Data encryption, transport, and storage service for carrier-grade networks
First Claim
Patent Images
1. A method comprising:
- storing, by a first network device, user preferences pertaining to a data encryption service that provides encryption for data in-flight and at rest, wherein the user preferences indicate a location where encrypted data is to be stored and a type of data to be encrypted, and wherein the user preferences are set by a user that subscribes to the data encryption service;
receiving, by the first network device, a first data from the user via a user device;
determining, by the first network device, whether to invoke the data encryption service based on receiving the first data and use of the user preferences;
generating, by the first network device, a key to encrypt the first data based on determining that the data encryption service is to be invoked;
generating, by the first network device, a first message that includes the first data, the key, and data indicating the location;
establishing, by the first network device, a secure connection with a second network device in response to the generating of the first message;
transmitting, by the first network device, the first message to the second network device via the secure connection in response to the establishing;
transmitting, by the first network device, the first data to a destination included in the first data without invoking the data encryption service based on determining that the data encryption service is not to be invoked;
generating, by the second network device, a second message that includes encrypted first data in response to receipt of the first message; and
transmitting, by the second network device, the second message to a third network device.
2 Assignments
0 Petitions
Accused Products
Abstract
A method, a system, and a non-transitory storage medium for storing user preferences pertaining to a data encryption service that provides on-demand encryption for data in-flight and at rest; receiving data from a user device; determining whether to invoke the data encryption service based on the data and the user preferences; generating a key to encrypt the data based on determining that the data encryption service is to be invoked; generating a first message that includes the data, the key, and data indicating where encrypted data is to be stored; establishing a secure connection with a device; and transmitting the first message to the device via the secure connection.
12 Citations
20 Claims
-
1. A method comprising:
-
storing, by a first network device, user preferences pertaining to a data encryption service that provides encryption for data in-flight and at rest, wherein the user preferences indicate a location where encrypted data is to be stored and a type of data to be encrypted, and wherein the user preferences are set by a user that subscribes to the data encryption service; receiving, by the first network device, a first data from the user via a user device; determining, by the first network device, whether to invoke the data encryption service based on receiving the first data and use of the user preferences; generating, by the first network device, a key to encrypt the first data based on determining that the data encryption service is to be invoked; generating, by the first network device, a first message that includes the first data, the key, and data indicating the location; establishing, by the first network device, a secure connection with a second network device in response to the generating of the first message; transmitting, by the first network device, the first message to the second network device via the secure connection in response to the establishing; transmitting, by the first network device, the first data to a destination included in the first data without invoking the data encryption service based on determining that the data encryption service is not to be invoked; generating, by the second network device, a second message that includes encrypted first data in response to receipt of the first message; and transmitting, by the second network device, the second message to a third network device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
a first network device comprising; a first communication interface; a first memory, wherein the first memory stores first instructions; and a first processor, wherein the first processor executes the first instructions to; store user preferences pertaining to a data encryption service that provides encryption for data in-flight and at rest, wherein the user preferences indicate a location where encrypted data is to be stored and a type of data to be encrypted, and wherein the user preferences are set by a user that subscribes to the data encryption service; receive, via the first communication interface, first data from the user via a user device; determine whether to invoke the data encryption service based on the receipt of the first data and use of the user preferences; generate a key to encrypt the first data based on a determination that the data encryption service is to be invoked; generate a first message that includes the first data, the key, and data indicating the location; establish, via the first communication interface, a secure connection with a second network device in response to the generation of the first message; transmit, via the first communication interface and the secure connection, the first message to the second network device in response to the establishment of the secure connection; transmit, via the first communication interface, the first data to a destination included in the first data without invoking the data encryption service based on a determination that the data encryption service is not to be invoked, and the system further comprising the second network device, wherein the second network device comprises; a second communication interface; a second memory, wherein the second memory stores second instructions; and a second processor, wherein the second processor executes the second instructions to; generate a second message that includes encrypted first data and the data indicating the location, in response to the receipt of the first message; and transmit, via the second communication interface, the second message to a third network device. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory, computer-readable storage medium storing instructions executable by a processor of a computational device, which when executed cause the computational device to:
-
store user preferences pertaining to a data encryption service that provides encryption for data in-flight and at rest, wherein the user preferences indicate a location where encrypted data is to be stored and a type of data to be encrypted, and wherein the user preferences are set by a user that subscribes to the data encryption service; receive first data from the user via a user device; determine whether to invoke the data encryption service based on the receipt of the first data and use of the user preferences; generate a key to encrypt the first data based on a determination that the data encryption service is to be invoked; generate a first message that includes the first data, the key, and data indicating the location; establish a secure connection with another device in response to the generation of the first message; transmit the first message to the other device via the secure connection in response to the establishment of the secure connection; transmit the first data to a destination included in the first data without invoking the data encryption service based on a determination that the data encryption service is not to be invoked; generate a second message that includes encrypted first data in response to the receipt of the first message; and transmit the second message to yet another device. - View Dependent Claims (17, 18, 19, 20)
-
Specification