What technology area does this patent fall under?

Primary CPC classification H04L63/20. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Sep 06 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Shared security utility appliance for secure application and data processing

US9438627B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9438627-B2
Application number	US-201414301498-A
Country	US
Kind code	B2
Filing date	Jun 11, 2014
Priority date	Jun 11, 2014
Publication date	Sep 6, 2016
Grant date	Sep 6, 2016

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A security information technology element (ITE) is disclosed for secure application and data processing, the security ITE including a physical enclosure defining a protection envelope and a secure computing device disposed within the protection envelope. The security ITE provides security services to applications and a secure processing environment for hosting applications, and includes cryptographic services and hardware acceleration. A security manager within the security ITE is configured to erase data within the protection envelope upon detecting physical tampering.

First claim

Opening claim text (preview).

What is claimed is: 1. A computer-readable device containing a program which, when executed using one or more computer processors, performs operations comprising: registering a first application with a security information technology element (ITE), the security ITE comprising a secure computing device located within a protection envelope and configured to provide security services for one or more applications; creating an application profile corresponding to the registered application and specifying an industry type of the registered application, the industry type associated with one or more security requirements for the registered application; receiving, over a secure communications link, a request from the registered application specifying a first data item; determining, based on the industry type, one or more security operations to perform on the first data item, wherein the one or more security operations are adapted to satisfy the one or more security requirements for the registered application; performing the one or more security operations on the first data item in accordance with the application profile, thereby producing a modified first data item; and returning, over the secure communications link, the modified first data item to the registered application. 2. The computer-readable device of claim 1 , wherein the security ITE is configured to erase data within the protection envelope upon detecting a tampering event. 3. The computer-readable device of claim 2 , wherein registering a first application comprises establishing the secure communications link between the first application and the security ITE. 4. The computer-readable device of claim 3 , wherein registering a first application further comprises generating a key for authenticating the first application, and wherein the data erased upon detecting a tampering event includes the key. 5. The computer-readable device of claim 1 , wherein the security services include one or more of encrypting data and data splitting. 6. The computer-readable device of claim 1 , wherein the application profile is configured to include one or more preferences for the security services. 7. The computer-readable device of claim 1 , wherein the industry type is one of healthcare and finance. 8. The computer-readable device of claim 1 , wherein determining, based on the industry type, one or more security operations to perform on the first data item comprises: identifying one or more minimum security requirements having a predetermined association with the industry type; and determining whether to apply more stringent security requirements than the minimum security requirements, wherein the one or more security operations to perform on the first data item are selected from the one or more minimum security requirements and the more stringent security requirements. 9. The computer-readable device of claim 8 , wherein the more stringent security requirements are applied by default. 10. The computer-readable device of claim 9 , wherein the more stringent security requirements have a predetermined association with the industry type. 11. A system, comprising: a computing device comprising a processor and configured to execute at least a first application; a security information technology element (ITE) comprising a secure computing device located within a protection envelope and configured to provide security services for one or more applications, wherein the security ITE is configured to perform operations comprising: registering the first application; creating an application profile corresponding to the registered application and specifying an industry type of the registered application, the industry type associated with one or more security requirements for the registered application; receiving, over a secure communications link, a request from the registered application specifying a first data item; determining, based on the industry type, one or more security operations to perform on the first data item, wherein the one or more security operations are adapted to satisfy the one or more security requirements for the registered application; performing the one or more security operations on the first data item in accordance with the application profile, thereby producing a modified first data item; and returning, over the secure communications link, the modified first data item to the registered application. 12. The system of claim 11 , wherein the security ITE is further configured to erase data within the protection envelope upon detecting a tampering event. 13. The system of claim 12 , wherein registering the first application comprises establishing the secure communications link between the first application and the security ITE. 14. The system of claim 13 , wherein registering the first application further comprises generating a key for authenticating the first application, and wherein the data erased upon detecting a tampering event includes the key. 15. The system of claim 11 , wherein the security services include one or more of encrypting data and data splitting. 16. The system of claim 11 , wherein the application profile is further configured to include one or more preferences for the security services. 17. The system of claim 11 , wherein the industry type is one of healthcare and finance. 18. The system of claim 11 , wherein determining, based on the industry type, one or more security operations to perform on the first data item comprises: identifying one or more minimum security requirements having a predetermined association with the industry type; and determining whether to apply more stringent security requirements than the minimum security requirements, wherein the one or more security operations to perform on the first data item are selected from the one or more minimum security requirements and the more stringent security requirements. 19. The system of claim 18 , wherein the more stringent security requirements are applied by default. 20. The system of claim 19 , wherein the more stringent security requirements have a predetermined association with the industry type.

Assignees

Inventors

Classifications

H04W12/08
Access security · CPC title
G06F21/6218
to a system of files or objects, e.g. local or distributed file system or database · CPC title
G06F21/86
Secure or tamper-resistant housings · CPC title
H04L63/062
for key distribution, e.g. centrally by trusted party (cryptographic mechanisms or cryptographic arrangements for key distribution involving a central third party H04L9/0819) · CPC title
H04L63/20Primary
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title

Patent family

Related publications grouped by family.

View patent family 54837171

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9438627B2 cover?: A security information technology element (ITE) is disclosed for secure application and data processing, the security ITE including a physical enclosure defining a protection envelope and a secure computing device disposed within the protection envelope. The security ITE provides security services to applications and a secure processing environment for hosting applications, and includes cryptog…
Who is the assignee on this patent?: IBM
What technology area does this patent fall under?: Primary CPC classification H04L63/20. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Sep 06 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).