Method and system for automatically managing secrets in multiple data security jurisdiction zones
First Claim
1. A system for automatically managing secrets in a plurality of data security jurisdiction zones comprising:
- at least one memory coupled to one or more processors, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for automatically managing secrets in the plurality of data security jurisdiction zones, the process for automatically managing secrets in the plurality of data security jurisdiction zones including;
obtaining data security policy data for the plurality of data security jurisdiction zones, the data security policy data for the plurality of data security jurisdiction zones including data indicating allowed secrets data for each respective data security jurisdiction zone of the plurality of data security jurisdiction zones and prohibited secrets data for each respective data security jurisdiction zone of the plurality of data security jurisdiction zones, the allowed secrets data for each respective data security jurisdiction zone representing one or more secrets allowed to be used to protect data in the respective data security jurisdiction zone, the prohibited secrets data for each respective data security jurisdiction zone of the plurality of data security jurisdiction zones representing one or more secrets that are not allowed to be used to protect data in the respective data security jurisdiction zone;
obtaining secrets request data representing a request that secrets data be transferred to a resource;
automatically determining a data security jurisdiction zone of the resource;
automatically obtaining a portion of the data security policy data corresponding to the data security jurisdiction zone of the resource;
automatically analyzing the portion of the data security policy data corresponding to the data security jurisdiction zone of the resource to determine the allowed secrets data with respect to the data security jurisdiction zone of the resource;
identifying one or more secret data classes by classifying the allowed secrets data according to a level of security provided by the allowed secrets data;
obtaining the allowed secrets data within the one or more secret data classes with respect to the data security jurisdiction zone of the resource; and
automatically providing the obtained allowed secrets data with respect to the data security jurisdiction zone of the resource to the resource.
1 Assignment
0 Petitions
Accused Products
Abstract
Data security jurisdiction zones are identified and data security policy data for the data security jurisdiction zones is obtained. The data security policy data for the data security jurisdiction zones is then automatically analyzed to determine allowed secrets data with respect to each of the identified data security jurisdiction zones. The allowed secrets data with respect to each of the data security jurisdiction zones is then automatically obtained and provided to resources in the respective data security jurisdiction zones, either from a central secrets data store or from an allowed secrets data store associated with each data security jurisdiction zone.
-
Citations
26 Claims
-
1. A system for automatically managing secrets in a plurality of data security jurisdiction zones comprising:
-
at least one memory coupled to one or more processors, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for automatically managing secrets in the plurality of data security jurisdiction zones, the process for automatically managing secrets in the plurality of data security jurisdiction zones including; obtaining data security policy data for the plurality of data security jurisdiction zones, the data security policy data for the plurality of data security jurisdiction zones including data indicating allowed secrets data for each respective data security jurisdiction zone of the plurality of data security jurisdiction zones and prohibited secrets data for each respective data security jurisdiction zone of the plurality of data security jurisdiction zones, the allowed secrets data for each respective data security jurisdiction zone representing one or more secrets allowed to be used to protect data in the respective data security jurisdiction zone, the prohibited secrets data for each respective data security jurisdiction zone of the plurality of data security jurisdiction zones representing one or more secrets that are not allowed to be used to protect data in the respective data security jurisdiction zone; obtaining secrets request data representing a request that secrets data be transferred to a resource; automatically determining a data security jurisdiction zone of the resource; automatically obtaining a portion of the data security policy data corresponding to the data security jurisdiction zone of the resource; automatically analyzing the portion of the data security policy data corresponding to the data security jurisdiction zone of the resource to determine the allowed secrets data with respect to the data security jurisdiction zone of the resource; identifying one or more secret data classes by classifying the allowed secrets data according to a level of security provided by the allowed secrets data; obtaining the allowed secrets data within the one or more secret data classes with respect to the data security jurisdiction zone of the resource; and automatically providing the obtained allowed secrets data with respect to the data security jurisdiction zone of the resource to the resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for automatically managing secrets in a plurality of data security jurisdiction zones comprising:
-
one or more processors; and at least one memory coupled to the one or more processors, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for automatically managing secrets in a plurality of data security jurisdiction zones, the process for automatically managing the secrets in the plurality of data security jurisdiction zones including; obtaining data security policy data for the plurality of data security jurisdiction zones, the data security policy data for the plurality of data security jurisdiction zones including data indicating allowed secrets data for each respective data security jurisdiction zone of the plurality of data security jurisdiction zones and prohibited secrets data for each respective data security jurisdiction zone of the plurality of data security jurisdiction zones, the allowed secrets data for each respective data security jurisdiction zone representing one or more secrets allowed to be used to protect data in the respective data security jurisdiction zone, the prohibited secrets data for each respective data security jurisdiction zone of the plurality of data security jurisdiction zones representing one or more secrets that are not allowed to be used to protect data in the respective data security jurisdiction zone; for each data security jurisdiction zone of the plurality of data security jurisdiction zones, automatically analyzing a portion of the data security policy data corresponding to the data security jurisdiction zone to determine the allowed secrets data with respect to the data security jurisdiction zone; identifying one or more secret data classes by classifying the allowed secrets data according to a level of security provided by the allowed secrets data; for each data security jurisdiction zone of the plurality of data security jurisdiction zones, automatically obtaining the allowed secrets data within the one or more secret data classes with respect to the data security jurisdiction zone; and for each data security jurisdiction zone of the plurality of data security jurisdiction zones, automatically pre-deploying the allowed secrets data within the one or more secret data classes for the data security jurisdiction zone to an allowed secrets data store associated with the data security jurisdiction zone. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for automatically managing secrets in a plurality of data security jurisdiction zones comprising:
-
one or more processors; and at least one memory coupled to the one or more processors, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for automatically managing the secrets in the plurality of data security jurisdiction zones, the process for automatically managing the secrets in the plurality of data security jurisdiction zones including; obtaining data security policy data for a first data security jurisdiction zone of the plurality of data security jurisdiction zones, the data security policy data for the first data security jurisdiction zone including data indicating allowed secrets data for the first data security jurisdiction zone and prohibited secrets data for the first data security jurisdiction zone, the allowed secrets data for the first data security jurisdiction zone representing one or more secrets allowed to protect data in the first data security jurisdiction zone, the prohibited secrets data for the first data security jurisdiction zone representing one or more secrets that are not allowed to protect data in the first data security jurisdiction zone; automatically analyzing the data security policy data for the first data security jurisdiction zone to determine the allowed secrets data with respect to the first data security jurisdiction zone; identifying one or more secret data classes by classifying the allowed secrets data according to a level of security provided by the allowed secrets data; automatically obtaining the allowed secrets data within the one or more secret data classes with respect to the first data security jurisdiction zone; automatically pre-deploying the allowed secrets data within the one or more secret data classes for the first data security jurisdiction zone to an allowed secrets data store associated with the first data security jurisdiction zone; obtaining secrets request data representing a request that secrets data be transferred to a first resource; automatically determining the first resource is within the first data security jurisdiction zone; automatically providing the first resource access to the pre-deployed allowed secrets data in the allowed secrets data store associated with the first data security jurisdiction zone. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
-
Specification