption object used to secure the application, an expiry date of an encryption object and a renewal date of an encryption object.
  - 12. The system of claim 1, wherein a computing device of the one or more computing devices is further configured to:
    - receive a request related to the application; and
      
      responsive to the request, secure the data in the application in accordance with the determined encryption for the application.

13. A method comprising:
- receiving, from at least a first customer system of a plurality of customer systems, a request related to an application;
  
  responsive to the request, providing, to at least the first customer system, one or more application policies related to the application;
  
  receiving, from a user of at least the first customer system, a selection of an application policy from the one or more application policies;
  
  determining an encryption to be applied to secure the data in the application based at least in part on the application policy; and
  
  storing, in a first customer data store, encryption information related to the application based at least in part on the determined encryption and the application policy.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method of claim 13, further comprising providing, to the user of the first customer system, the one or more application policies related to the application via a first user interface.
  - 15. The method of claim 13, further comprising:
    - generating a mapping between the application policy and the application; and
      
      storing, in the first customer data store, the mapping between the application policy and the application.
  - 16. The method of claim 13, further comprising:
    - providing, to the user of the first customer system, one or more encryption objects for encrypting the data in the application via a second user interface of the system; and
      
      receiving, from the user of the first customer system, a selection of an encryption object of the one or more encryption objects via the second user interface.
  - 17. The method of claim 16, further comprising determining the encryption to be applied to secure the data in the application based at least in part on the application policy and the encryption object.

18. One or more non-transitory computer-readable media storing computer-executable instructions executable by one or more processors, the computer-executable instructions comprising:
- instructions that cause the one or more processors to receive, from at least a first customer system of a plurality of customer systems, a request related to an application;
  
  responsive to the request, instructions that cause the one or more processors to provide, to at least the first customer system, one or more application policies related to the application;
  
  instructions that cause the one or more processors to receive, from a user of at least the first customer system, a selection of an application policy from the one or more application policies;
  
  instructions that cause the one or more processors to determine an encryption to be applied to secure the data in the application based at least in part on the application policy; and
  
  instructions that cause the one or more processors to store, in a first customer data store, encryption information related to the application based at least in part on the determined encryption and the application policy.
- View Dependent Claims (19, 20)
- - 19. The computer-readable media of claim 18, wherein the plurality of instructions further comprise instructions that cause the one or more processors to provide, to the user of the first customer system, the one or more application policies related to the application via a first user interface.
  - 20. The computer-readable media of claim 18, wherein the encryption information related to the application comprises at least one of the application policy, a cryptographic policy, and an encryption object related to the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Agarwal, Amit, Tirumalai, Srikant Krishnapuram, Sriramadhesikan, Krishnakumar

Granted Patent

US 10,489,599 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/629   to features or functions of...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 9/3263   involving certificates, e.g...

H04W 12/02   Protecting privacy or anony...

H04W 12/03   Protecting confidentiality,...

H04W 4/12   Messaging; Mailboxes; Annou...

H04W 4/60   Subscription-based services...

DATA ENCRYPTION SERVICE AND CUSTOMIZED ENCRYPTION MANAGEMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DATA ENCRYPTION SERVICE AND CUSTOMIZED ENCRYPTION MANAGEMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links