×

Method and system for automatically managing secure communications and distribution of secrets in multiple communications jurisdiction zones

  • US 9,942,275 B2
  • Filed: 07/29/2016
  • Issued: 04/10/2018
  • Est. Priority Date: 11/01/2013
  • Status: Active Grant
First Claim
Patent Images

1. A system for automatically managing secure communications and transferring secrets across multiple communications jurisdiction zones comprising:

  • at least one processor; and

    at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the at least one processors, perform a process for automatically managing secure communications and transferring secrets across multiple communications jurisdiction zones, the process including;

    identifying two or more communications jurisdiction zones from which, and/or to which, secrets and other data may be transferred using one or more types of communications channels including one or more types of secure communications security levels;

    obtaining communications and data security policy data for the identified communications jurisdiction zones, the communications and data security policy data for the identified communications jurisdiction zones including data indicating allowed types of secure communications security levels for the respective communications jurisdiction zones, the communications and data security policy data for the plurality of data security jurisdiction zones further including data indicating allowed secrets data for each of the respective data security jurisdiction zones of the plurality of data security jurisdiction zones and nonallowed secrets data for the respective data security jurisdiction zones of the plurality of data security jurisdiction zones, the allowed secrets data for each given respective data security jurisdiction zone representing one or more secrets allowed to be used to protect data in the given data security jurisdiction zone;

    obtaining secrets request data originating from a requesting resource, the obtained secrets request data indicating a desired exchange of secrets data to a requesting resource, at least a portion of the secrets data being in a first communications jurisdiction zone and the requesting resource being in a second communications jurisdiction zone different from the first communications jurisdiction zone;

    automatically obtaining first communications jurisdiction zone communications and data security policy data associated with the first communications jurisdiction zone and second communications jurisdiction zone communications and data security policy data associated with second communications jurisdiction zone from the communications and data security policy data;

    automatically analyzing the data security policy data of the data security jurisdiction zone of the requesting resource to determine allowed secrets encryption key data with respect to the data security jurisdiction zone of the requesting resource;

    identifying one or more classes of allowed secrets data by classifying the allowed secrets data represented by the secrets data according to a level of security provided by the secrets represented by the allowed secrets;

    obtaining the allowed secrets data within the one or more classes of allowed secrets data with respect to the data security jurisdiction zone of the requesting resource;

    automatically analyzing the first communications jurisdiction zone communications and data security policy data, the second communications jurisdiction zone communications and data security policy data, and the secrets request data to determine at least one allowed type of secure communications security level for the desired exchange of secrets and/or other data that complies with both the first communications jurisdiction zone communications and data security policy data and the second communications jurisdiction zone communications and data security policy data;

    selecting one of the at least one allowed type of secure communications security level;

    automatically establishing the required type of communications channel including the allowed type of secure communications security level between the first communications jurisdiction zone and the second communications jurisdiction zone; and

    automatically providing the allowed secrets data to the requesting resource.

View all claims
  • 0 Assignments
Timeline View
Assignment View
    ×
    ×