Method and system for automatically managing secure communications in multiple communications jurisdiction zones

US 9,444,818 B2
Filed: 11/01/2013
Issued: 09/13/2016
Est. Priority Date: 11/01/2013
Status: Active Grant

First Claim

Patent Images

1. A system for automatically managing secure communications across multiple communications jurisdiction zones comprising:

at least one processor; and

at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for automatically managing secure communications across multiple communications jurisdiction zones, the process for automatically managing secure communications across multiple communications jurisdiction zones including;

identifying two or more communications jurisdiction zones from which, and/or to which, data may be transferred using one or more types of communications channels including one or more types of secure communications security levels;

obtaining communications and data security policy data for the two or more identified communications jurisdiction zones, the communications and data security policy data for the identified communications jurisdiction zones including data indicating allowed types of secure communications security levels for each of the respective communications jurisdiction zones;

obtaining exchange data indicating a desired exchange of data between a first virtual asset in a first communications jurisdiction zone and a second virtual asset in a second communications jurisdiction zone, the first and second communications jurisdiction zones being different from each other, the data to be exchanged being of a type, the type of data being one selected from at least messages, files, images and secrets wherein each data security policy data is based on political regulation in each zone and whereby the zones consist of local, state, national, or regional government agencies;

identifying owner secure communications polices provided by an owner of the data to be transferred;

determining, through examination of the actual data to be exchanged, the type of data to be exchanged;

automatically obtaining first communications jurisdiction zone communications and data security policy data associated with the first communications jurisdiction zone and second communications jurisdiction zone communications and data security policy data associated with second communications jurisdiction zone from the communications and data security policy data;

automatically determining, based on the results of determining the type of data to be exchanged through examining the actual data to be transferred, a required type of communications channel having a type and length of encryption required to be applied to the data to be transferred, the required type of communications channel meeting the data security policy data associated with the first communications jurisdiction zone and data security policy data associated with the second communications jurisdiction zone and the owner secure communications polices provided by the owner of the data to be transferred;

automatically analyzing the first communications jurisdiction zone communications and data security policy data and the second communications jurisdiction zone communications and data security policy data to determine at least one allowed type of secure communications security level for the desired exchange of data that complies with both the first communications jurisdiction zone communications and data security policy data and the second communications jurisdiction zone communications and data security policy data;

selecting one of the at least one allowed type of secure communications security level; and

automatically establishing the selected allowed type of communications channel including the allowed type of secure communications security level between the first virtual asset and the second virtual asset.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Communications and data security policy data for two or more communications jurisdiction zones is obtained that includes data indicating allowed protocols for the respective communications jurisdiction zones. Data indicating a desired exchange of data between a first resource in a first communications jurisdiction zone and a second resource in a second communications jurisdiction zone is received/obtained. The first communications jurisdiction zone communications and data security policy data and the second communications jurisdiction zone policy data is automatically obtained and analyzed to determine an allowed type of secure communications security level for the desired exchange of data that complies with both the first communications jurisdiction zone communications and data security policy data and the second communications jurisdiction zone policy data. A communications channel, including the allowed type of secure communications security level, is automatically establishing between the first resource and the second resource.

83 Citations

View as Search Results

31 Claims

1. A system for automatically managing secure communications across multiple communications jurisdiction zones comprising:
- at least one processor; and
  
  at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for automatically managing secure communications across multiple communications jurisdiction zones, the process for automatically managing secure communications across multiple communications jurisdiction zones including;
  
  identifying two or more communications jurisdiction zones from which, and/or to which, data may be transferred using one or more types of communications channels including one or more types of secure communications security levels;
  
  obtaining communications and data security policy data for the two or more identified communications jurisdiction zones, the communications and data security policy data for the identified communications jurisdiction zones including data indicating allowed types of secure communications security levels for each of the respective communications jurisdiction zones;
  
  obtaining exchange data indicating a desired exchange of data between a first virtual asset in a first communications jurisdiction zone and a second virtual asset in a second communications jurisdiction zone, the first and second communications jurisdiction zones being different from each other, the data to be exchanged being of a type, the type of data being one selected from at least messages, files, images and secrets wherein each data security policy data is based on political regulation in each zone and whereby the zones consist of local, state, national, or regional government agencies;
  
