Method and system for automatically managing secret application and maintenance
First Claim
1. A system for automatically managing secrets application and maintenance comprising:
- at least one processor; and
at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the at least one processors, perform a process for automatically managing secrets application and maintenance, the process for automatically managing secrets application and maintenance including;
generating data classification data defining one or more classes of data;
for each class of data, generating secret application and maintenance policy data including required secrets application data indicating required secret types to be applied to each class of data and secrets maintenance policy data indicating secret maintenance procedures for required secrets to be applied to each class of data;
obtaining access to data to be protected;
determining the class of the data to be protected;
obtaining the secret application and maintenance policy data for the determined class of the data to be protected;
analyzing the required secrets application data of the secret application and maintenance policy data for the determined class of the data to be protected to identify the required secret types to be applied to the data to be protected, and to also identify a class of secrets associated with the determined class of data, wherein each different class of secrets associated with different levels of protection are each stored in different data stores;
obtaining required secrets data representing one or more secrets of the required secret types to be applied to the data to be protected, the one or more secrets of the required secrets types including at least multifactor authentication data;
automatically scheduling the application of the one or more secrets of the required secret types to the data to be protected in accordance with the required secrets application data of the secret application and maintenance policy data for the determined class of the data to be protected; and
automatically scheduling the reapplication, rotation or change of the one or more secrets of the required secrets data in accordance with the secrets maintenance policy data of the secret application and maintenance policy data for the determined class of the data to be protected, wherein each different secret type is governed by a different secrets maintenance policy data, and a period of rotation, change, or expiration of secrets of a given type depends on a level of security associated with the secret application and maintenance policy.
1 Assignment
0 Petitions
Accused Products
Abstract
Secret application and maintenance policy data is generated for different classes of data. The class of data to be protected is determined and the secret application and maintenance policy data for the determined class of the data to be protected is identified and obtained. Required secrets data representing one or more secrets to be applied to the data to be protected is obtained and then automatically scheduled for application to the data to be protected in accordance with the secret application and maintenance policy data for the determined class of the data to be protected. Maintenance of the one or more secrets is also automatically scheduled in accordance with the secret application and maintenance policy data for the determined class of the data to be protected.
93 Citations
38 Claims
-
1. A system for automatically managing secrets application and maintenance comprising:
-
at least one processor; and at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the at least one processors, perform a process for automatically managing secrets application and maintenance, the process for automatically managing secrets application and maintenance including; generating data classification data defining one or more classes of data; for each class of data, generating secret application and maintenance policy data including required secrets application data indicating required secret types to be applied to each class of data and secrets maintenance policy data indicating secret maintenance procedures for required secrets to be applied to each class of data; obtaining access to data to be protected; determining the class of the data to be protected; obtaining the secret application and maintenance policy data for the determined class of the data to be protected; analyzing the required secrets application data of the secret application and maintenance policy data for the determined class of the data to be protected to identify the required secret types to be applied to the data to be protected, and to also identify a class of secrets associated with the determined class of data, wherein each different class of secrets associated with different levels of protection are each stored in different data stores; obtaining required secrets data representing one or more secrets of the required secret types to be applied to the data to be protected, the one or more secrets of the required secrets types including at least multifactor authentication data; automatically scheduling the application of the one or more secrets of the required secret types to the data to be protected in accordance with the required secrets application data of the secret application and maintenance policy data for the determined class of the data to be protected; and automatically scheduling the reapplication, rotation or change of the one or more secrets of the required secrets data in accordance with the secrets maintenance policy data of the secret application and maintenance policy data for the determined class of the data to be protected, wherein each different secret type is governed by a different secrets maintenance policy data, and a period of rotation, change, or expiration of secrets of a given type depends on a level of security associated with the secret application and maintenance policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A system for automatically managing encryption key application and maintenance comprising:
-
at least one processor; and at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for automatically managing encryption key application and maintenance, the process for automatically managing encryption key application and maintenance including; generating data classification data defining one or more classes of data; for each class of data, generating encryption key application and maintenance policy data including required encryption key application data indicating the required encryption key to be applied to each class of data and encryption key maintenance policy data indicating encryption key maintenance procedures for the required encryption key to be applied to each class of data; obtaining access to data to be protected; determining the class of the data to be protected; obtaining the encryption key application and maintenance policy data for the determined class of the data to be protected; analyzing the required encryption key application data of the encryption key application and maintenance policy data for the determined class of the data to be protected to identify the required encryption key type to be applied to the data to be protected, and to also identify a class of encryption key associated with the determined class of data, wherein each different class of encryption key associated with different levels of protection are each stored in different data stores; obtaining required encryption key data representing an encryption key of the required encryption key type to be applied to the data to be protected; automatically scheduling the application of the encryption key of the required encryption key type to the data to be protected in accordance with the required encryption key application data of the encryption key application and maintenance policy data for the determined class of the data to be protected; and automatically scheduling the reapplication, rotation or change of the encryption key of the required encryption key data in accordance with the encryption key maintenance policy data of the encryption key application and maintenance policy data for the determined class of the data to be protected, wherein each different secret type is governed by a different secrets maintenance policy data, and a period of rotation, change, or expiration of secrets of a given type depends on a level of security associated with the secret application and maintenance policy. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A computing system implemented method for automatically managing secrets application and maintenance comprising the following, which when executed individually or collectively by any set of one or more processors perform a process including:
-
generating data classification data defining one or more classes of data; for each class of data, generating secret application and maintenance policy data including required secrets application data indicating the required secret types to be applied to each class of data and secrets maintenance policy data indicating secret maintenance procedures for the required secrets to be applied to each class of data; obtaining access to data to be protected; determining the class of the data to be protected; obtaining the secret application and maintenance policy data for the determined class of the data to be protected; analyzing the required secrets application data of the secret application and maintenance policy data for the determined class of the data to be protected to identify the required secret types to be applied to the data to be protected, the required secret types including at least multifactor authentication data, and to also identify a class of secrets associated with the determined class of data, wherein each different class of secrets associated with different levels of protection are each stored in different data stores; obtaining required secrets data representing one or more secrets of the required secret types to be applied to the data to be protected; automatically scheduling the application of the one or more secrets of the required secret types to the data to be protected in accordance with the required secrets application data of the secret application and maintenance policy data for the determined class of the data to be protected; and automatically scheduling the reapplication, rotation or change of the one or more secrets of the required secrets data in accordance with the secrets maintenance policy data of the secret application and maintenance policy data for the determined class of the data to be protected, wherein each different secret type is governed by a different secrets maintenance policy data, and a period of rotation, change, or expiration of secrets of a given type depends on a level of security associated with the secret application and maintenance policy. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38)
-
Specification