Method and system for automatically managing secure communications and distribution of secrets in multiple communications jurisdiction zones
First Claim
1. A system for automatically managing secure communications and transferring secrets across multiple communications jurisdiction zones comprising:
- at least one processor; and
at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the at least one processors, perform a process for automatically managing secure communications and transferring secrets across multiple communications jurisdiction zones, the process including;
identifying two or more communications jurisdiction zones from which, and/or to which, secrets and other data may be transferred using one or more types of communications channels including one or more types of secure communications security levels;
obtaining communications and data security policy data for the identified communications jurisdiction zones, the communications and data security policy data for the identified communications jurisdiction zones including data indicating allowed types of secure communications security levels for the respective communications jurisdiction zones, the communications and data security policy data for the plurality of data security jurisdiction zones further including data indicating allowed secrets data for each of the respective data security jurisdiction zones of the plurality of data security jurisdiction zones and nonallowed secrets data for the respective data security jurisdiction zones of the plurality of data security jurisdiction zones, the allowed secrets data for each given respective data security jurisdiction zone representing one or more secrets allowed to be used to protect data in the given data security jurisdiction zone;
obtaining secrets request data originating from a requesting resource, the obtained secrets request data indicating a desired exchange of secrets data to a requesting resource, at least a portion of the secrets data being in a first communications jurisdiction zone and the requesting resource being in a second communications jurisdiction zone different from the first communications jurisdiction zone;
automatically obtaining first communications jurisdiction zone communications and data security policy data associated with the first communications jurisdiction zone and second communications jurisdiction zone communications and data security policy data associated with second communications jurisdiction zone from the communications and data security policy data;
automatically analyzing the data security policy data of the data security jurisdiction zone of the requesting resource to determine allowed secrets encryption key data with respect to the data security jurisdiction zone of the requesting resource;
identifying one or more classes of allowed secrets data by classifying the allowed secrets data represented by the secrets data according to a level of security provided by the secrets represented by the allowed secrets;
obtaining the allowed secrets data within the one or more classes of allowed secrets data with respect to the data security jurisdiction zone of the requesting resource;
automatically analyzing the first communications jurisdiction zone communications and data security policy data, the second communications jurisdiction zone communications and data security policy data, and the secrets request data to determine at least one allowed type of secure communications security level for the desired exchange of secrets and/or other data that complies with both the first communications jurisdiction zone communications and data security policy data and the second communications jurisdiction zone communications and data security policy data;
selecting one of the at least one allowed type of secure communications security level;
automatically establishing the required type of communications channel including the allowed type of secure communications security level between the first communications jurisdiction zone and the second communications jurisdiction zone; and
automatically providing the allowed secrets data to the requesting resource.
0 Assignments
0 Petitions
Accused Products
Abstract
Communications and security policy data for two or more zones is obtained that includes data indicating allowed protocols for the respective communications jurisdiction zones. Request data indicating a desired exchange of data between a secrets data source in a first zone and a requesting resource in a second zone is received/obtained. The first zone policy data and the second zone policy data is automatically obtained and analyzed to determine an allowed type of communications security level for the desired exchange of data that complies with both the first zone communications and data security policy data and the second zone policy data. A communications channel, including the allowed type of secure communications security level, is automatically establishing between the first resource and the second resource, and at least a portion of the requests secrets and/or other data is exchanged.
