System and method for policy driven protection of remote computing environments
Abstract
A system that incorporates teachings of the subject disclosure may include, for example, determining examination results based on sensory information obtained from sensors operating in a deployed environment, wherein the sensory information includes a combination of more than one of temperature, position, motion, and mission status. Software agents conduct reviews of examination results based on sensory ranges. Encryption key fragments are generated in response to the reviews of the examination results. The encryption key fragments are combined, to obtain a cryptographic session key. A clear-text version of encrypted sensitive information is obtained via the cryptographic session key responsive to the examination results falling within the sensory ranges. Decryption of the encrypted sensitive information is prevented responsive at least one of the examination results falling outside the sensory ranges. Other embodiments are disclosed.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method, comprising:
determining, by a processing system comprising a processor, a plurality of examination results based on sensory information obtained from a plurality of sensors operating within a deployed environment, wherein the sensory information comprises a combination of more than one of temperature, position, motion, and mission status, and wherein each software agent of a plurality of software agents conducts a review of a respective examination result of the plurality of examination results of the deployed environment based on a plurality of sensory ranges, to obtain reviews of the plurality of examination results of the deployed environment; generating, by the processing system, a plurality of encryption key fragments in response to the reviews of the plurality of examination results of the deployed environment, wherein each encryption key fragment of the plurality of encryption key fragments is determined by a respective software agent of the plurality of software agents, based on the review of the respective examination result of the plurality of examination results of the deployed environment; and combining, by the processing system, key fragments of the plurality of encryption key fragments, to obtain a cryptographic session key, wherein a clear text version of encrypted sensitive information is obtained via the cryptographic session key, responsive to the plurality of examination results of the deployed environment falling within the plurality of sensory ranges, and wherein decryption of the encrypted information is prevented via the cryptographic session key, responsive to an examination result of the plurality of examination results of the deployed environment falling outside of the plurality of sensory ranges.
2 . The method of claim 1 , wherein decryption of the encrypted sensitive information occurs by way of the cryptographic session key, responsive to the cryptographic session key being identical to a symmetric encryption key used to obtain the encrypted sensitive information prior to exposure of the plurality of sensors to the deployed environment, wherein no key exists to decrypt the encrypted sensitive information until the cryptographic session key is obtained.
3 . The method of claim 2 , wherein the plurality of software agents return the plurality of examination results of the deployed environment, and wherein the cryptographic session key differs from the symmetric encryption key, responsive to an examination result of the plurality of examination results falling within a predetermined unacceptable range.
4 . The method of claim 3 , wherein the symmetric encryption key is determined before the plurality of sensors are exposed to the deployed environment, wherein the symmetric key used to encrypt the sensitive information is determined before the plurality of sensors exposed to the deployed environment, and wherein the encrypted sensitive information is transferred to a transportable device comprising the plurality of sensors before the transportable device is exposed to the deployed environment.
5 . The method of claim 2 , wherein the plurality of software agents return the reviews of the plurality of examination results of the deployed environment, and wherein the cryptographic session key matches the symmetric encryption key based on each examination result of the plurality of examination results of the deployed environment falling within a predetermined acceptable range.
6 . The method of claim 5 , wherein the symmetric encryption key is determined based on a plurality of examinations of a secure environment, wherein the plurality of examinations of the secure environment produce a plurality of examination results that fall within a plurality of predetermined acceptable ranges.
7 . The method of claim 6 , responsive to the plurality of predetermined acceptable ranges of the deployed environment not being available within the secure environment, applying software functions within the secure environment that produce a correct symmetric encryption key expected in the deployed environment.
8 . The method of claim 1 , wherein the sensory information comprises a status of a process executing on a transportable device comprising the plurality of sensors, a status of a software agent of the plurality of software agents, and a combination thereof.
9 . The method of claim 8 , wherein the plurality of sensors are associated with a transportable device comprising a shipping container, equipment of a soldier, a vehicle, a piloted airplane, a drone, an ordinance, or equipment of a pass holder.
