SECURE DATA CORRIDORS

US 20170163652A1
Filed: 12/29/2016
Published: 06/08/2017
Est. Priority Date: 09/25/2015
Status: Active Grant

First Claim

Patent Images

1. A computing device configured to provide a secure data corridor, the computing device comprising:

a processor;

a network interface communicatively coupled to the processor and configured to enable communications with the mobile traffic network;

a storage device for content and programming;

a security application stored in the storage device, wherein execution of the security application by the processor configures the computing device to perform acts comprising;

receiving a request from a subject for a data feed comprising at least one data element;

identifying a use-case for the data feed;

determining a data sensitivity rating of the data feed;

determining a security level of each data element of the data feed;

determining, for each data element of the data feed, one or more security controls that are mapped to the data element;

assigning a security label to the use-case;

comparing a clearance of the subject to the security label of the use-case;

upon determining that a clearance of the subject is at or above the data sensitivity rating of the use-case, allowing the subject privilege to the data feed via the secure data corridor; and

upon determining that the clearance of the subject is below the data sensitivity rating of the use-case, denying the subject privilege to the data feed via the secure data corridor.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method of providing a secure data corridor are provided. A request is received from a subject for a data feed comprising one or more data elements. A use-case is identified and a security level is determined for the data feed. For each data element of the data feed, a security level and one or more security controls that are mapped to the corresponding data element, are determined. A data sensitivity rating is assigned to the use-case. Upon determining that a clearance of the subject is at or above the data sensitivity rating of the use-case, the subject is granted privilege to the data feed via the secure data corridor.

Citations

20 Claims

1. A computing device configured to provide a secure data corridor, the computing device comprising:
- a processor;
  
  a network interface communicatively coupled to the processor and configured to enable communications with the mobile traffic network;
  
  a storage device for content and programming;
  
  a security application stored in the storage device, wherein execution of the security application by the processor configures the computing device to perform acts comprising;
  
  receiving a request from a subject for a data feed comprising at least one data element;
  
  identifying a use-case for the data feed;
  
  determining a data sensitivity rating of the data feed;
  
  determining a security level of each data element of the data feed;
  
  determining, for each data element of the data feed, one or more security controls that are mapped to the data element;
  
  assigning a security label to the use-case;
  
  comparing a clearance of the subject to the security label of the use-case;
  
  upon determining that a clearance of the subject is at or above the data sensitivity rating of the use-case, allowing the subject privilege to the data feed via the secure data corridor; and
  
  upon determining that the clearance of the subject is below the data sensitivity rating of the use-case, denying the subject privilege to the data feed via the secure data corridor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computing device of claim 1, wherein the security label is assigned to the use-case based on a combination of the data sensitivity rating of the data feed, the security level of each data element, and the one or more security controls that are mapped to each data element.
  - 3. The computing device of claim 1, wherein the data sensitivity rating of the secure data corridor is dynamically set in substantially real time upon receiving the request from the subject for the data feed.
  - 4. The computing device of claim 1, wherein:
    - each data element defines its data type as a string, integer, float, or object; and
      
      each data element maps to one or more data objects.
  - 5. The computing device of claim 4, wherein each data object is configured to store one or more data elements mapped to the corresponding data object, at a storage location.
  - 6. The computing device of claim 1, wherein execution of the security application further configures the computing device to perform acts comprising:
    - upon determining that a subject has access to a use-case, allowing the subject to access all data elements and data objects related to the use-case.
  - 7. The computing device of claim 1, wherein the secure data corridor corresponds to at least one of:
    - (i) a link layer, (ii) a network layer, (iii) a transport layer, (iv) a session layer, and (v) an application layer of transmission control protocol and interne protocol (TCP/IP).
  - 8. The computing device of claim 1, wherein the secure data corridor includes a container having an input and no output.
  - 9. The computing device of claim 1, wherein the secure data corridor includes an input, an output, and a secure data container.
  - 10. The computing device of claim 1, wherein the secure data corridor includes a secure data container with one or more outputs and no input.
  - 11. The computing device of claim 1, wherein the control parameters include at least one of the following limitations:
    - (i) no read-up, (ii) no write-down, (iii) tranquility, (iv) explicit read-in, and (v) explicit write-out.

12. A non-transitory computer-readable medium having stored thereon a plurality of sequences of instructions which, when executed by a processor, cause the processor to perform a method of providing a secure data corridor, the method comprising:
- receiving a request from a subject for a data feed comprising at least one data element;
  
  identifying a use-case for the data feed;
  
  determining a data sensitivity rating of the data feed;
  
  determining a security level of a data element of the data feed;
  
  determining, for the element of the data feed, one or more security controls that are mapped to the data element;
  
  assigning a security label to the use-case;
  
  comparing a clearance of the subject to the security label of the use-case;
  
  upon determining that a clearance of the subject is at or above the data sensitivity rating of the use-case, allowing the subject privilege to the data feed via the secure data corridor; and
  
  upon determining that the clearance of the subject is below the data sensitivity rating of the use-case, denying the subject privilege to the data feed via the secure data corridor.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The method of claim 12, wherein the security label is assigned to the use-case based on a combination of the data sensitivity rating of the data feed, the security level of the data element, and the one or more security controls that are mapped to the data element.
  - 14. The method of claim 12, wherein the data sensitivity rating of the secure data corridor is dynamically set in substantially real time upon receiving the request from the subject for the data feed.
  - 15. The method of claim 12, wherein:
    - the data element defines its data type as a string, integer, float, or object;
      
      the data element maps to one or more data objects; and
      
      each data object is configured to store one or more data elements mapped to the corresponding data object, at a storage location.
  - 16. The method of claim 12, further comprising, upon determining that a subject has access to a use-case, allowing the subject to access all data elements and data objects related to the use-case.
  - 17. The method of claim 12, wherein the secure data corridor includes a container having an input and no output.
  - 18. The method of claim 12, wherein the secure data corridor includes an input, an output, and a secure data container.
  - 19. The method of claim 12, wherein the secure data corridor includes a secure data container with one or more outputs and no input.
  - 20. The method of claim 12, wherein the control parameters include at least one of the following limitations:
    - (i) no read-up, (ii) no write-down, (iii) tranquility, (iv) explicit read-in, and (v) explicit write-out.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile USA, Inc. (Deutsche Telekom AG)
Original Assignee
T-Mobile USA, Inc. (Deutsche Telekom AG)
Inventors
Peppe, Brett, Reith, Greg

Granted Patent

US 10,432,641 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/606   by securing the transmissio...

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2113   Multi-level security, e.g. ...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

SECURE DATA CORRIDORS

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE DATA CORRIDORS

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links