Encryption gateway service

US 7,716,467 B1
Filed: 12/02/2005
Issued: 05/11/2010
Est. Priority Date: 12/02/2005
Status: Active Grant

First Claim

Patent Images

1. A method for securing enterprise data, comprising:

receiving unencrypted data by an encryption gateway service stored in a memory and executed by a processor, wherein the encryption gateway service includes an encryption/decryption component stored in a memory and executed by a processor, an identity management component stored in a memory and executed by a processor, a notification component stored in a memory and executed by a processor, and a logging/auditing component stored in a memory and executed by a processor;

authenticating and authorizing, by the identity management component, a user attempting to send the unencrypted data to the encryption gateway service by communicating with an enterprise identity management system;

encrypting, by the encryption/decryption component, the unencrypted data;

sending, by the notification component, a notification that the unencrypted data has been encrypted to an entity from which the unencrypted data was received within an enterprise operating the encryption gateway service;

logging, by the logging/auditing component, that the unencrypted data has been encrypted; and

sending, by the encryption gateway service, the encrypted data to a destination.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An encryption management system of an enterprise is provided. The system includes an encryption/decryption component operable for enterprise messages to be secured by receiving and encrypting the messages received from enterprise applications. The encryption/decryption component further decrypts messages received from enterprise partners that are encrypted. The system includes an identity management component to manage access to the encryption management system, and a key management component to manage keys used by the encryption/decryption component. The system includes a notification component that initiates sending messages regarding events occurring in the encryption management system through communication with an enterprise messaging system. The system also includes a logging/auditing component to log events occurring in the encryption management system.

Citations

15 Claims

1. A method for securing enterprise data, comprising:
- receiving unencrypted data by an encryption gateway service stored in a memory and executed by a processor, wherein the encryption gateway service includes an encryption/decryption component stored in a memory and executed by a processor, an identity management component stored in a memory and executed by a processor, a notification component stored in a memory and executed by a processor, and a logging/auditing component stored in a memory and executed by a processor;
  
  authenticating and authorizing, by the identity management component, a user attempting to send the unencrypted data to the encryption gateway service by communicating with an enterprise identity management system;
  
  encrypting, by the encryption/decryption component, the unencrypted data;
  
  sending, by the notification component, a notification that the unencrypted data has been encrypted to an entity from which the unencrypted data was received within an enterprise operating the encryption gateway service;
  
  logging, by the logging/auditing component, that the unencrypted data has been encrypted; and
  
  sending, by the encryption gateway service, the encrypted data to a destination.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1 wherein the encryption gateway service further includes a key management component stored in a memory and executed by a processor, wherein encrypting the unencrypted data is based on using a key obtained by the key management component through communication with an enterprise key management data store.
  - 3. The method of claim 1 wherein sending the notification that the unencrypted data has been encrypted comprises sending the notification via an enterprise messaging system.
  - 4. The method of claim 1, wherein the notification is sent via one of an email message, an instant message, a text message, and a voice message.
  - 5. The method of claim 1 further comprising sending, by the notification component, a notification that the encrypted data has been sent to the destination.
  - 6. The method of claim 1 further comprising:
    - receiving, by the encryption gateway service, second encrypted data from the destination;
      
      sending, by the notification component, a notification to an appropriate entity within the enterprise that the second encrypted data has been received;
      
      decrypting, by the encryption/decryption component, the second encrypted data using a key obtained through communication with an enterprise key management data store; and
      
      sending, by the encryption gateway service, the decrypted data to the appropriate entity.
  - 7. The method of claim 6 wherein decrypting the second encrypted data comprises determining whether a user input from the appropriate entity indicates to decrypt the second encrypted data, and decrypting the second encrypted data in response to a determination that the user input from the appropriate entity indicates to decrypt the second encrypted data.
  - 8. The method of claim 1 further comprising logging, by the logging/auditing component, the sending to the destination and the receiving from the destination.
  - 9. The method of claim 1 wherein the encryption/decryption component uses a PGP encryption/decryption system to encrypt the data.
  - 10. The method of claim 1 wherein the encryption gateway service is accessible to a plurality of client computers within the enterprise, wherein the plurality of client computers lack locally resident versions of the encryption/decryption component.
  - 11. The method of claim 1 wherein sending the encrypted data to the destination comprises sending the encrypted data to the entity from which the unencrypted data was received, determining whether a user input from the entity indicates to send the encrypted data to the destination, and sending the encrypted data to the destination in response to a determination that the user input from the entity indicates to send the encrypted data to the destination.
  - 12. The method of claim 1 further comprising sending, by the notification component, a notification to the entity from which the unencrypted data was received that the encrypted data has been sent to the destination.
  - 13. The method of claim 1 further comprising:
    - providing, by the identity management component, enrollment services to a new communication partner;
      
      providing, by the identity management component, expiration and renewal services to an existing communication partner; and
      
      providing, by the identity management component, revocation services to the enterprise for communication partner access to the identity management component.
  - 14. The method of claim 1 further comprising sending, by the encryption gateway service, the encrypted data to a retention repository.
  - 15. The method of claim 14 further comprising, deleting, by the encryption gateway service, one of the encrypted data from the retention repository and the unencrypted data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Petty, W. Clinton, Tafreshi, Ali M., Deffet, Thomas L.
Primary Examiner(s)
Cervetti; David Garcia

Application Number

US11/292,978
Time in Patent Office

1,621 Days
Field of Search

713/153, 713/155
US Class Current

713/153
CPC Class Codes

H04L 63/0272 Virtual private networks

H04L 63/0471 applying encryption by an i...

Encryption gateway service

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Encryption gateway service

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links