-
Citations
29 Claims
-
1. A system for automatically managing secure communications and transferring secrets across multiple communications jurisdiction zones comprising:
-
at least one processor; and at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the at least one processors, perform a process for automatically managing secure communications and transferring secrets across multiple communications jurisdiction zones, the process including; identifying two or more communications jurisdiction zones from which, and/or to which, secrets and other data may be transferred using one or more types of communications channels including one or more types of secure communications security levels; obtaining communications and data security policy data for the identified communications jurisdiction zones, the communications and data security policy data for the identified communications jurisdiction zones including data indicating allowed types of secure communications security levels for the respective communications jurisdiction zones, the communications and data security policy data for the plurality of data security jurisdiction zones further including data indicating allowed secrets data for each of the respective data security jurisdiction zones of the plurality of data security jurisdiction zones and nonallowed secrets data for the respective data security jurisdiction zones of the plurality of data security jurisdiction zones, the allowed secrets data for each given respective data security jurisdiction zone representing one or more secrets allowed to be used to protect data in the given data security jurisdiction zone; obtaining secrets request data originating from a requesting resource, the obtained secrets request data indicating a desired exchange of secrets data to a requesting resource, at least a portion of the secrets data being in a first communications jurisdiction zone and the requesting resource being in a second communications jurisdiction zone different from the first communications jurisdiction zone; automatically obtaining first communications jurisdiction zone communications and data security policy data associated with the first communications jurisdiction zone and second communications jurisdiction zone communications and data security policy data associated with second communications jurisdiction zone from the communications and data security policy data; automatically analyzing the data security policy data of the data security jurisdiction zone of the requesting resource to determine allowed secrets encryption key data with respect to the data security jurisdiction zone of the requesting resource; identifying one or more classes of allowed secrets data by classifying the allowed secrets data represented by the secrets data according to a level of security provided by the secrets represented by the allowed secrets; obtaining the allowed secrets data within the one or more classes of allowed secrets data with respect to the data security jurisdiction zone of the requesting resource; automatically analyzing the first communications jurisdiction zone communications and data security policy data, the second communications jurisdiction zone communications and data security policy data, and the secrets request data to determine at least one allowed type of secure communications security level for the desired exchange of secrets and/or other data that complies with both the first communications jurisdiction zone communications and data security policy data and the second communications jurisdiction zone communications and data security policy data; selecting one of the at least one allowed type of secure communications security level; automatically establishing the required type of communications channel including the allowed type of secure communications security level between the first communications jurisdiction zone and the second communications jurisdiction zone; and automatically providing the allowed secrets data to the requesting resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for automatically managing secure communications and transferring secrets across multiple communications jurisdiction zones comprising:
-
at least one processor; and at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the at least one processors, perform a process for automatically managing secure communications and transferring secrets across multiple communications jurisdiction zones, the process including; identifying two or more communications jurisdiction zones from which, and/or to which, secrets and other data may be transferred using one or more types of communications channels including one or more types of secure communications security levels; obtaining communications and data security policy data for the identified communications jurisdiction zones, the communications and data security policy data for the identified communications jurisdiction zones including data indicating allowed types of secure communications security levels for the respective communications jurisdiction zones, the data security policy data for the plurality of data security jurisdiction zones including data indicating allowed secrets data for each of the respective data security jurisdiction zones of the plurality of data security jurisdiction zones and nonallowed secrets data for the respective data security jurisdiction zones of the plurality of data security jurisdiction zones, the allowed secrets data for each given respective data security jurisdiction zone representing one or more secrets allowed to be used to protect data in the given data security jurisdiction zone; obtaining secrets request data indicating a desired exchange of secrets data between a first resource in a first communications jurisdiction zone and a requesting resource in a second communications jurisdiction zone; automatically obtaining first communications jurisdiction zone communications and data security policy data associated with the first communications jurisdiction zone and second communications jurisdiction zone communications and data security policy data associated with second communications jurisdiction zone from the communications and data security policy data; automatically analyzing the data security policy data of the data security jurisdiction zone of the requesting resource to determine allowed secrets encryption key data with respect to the data security jurisdiction zone of the requesting resource; identifying one or more classes of allowed secrets data by classifying the allowed secrets data represented by the secrets data according to a level of security provided by the secrets; obtaining the allowed secrets data within the one or more classes of allowed secrets data with respect to the data security jurisdiction zone of the requesting resource; automatically analyzing the data indicating the desired