US2016255058A1PendingUtilityA1

System and method for policy driven protection of remote computing environments

46
Assignee: ANGEL SECURE NETWORKS INCPriority: Jul 13, 2012Filed: May 9, 2016Published: Sep 1, 2016
Est. expiryJul 13, 2032(~6 yrs left)· nominal 20-yr term from priority
H04L 2209/84H04L 9/0861H04L 2209/80G06F 8/65H04W 12/04H04L 63/0428H04W 12/02H04L 63/06H04L 63/20H04W 12/033H04W 12/35G06F 21/554G06F 21/121
46
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A system that incorporates teachings of the subject disclosure may include, for example, determining examination results based on sensory information obtained from sensors operating in a deployed environment, wherein the sensory information includes a combination of more than one of temperature, position, motion, and mission status. Software agents conduct reviews of examination results based on sensory ranges. Encryption key fragments are generated in response to the reviews of the examination results. The encryption key fragments are combined, to obtain a cryptographic session key. A clear-text version of encrypted sensitive information is obtained via the cryptographic session key responsive to the examination results falling within the sensory ranges. Decryption of the encrypted sensitive information is prevented responsive at least one of the examination results falling outside the sensory ranges. Other embodiments are disclosed.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method, comprising:
 determining, by a processing system comprising a processor, a plurality of examination results based on sensory information obtained from a plurality of sensors operating within a deployed environment, wherein the sensory information comprises a combination of more than one of temperature, position, motion, and mission status, and wherein each software agent of a plurality of software agents conducts a review of a respective examination result of the plurality of examination results of the deployed environment based on a plurality of sensory ranges, to obtain reviews of the plurality of examination results of the deployed environment;   generating, by the processing system, a plurality of encryption key fragments in response to the reviews of the plurality of examination results of the deployed environment, wherein each encryption key fragment of the plurality of encryption key fragments is determined by a respective software agent of the plurality of software agents, based on the review of the respective examination result of the plurality of examination results of the deployed environment; and   combining, by the processing system, key fragments of the plurality of encryption key fragments, to obtain a cryptographic session key, wherein a clear text version of encrypted sensitive information is obtained via the cryptographic session key, responsive to the plurality of examination results of the deployed environment falling within the plurality of sensory ranges, and wherein decryption of the encrypted information is prevented via the cryptographic session key, responsive to an examination result of the plurality of examination results of the deployed environment falling outside of the plurality of sensory ranges.   
     
     
         2 . The method of  claim 1 , wherein decryption of the encrypted sensitive information occurs by way of the cryptographic session key, responsive to the cryptographic session key being identical to a symmetric encryption key used to obtain the encrypted sensitive information prior to exposure of the plurality of sensors to the deployed environment, wherein no key exists to decrypt the encrypted sensitive information until the cryptographic session key is obtained. 
     
     
         3 . The method of  claim 2 , wherein the plurality of software agents return the plurality of examination results of the deployed environment, and wherein the cryptographic session key differs from the symmetric encryption key, responsive to an examination result of the plurality of examination results falling within a predetermined unacceptable range. 
     
     
         4 . The method of  claim 3 , wherein the symmetric encryption key is determined before the plurality of sensors are exposed to the deployed environment, wherein the symmetric key used to encrypt the sensitive information is determined before the plurality of sensors exposed to the deployed environment, and wherein the encrypted sensitive information is transferred to a transportable device comprising the plurality of sensors before the transportable device is exposed to the deployed environment. 
     
     
         5 . The method of  claim 2 , wherein the plurality of software agents return the reviews of the plurality of examination results of the deployed environment, and wherein the cryptographic session key matches the symmetric encryption key based on each examination result of the plurality of examination results of the deployed environment falling within a predetermined acceptable range. 
     
     
         6 . The method of  claim 5 , wherein the symmetric encryption key is determined based on a plurality of examinations of a secure environment, wherein the plurality of examinations of the secure environment produce a plurality of examination results that fall within a plurality of predetermined acceptable ranges. 
     
     
         7 . The method of  claim 6 , responsive to the plurality of predetermined acceptable ranges of the deployed environment not being available within the secure environment, applying software functions within the secure environment that produce a correct symmetric encryption key expected in the deployed environment. 
     
     
         8 . The method of  claim 1 , wherein the sensory information comprises a status of a process executing on a transportable device comprising the plurality of sensors, a status of a software agent of the plurality of software agents, and a combination thereof. 
     
     
         9 . The method of  claim 8 , wherein the plurality of sensors are associated with a transportable device comprising a shipping container, equipment of a soldier, a vehicle, a piloted airplane, a drone, an ordinance, or equipment of a pass holder. 
     