  identifying owner secure communications polices provided by an owner of the data to be transferred;
  
  determining, through examination of the actual data to be exchanged, the type of data to be exchanged;
  
  automatically obtaining first communications jurisdiction zone communications and data security policy data associated with the first communications jurisdiction zone and second communications jurisdiction zone communications and data security policy data associated with second communications jurisdiction zone from the communications and data security policy data;
  
  automatically determining, based on the results of determining the type of data to be exchanged through examining the actual data to be transferred, a required type of communications channel having a type and length of encryption required to be applied to the data to be transferred, the required type of communications channel meeting the data security policy data associated with the first communications jurisdiction zone and data security policy data associated with the second communications jurisdiction zone and the owner secure communications polices provided by the owner of the data to be transferred;
  
  automatically analyzing the first communications jurisdiction zone communications and data security policy data and the second communications jurisdiction zone communications and data security policy data to determine at least one allowed type of secure communications security level for the desired exchange of data that complies with both the first communications jurisdiction zone communications and data security policy data and the second communications jurisdiction zone communications and data security policy data;
  
  selecting one of the at least one allowed type of secure communications security level; and
  
  automatically establishing the selected allowed type of communications channel including the allowed type of secure communications security level between the first virtual asset and the second virtual asset.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system for automatically managing secure communications across multiple communications jurisdiction zones of claim 1 wherein at least one of the two or more communications jurisdiction zones are selected from the group of communications jurisdiction zones consisting of:
    - a geographic region communications jurisdiction zone;
      
      a political region communications jurisdiction zone;
      
      a security based communications jurisdiction zone;
      
      a computing environment communications jurisdiction zone;
      
      a computing sub-environment communications jurisdiction zone within a computingenvironment communications jurisdiction zone; and
      
      any combination thereof.
  - 3. The system for automatically managing secure communications across multiple communications jurisdiction zones of claim 1 wherein at least one of the one or more types of communications channels is selected from the group of types of communications channels consisting of:
    - an SSL communications channel;
      
      a TLS communications channel;
      
      an STMP communications channel;
      
      an SMTP communications channel;
      
      an STP communications channel;
      
      an ICMP communications channel; and
      
      any secure communication protocol channel.
  - 4. The system for automatically managing secure communications across multiple communications jurisdiction zones of claim 1 wherein at least one of the one or more types of secure communications security levels is an encryption level for encrypting data transferred using the one or more types of communications channels and/or encrypting messages transferred using the one or more types of communications channels.
  - 5. The system for automatically managing secure communications across multiple communications jurisdiction zones of claim 4 wherein at least one of the one or more types of encryption levels includes employing one or more types of encryption keys selected form the group of encryption keys consisting of:
    - a public encryption key;
      
      a private encryption key;
      
      a symmetric encryption key;
      
      an asymmetric encryption key;
      
      a public pre-placed encryption key;
      
      a private pre-placed encryption key;
      
      a 40-bit encryption key;
      
      any length encryption keys;
      
      an authentication encryption key;
      
      a benign encryption key;
      
      a content-encryption key (CEK);
      
      a cryptovariable encryption key;
      
      a derived encryption key;
      
      an electronic encryption key;
      
      an ephemeral encryption key;
      
      a key encryption key (KEK);
      
      a key production encryption key (KPK);
      
      a FIREFLY encryption key;
      
      a master encryption key;
      
      a message encryption key (MEK);
      
      a RED encryption key;
      
      a session encryption key;
      
      a traffic encryption key (TEK);
      
      a transmission security encryption key (TSK);
      
      a seed encryption key;
      
      a signature encryption key;
      
      a stream encryption key;
      
      a Type 1 encryption key;
      
      a Type 2 encryption key;
      
      a Vernam encryption key;
      
      a zeroized encryption key; and
      
      any combination thereof.
  - 6. The system for automatically managing secure communications across multiple communications jurisdiction zones of claim 1 wherein at one of the first resource and the second resource are selected from the group of resources consisting of:
    - a virtual machine;
      
