Data encryption, transport, and storage service for carrier-grade networks

US 9,577,988 B2
Filed: 09/26/2014
Issued: 02/21/2017
Est. Priority Date: 09/26/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

storing, by a first network device, user preferences pertaining to a data encryption service that provides encryption for data in-flight and at rest, wherein the user preferences indicate a location where encrypted data is to be stored and a type of data to be encrypted, and wherein the user preferences are set by a user that subscribes to the data encryption service;

receiving, by the first network device, a first data from the user via a user device;

determining, by the first network device, whether to invoke the data encryption service based on receiving the first data and use of the user preferences;

generating, by the first network device, a key to encrypt the first data based on determining that the data encryption service is to be invoked;

generating, by the first network device, a first message that includes the first data, the key, and data indicating the location;

establishing, by the first network device, a secure connection with a second network device in response to the generating of the first message;

transmitting, by the first network device, the first message to the second network device via the secure connection in response to the establishing;

transmitting, by the first network device, the first data to a destination included in the first data without invoking the data encryption service based on determining that the data encryption service is not to be invoked;

generating, by the second network device, a second message that includes encrypted first data in response to receipt of the first message; and

transmitting, by the second network device, the second message to a third network device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, a system, and a non-transitory storage medium for storing user preferences pertaining to a data encryption service that provides on-demand encryption for data in-flight and at rest; receiving data from a user device; determining whether to invoke the data encryption service based on the data and the user preferences; generating a key to encrypt the data based on determining that the data encryption service is to be invoked; generating a first message that includes the data, the key, and data indicating where encrypted data is to be stored; establishing a secure connection with a device; and transmitting the first message to the device via the secure connection.

12 Citations

View as Search Results

20 Claims

1. A method comprising:
- storing, by a first network device, user preferences pertaining to a data encryption service that provides encryption for data in-flight and at rest, wherein the user preferences indicate a location where encrypted data is to be stored and a type of data to be encrypted, and wherein the user preferences are set by a user that subscribes to the data encryption service;
  
  receiving, by the first network device, a first data from the user via a user device;
  
  determining, by the first network device, whether to invoke the data encryption service based on receiving the first data and use of the user preferences;
  
  generating, by the first network device, a key to encrypt the first data based on determining that the data encryption service is to be invoked;
  
  generating, by the first network device, a first message that includes the first data, the key, and data indicating the location;
  
  establishing, by the first network device, a secure connection with a second network device in response to the generating of the first message;
  
  transmitting, by the first network device, the first message to the second network device via the secure connection in response to the establishing;
  
  transmitting, by the first network device, the first data to a destination included in the first data without invoking the data encryption service based on determining that the data encryption service is not to be invoked;
  
  generating, by the second network device, a second message that includes encrypted first data in response to receipt of the first message; and
  
  transmitting, by the second network device, the second message to a third network device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the generating the key further comprises:
    - generating, by the first network device, a key pair based on the user preferences, wherein the key pair includes a public key and a private key, and wherein the key corresponds to the public key; and
      
      storing, by the first network device, the private key.
  - 3. The method of claim 1, further comprising:
    - receiving, by the second network device, the first message; and
      
      encrypting, by the second network device, the first data based on the key.
  - 4. The method of claim 3,wherein the user preferences indicate a type of encryption.
  - 5. The method of claim 1, further comprising:
    - receiving, by the third network device, the second message;
      
      storing, by the third network device, the encrypted first data based on receiving the second message; and
      
      notifying, by the third network device, the user of the user device that the encrypted first data is stored at the location.
  - 6. The method of claim 1, wherein the user preferences include calendar information of the user, and the determining further comprises:
    - determining, by the first network device, whether to invoke the data encryption service based on a use of the calendar information; and
      
      transmitting, by the first network device, the first data to another device based on determining that the data encryption service is not to be invoked.
  - 7. The method of claim 1, wherein the user preferences indicate a time period during which the data encryption service is to be invoked and a time period during which the data encryption service is not to be invoked.

8. A system comprising:
- a first network device comprising;
  
  a first communication interface;
  
  a first memory, wherein the first memory stores first instructions; and
  
  a first processor, wherein the first processor executes the first instructions to;
  
  store user preferences pertaining to a data encryption service that provides encryption for data in-flight and at rest, wherein the user preferences indicate a location where encrypted data is to be stored and a type of data to be encrypted, and wherein the user preferences are set by a user that subscribes to the data encryption service;
  
  receive, via the first communication interface, first data from the user via a user device;
  
  determine whether to invoke the data encryption service based on the receipt of the first data and use of the user preferences;
  
  generate a key to encrypt the first data based on a determination that the data encryption service is to be invoked;
  
  generate a first message that includes the first data, the key, and data indicating the location;
  
  establish, via the first communication interface, a secure connection with a second network device in response to the generation of the first message;
  
  transmit, via the first communication interface and the secure connection, the first message to the second network device in response to the establishment of the secure connection;
  
