Provisioning transient-controlled secure environments for viewing sensitive data
First Claim
1. A method of managing sensitive data at a facility, comprising:
- following receipt of a request for a secure support session, receiving information, wherein at least a portion of the information is encrypted;
associating the information with a data record uniquely associated with the secure support session;
instantiating a transient secure computing environment associated with the data record, the transient secure computing environment being access-restricted;
receiving the information in the transient secure computing environment;
decrypting the information, wherein, upon decryption, the information is available for viewing and manipulation only within the transient secure computing environment; and
upon close of the data record indicating that an operation associated with the information is complete, terminating the transient secure computing environment associated with the data record and deleting the information;
wherein the instantiating step is carried out in software executing in a hardware element.
1 Assignment
0 Petitions
Accused Products
Abstract
A new approach to customer support that protects working artifacts through their entire lifecycle by provisioning, on-demand, a transient-controlled debugging environment that preferably is associated with a particular support issue (or subset of issues) when particular artifacts (e.g., files) are securely received at the service or software provider. This approach allows for complete (or substantially complete) isolation and control of the artifacts in a contained environment for so long as necessary by the provider. Preferably, the provider owns or otherwise manages the provisioned environment, which can be augmented as needed to meet the debugging requirements of the particular issue. Preferably, the provisioned environment is restricted in access to only those engineers or others with a verifiable need to know, or that have the necessary training and skill sets for the support operation required.
-
Citations
22 Claims
-
1. A method of managing sensitive data at a facility, comprising:
-
following receipt of a request for a secure support session, receiving information, wherein at least a portion of the information is encrypted; associating the information with a data record uniquely associated with the secure support session; instantiating a transient secure computing environment associated with the data record, the transient secure computing environment being access-restricted; receiving the information in the transient secure computing environment; decrypting the information, wherein, upon decryption, the information is available for viewing and manipulation only within the transient secure computing environment; and upon close of the data record indicating that an operation associated with the information is complete, terminating the transient secure computing environment associated with the data record and deleting the information; wherein the instantiating step is carried out in software executing in a hardware element. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. Apparatus, comprising:
-
a processor; computer memory holding computer program instructions that when executed by the processor perform a method of managing sensitive data, the method comprising; following receipt of a request for a secure support session, receiving information, at least a portion of the information being encrypted; associating the information with a data record uniquely associated with the secure support session; instantiating a transient secure computing environment associated with the data record, the transient secure computing environment being access-restricted; receiving the information in the transient secure computing environment; decrypting the information, wherein, upon decryption, the information is available for viewing and manipulation only within the transient secure computing environment; and upon close of the data record indicating that an operation associated with the information is complete, terminating the transient secure computing environment associated with the data record and deleting the information. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A computer program product in a non-transitory computer readable medium for use in a data processing system, the computer program product holding computer program instructions which, when executed by the data processing system, perform a method of managing sensitive data, the method comprising:
-
following receipt of a request for a secure support session, receiving information, at least a portion of the information being encrypted; associating the information with a data record uniquely associated with the secure support session; instantiating a transient secure computing environment associated with the data record, the transient secure computing environment being access-restricted; receiving the information in the transient secure computing environment; decrypting the information, wherein, upon decryption, the information is available for viewing and manipulation only within the transient secure computing environment; and upon close of the data record indicating that an operation associated with the information is complete, terminating the transient secure computing environment associated with the data record and deleting the information. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
Specification