      a virtual server;
      
      a database or data store;
      
      an instance in a cloud environment;
      
      a cloud environment access system;
      
      part of a mobile device;
      
      part of a remote sensor;
      
      part of a laptop computing system;
      
      part of a desktop computing system;
      
      part of a point-of-sale computing system;
      
      part of an ATM; and
      
      part of an electronic voting machine computing system.
  - 7. The system for automatically managing secure communications across multiple communications jurisdiction zones of claim 1 wherein the communications and data security policy data for the identified communications jurisdiction zones is obtained from a secure communications policy manager.
  - 8. The system for automatically managing secure communications across multiple communications jurisdiction zones of claim 7 wherein the communications and data security policy data for the identified communications jurisdiction zones is updated automatically.

9. A system for automatically managing secure communications across multiple communications jurisdiction zones comprising:
- at least one processor; and
  
  at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for automatically managing secure communications across multiple communications jurisdiction zones, the process for automatically managing secure communications across multiple communications jurisdiction zones including;
  
  identifying two or more communications jurisdiction zones from which, and/or to which, data may be transferred using one or more types of communications channels including one or more types of secure communications security levels;
  
  obtaining communications and data security policy data for the two or more identified communications jurisdiction zones, the communications and data security policy data for the identified communications jurisdiction zones including data indicating allowed types of secure communications security levels for each of the respective communications jurisdiction zones;
  
  obtaining exchange data indicating a desired exchange of data between a first virtual asset in a first communications jurisdiction zone and a second virtual asset in a second communications jurisdiction zone, the first and second communications jurisdiction zones being different from each other, the data to be exchanged being of a type, the type of data being one selected from at least messages, files, images and secrets wherein each data security policy data is based on political regulation in each zone and whereby the zones consist of local, state, national, or regional government agencies;
  
  identifying owner secure communications polices provided by an owner of the data to be transferred;
  
  determining, through examination of the actual data to be exchanged, the type of data to be exchanged;
  
  automatically obtaining first communications jurisdiction zone communications and data security policy data associated with the first communications jurisdiction zone and second communications jurisdiction zone communications and data security policy data associated with second communications jurisdiction zone from the communications and data security policy data;
  
  automatically determining, based on the results of determining the type of data to be exchanged through examining the actual data to be transferred, a required type of communications channel having a type and length of encryption required to be applied to the data to be transferred, the required type of communications channel meeting the data security policy data associated with the first communications jurisdiction zone and data security policy data associated with the second communications jurisdiction zone and the owner secure communications polices provided by the owner of the data to be transferred;
  
  obtaining enterprise data transfer policy data, the enterprise data transfer policy data including data indicating required types of secure communications security levels for one or more types of data;
  
  automatically obtaining data type data indicating the type of data involved in the desired exchange of data;
  
  automatically analyzing the data type data and the enterprise data transfer policy data to determine enterprise allowed types of secure communications security levels data for the desired exchange of data;
  
  automatically analyzing the first communications jurisdiction zone communications and data security policy data, the second communications jurisdiction zone communications and data security policy data, and the enterprise allowed types of secure communications security level data, to determine at least one allowed type of secure communications security level for the desired exchange of data that complies with each of the first communications jurisdiction zone communications and data security policy data, the second communications jurisdiction zone communications and data security policy data, and the enterprise allowed types of secure communications security level data;
  
  selecting one of the at least one allowed type of secure communications security level; and
  
  automatically establishing the selected allowed type of communications channel including the allowed type of secure communications security level between the first virtual asset and the second virtual asset.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system for automatically managing secure communications across multiple communications jurisdiction zones of claim 9 wherein at least one of the two or more communications jurisdiction zones are selected from the group of communications jurisdiction zones consisting of:
    - a geographic region communications jurisdiction zone;
      
      a political region communications jurisdiction zone;
      
      a security based communications jurisdiction zone;
      
      a computing environment communications jurisdiction zone;
      
      a computing sub-environment communications jurisdiction zone within a computing environment communications jurisdiction zone; and
      
