POLICY-ENABLED ENCRYPTION KEYS HAVING EPHEMERAL POLICIES

US 20170250811A1
Filed: 02/22/2017
Published: 08/31/2017
Est. Priority Date: 02/26/2016
Status: Active Grant

First Claim

Patent Images

1. A method for evaluating an encryption key based on policies for a policy operation, the method comprising:

aggregating existing policies for evaluating at least one key attribute of the encryption key;

executing a policy replacement operation replacing at least one existing policy with at least one ephemeral policy; and

evaluating the at least one key attribute based, at least in part, on the at least one ephemeral policy.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Examples described herein relate to apparatuses and methods for evaluating an encryption key based on policies for a policy operation, including, but not limited to, aggregating existing policies for evaluating at least one key attribute of the encryption key, executing a policy replacement operation replacing at least one existing policy with at least one ephemeral policy, and evaluating the at least one key attribute based, at least in part, on the at least one ephemeral policy.

26 Citations

View as Search Results

20 Claims

1. A method for evaluating an encryption key based on policies for a policy operation, the method comprising:
- aggregating existing policies for evaluating at least one key attribute of the encryption key;
  
  executing a policy replacement operation replacing at least one existing policy with at least one ephemeral policy; and
  
  evaluating the at least one key attribute based, at least in part, on the at least one ephemeral policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising evaluating the at least one key attribute based, at least in part, on the existing policies not replaced by the ephemeral policy.
  - 3. The method of claim 1, further comprising restoring the at least one replaced existing policy for a subsequent policy operation.
  - 4. The method of claim 1, wherein the at least one existing policy is replaced with the at least one ephemeral policy based on identifiers of the at least one existing policy and of the at least one ephemeral policy.
  - 5. The method of claim 4, wherein the identifiers are names of the at least one existing policy and of the at least one ephemeral policy.
  - 6. The method of claim 1, wherein the existing policies are organized based on one or more of a node, group, client, or user, and executing the policy replacement operation comprises replacing the at least one existing policy associated with one or more of the node, group, client, or user with the at least one ephemeral policy.
  - 7. The method of claim 1, further comprising defining the at least one ephemeral policy.
  - 8. The method of claim 7, wherein defining the at least one ephemeral policy comprises defining one or more of a policy name, policy content, relevant key attribute, relevant policy operation, or assignment to a particular node, group, client, or user.
  - 9. The method of claim 1, wherein replacing the at least one existing policy with the at least one ephemeral policy comprises using the at least one ephemeral policy to evaluate the at least one key attribute with the ephemeral policy instead of the at least one existing policy.

10. A non-transitory computer-readable medium comprising computer-readable instructions such that, when executed, causes a processor to:
- aggregate existing policies for evaluating at least one key attribute of the encryption key;
  
  execute a policy replacement operation replacing at least one existing policy with at least one ephemeral policy; and
  
  evaluate the at least one key attribute based, at least in part, on the at least one ephemeral policy.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The non-transitory computer-readable medium of claim 10, wherein the processor is further caused to evaluate the at least one key attribute based, at least in part, on the existing policies not replaced by the ephemeral policy.
  - 12. The-transitory computer-readable medium of claim 10, wherein the processor is further caused to restore the at least one replaced existing policy for a subsequent policy operation.
  - 13. The non-transitory computer-readable medium of claim 10, wherein the at least one existing policy is replaced with the at least one ephemeral policy based on identifiers of the at least one existing policy and of the at least one ephemeral policy.
  - 14. The non-transitory computer-readable medium of claim 13, wherein the identifiers are names of the at least one existing policy and of the at least one ephemeral policy.
  - 15. The non-transitory computer-readable medium of claim 10, wherein the existing policies are organized based on one or more of a node, group, client, or user, and executing the policy replacement operation comprises replacing the at least one existing policy associated with one or more of the node, group, client, or user with the at least one ephemeral policy.
  - 16. The non-transitory computer-readable medium of claim 10, wherein the processor is further caused to define the at least one ephemeral policy.
  - 17. The non-transitory computer-readable medium of claim 16, wherein defining the at least one ephemeral policy comprises defining one or more of a policy name, policy content, relevant key attribute, relevant policy operation, or assignment to a particular node, group, client, or user.
  - 18. The non-transitory computer-readable medium of claim 10, wherein replacing the at least one existing policy with the at least one ephemeral policy comprises using the at least one ephemeral policy to evaluate the at least one key attribute with the ephemeral policy instead of the at least one existing policy.

19. A system for orchestrating a security object, the system comprising:
- a memory; and
  
  a processor configured toaggregate existing policies for evaluating at least one key attribute of the encryption key;
  
  execute a policy replacement operation replacing at least one existing policy with at least one ephemeral policy; and
  
  evaluate the at least one key attribute based, at least in part, on the at least one ephemeral policy.
- View Dependent Claims (20)
- - 20. The system of claim 19, wherein:
    - one or more of the at least one existing policy is a complex policy;
      
      one or more of the at least one ephemeral policy is a complex policy; and
      
      the complex policy is a policy that is more complex than a BOOLEAN operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fornetix LLC
Original Assignee
Fornetix LLC
Inventors
Edwards, Stephen

Granted Patent

US 10,917,239 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/06   for supporting key manageme...

H04L 63/20   for managing network securi...

H04L 9/083   involving central third par...

H04L 9/0861   Generation of secret inform...

H04L 9/088   Usage controlling of secret...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04W 12/041   Key generation or derivation

POLICY-ENABLED ENCRYPTION KEYS HAVING EPHEMERAL POLICIES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

POLICY-ENABLED ENCRYPTION KEYS HAVING EPHEMERAL POLICIES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links