System and method for policy driven protection of remote computing environments
First Claim
1. A method for securely producing a cryptographic session key, comprising:
- establishing, by a transportable device comprising at least one processor and a plurality of sensors, a software agent network comprising a plurality of software agents networked together in a predetermined configuration according to a network definition file, wherein the transportable device, when deployed in a predetermined environment, contains encrypted sensitive information;
obtaining, by the transportable device, a plurality of examination results based on sensory information obtained from the plurality of sensors operating within the predetermined environment when deployed therein, wherein the sensory information comprises a combination of more than one of temperature, humidity, light, position, orientation, altitude, motion, speed, acceleration, biological information, and mission status, and wherein each software agent of the plurality of software agents conducts a review of a respective examination result of the plurality of examination results of the predetermined environment based on a plurality of predetermined sensory ranges, to obtain reviews of the plurality of examination results of the predetermined environment;
generating, by the transportable device, a plurality of encryption key fragments in response to the reviews of the plurality of examination results of the predetermined environment, wherein each encryption key fragment of the plurality of encryption key fragments is determined by a respective software agent of the plurality of software agents, based on the review of the respective examination result of the plurality of examination results of the predetermined environment;
combining, by the transportable device, the plurality of encryption key fragments based on the network definition file, to obtain a field-determined cryptographic session key;
responsive to the plurality of examination results of the predetermined environment falling within the plurality of sensory ranges, decrypting, by the transportable device, the encrypted sensitive information by way of the field-determined session key, to obtain a clear text version of the sensitive information at the transportable device; and
responsive to at least one of the plurality of examination results of the predetermined environment falling outside of the plurality of sensory ranges, preventing, by the transportable device, decryption of the encrypted sensitive information at the transportable device.
1 Assignment
0 Petitions
Accused Products
Abstract
A system that incorporates teachings of the subject disclosure may include, for example, receiving multiple software agents and configuring a network of the multiple software agents according to a predetermined policy. The process can further include facilitating secure communications among software agents of the network of the multiple software agents according to the predetermined policy. A state of one of the system, a system environment within which the system operates, or a combination thereof can be determined, based on the secure communications among the software agents of the network of the multiple software agents. A computing environment can be facilitated conditionally on the state of the one of the system, the system environment, or the combination thereof, according to the predetermined policy to support a mission application. Other embodiments are disclosed.
-
Citations
18 Claims
-
1. A method for securely producing a cryptographic session key, comprising:
-
establishing, by a transportable device comprising at least one processor and a plurality of sensors, a software agent network comprising a plurality of software agents networked together in a predetermined configuration according to a network definition file, wherein the transportable device, when deployed in a predetermined environment, contains encrypted sensitive information; obtaining, by the transportable device, a plurality of examination results based on sensory information obtained from the plurality of sensors operating within the predetermined environment when deployed therein, wherein the sensory information comprises a combination of more than one of temperature, humidity, light, position, orientation, altitude, motion, speed, acceleration, biological information, and mission status, and wherein each software agent of the plurality of software agents conducts a review of a respective examination result of the plurality of examination results of the predetermined environment based on a plurality of predetermined sensory ranges, to obtain reviews of the plurality of examination results of the predetermined environment; generating, by the transportable device, a plurality of encryption key fragments in response to the reviews of the plurality of examination results of the predetermined environment, wherein each encryption key fragment of the plurality of encryption key fragments is determined by a respective software agent of the plurality of software agents, based on the review of the respective examination result of the plurality of examination results of the predetermined environment; combining, by the transportable device, the plurality of encryption key fragments based on the network definition file, to obtain a field-determined cryptographic session key; responsive to the plurality of examination results of the predetermined environment falling within the plurality of sensory ranges, decrypting, by the transportable device, the encrypted sensitive information by way of the field-determined session key, to obtain a clear text version of the sensitive information at the transportable device; and responsive to at least one of the plurality of examination results of the predetermined environment falling outside of the plurality of sensory ranges, preventing, by the transportable device, decryption of the encrypted sensitive information at the transportable device. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11)
-
-
2. A deployable system, comprising:
-
a plurality of sensors; a memory to store instructions; and at least one processor in communication with the memory, wherein the at least one processor, responsive to executing the instructions, performs operations that securely produce a session key, comprising; configuring a software agent network comprising a plurality of software agents based on a network definition file, wherein the deployable system, when deployed in a predetermined environment, contains encrypted sensitive information; obtaining sensory information from the plurality of sensors operating within the predetermined environment when deployed therein, wherein the sensory information comprises a combination of more than one of temperature, humidity, light, position, orientation, altitude, motion, speed, acceleration, biological information, and mission status; conducting a plurality of examinations of the predetermined environment when deployed therein based on the sensory information, to obtain a plurality of examination results, wherein each software agent of the plurality of software agents conducts a review of a respective examination result of the plurality of examination results of the predetermined environment based on a respective range of a plurality of sensory ranges, to obtain reviews of the plurality of examination results; generating a plurality of encryption key fragments in response to the reviews of the plurality of examination results of the predetermined environment, wherein each encryption key fragment of the plurality of encryption key fragments is determined by a respective software agent of the plurality of software agents, based on the review of the respective examination result of the plurality of examination results of the predetermined environment; assembling the plurality of encryption key fragments, to obtain a field-determined cryptographic session key; responsive to the plurality of examination results of the predetermined environment falling within the plurality of sensory ranges, decrypting the encrypted sensitive information by way of the field-determined cryptographic session key, to obtain a clear text version of the sensitive information; and responsive to at least one of the plurality of examination results of the predetermined environment falling outside of the plurality of sensory ranges, preventing decryption of the encrypted sensitive information. - View Dependent Claims (12, 13, 14)
-
-
3. A machine readable storage device, comprising executable instructions that when executed by at least one processor of a deployable asset comprising a plurality of sensors, cause the at least one processor to facilitate operations that securely produce session key comprising:
-
configuring a software agent network comprising a plurality of software agents, wherein the deployable asset, when deployed in a field environment, contains encrypted sensitive information; obtaining sensory information from the plurality of sensors operating within the field environment when deployed therein, wherein the sensory information comprises a combination of more than one of temperature, humidity, light, position, orientation, altitude, motion, speed, acceleration, biological information, and mission status; performing a plurality of examinations of the field environment when deployed therein based on the sensory information, to obtain a plurality of examination results, wherein each software agent of the plurality of software agents conducts a review of a respective examination result of the plurality of examination results of the field environment based on a respective range of a plurality of sensory ranges, to obtain reviews of the plurality of examination results; generating a plurality of encryption key fragments in response to the reviews of the plurality of examination results of the field environment, wherein each encryption key fragment of the plurality of encryption key fragments is determined by a respective software agent of the plurality of software agents, based on the review of the respective examination result of the plurality of examination results of the field environment; combining the plurality of encryption key fragments, to obtain a field-determined session key; responsive to the plurality of examination results of the field environment falling within the plurality of sensory ranges, decrypting, by the deployable asset, the encrypted sensitive information by way of the field-determined session key, to obtain a clear text version of the sensitive information at the deployable asset and within the field environment; and responsive to at least one of the plurality of examination results of the field environment falling outside of the plurality of sensory ranges, preventing decryption of the encrypted sensitive information. - View Dependent Claims (15, 16, 17, 18)
-
Specification