      any combination thereof.
  - 11. The system for automatically managing secure communications across multiple communications jurisdiction zones of claim 9 wherein at least one of the one or more types of communications channels is selected from the group of types of communications channels consisting of:
    - an SSL communications channel;
      
      a TLS communications channel;
      
      an STMP communications channel;
      
      an SMTP communications channel;
      
      an STP communications channel;
      
      an ICMP communications channel; and
      
      any secure communication protocol channel.
  - 12. The system for automatically managing secure communications across multiple communications jurisdiction zones of claim 9 wherein the enterprise data transfer policy data indicating required types of secure communications security levels for one or more types of data is determined based, at least in part, on at least one data classification factor selected from the group of data classification factors consisting of:
    - a determination as to the sensitivity of the data to be transferred as determined by the enterprise charged with protecting the data;
      
      a determination as to the sensitivity of the data to be transferred as determined by one or more regulations and/or regulatory agencies;
      
      a determination as to the sensitivity of the data to be transferred as determined based on the need to protect the identity and personal information of the owners and/or sources of the data to be protected;
      
      a determination of the risk associated with the data to be transferred;
      
      a determination of the vulnerability associated with the data to be transferred;
      
      a determination of the commercial value of the data to be transferred;
      
      a determination of the strategic value of the data to be transferred;
      
      a determination of the entertainment value of the data to be transferred; and
      
      any combination thereof.
  - 13. The system for automatically managing secure communications across multiple communications jurisdiction zones of claim 9 wherein at least one of the one or more types of secure communications security levels is an encryption level for encrypting data transferred using the one or more types of communications channels and/or encrypting messages transferred using the one or more types of communications channels.
  - 14. The system for automatically managing secure communications across multiple communications jurisdiction zones of claim 13 wherein at least one of the one or more types of encryption levels includes employing one or more types of encryption keys selected form the group of encryption keys consisting of:
    - a public encryption key;
      
      a private encryption key;
      
      a symmetric encryption key;
      
      an asymmetric encryption key;
      
      a public pre-placed encryption key;
      
      a private pre-placed encryption key;
      
      a 40-bit encryption key;
      
      any length encryption keys;
      
      an authentication encryption key;
      
      a benign encryption key;
      
      a content-encryption key (CEK);
      
      a cryptovariable encryption key;
      
      a derived encryption key;
      
      an electronic encryption key;
      
      an ephemeral encryption key;
      
      a key encryption key (KEK);
      
      a key production encryption key (KPK);
      
      a FIREFLY encryption key;
      
      a master encryption key;
      
      a message encryption key (MEK);
      
      a RED encryption key;
      
      a session encryption key;
      
      a traffic encryption key (TEK);
      
      a transmission security encryption key (TSK);
      
      a seed encryption key;
      
      a signature encryption key;
      
      a stream encryption key;
      
      a Type 1 encryption key;
      
      a Type 2 encryption key;
      
      a Vernam encryption key;
      
      a zeroized encryption key; and
      
      any combination thereof.
  - 15. The system for automatically managing secure communications across multiple communications jurisdiction zones of claim 9 wherein the communications and data security policy data for the identified communications jurisdiction zones is obtained from a secure communications policy manager.
  - 16. The system for automatically managing secure communications across multiple communications jurisdiction zones of claim 15 wherein the communications and data security policy data for the identified communications jurisdiction zones is updated automatically.

17. A system for automatically managing secure communications across multiple communications jurisdiction zones comprising:
- at least one processor; and
  
  at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for automatically managing secure communications across multiple communications jurisdiction zones, the process for automatically managing secure communications across multiple communications jurisdiction zones including;
  
  identifying two or more communications jurisdiction zones from which, and/or to which, data may be transferred using one or more types of communications channels including one or more types of secure communications security levels;
  
  obtaining communications and data security policy data for the two or more identified communications jurisdiction zones, the communications and data security policy data for the identified communications jurisdiction zones including data indicating allowed types of secure communications security levels for each of the respective communications jurisdiction zones;
  