     
         10 . A system, comprising:
 a plurality of sensors;   a processing system including a processor in communication with the plurality of sensors; and   a memory that stores executable instructions that, when executed by the processing system facilitate performance of operations, comprising:
 determining sensory information obtained by the plurality of sensors exposed to a predetermined environment, wherein the sensory information comprises a combination of more than one of position and mission status; 
 evaluating a plurality of examination results, wherein each software agent of a plurality of software agents generates an examination result of the plurality of examination results of the predetermined environment based on a respective range of a plurality of sensory ranges; 
 wherein a plurality of encryption key fragments are generated by the plurality of software agents based on the plurality of examination results; and 
 generating a cryptographic session key based on the plurality of encryption key fragments, wherein decryption of encrypted sensitive information is obtained via the cryptographic session key, responsive to the plurality of examination results falling within the plurality of sensory ranges, to obtain a clear text version of the encrypted sensitive information, and wherein decryption of the encrypted sensitive information via the cryptographic session key is prevented, responsive to an examination result of the plurality of examination results falling outside of the plurality of sensory ranges. 
   
     
     
         11 . The system of  claim 10 , wherein the encrypted sensitive information is decrypted by way of the cryptographic session key, responsive to the cryptographic session key corresponding to a symmetric encryption key used to obtain the encrypted sensitive information, wherein no key exists to decrypt the encrypted sensitive information until the cryptographic session key is obtained. 
     
     
         12 . The system of  claim 11 , wherein the plurality of software agents return the plurality of examination results of the predetermined environment, and wherein the cryptographic session key fails to match the symmetric encryption key based on an examination result of the plurality of examination results falling within a predetermined unacceptable range. 
     
     
         13 . The system of  claim 12 , wherein the symmetric encryption key is determined before the plurality of sensors are exposed to the predetermined environment, wherein the symmetric key is used to encrypt the sensitive information before the plurality of sensors are exposed to the predetermined environment, and wherein the encrypted sensitive information is transferred to a deployable system comprising the plurality of sensors before the deployable system is exposed to the predetermined environment. 
     
     
         14 . A machine-readable storage medium, comprising executable instructions that when executed by a processing system including a processor, facilitate performance of operations, comprising:
 determining sensory information from a plurality of sensors exposed to a field environment, wherein the sensory information comprises a combination of more than one of position, and mission status;   evaluating a plurality of examination results based on the sensory information, wherein each software agent of a plurality of software agents conducts an examination of the sensory information from a sensor of the plurality of sensors to obtain an examination result of the plurality of examination results of the field environment, wherein the examination of the sensory information from the sensor is based on a respective range of a plurality of sensory ranges, wherein each software agent of the plurality of software agents generates an encryption key fragment of a plurality of encryption key fragments in response to an examination result of the plurality of examination results of the field environment; and   combining the plurality of encryption key fragments, to obtain a field-determined session key, wherein decryption of encrypted sensitive information is obtainable via the field-determined session key, responsive to the plurality of examination results falling within the plurality of sensory ranges, and wherein decryption of the encrypted sensitive information is prevented by way of the field-determined session key, responsive to an examination result of the plurality of examination results of the field environment falling outside of the plurality of sensory ranges.   
     
     
         15 . The machine-readable storage medium of  claim 14 , wherein the encrypted sensitive information is decrypted by way of the field-determined session key, responsive to the field-determined session key matching a previously determined symmetric encryption key used to obtain the encrypted sensitive information, and wherein the previously determined symmetric encryption key is unavailable in the field environment, and wherein the field-determined session key, as a combination of the plurality of encryption key fragments, is only obtainable by way of the plurality of examinations of the field environment. 
     
     
         16 . The machine-readable storage medium of  claim 15 , wherein the plurality of software agents return the plurality of examination results of the field environment, and wherein the field-determined session key matches the symmetric encryption key based on each examination result of the plurality of examination results falling within a predetermined acceptable range. 
     
     
         17 . The machine-readable storage medium of  claim 16 , wherein the symmetric encryption key is determined based on a plurality of examinations of a secure environment, wherein the plurality of examinations of the secure environment produce a plurality of examination results that fall within a plurality of predetermined acceptable ranges. 
     
     
         18 . The machine-readable storage medium of  claim 17  responsive to the predetermined acceptable ranges of the field environment not being available within the secure the environment, applying software functions within the secure environment that produce a correct symmetric encryption key expected in the field environment. 
     
     
         19 . The machine-readable storage medium of  claim 14 , wherein the sensory information comprises a status of a process executing on a transportable device comprising the plurality of sensors, a status of a software agent of the plurality of software agents, and a combination thereof. 
     
     
         20 . The machine-readable storage medium of  claim 19 , wherein the plurality of sensors are associated with a transportable device comprising a shipping container, equipment of a soldier, a vehicle, a piloted airplane, a drone, an ordinance, or equipment of a pass holder.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.