Systems and Methods to Facilitate Multi-Factor Authentication Policy Enforcement Using One or More Policy Handlers
US-2015281279-A1 · Oct 1, 2015 · US
Technologies for privacy-preserving security policy evaluation
US10382489B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10382489-B2 |
| Application number | US-201615394370-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 29, 2016 |
| Priority date | Dec 29, 2016 |
| Publication date | Aug 13, 2019 |
| Grant date | Aug 13, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Technologies for privacy-safe security policy evaluation include a cloud analytics server, a trusted data access mediator (TDAM) device, and one or more client devices. The cloud analytics server curries a security policy function to generate a privacy-safe curried function set. The cloud analytics server requests parameter data from the TDAM device, which collects the parameter data, identifies sensitive parameter data, encrypts the sensitive parameter data, and transmits the encrypted sensitive parameter data to the cloud analytics server. The cloud analytics server evaluates one or more curried functions using non-sensitive parameters to generate one or more sensitive functions that each take a sensitive parameter. The cloud analytics server transmits the sensitive functions and the encrypted sensitive parameters to a client computing device, which decrypts the encrypted sensitive parameters and evaluates the sensitive functions with the sensitive parameters to return a security policy. Other embodiments are described and claimed.
First claim
Opening claim text (preview).
The invention claimed is: 1. A server for privacy-safe cloud threat analysis, the server comprising: at least one hardware processor; a cloud policy curry engine to curry a security policy function to generate a privacy-safe curried function set, the security policy function to generate a security policy based on a plurality of policy parameters, the privacy-safe curried function set including one or more first functions having a respective non-sensitive parameter of the plurality of policy parameters as an argument, and one or more second functions having a respective sensitive parameter of the plurality of policy parameters as an argument, the cloud policy curry engine is to evaluate the first functions of the privacy-safe curried function set with the parameter data to generate the second functions; and a communication engine to access parameter data that corresponds to one or more non-sensitive parameters of the plurality of policy parameters, the parameter data being unencrypted, the communication engine to transmit the second functions of the privacy-safe curried function set to a client computing device. 2. The server of claim 1 , wherein the cloud policy curry engine is to access a client data classification policy, the client data classification policy to identify the one or more non-sensitive parameters of the plurality of policy parameters and the one or more sensitive parameters of the plurality of policy parameters. 3. The server of claim 1 , further including a security policy engine to determine the security policy function based on the plurality of policy parameters. 4. The server of claim 1 , wherein the communication engine is to access encrypted parameter data corresponding to the one or more sensitive parameters, and transmit the encrypted parameter data to the client computing device. 5. The server of claim 1 , wherein the communication engine is to access the parameter data from a trusted data access mediator device. 6. The server of claim 1 , wherein the communication engine is to access the parameter data from an external data source. 7. The server of claim 1 , wherein the communication engine is to transmit the second function to the client device via a trusted data access mediator device. 8. The server of claim 1 , further including a trusted execution environment to execute the cloud policy curry engine and the communication engine. 9. The server of claim 8 , wherein the trusted execution environment includes a secure enclave established by secure enclave support of a processor of the computing device. 10. One or more computer-readable storage media, excluding propagating signals, comprising instructions that, when executed, cause a processor to: curry a security policy function to generate a privacy-safe curried function set, the security policy function to generate a security policy as a function of a plurality of policy parameters, the privacy-safe curried function set including one or more first functions taking a respective non-sensitive parameter of the plurality of policy parameters as an argument, and one or more second functions having a respective sensitive parameter of the plurality of policy parameters as an argument the parameter data being unencrypted; evaluate the one or more first functions of the privacy-safe curried function set with the parameter data corresponding to the non-sensitive parameters to generate the one or more second functions; and transmit the one or more second functions of the privacy-safe curried function set to a client computing device. 11. The one or more computer-readable storage disks or storage devices of claim 10 , wherein the instructions, when executed, cause the processor to access a client data classification policy, the client data classification policy to identify the one or more non-sensitive parameters of the plurality of policy parameters and the one or more sensitive parameters of the plurality of policy parameters. 12. The one or more computer-readable storage disks or storage devices of claim 10 , wherein the instructions, when executed, cause the processor to determine the security policy function, the security policy function to generate a security policy based on the plurality of policy parameters. 13. The one or more computer-readable storage disks or storage devices of claim 10 , wherein the instructions, when executed, cause the processor to access encrypted parameter data corresponding to the one or more sensitive parameters and transmit the encrypted parameter data to the client computing device. 14. The one or more computer-readable storage disks or storage devices of claim 10 , wherein the instructions, when executed, cause the processor to transmit the one or more second functions to the client device via a trusted data access mediator device. 15. A client computing device for privacy-safe cloud threat analysis, the client computing device comprising: communication circuitry; a communication engine to access, from a cloud analytics server via the communication circuitry, one or more functions of a privacy-safe curried function set, the one or more functions to take a respective sensitive parameter of a plurality of policy parameters as an argument, and access encrypted parameter data that corresponds to the one or more sensitive parameters of the plurality of policy parameters; and a client policy evaluation engine to decrypt the encrypted parameter data to generate the one or more sensitive parameters, and evaluate the one or more functions with the one or more sensitive parameters to generate a security policy. 16. The client computing device of claim 15 , wherein the communication engine is to access the encrypted parameter data from the cloud analytics server. 17. The client computing device of claim 15 , wherein the communication engine is to access the encrypted parameter data from a trusted data access mediator device. 18. The client computing device of claim 15 , further including a security policy engine to negotiate the security policy with the cloud analytics server in response to evaluation of the one or more second functions. 19. The client computing device of claim 15 , further including a security policy engine to enforce the security policy. 20. The client computing device of claim 15 , further including a trusted execution environment to execute at least one of the communication engine, or the client policy evaluation engine. 21. The client computing device of claim 20 , wherein the trusted execution environment includes a secure enclave established by secure enclave support of a processor of the client computing device. 22. One or more computer-readable storage disks or storage devices comprising instructions that, when executed, cause a processor to at least: access, from a cloud analytics server, one or more functions of a privacy-safe curried function set, the one or more functions including a respective sensitive parameter of a plurality of policy parameters as an argument; access encrypted parameter data corresponding to the one or more sensitive parameters of the plurality of policy parameters; decrypt the encrypted parameter data to generate the one or more sensitive parameters; and evaluate the one or more sensitive functions with the one or more sensitive parameters to generate a security policy. 23. The one or more computer-readable storage disks or storage devices of claim 22 , wherein the instructions, when executed, cause the proces
Assignees
Inventors
Classifications
- H04L63/20Primary
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Filtering policies (mail message filtering H04L51/212) · CPC title
the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms · CPC title
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10382489B2 cover?
- Technologies for privacy-safe security policy evaluation include a cloud analytics server, a trusted data access mediator (TDAM) device, and one or more client devices. The cloud analytics server curries a security policy function to generate a privacy-safe curried function set. The cloud analytics server requests parameter data from the TDAM device, which collects the parameter data, identifie…
- Who is the assignee on this patent?
- Mcafee Inc, Mcafee Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/20. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 13 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).