  obtaining exchange data indicating a desired exchange of data between a first virtual asset in a first communications jurisdiction zone and a second virtual asset in a second communications jurisdiction zone, the first and second communications jurisdiction zones being different from each other, the data to be exchanged being of a type, the type of data being one selected from at least messages, files, images and secrets wherein each data security policy data is based on political regulation in each zone and whereby the zones consist of local, state, national, or regional government agencies;
  
  identifying owner secure communications polices provided by an owner of the data to be transferred;
  
  determining, through examination of the actual data to be exchanged, the type of data to be exchanged;
  
  automatically obtaining first communications jurisdiction zone communications and data security policy data associated with the first communications jurisdiction zone and second communications jurisdiction zone communications and data security policy data associated with second communications jurisdiction zone from the communications and data security policy data;
  
  automatically determining, based on the results of determining the type of data to be exchanged through examining the actual data to be transferred, a required type of communications channel having a type and length of encryption required to be applied to the data to be transferred, the required type of communications channel meeting the data security policy data associated with the first communications jurisdiction zone and data security policy data associated with the second communications jurisdiction zone and the secure communications polices provided by the owner of the data to be transferred;
  
  obtaining data owner data transfer policy data, the data owner data transfer policy data including data indicating owner required types of secure communications security levels for one or more types of data;
  
  automatically obtaining data type data indicating the type of data involved in the desired exchange of data;
  
  automatically analyzing the first communications jurisdiction zone communications and data security policy data, the second communications jurisdiction zone communications and data security policy data, and data owner allowed types of secure communications security level data, to determine at least one allowed type of secure communications security level for the desired exchange of data that complies with each of the first communications jurisdiction zone communications and data security policy data, the second communications jurisdiction zone communications and data security policy data, and the owner secure communications polices provided by the owner of the data to be transferred;
  
  selecting one of the at least one allowed type of secure communications security level; and
  
  automatically establishing the selected allowed type of communications channel including the allowed type of secure communications security level between the first virtual asset and the second virtual asset.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The system for automatically managing secure communications across multiple communications jurisdiction zones of claim 17 wherein at least one of the two or more communications jurisdiction zones are selected from the group of communications jurisdiction zones consisting of:
    - a geographic region communications jurisdiction zone;
      
      a political region communications jurisdiction zone;
      
      a security based communications jurisdiction zone;
      
      a computing environment communications jurisdiction zone;
      
      a computing sub-environment communications jurisdiction zone within a computing environment communications jurisdiction zone; and
      
      any combination thereof.
  - 19. The system for automatically managing secure communications across multiple communications jurisdiction zones of claim 17 wherein at least one of the one or more types of communications channels is selected from the group of types of communications channels consisting of:
    - an SSL communications channel;
      
      a TLS communications channel;
      
      an STMP communications channel;
      
      an SMTP communications channel;
      
      an STP communications channel;
      
      an ICMP communications channel; and
      
      any secure communication protocol channel.
  - 20. The system for automatically managing secure communications across multiple communications jurisdiction zones of claim 17 wherein at least one of the one or more types of secure communications security levels is an encryption level for encrypting data transferred using the one or more types of communications channels and/or encrypting messages transferred using the one or more types of communications channels.
  - 21. The system for automatically managing secure communications across multiple communications jurisdiction zones of claim 20 wherein at least one of the one or more types of encryption levels includes employing one or more types of encryption keys selected form the group of encryption keys consisting of:
    - a public encryption key;
      
      a private encryption key;
      
      a symmetric encryption key;
      
      an asymmetric encryption key;
      
      a public pre-placed encryption key;
      
      a private pre-placed encryption key;
      
      a 40-bit encryption key;
      
      any length encryption keys;
      
      an authentication encryption key;
      
      a benign encryption key;
      
      a content-encryption key (CEK);
      
      a cryptovariable encryption key;
      
      a derived encryption key;
      
      an electronic encryption key;
      
      an ephemeral encryption key;
      
      a key encryption key (KEK);
      
      a key production encryption key (KPK);
      
      a FIREFLY encryption key;
      
      a master encryption key;
      
      a message encryption key (MEK);
      
      a RED encryption key;
      