  transmit, via the first communication interface, the first data to a destination included in the first data without invoking the data encryption service based on a determination that the data encryption service is not to be invoked, and the system further comprising the second network device, wherein the second network device comprises;
  
  a second communication interface;
  
  a second memory, wherein the second memory stores second instructions; and
  
  a second processor, wherein the second processor executes the second instructions to;
  
  generate a second message that includes encrypted first data and the data indicating the location, in response to the receipt of the first message; and
  
  transmit, via the second communication interface, the second message to a third network device.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The system of claim 8, wherein, when generating the key, the first processor further executes the first instructions to:
    - generate a key pair based on the user preferences, wherein the key pair includes a public key and a private key, and wherein the key corresponds to the public key; and
      
      store the private key.
  - 10. The system of claim 8,wherein the second processor further executes the second instructions to:
    - receive, via the second communication interface, the first message; and
      
      encrypt the first data based on the key.
  - 11. The system of claim 10,wherein the user preferences indicate a type of encryption.
  - 12. The system of claim 9, further comprising the third network device, wherein the third network device comprises:
    - a third communication interface;
      
      a third memory, wherein the third memory stores third instructions; and
      
      a third processor, wherein the third processor executes the third instructions to;
      
      receive, via the third communication interface, the second message;
      
      store the encrypted first data based on the receipt of the second message;
      
      generate a third message, wherein the third message indicates that the encrypted first data is stored at the location; and
      
      transmit, via the third communication interface, the third message to the user device.
  - 13. The system of claim 8, wherein the user preferences include calendar information of the user, and wherein when determining, the first processor further executes the first instructions to:
    - determine whether to invoke the data encryption service based on a use of the calendar information; and
      
      transmit, via the first communication interface, the first data to another device based on a determination that the data encryption service is not to be invoked.
  - 14. The system of claim 8, wherein the user preferences indicate a time period during which the data encryption service is to be invoked and a time period during which the data encryption service is not to be invoked.
  - 15. The system of claim 8, wherein the first network device comprises one of a router, a base station, a wireless access point, a gateway device, or a computer server, and the first network device is customer premises equipment, and wherein the type of data to be encrypted indicates one or more file extensions.

16. A non-transitory, computer-readable storage medium storing instructions executable by a processor of a computational device, which when executed cause the computational device to:
- store user preferences pertaining to a data encryption service that provides encryption for data in-flight and at rest, wherein the user preferences indicate a location where encrypted data is to be stored and a type of data to be encrypted, and wherein the user preferences are set by a user that subscribes to the data encryption service;
  
  receive first data from the user via a user device;
  
  determine whether to invoke the data encryption service based on the receipt of the first data and use of the user preferences;
  
  generate a key to encrypt the first data based on a determination that the data encryption service is to be invoked;
  
  generate a first message that includes the first data, the key, and data indicating the location;
  
  establish a secure connection with another device in response to the generation of the first message;
  
  transmit the first message to the other device via the secure connection in response to the establishment of the secure connection;
  
  transmit the first data to a destination included in the first data without invoking the data encryption service based on a determination that the data encryption service is not to be invoked;
  
  generate a second message that includes encrypted first data in response to the receipt of the first message; and
  
  transmit the second message to yet another device.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory, computer-readable storage medium of claim 16, wherein the instructions to generate the key further comprise instructions executable by the processor of the computational device, which when executed cause the computational device to:
    - generate a key pair based on the user preferences, wherein the key pair includes a public key and a private key, and wherein the key corresponds to the public key; and
      
      store the private key.
  - 18. The non-transitory, computer-readable storage medium of claim 17, wherein the instructions to establish the secure connection further comprise instructions executable by the processor of the computational device, which when executed cause the computational device to:
    - establish an Internet Protocol Security Virtual Private Network (IPSec VPN) connection.
  - 19. The non-transitory, computer-readable storage medium of claim 16, wherein the type of data to be encrypted indicates particular metadata associated with data.
  - 20. The non-transitory, computer-readable storage medium of claim 16, wherein the user preferences indicate at least one mode of operation of the user device, wherein when the user device operates in the at least one mode, the data encryption service is to be invoked, and the instructions to determine further storing instructions executable by the processor of the computational device, which when executed cause the computational device to:
    - detect a mode of operation of the user device;
      
      determine whether to invoke the data encryption service based on the detection of the mode of operation and use of the user preferences; and
      
      invoke the data encryption service based on the determination that the data encryption service is to be invoked.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
Rao, Ravindra J., Francis, Gary R., Chaudhary, Ashay
Primary Examiner(s)
Siddiqi, Mohammad A

Application Number

US14/497,440
Publication Number

US 20160094521A1
Time in Patent Office

879 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0428 wherein the data content is...

H04L 63/061 for key exchange, e.g. in p...

Data encryption, transport, and storage service for carrier-grade networks

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

12 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Data encryption, transport, and storage service for carrier-grade networks

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links