exchange of secrets and/or other data to determine a required type of communications channel; obtaining enterprise data transfer policy data, the enterprise data transfer policy data including data indicating required types of secure communications security levels for one or more types of secrets data; automatically analyzing the allowed secrets data and the enterprise data transfer policy data to determine enterprise allowed types of secure communications security levels data for the desired exchange of secrets data; automatically analyzing the first communications jurisdiction zone communications and data security policy data, the second communications jurisdiction zone communications and data security policy data, and the enterprise allowed types of secure communications security level data, to determine at least one allowed type of secure communications security level for the desired exchange of secrets and/or other data that complies with each of the first communications jurisdiction zone communications and data security policy data, the second communications jurisdiction zone communications and data security policy data, and the enterprise allowed types of secure communications security level data; selecting, from the allowed types of secure communications security levels for the first communications jurisdiction zone communications and data security policy data, the second communications jurisdiction zone communications and data security policy data, and the enterprise allowed types of secure communications security level data and the secrets request data, one of the at least one allowed type of secure communications security level; automatically establishing the required type of communications channel including the allowed type of secure communications security level between the first communications jurisdiction zone and the second communications jurisdiction zone; and automatically providing the allowed secrets data to the requesting resource. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A system for automatically managing secure communications and transferring secrets across multiple communications jurisdiction zones comprising:
-
at least one processor; and at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the at least one processors, perform a process for automatically managing secure communications and transferring secrets across multiple communications jurisdiction zones, the process including; identifying two or more communications jurisdiction zones from which, and/or to which, secrets and other data may be transferred using one or more types of communications channels including one or more types of secure communications security levels; obtaining communications and data security policy data for the identified communications jurisdiction zones, the communications and data security policy data for the identified communications jurisdiction zones including data indicating allowed types of secure communications security levels for the respective communications jurisdiction zones, the communications and data security policy data for the plurality of data security jurisdiction zones further including data indicating allowed secrets data for each of the respective data security jurisdiction zones of the plurality of data security jurisdiction zones and nonallowed secrets data for the respective data security jurisdiction zones of the plurality of data security jurisdiction zones, the allowed secrets data for each given respective data security jurisdiction zone representing one or more secrets allowed to be used to protect data in the given data security jurisdiction zone; obtaining secrets request data originating at a requesting resource, the obtained secrets request data indicating a desired exchange of secrets data to a requesting resource, at least a portion of the secrets data being in a first communications jurisdiction zone and the requesting resource being in a second communications jurisdiction zone different from the first communications jurisdiction zone; automatically obtaining first communications jurisdiction zone communications and data security policy data associated with the first communications jurisdiction zone and second communications jurisdiction zone communications and data security policy data associated with second communications jurisdiction zone from the communications and data security policy data; automatically analyzing the data security policy data of the data security jurisdiction zone of the requesting resource to determine allowed secrets encryption key data with respect to the data security jurisdiction zone of the requesting resource; identifying one or more classes of allowed secrets data by classifying the allowed secrets data represented by the secrets data according to a level of security provided by the secrets; obtaining the allowed secrets data within the one or more classes of allowed secrets data with respect to the data security jurisdiction zone of the requesting resource; automatically analyzing the secrets request data indicating the desired exchange of secrets data to determine a required type of communications channel; obtaining data owner data transfer policy data, the data owner data transfer policy data including data indicating owner required types of secure communications security levels for one or more types of data; automatically obtaining data type data indicating the type of data involved in the desired exchange of secrets and/or other data; automatically analyzing the data type data and the data owner data transfer policy data to determine data owner allowed types of secure communications security level data for the desired exchange of secrets and/or other data; automatically analyzing the first communications jurisdiction zone communications and data security policy data, the second communications jurisdiction zone communications and data security policy data, and data owner allowed types of secure communications security level data, to determine at least one allowed type of secure communications security level for the desired exchange of secrets and/or other data that complies with each of the first communications jurisdiction zone communications and data security policy data, the second communications jurisdiction zone communications and data security policy data, and the data owner allowed types of secure communications security level data; selecting one of the at least one allowed type of secure communications security level; automatically establishing the required type of communications channel including the allowed type of secure communications security level between the first communications jurisdiction zone and the second communications jurisdiction zone; and automatically providing the allowed secrets data to the requesting resource. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
-
Specification