      a session encryption key;
      
      a traffic encryption key (TEK);
      
      a transmission security encryption key (TSK);
      
      a seed encryption key;
      
      a signature encryption key;
      
      a stream encryption key;
      
      a Type 1 encryption key;
      
      a Type 2 encryption key;
      
      a Vernam encryption key;
      
      a zeroized encryption key; and
      
      any combination thereof.
  - 22. The system for automatically managing secure communications across multiple communications jurisdiction zones of claim 20 wherein the communications and data security policy data for the identified communications jurisdiction zones is obtained from a secure communications policy manager.
  - 23. The system for automatically managing secure communications across multiple communications jurisdiction zones of claim 22 wherein the communications and data security policy data for the identified communications jurisdiction zones is updated automatically.

24. A system for automatically managing secure communications across multiple communications jurisdiction zones comprising:
- at least one processor; and
  
  at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for automatically managing secure communications across multiple communications jurisdiction zones, the process for automatically managing secure communications across multiple communications jurisdiction zones including;
  
  identifying two or more communications jurisdiction zones from which, and/or to which, data may be transferred using one or more types of communications channels including one or more types of secure communications security levels;
  
  obtaining communications and data security policy data for the two or more identified communications jurisdiction zones, the communications and data security policy data for the identified communications jurisdiction zones including data indicating allowed types of secure communications security levels for each of the respective communications jurisdiction zones;
  
  obtaining exchange data indicating a desired exchange of data between a first virtual asset in a first communications jurisdiction zone and a second virtual asset in a second communications jurisdiction zone, the first and second communications jurisdiction zones being different from each other, the data to be exchanged being of a type, the type of data being one selected from at least messages, files, images and secrets wherein each data security policy data is based on political regulation in each zone and whereby the zones consist of local, state, national, or regional government agencies;
  
  identifying owner secure communications polices provided by an owner of the data to be transferred;
  
  determining, through examination of the actual data to be exchanged, the type of data to be exchanged;
  
  automatically obtaining first communications jurisdiction zone communications and data security policy data associated with the first communications jurisdiction zone and second communications jurisdiction zone communications and data security policy data associated with second communications jurisdiction zone from the communications and data security policy data;
  
  automatically determining, based on the results of determining the type of data to be exchanged through examining the actual data to be transferred, a required type of communications channel having a type and length of encryption required to be applied to the data to be transferred, the required type of communications channel meeting the data security policy data associated with the first communications jurisdiction zone and data security policy data associated with the second communications jurisdiction zone and the owner secure communications polices provided by the owner of the data to be transferred;
  
  obtaining enterprise data transfer policy data, the enterprise data transfer policy data including data indicating required types of secure communications security levels for one or more types of data;
  
  automatically obtaining data type data indicating the type of data involved in the desired exchange of data;
  
  automatically analyzing the data type data and the enterprise data transfer policy data to determine enterprise allowed types of secure communications security levels data for the desired exchange of data;
  
  obtaining data owner data transfer policy data, the data owner data transfer policy data including data indicating owner required types of secure communications security levels for one or more types of data;
  
  automatically analyzing the first communications jurisdiction zone communications and data security policy data, the second communications jurisdiction zone communications and data security policy data, the enterprise allowed types of secure communications security level data, and the data owner allowed types of secure communications security level data, to determine at least one allowed type of secure communications security level for the desired exchange of data that complies with each of the first communications jurisdiction zone communications and data security policy data, the second communications jurisdiction zone communications and data security policy data, the enterprise allowed types of secure communications security level data, and the owner secure communications polices provided by the owner of the data to be transferred;
  
  selecting one of the at least one allowed type of secure communications security level; and
  
  automatically establishing the selected allowed type of communications channel including the allowed type of secure communications security level between the first virtual asset and the second virtual asset.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31)
- - 25. The system for automatically managing secure communications across multiple communications jurisdiction zones of claim 24 wherein at least one of the two or more communications jurisdiction zones are selected from the group of communications jurisdiction zones consisting of:
    - a geographic region communications jurisdiction zone;
      
      a political region communications jurisdiction zone;
      
