Provisioning transient-controlled secure environments for viewing sensitive data

摘要

A new approach to customer support that protects working artifacts through their entire lifecycle by provisioning, on-demand, a transient-controlled debugging environment that preferably is associated with a particular support issue (or subset of issues) when particular artifacts (e.g., files) are securely received at the service or software provider. This approach allows for complete (or substantially complete) isolation and control of the artifacts in a contained environment for so long as necessary by the provider. Preferably, the provider owns or otherwise manages the provisioned environment, which can be augmented as needed to meet the debugging requirements of the particular issue. Preferably, the provisioned environment is restricted in access to only those engineers or others with a verifiable need to know, or that have the necessary training and skill sets for the support operation required.

主权项

1. A method of managing sensitive data at a facility, comprising:
following receipt of a request for a secure support session, receiving information, wherein at least a portion of the information is encrypted; associating the information with a data record uniquely associated with the secure support session; instantiating a secure computing environment associated with the data record, the secure computing environment being access-restricted; receiving the information in the secure computing environment; decrypting the information, wherein, upon decryption, the information is available for viewing and manipulation only within the secure computing environment; and upon close of the data record indicating that an operation associated with the information is complete, terminating the secure computing environment associated with the data record and deleting the information; wherein the instantiating step is carried out in software executing in a hardware element.