| 摘要 |
Systems and methods are provided for data protection across connected, disconnected, attended, and unattended environments. Embodiments of the inventions may include differential encryption based on network connectivity, attended/unattended status, or a combination thereof. Additional embodiments of the invention incorporate “trust windows” that provide granular and flexible data access as function of the parameters under which sensitive data is accessed. Further embodiments refine the trust windows concept by incorporating dynamic intrusion detection techniques. |
| 主权项 |
1. A method for implementing data security comprising:
generating a plurality of trust modes, each trust mode associated with data stored at a security device and associated with a set of access requirements, wherein each data access requirement associated with a trust mode must be satisfied before the data associated with the trust mode can be accessed, wherein at least one access requirement associated with a trust mode comprises a requirement that a user possess one or more encryption keys used to encrypt data stored at the security device; receiving, from a user device associated with a user, a request to access the data stored at the security device; responsive to the request, determining whether the user device is communicatively coupled to the security device; responsive to a determination that the user device is communicatively coupled to the security device, implementing a first trust mode associated with a first set of access requirements that must be satisfied by either the user or the user device before the request to access the data stored at the security device is granted; responsive to a determination that the user device is not communicatively coupled to the security device, implementing a second trust mode associated with a second set of access requirements that must be satisfied by either the user or the user device before the request to access the data stored at the security device is granted, wherein the second set of access requirements is greater than the first set of access requirements; for each data access requirement defined by the implemented trust mode, determining whether the user or the user device satisfies each of the set of data access requirements associated with the implemented trust mode; and granting the user permission to access to the requested data via the user device responsive to a determination that the user or the user device satisfies each of the set of access requirements associated with the implemented trust mode. |