10 . A system, comprising:
a plurality of sensors; a processing system including a processor in communication with the plurality of sensors; and a memory that stores executable instructions that, when executed by the processing system facilitate performance of operations, comprising:
determining sensory information obtained by the plurality of sensors exposed to a predetermined environment, wherein the sensory information comprises a combination of more than one of position and mission status;
evaluating a plurality of examination results, wherein each software agent of a plurality of software agents generates an examination result of the plurality of examination results of the predetermined environment based on a respective range of a plurality of sensory ranges;
wherein a plurality of encryption key fragments are generated by the plurality of software agents based on the plurality of examination results; and
generating a cryptographic session key based on the plurality of encryption key fragments, wherein decryption of encrypted sensitive information is obtained via the cryptographic session key, responsive to the plurality of examination results falling within the plurality of sensory ranges, to obtain a clear text version of the encrypted sensitive information, and wherein decryption of the encrypted sensitive information via the cryptographic session key is prevented, responsive to an examination result of the plurality of examination results falling outside of the plurality of sensory ranges.
11 . The system of claim 10 , wherein the encrypted sensitive information is decrypted by way of the cryptographic session key, responsive to the cryptographic session key corresponding to a symmetric encryption key used to obtain the encrypted sensitive information, wherein no key exists to decrypt the encrypted sensitive information until the cryptographic session key is obtained.
12 . The system of claim 11 , wherein the plurality of software agents return the plurality of examination results of the predetermined environment, and wherein the cryptographic session key fails to match the symmetric encryption key based on an examination result of the plurality of examination results falling within a predetermined unacceptable range.
13 . The system of claim 12 , wherein the symmetric encryption key is determined before the plurality of sensors are exposed to the predetermined environment, wherein the symmetric key is used to encrypt the sensitive information before the plurality of sensors are exposed to the predetermined environment, and wherein the encrypted sensitive information is transferred to a deployable system comprising the plurality of sensors before the deployable system is exposed to the predetermined environment.
14 . A machine-readable storage medium, comprising executable instructions that when executed by a processing system including a processor, facilitate performance of operations, comprising:
determining sensory information from a plurality of sensors exposed to a field environment, wherein the sensory information comprises a combination of more than one of position, and mission status; evaluating a plurality of examination results based on the sensory information, wherein each software agent of a plurality of software agents conducts an examination of the sensory information from a sensor of the plurality of sensors to obtain an examination result of the plurality of examination results of the field environment, wherein the examination of the sensory information from the sensor is based on a respective range of a plurality of sensory ranges, wherein each software agent of the plurality of software agents generates an encryption key fragment of a plurality of encryption key fragments in response to an examination result of the plurality of examination results of the field environment; and combining the plurality of encryption key fragments, to obtain a field-determined session key, wherein decryption of encrypted sensitive information is obtainable via the field-determined session key, responsive to the plurality of examination results falling within the plurality of sensory ranges, and wherein decryption of the encrypted sensitive information is prevented by way of the field-determined session key, responsive to an examination result of the plurality of examination results of the field environment falling outside of the plurality of sensory ranges.
15 . The machine-readable storage medium of claim 14 , wherein the encrypted sensitive information is decrypted by way of the field-determined session key, responsive to the field-determined session key matching a previously determined symmetric encryption key used to obtain the encrypted sensitive information, and wherein the previously determined symmetric encryption key is unavailable in the field environment, and wherein the field-determined session key, as a combination of the plurality of encryption key fragments, is only obtainable by way of the plurality of examinations of the field environment.
16 . The machine-readable storage medium of claim 15 , wherein the plurality of software agents return the plurality of examination results of the field environment, and wherein the field-determined session key matches the symmetric encryption key based on each examination result of the plurality of examination results falling within a predetermined acceptable range.
17 . The machine-readable storage medium of claim 16 , wherein the symmetric encryption key is determined based on a plurality of examinations of a secure environment, wherein the plurality of examinations of the secure environment produce a plurality of examination results that fall within a plurality of predetermined acceptable ranges.
18 . The machine-readable storage medium of claim 17 responsive to the predetermined acceptable ranges of the field environment not being available within the secure the environment, applying software functions within the secure environment that produce a correct symmetric encryption key expected in the field environment.
19 . The machine-readable storage medium of claim 14 , wherein the sensory information comprises a status of a process executing on a transportable device comprising the plurality of sensors, a status of a software agent of the plurality of software agents, and a combination thereof.
20 . The machine-readable storage medium of claim 19 , wherein the plurality of sensors are associated with a transportable device comprising a shipping container, equipment of a soldier, a vehicle, a piloted airplane, a drone, an ordinance, or equipment of a pass holder.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.