Differential encryption utilizing trust modes
First Claim
Patent Images
1. A method for implementing data security comprising:
- generating a plurality of trust modes, each trust mode associated with data stored at a security device and associated with a set of access requirements, wherein each data access requirement associated with a trust mode must be satisfied before the data associated with the trust mode can be accessed, wherein at least one access requirement associated with a trust mode comprises a requirement that a user possess one or more encryption keys used to encrypt data stored at the security device;
receiving, from a user device associated with a user, a request to access the data stored at the security device;
responsive to the request, determining whether the user device is communicatively coupled to the security device;
responsive to a determination that the user device is communicatively coupled to the security device, implementing a first trust mode associated with a first set of access requirements that must be satisfied by either the user or the user device before the request to access the data stored at the security device is granted;
responsive to a determination that the user device is not communicatively coupled to the security device, implementing a second trust mode associated with a second set of access requirements that must be satisfied by either the user or the user device before the request to access the data stored at the security device is granted, wherein the second set of access requirements is greater than the first set of access requirements;
for each data access requirement defined by the implemented trust mode, determining whether the user or the user device satisfies each of the set of data access requirements associated with the implemented trust mode; and
granting the user permission to access to the requested data via the user device responsive to a determination that the user or the user device satisfies each of the set of access requirements associated with the implemented trust mode.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are provided for data protection across connected, disconnected, attended, and unattended environments. Embodiments of the inventions may include differential encryption based on network connectivity, attended/unattended status, or a combination thereof. Additional embodiments of the invention incorporate “trust windows” that provide granular and flexible data access as function of the parameters under which sensitive data is accessed. Further embodiments refine the trust windows concept by incorporating dynamic intrusion detection techniques.
-
Citations
18 Claims
-
1. A method for implementing data security comprising:
-
generating a plurality of trust modes, each trust mode associated with data stored at a security device and associated with a set of access requirements, wherein each data access requirement associated with a trust mode must be satisfied before the data associated with the trust mode can be accessed, wherein at least one access requirement associated with a trust mode comprises a requirement that a user possess one or more encryption keys used to encrypt data stored at the security device; receiving, from a user device associated with a user, a request to access the data stored at the security device; responsive to the request, determining whether the user device is communicatively coupled to the security device; responsive to a determination that the user device is communicatively coupled to the security device, implementing a first trust mode associated with a first set of access requirements that must be satisfied by either the user or the user device before the request to access the data stored at the security device is granted; responsive to a determination that the user device is not communicatively coupled to the security device, implementing a second trust mode associated with a second set of access requirements that must be satisfied by either the user or the user device before the request to access the data stored at the security device is granted, wherein the second set of access requirements is greater than the first set of access requirements; for each data access requirement defined by the implemented trust mode, determining whether the user or the user device satisfies each of the set of data access requirements associated with the implemented trust mode; and granting the user permission to access to the requested data via the user device responsive to a determination that the user or the user device satisfies each of the set of access requirements associated with the implemented trust mode. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory computer-readable storage medium having executable computer program instructions embodied therein for implementing data security, the computer program instructions configured to, when executed, cause a computer to:
-
generate a plurality of trust modes, each trust mode associated with data stored at a security device and associated with a set of access requirements, wherein each data access requirement associated with a trust mode must be satisfied before the data associated with the trust mode can be accessed, wherein at least one access requirement associated with a trust mode comprises a requirement that a user possess one or more encryption keys used to encrypt data stored at the security device; receive, from a user device associated with a user, a request to access the data stored at the security device; responsive to the request, determine whether the user device is communicatively coupled to the security device; responsive to a determination that the user device is communicatively coupled to the security device, implement a first trust mode associated with a first set of access requirements that must be satisfied by either the user or the user device before the request to access the data stored at the security device is granted; responsive to a determination that the user device is not communicatively coupled to the security device, implement a second trust mode associated with a second set of access requirements that must be satisfied by either the user or the user device before the request to access the data stored at the security device is granted, wherein the second set of access requirements is greater than the first set of access requirements; for each data access requirement defined by the implemented trust mode, determine whether the user or the user device satisfies each of the set of data access requirements associated with the implemented trust mode; and grant the user permission to access to the requested data via the user device responsive to a determination that the user or the user device satisfies each of the set of access requirements associated with the implemented trust mode. - View Dependent Claims (12, 13, 14)
-
-
15. A computer system for implementing data security, the system comprising:
-
a computer processor; and a non-transitory computer-readable storage medium storing executable computer program instructions configured to, when executed by the processor, cause the computer system to; generate a plurality of trust modes, each trust mode associated with data stored at a security device and associated with a set of access requirements, wherein each data access requirement associated with a trust mode must be satisfied before the data associated with the trust mode can be accessed, wherein at least one access requirement associated with a trust mode comprises a requirement that a user possess one or more encryption keys used to encrypt data stored at the security device; receive, from a user device associated with a user, a request to access the data stored at the security device; responsive to the request, determine whether the user device is communicatively coupled to the security device; responsive to a determination that the user device is communicatively coupled to the security device, implement a first trust mode associated with a first set of access requirements that must be satisfied by either the user or the user device before the request to access the data stored at the security device is granted; responsive to a determination that the user device is not communicatively coupled to the security device, implement a second trust mode associated with a second set of access requirements that must be satisfied by either the user or the user device before the request to access the data stored at the security device is granted, wherein the second set of access requirements is greater than the first set of access requirements; for each data access requirement defined by the implemented trust mode whether the user or the user device satisfies each of the set of data access requirements associated with the implemented trust mode; and grant the user permission to access to the requested data via the user device responsive to a determination that the user or the user device satisfies each of the set of access requirements associated with the implemented trust mode. - View Dependent Claims (16, 17, 18)
-
Specification