Patent application number | Description | Published |
20150106620 | METHOD AND SYSTEM FOR PROVIDING A SECURE SECRETS PROXY - A secure secrets proxy is instantiated in a first computing environment and includes secure secrets proxy authentication data for identifying itself to a secrets distribution management system in a second computing environment as a trusted virtual asset to receive and cache secrets data in a secure secrets cache outside the second computing environment. The secure secrets proxy requests one or more secrets to be cached and is then provided data representing the requested secrets in the secure secrets cache. The secure secrets proxy then receives secrets application request data from a second virtual asset instantiated in the first computing environment requesting one or more secrets be applied to second virtual asset data. The secure secrets proxy then obtains the required secrets from the secure secrets cache and coordinates the application of the secrets to the second virtual asset data. | 04-16-2015 |
20150106869 | METHOD AND SYSTEM FOR DISTRIBUTING SECRETS - Secrets data representing one or more secrets required to access associated resources is provided along with secrets distribution policy data representing one or more secrets distribution factors used to control the distribution of the secrets. When a requesting virtual asset submits secrets request data, virtual asset profile data associated with the requesting virtual asset is obtained. The requesting virtual asset profile data is then analyzed using at least one of the secrets distribution factors to authenticate the requesting virtual asset. The requesting virtual asset profile data is then analyzed using one or more of secrets distribution factors to determine what secrets the requesting virtual asset legitimately needs. Authorized secrets data for the requesting virtual asset representing one or more authorized secrets is then generated. The requesting virtual asset is then provided access to the authorized secrets data. | 04-16-2015 |
20150106939 | METHOD AND SYSTEM FOR DYNAMIC AND COMPREHENSIVE VULNERABILITY MANAGEMENT - One or more relevant scanners used to identify asset vulnerabilities are identified, obtained, and logically arranged for deployment on an asset in accordance with a vulnerability management policy and a scanner deployment policy such that the relevant scanners are deployed at, or before, a determined ideal time to minimize the resources necessary to correct the vulnerabilities, if found. The relevant scanners are then automatically deployed in accordance with the scanner deployment policy and, if a vulnerability is identified, one or more associated remedies or remedy procedures are applied to the asset. At least one of the one or more relevant scanners are then re-deployed on the asset to determine if the identified vulnerability has been corrected and, if the vulnerability is not corrected at, or before, a defined time, protective measures are automatically taken. | 04-16-2015 |
20150128130 | METHOD AND SYSTEM FOR PROVIDING AND DYNAMICALLY DEPLOYING HARDENED TASK SPECIFIC VIRTUAL HOSTS - Virtual host creation data used to instantiate a hardened task specific virtual host in a first computing environment is generated including hardening logic for providing enhanced security and trust for the hardened task specific virtual host and internal task specific logic for directing and/or allowing the hardened task specific virtual host to perform a specific function assigned to the hardened task specific virtual host. When task data is received indicating a task to be performed in the first computing environment requires the performance of the specific function assigned to the hardened task specific virtual host, the hardened task specific virtual host is automatically instantiated and/or deployed in the first computing environment. | 05-07-2015 |
20150128204 | METHOD AND SYSTEM FOR AUTOMATICALLY MANAGING SECURE COMMUNICATIONS IN MULTIPLE COMMUNICATIONS JURISDICTION ZONES - Communications and data security policy data for two or more communications jurisdiction zones is obtained that includes data indicating allowed protocols for the respective communications jurisdiction zones. Data indicating a desired exchange of data between a first resource in a first communications jurisdiction zone and a second resource in a second communications jurisdiction zone is received/obtained. The first communications jurisdiction zone communications and data security policy data and the second communications jurisdiction zone policy data is automatically obtained and analyzed to determine an allowed type of secure communications security level for the desired exchange of data that complies with both the first communications jurisdiction zone communications and data security policy data and the second communications jurisdiction zone policy data. A communications channel, including the allowed type of secure communications security level, is automatically establishing between the first resource and the second resource. | 05-07-2015 |
20150128207 | METHOD AND SYSTEM FOR AUTOMATICALLY MANAGING SECRETS IN MULTIPLE DATA SECURITY JURISDICTION ZONES - Data security jurisdiction zones are identified and data security policy data for the data security jurisdiction zones is obtained. The data security policy data for the data security jurisdiction zones is then automatically analyzed to determine allowed secrets data with respect to each of the identified data security jurisdiction zones. The allowed secrets data with respect to each of the data security jurisdiction zones is then automatically obtained and provided to resources in the respective data security jurisdiction zones, either from a central secrets data store or from an allowed secrets data store associated with each data security jurisdiction zone. | 05-07-2015 |
20150128295 | METHOD AND SYSTEM FOR VALIDATING A VIRTUAL ASSET - Virtual asset creation data used to create a virtual asset is generated through a virtual asset creation system that includes primary virtual asset data. Secondary authentication data is also generated. When the virtual asset is launched, the secondary authentication data is passed to the virtual asset from the virtual asset creation system. The primary virtual asset data and secondary authentication data from the virtual asset creation system and the virtual asset, and/or one or more other sources associated with the virtual asset, are then sent to a virtual asset validation system through different communication channels. If the primary virtual asset data and secondary authentication data from the two sources match, or have a defined threshold level of similarity, the status of the virtual asset is transformed to the status of validated virtual asset eligible to receive sensitive data. | 05-07-2015 |
20150135305 | METHOD AND SYSTEM FOR DYNAMICALLY AND AUTOMATICALLY MANAGING RESOURCE ACCESS PERMISSIONS - Employment role data, trust data, and special permissions data, associated with a party is automatically obtained and/or monitored. The employment role data associated with the party, the trust data associated with the party, and the special permissions data associated with the party, is then analyzed to determine a set of allowed access permissions data to be associated with the party, the set of allowed access permissions data providing the party access to one or more resources. It is then either recommended that the set of allowed access permissions data be provided to the party, or the set of allowed access permissions data is automatically provided to the party. | 05-14-2015 |