SECURITY
First Claim
Patent Images
1. A method of secure information sharing between a first domain and a plurality of destination domains, the method comprising:
- processing a file at the first domain to establish a set of attributes of the file, the attributes of the file comprising a destination attribute for determining permitted domains to which the file may be sent;
encrypting the file at the first domain using the attributes of the file, and thereby generating an encrypted file;
providing the first domain with, for a first destination domain, a first egress data guard comprising a destination attribute associated with the first destination domain;
identifying that the encrypted file is desired to be communicated to the first destination domain;
attempting to decrypt the encrypted file at the first egress data guard using a decryption key derived from the destination attribute of the first egress data guard, where decryption will be possible if the destination attribute of the data guard matches the destination attribute of the file; and
if it has been possible to decrypt the encrypted file, making a determination as to whether the file may be communicated to the first destination domain.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of secure information sharing between a first domain and a plurality of destination domains, the method comprising:
- a. Processing a file at the first domain to establish a set of attributes of the file, the attributes of the file comprising a destination attribute for determining permitted domains to which the file may be sent,
- b. Encrypting the file at the first domain using the attributes of the file, and thereby generating an encrypted file,
- c. providing the first domain with, for a first destination domain, a first egress data guard comprising a destination attribute associated with the first destination domain,
- d. identifying that the encrypted file is desired to be communicated to the first destination domain,
- e. attempting to decrypt the encrypted file at the first egress data guard using a decryption key derived from the destination attribute of the first egress data guard, where decryption will be possible if the destination attribute of the data guard matches the destination attribute of the file,
- f. if it has been possible to decrypt the encrypted file at step e, making a determination as to whether the file may be communicated to the first destination domain.
26 Citations
20 Claims
-
1. A method of secure information sharing between a first domain and a plurality of destination domains, the method comprising:
-
processing a file at the first domain to establish a set of attributes of the file, the attributes of the file comprising a destination attribute for determining permitted domains to which the file may be sent; encrypting the file at the first domain using the attributes of the file, and thereby generating an encrypted file; providing the first domain with, for a first destination domain, a first egress data guard comprising a destination attribute associated with the first destination domain; identifying that the encrypted file is desired to be communicated to the first destination domain; attempting to decrypt the encrypted file at the first egress data guard using a decryption key derived from the destination attribute of the first egress data guard, where decryption will be possible if the destination attribute of the data guard matches the destination attribute of the file; and if it has been possible to decrypt the encrypted file, making a determination as to whether the file may be communicated to the first destination domain. - View Dependent Claims (2, 3, 4, 5, 6, 7, 9, 10, 11, 12, 15)
-
-
8. A method secure information sharing between a first domain and a plurality of destination domains, the method comprising:
-
processing a file at the first domain to establish a set of attributes of the file, the attributes of the file comprising a destination attribute for determining permitted domains to which the file may be sent; encrypting the file at the first domain using the attributes of the file, and thereby generating an encrypted file; providing the first domain with, for a first destination domain, a first egress data guard comprising a destination attribute associated with the first destination domain; identifying that the encrypted file is desired to be communicated to the first destination domain; attempting to decrypt the encrypted file at the first egress data guard using a decryption key derived from the destination attribute of the first egress data guard, where decryption will be possible if the destination attribute of the data guard matches the destination attribute of the file; if it has been possible to decrypt the encrypted file, making a determination as to whether the file may be communicated to the first destination domain; sending the encrypted file to the first destination domain; providing at least one ingress data guard at the first destination domain for determining whether the encrypted file may be received from the first domain into the first destination domain; communicating a destination decryption key from the first domain to the first destination domain, for selectively enabling the decryption of the file at the first destination domain. - View Dependent Claims (16, 17)
-
-
13. One or more non-transient computer-readable mediums encoded with instructions that when executed cause one or more processors to carry out a process of secure information sharing between a first domain and a plurality of destination domains, the process comprising:
-
processing a file at the first domain to establish a set of attributes of the file, the attributes of the file comprising a destination attribute for determining permitted domains to which the file may be sent; encrypting the file at the first domain using the attributes of the file, and thereby generating an encrypted file; providing the first domain with, for a first destination domain, a first egress data guard comprising a destination attribute associated with the first destination domain; identifying that the encrypted file is desired to be communicated to the first destination domain; attempting to decrypt the encrypted file at the first egress data guard using a decryption key derived from the destination attribute of the first egress data guard, where decryption will be possible if the destination attribute of the data guard matches the destination attribute of the file; if it has been possible to decrypt the encrypted file, making a determination as to whether the file may be communicated to the first destination domain.
-
-
14. A system for secure information sharing between a first domain and a plurality of destination domains, the first domain comprising:
-
an attribute identification module for processing a file at the first domain to establish a set of attributes of the file, the attributes of the file comprising a destination attribute for determining permitted domains to which the file may be sent; an encryption module for encrypting the file at the first domain using the attributes of the file, and thereby generating an encrypted file; and a first egress data guard for a first destination domain, comprising a destination attribute associated with the first destination domain; wherein, upon identifying that the encrypted file is desired to be communicated to the first destination domain, the system attempts to decrypt the encrypted file at the first egress data guard using a decryption key derived from the destination attribute of the first egress data guard, where decryption will be possible if the destination attribute of the data guard matches the destination attribute of the file, such that if it has been possible to decrypt the encrypted file at step, it is thereby determined whether the file may be communicated to the first destination domain. - View Dependent Claims (18, 19, 20)
-
Specification