Systems and methods for encryption and provision of information security using platform services
First Claim
1. A method, comprising the steps of:
- retrieving a secure enrollment profile, wherein the secure enrollment profile comprises cryptographic identity data corresponding to a user of a particular electronic computing device that is enrolled with a federated security platform associated with a plurality of tenants, wherein the cryptographic identity data comprises a tenant-specific device identifier and one or more shared secrets between the platform and the particular electronic computing device;
determining, based on at least the tenant-specific device identifier in the cryptographic identity data of the secure enrollment profile, a particular tenant corresponding to the user for enabling secure tenant-specific tracking, by the platform, of electronic activities of the user and the particular electronic computing device;
receiving, from a platform server associated with the federated security platform at a predetermined interval, one or more tenant-specific policies defining actions to be taken with respect to certain electronic activities resulting from interaction by the user with the particular electronic computing device, wherein the one or more shared secrets enable secure communications between the platform server and the particular electronic computing device;
identifying a particular electronic activity resulting from user interaction with the particular electronic computing device;
comparing the identified particular electronic activity to the one or more tenant-specific policies to determine the appropriate action to take with respect to the identified particular electronic activity; and
initiating the appropriate action with respect to the identified particular electronic activity.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for securing or encrypting data or other information arising from a user'"'"'s interaction with software and/or hardware, resulting in transformation of original data into ciphertext. Generally, the ciphertext is generated using context-based keys that depend on the environment in which the original data originated and/or was accessed. The ciphertext can be stored in a user'"'"'s storage device or in an enterprise database (e.g., at-rest encryption) or shared with other users (e.g., cryptographic communication). The system generally allows for secure federation across organizations, including mechanisms to ensure that the system itself and any other actor with pervasive access to the network cannot compromise the confidentially of the protected data.
-
Citations
24 Claims
-
1. A method, comprising the steps of:
-
retrieving a secure enrollment profile, wherein the secure enrollment profile comprises cryptographic identity data corresponding to a user of a particular electronic computing device that is enrolled with a federated security platform associated with a plurality of tenants, wherein the cryptographic identity data comprises a tenant-specific device identifier and one or more shared secrets between the platform and the particular electronic computing device; determining, based on at least the tenant-specific device identifier in the cryptographic identity data of the secure enrollment profile, a particular tenant corresponding to the user for enabling secure tenant-specific tracking, by the platform, of electronic activities of the user and the particular electronic computing device; receiving, from a platform server associated with the federated security platform at a predetermined interval, one or more tenant-specific policies defining actions to be taken with respect to certain electronic activities resulting from interaction by the user with the particular electronic computing device, wherein the one or more shared secrets enable secure communications between the platform server and the particular electronic computing device; identifying a particular electronic activity resulting from user interaction with the particular electronic computing device; comparing the identified particular electronic activity to the one or more tenant-specific policies to determine the appropriate action to take with respect to the identified particular electronic activity; and initiating the appropriate action with respect to the identified particular electronic activity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system, comprising:
-
a federated security platform associated with a plurality of tenants, the platform comprising a server; and an electronic computing device enrolled with the platform, the electronic computing device comprising a processor, the processor operative to; retrieve a secure enrollment profile, the secure enrollment profile comprising cryptographic identity data corresponding to a user of the electronic computing device, wherein the cryptographic identity data comprises a tenant-specific device identifier and one or more shared secrets between the platform and the electronic computing device; determine, based on at least the tenant-specific device identifier in the cryptographic identity data of the secure enrollment profile, a particular tenant corresponding to the user for enabling secure tenant-specific tracking, by the platform, of electronic activities of the user and the electronic computing device; receive, from the server at a predetermined interval, one or more tenant-specific policies defining actions to be taken with respect to certain electronic activities resulting from interaction by the user with the electronic computing device, wherein the one or more shared secrets enable secure communications between the server and the particular electronic computing device; identify a particular electronic activity resulting from user interaction with the electronic computing device; compare the identified particular electronic activity to the one or more tenant-specific policies to determine the appropriate action to take with respect to the identified particular electronic activity; and initiate the appropriate action with respect to the identified particular electronic activity. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
Specification