Session slicing of mirrored packets
US-12184680-B2 · Dec 31, 2024 · US
Policy-based data management
US2016112456A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2016112456-A1 |
| Application number | US-201514919258-A |
| Country | US |
| Kind code | A1 |
| Filing date | Oct 21, 2015 |
| Priority date | Dec 12, 2013 |
| Publication date | Apr 21, 2016 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Compliance to a policy about how to treat data in a computer network environment is ensured by checking that conditions in the policy are satisfied by the entity before access to the data is provided.
First claim
Opening claim text (preview).
1 - 15 . (canceled) 16 . A non-transitory computer-readable storage medium having computer program instructions recorded thereon for managing data in a computer network environment, the computer program instructions being executable by at least one processor of a trust authority to: receive, from a service provider in the computer network environment, a policy specifying how a piece of data should be treated and a first encryption of a cryptographic key; receive, from the service provider, a message stating that the policy will be followed by the service provider in treating the piece of data; decrypt the first encryption of the cryptographic key; encrypt the cryptographic key into a second encryption of the cryptographic key; and transmit, to the service provider and in response to receiving the message from the service provider, the second encryption of the cryptographic key. 17 . The non-transitory computer-readable storage medium of claim 16 , wherein the first encryption is encrypted using a public key associated with the trust authority, a private key corresponding to the public key is accessible by the trust authority, and the second encryption is encrypted using a public key associated with the service provider. 18 . The non-transitory computer-readable storage medium of claim 16 , wherein the computer program instructions are further executable to: determine whether the message is acceptable according to the policy, and wherein the second encryption of the cryptographic key is transmitted to the service provider in response to the message being determined acceptable. 19 . The non-transitory computer-readable storage medium of claim 16 , wherein the policy comprises a plurality of conditions for treating the piece of data, the message states that all of the plurality of conditions in the policy will be complied with by the service provider, and the message further comprises a digital signature of the message. 20 . The non-transitory computer-readable storage medium of claim 16 , wherein the computer program instructions are further executable to: verify an integrity of the policy using a digital signature received along with the policy. 21 . The non-transitory computer-readable storage medium of claim 16 , wherein the computer program instructions are further executable to: store a copy of the message in a data store. 22 . The non-transitory computer-readable storage medium of claim 18 , wherein the computer program instructions are further executable to: generate an audit record comprising: an identity of a client associated with the piece of data; an identity of the service provider, and information used to determine whether the message is acceptable. 23 . A method for managing data in a computer network environment, comprising: receiving, from a service provider, a policy specifying how a piece of data should be treated and a first encryption of a cryptographic key; transmitting, to the service provider, a request for assurance that the policy will be followed by the service provider in treating the piece of data; receiving, from the service provider, a message indicating that the service provider will follow the policy in treating the piece of data; decrypting the first encryption of the cryptographic key; encrypting the cryptographic key in a second encryption; and transmitting, to the service provider, the second encryption. 24 . The method of claim 23 , wherein the first encryption is encrypted using a public key associated with the trust authority, a private key corresponding to the public key is accessible by the trust authority, and the second encryption is encrypted using a public key associated with the service provider. 25 . The method of claim 23 , further comprising: determining whether the message is acceptable according to the policy, and wherein the second encryption of the cryptographic key is transmitted to the service provider in response to the message being determined acceptable. 26 . The method of claim 23 , wherein the policy comprises a plurality of conditions for treating the piece of data, the message states that all of the plurality of conditions in the policy will be complied with by the service provider, and the message further comprises a digital signature of the message. 27 . The method of claim 23 , further comprising: verifying an integrity of the policy using a digital signature received along with the policy. 28 . The method of claim 23 , further comprising: storing a copy of the message in a data store. 29 . The method of claim 25 , further comprising: generating an audit record comprising: an identity of a client associated with the piece of data; an identity of the service provider, and information used to determine whether the message is acceptable. 30 . An apparatus for managing data in a computer network environment, comprising: at least one data processor; and a data storage device storing instructions that, when executed, cause the at least one data processor to: receive, from a service provider, a policy specifying how a piece of data should be treated; transmit, to the service provider, a request for assurance that the policy will be followed by the service provider in treating the piece of data; receive, from the service provider, a message indicating that the service provider will follow the policy in treating the piece of data; encrypt a cryptographic key in a first encryption; and transmit, to the service provider, the first encryption. 31 . The apparatus of claim 30 , wherein the first encryption is encrypted using a public key associated with the trust authority, a private key corresponding to the public key is accessible by the trust authority, and the second encryption is encrypted using a public key associated with the service provider. 32 . The apparatus of claim 30 , wherein the instructions further cause the at least one data processor to: determine whether the message is acceptable according to the policy, and wherein the second encryption of the cryptographic key is transmitted to the service provider in response to the message being determined acceptable. 33 . The apparatus of claim 30 , wherein the policy comprises a plurality of conditions for treating the piece of data, the message states that all of the plurality of conditions in the policy will be complied with by the service provider, and the message further comprises a digital signature of the message. 34 . The apparatus of claim 30 , wherein the instructions further cause the at least one data processor to: verify an integrity of the policy using a digital signature received along with the policy. 35 . The apparatus of claim 32 , wherein the instructions further cause the at least one data processor to: generate an audit record comprising: an identity of a client associated with the piece of data; an identity of the service provider, and information used to determine whether the message is acceptable.
Assignees
Inventors
Classifications
for key exchange, e.g. in peer-to-peer networks (cryptographic mechanisms or cryptographic arrangements for key agreement H04L9/0838) · CPC title
based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint · CPC title
wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption (cryptographic mechanisms or cryptographic arrangements using a plurality of keys or algorithms H04L9/14) · CPC title
- H04L63/20Primary
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
received data contents, e.g. message integrity · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2016112456A1 cover?
- Compliance to a policy about how to treat data in a computer network environment is ensured by checking that conditions in the policy are satisfied by the entity before access to the data is provided.
- Who is the assignee on this patent?
- Hewlett Packard Development Co
- What technology area does this patent fall under?
- Primary CPC classification H04L63/20. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Apr 21 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).