Multikey support for multiple office system
First Claim
Patent Images
1. A system comprising:
- a central security platform, including a database of multikey records, including a first multikey having one or more associated policies;
a plurality of satellite security platforms, coupled to the central security platform, at least one of the plurality of satellite security platforms including;
a secure item;
a respective instance of the first multikey, said instance being derived from said first multikey and inheriting at least one policy of said first multikey; and
an encryption engine, wherein, in operation, the encryption engine uses the respective instance of the first multikey to encrypt or decrypt the secure item;
wherein the central security platform further includes a multikey administrative engine, and wherein, in operation, changes made to the one or more associated policies by the multikey administrative engine automatically result in identical changes to policies associated with the respective instance of the first multikey at each of the plurality of satellite platforms.
11 Assignments
0 Petitions
Accused Products
Abstract
A novel approach is proposed for centralized administration of a multikey for a plurality of clients at a set of remote office/branch offices (ROBOs). A multikey having a set of properties, permissions, and policies is first associated with a secure item present at one or more of the ROBOs. A set of respective instances of the multikey are then generated for the ROBOs having the secure item, and the set of properties, permissions, and policies are associated with each of the respective instances of the multikey automatically. The instances of the multikey are then provided to the set of ROBOs for the encryption or decryption of the secure item present at the ROBOs.
103 Citations
25 Claims
-
1. A system comprising:
-
a central security platform, including a database of multikey records, including a first multikey having one or more associated policies; a plurality of satellite security platforms, coupled to the central security platform, at least one of the plurality of satellite security platforms including; a secure item; a respective instance of the first multikey, said instance being derived from said first multikey and inheriting at least one policy of said first multikey; and an encryption engine, wherein, in operation, the encryption engine uses the respective instance of the first multikey to encrypt or decrypt the secure item; wherein the central security platform further includes a multikey administrative engine, and wherein, in operation, changes made to the one or more associated policies by the multikey administrative engine automatically result in identical changes to policies associated with the respective instance of the first multikey at each of the plurality of satellite platforms. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system comprising:
-
a first database, including a multikey record, coupled to the administrative interface; a replication engine coupled to the first database; a multikey instance array, coupled to the replication engine; an interface coupled to the second database; wherein, in operation, the replication engine; uses a multikey associated with the multikey record and having one or more policies associated with said multikey and information associated with a remote location to derive from the multikey an instance of the multikey, wherein the instance of the multikey is associated with the remote location; adds the instance of the multikey to the multikey instance array; and associates at least one of said one or more policies with said instance of the multikey; wherein, in operation, the interface transmits the instance of the multikey to the associated remote location; wherein the system further includes a multikey administrative engine, and wherein, in operation, changes made to the one or more associated policies automatically result in identical changes to policies associated with the respective instance of the multikey at each remote location. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A method comprising:
-
providing at a central security platform a multikey, having a multikey policy, associated with a secure item; generating, by deriving from said multikey, for a set of remote satellite security platforms of office/branch offices (ROBOs), a set of respective instances of the multikey; automatically associating the multikey policy to each of the respective instances of the multikey at the central security platform; providing, to each of the set of ROBOs, the respective instances of the multikey; and wherein changes made to the multikey policy at the central security platform automatically result in identical changes to a policy associated with the respective instance of the multikey at each of the set of remote satellite security platforms. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A system, comprising:
-
a central security platform, comprising; a multikey database wherein, in operation, stores and manages a multikey with one set of properties, permissions, and policies as a single encryption key, wherein the multikey is associated with a specific secure item; a multikey administration engine wherein, in operation; creates and/or replicates an unique instance of the multikey automatically for each of a plurality of satellite security platforms having a data or program containing the specific secure item, each said unique instance being derived from said multikey using information associated with the respective said satellite security platform, wherein said one set of properties, permissions, and policies are associated with said plurality of unique instances of said multikey; provides the multikey instances unique to each of the plurality of satellite security platforms over a network; said plurality of satellite security platforms, comprising; an satellite security module wherein, in operation, encrypts or decrypts the specific secure item in the data or program using the multikey instance via an encryption engine; wherein, in operation, changes made to said one set of policies by the multikey administrative engine automatically result in identical changes to policies associated with the respective instance of the multikey at each of the plurality of satellite security platforms.
-
-
20. A method, comprising:
-
providing at a central security platform a multikey, having a set of properties, permissions, and policies, associated with a secure item; generating, by deriving from said multikey, for a set of satellite security platforms at remote office/branch offices (ROBOs) having the secure item, a set of respective instances of the multikey; associating the multikey policy to each of the respective instances of the multikey automatically; providing, to each of the set of ROBOs, the respective instances of the multikey; and making changes to the multikey policy, wherein changes made to the multikey policy at the central security platform automatically result in identical changes to policies associated with the respective instances of the multikey at each of the set of ROBOs. - View Dependent Claims (21, 22, 23)
-
-
24. A system comprising:
-
a central security platform that, in operation, defines, disseminates, and enforces one or more policies associated with a multikey for a database over a plurality of distributed satellite security platforms; said plurality of satellite security platforms, coupled to the central security platform, at least one of the plurality of satellite security platforms, including; a secure item; a respective instance derived from the multikey; an encryption engine, wherein, in operation, the encryption engine uses the respective instance of the multikey to encrypt or decrypt the secure item based on the one or more associated policies inherited by the respective instance from the multikey; wherein the central security platform further includes a multikey administrative engine, and wherein, in operation, changes made to the one or more associated policies by the multikey administrative engine automatically result in identical changes to policies associated with the respective instance of the multikey at each of the plurality of satellite security platforms.
-
-
25. A method comprising:
-
defining, disseminating, and enforcing for a centralized security platform one or more policies associated with a multikey for a database; providing the multikey over a plurality of distributed satellite security platforms, wherein at least one of the plurality of satellite security platforms maintains a secure item; instantiating an instance derived from the multikey at the at least one of the plurality of distributed satellite security platforms; associating one or more of said policies with the derived instance; using the respective instance of the multikey to encrypt or decrypt the secure item based on the one or more associated policies; and making changes to the one or more associated policies at the central security platform, wherein said changes automatically result in identical changes to policies associated with the respective instance of the first multikey at each of the plurality of satellite platforms.
-
Specification