Dynamic data encryption

Abstract

Actuators and sensors in an intelligent system are controlled by setting encryption types and key lengths to individual applications based on the type of device and application being run. A server system () running in a communications gateway, selects an encryption policy for one or more devices under its control. This selection is controlled by an analysis function () using data relating to the type of device (), and the applications to be run on the device (), to generate an appropriate encryption policy () which can be deployed to the device (). Controlling the analysis and deployment in a gateway device allows co-ordination between devices, and reduces processor time in the devices. An agent is sent to the device alongside the encryption policy data, to control the device according to the encryption policy. In response to events detected and analyzed by analysis function (), the server sends triggers () to the agent loaded on the device to modify its encryption type in accordance with the policy previously deployed. Revisions and updates to the deployed policies can also be initiated, in response to dynamic factors such as resource usage (CPU, bandwidth, battery etc.), data sensitivity, external events and notifications of vulnerabilities to device type and applications used, in order to allocate resources more efficiently. Different encryption systems can be applied to different applications or data streams running on the same device, and encryption can be applied actively as and when required, using dynamic analysis of both the device and the application to encrypt data—for example to only encrypt if malware is detected.