      a security based communications jurisdiction zone;
      
      a computing environment communications jurisdiction zone;
      
      a computing sub-environment communications jurisdiction zone within a computing environment communications jurisdiction zone; and
      
      any combination thereof.
  - 26. The system for automatically managing secure communications across multiple communications jurisdiction zones of claim 24 wherein at least one of the one or more types of communications channels is selected from the group of types of communications channels consisting of:
    - an SSL communications channel;
      
      a TLS communications channel;
      
      an STMP communications channel;
      
      an SMTP communications channel;
      
      an STP communications channel;
      
      an ICMP communications channel; and
      
      any secure communication protocol channel.
  - 27. The system for automatically managing secure communications across multiple communications jurisdiction zones of claim 24 wherein the enterprise data transfer policy data indicating required types of secure communications security levels for one or more types of data is determined based, at least in part, on at least one data classification factor selected from the group of data classification factors consisting of:
    - a determination as to the sensitivity of the data to be transferred as determined by the enterprise charged with protecting the data;
      
      a determination as to the sensitivity of the data to be transferred as determined by one or more regulations and/or regulatory agencies;
      
      a determination as to the sensitivity of the data to be transferred as determined based on the need to protect the identity and personal information of the owners and/or sources of the data to be protected;
      
      a determination of the risk associated with the data to be transferred;
      
      a determination of the vulnerability associated with the data to be transferred;
      
      a determination of the commercial value of the data to be transferred;
      
      a determination of the strategic value of the data to be transferred;
      
      a determination of the entertainment value of the data to be transferred; and
      
      any combination thereof.
  - 28. The system for automatically managing secure communications across multiple communications jurisdiction zones of claim 24 wherein at least one of the one or more types of secure communications security levels is an encryption level for encrypting data transferred using the one or more types of communications channels and/or encrypting messages transferred using the one or more types of communications channels.
  - 29. The system for automatically managing secure communications across multiple communications jurisdiction zones of claim 28 wherein at least one of the one or more types of encryption levels includes employing one or more types of encryption keys selected form the group of encryption keys consisting of:
    - a public encryption key;
      
      private encryption key;
      
      a symmetric encryption key;
      
      an asymmetric encryption key;
      
      a public pre-placed encryption key;
      
      a private pre-placed encryption key;
      
      a 40-bit encryption key;
      
      any length encryption keys;
      
      an authentication encryption key;
      
      a benign encryption key;
      
      a content-encryption key (CEK);
      
      a cryptovariable encryption key;
      
      a derived encryption key;
      
      an electronic encryption key;
      
      an ephemeral encryption key;
      
      a key encryption key (KEK);
      
      a key production encryption key (KPK);
      
      a FIREFLY encryption key;
      
      a master encryption key;
      
      a message encryption key (MEK);
      
      a RED encryption key;
      
      a session encryption key;
      
      a traffic encryption key (TEK);
      
      a transmission security encryption key (TSK);
      
      a seed encryption key;
      
      a signature encryption key;
      
      a stream encryption key;
      
      a Type 1 encryption key;
      
      a Type 2 encryption key;
      
      a Vernam encryption key;
      
      a zeroized encryption key; and
      
      any combination thereof.
  - 30. The system for automatically managing secure communications across multiple communications jurisdiction zones of claim 24 wherein the communications and data security policy data for the identified communications jurisdiction zones is obtained from a secure communications policy manager.
  - 31. The system for automatically managing secure communications across multiple communications jurisdiction zones of claim 30 wherein the communications and data security policy data for the identified communications jurisdiction zones is updated automatically.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intuit, Inc.
Original Assignee
Intuit, Inc.
Inventors
Lietz, M. Shannon, Cabrera, Luis Felipe
Primary Examiner(s)
Tran, Tri

Application Number

US14/070,168
Publication Number

US 20150128204A1
Time in Patent Office

1,047 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04L 63/107   wherein the security polici...

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

Method and system for automatically managing secure communications in multiple communications jurisdiction zones

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

83 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for automatically managing secure communications in multiple communications jurisdiction zones

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

83 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links