US20130254830A1

US20130254830A1 - Apparatus and method for assuring communications of corporate users

Info

Publication number: US20130254830A1
Application number: US13/427,668
Authority: US
Inventors: Madhav Moganti; Mayuresh Pandit; Anish Sankalia; Joe Hannon
Original assignee: Alcatel Lucent SAS
Current assignee: Alcatel Lucent SAS
Priority date: 2012-03-22
Filing date: 2012-03-22
Publication date: 2013-09-26
Also published as: US20130254854A1; US9621407B2; US20130254364A1

Abstract

A secure communication capability is disclosed. The secure communication capability is adapted to assure communications by or otherwise associated with a corporate user. The communications by or associated with the corporate user may be supported using a corporate user device(s) and/or a personal user device(s). The communications by or associated with the corporate user may be assured regardless of various elements or factors (e.g., regardless of one or more of a user device used for the communication, a communication channel used for the communication, a communication medium used for the communication, a communication mode used for the communication, and the like). In this manner, a secure blanket is imposed over all communication mechanisms used to support communication by or otherwise associated with the corporate user regarding corporate matters and/or personal matters.

Description

CROSS REFERENCE TO RELATED APPLICATION

This application claims the benefit of U.S. Provisional Patent Application Ser. No. 61/614,345 entitled “NEW SECURE COMMUNICATION MECHANISMS AND CAPABILITIES,” filed Mar. 22, 2012, which is hereby incorporated herein by reference in its entirety.

TECHNICAL FIELD

This case relates generally to communications and, more specifically but not exclusively, to secure communications.

BACKGROUND

While most corporations employ various security mechanisms within their corporate networks, such mechanisms do not always adequately secure communications of the corporate users of the corporate networks.

SUMMARY

Various deficiencies in the prior art are addressed by embodiments for supporting secure communications.
In one embodiment, an apparatus includes a processor and a memory communicatively coupled to the processor. The processor is configured to receive, from a user device of a corporate user, communication request information associated with a communication request initiated via the user device, the communication request information specifying a context of the requested communication. The processor is configured to select a communication context-based security profile for the requested communication based on the communication request information. The processor is configured to propagate an indication of the selected communication context-based security profile toward at least one of the user device and a network device for use in applying at least one security mechanism to the requested communication.
In one embodiment, a method uses at least one processor to perform steps of receiving, from a user device of a corporate user, communication request information associated with a communication request initiated via the user device where the communication request information specifies a context of the requested communication, selecting a communication context-based security profile for the requested communication based on the communication request information, and propagating an indication of the selected communication context-based security profile toward at least one of the user device and a network device for use in applying at least one security mechanism to the requested communication.
In one embodiment, an apparatus includes a processor and a memory communicatively coupled to the processor. The processor is configured to detect initiation of a communication request at a user device. The processor is configured to determine communication request information associated with the communication request. The processor is configured to propagate the communication request information toward a communication assurance agent. The processor is configured to receive, from the communication assurance agent, an indication of a communication context-based security profile selected by the communication assurance agent for use by the user device in applying at least one security mechanism to the requested communication.
In one embodiment, a method uses at least one processor to perform steps of detecting initiation of a communication request at a user device, determining communication request information associated with the communication request, propagating the communication request information toward a communication assurance agent, and receiving, from the communication assurance agent, an indication of a communication context-based security profile selected by the communication assurance agent for use by the user device in applying at least one security mechanism to the requested communication.

BRIEF DESCRIPTION OF THE DRAWINGS

The teachings herein can be readily understood by considering the following detailed description in conjunction with the accompanying drawings, in which:

FIG. 1 depicts a high-level block diagram of an exemplary system illustrating use of communication context-based security profiles to provide secure communications for a corporate user;

FIG. 2 depicts an exemplary user profile including a set of communication context-based security profiles for the corporate user of FIG. 1;

FIG. 3 depicts an exemplary set of security grades defined using communication context-based security profiles;

FIG. 4 depicts use of the exemplary security grades of FIG. 3 to provide security for communications of the corporate user of FIG. 1;

FIG. 5 depicts one embodiment of a method for using communication context-based security profiles of the corporate user to improve the security of communications by the corporate user; and

FIG. 6 depicts a high-level block diagram of a computer suitable for use in performing functions described herein.

To facilitate understanding, identical reference numerals have been used, where possible, to designate identical elements that are common to the figures.

DETAILED DESCRIPTION

In general, secure communication capabilities are depicted and described herein, although various other capabilities also may be presented herein.
In one embodiment, a secure communication capability uses communication context-based security profiles associated with a corporate user to assure communications by or otherwise associated with the corporate user. The communications by or otherwise associated with the corporate user may be assured regardless of various elements used to support communication by or otherwise associated with the corporate user. For example, communications by or otherwise associated with the corporate user may be assured regardless of one or more of the user device used by the corporate user for the communication (e.g., whether it be a corporate user device behind a corporate firewall and on a corporate network, a corporate user device used by the user outside of the corporate network, a personal user device of the corporate user, and the like), a communication channel used for the communication, a communication medium used for the communication, a communication mode used for the communication, and the like). In this manner, a secure blanket is imposed over all communication mechanisms used to support communications by or otherwise associated with the corporate user regarding corporate matters, where the security blanket may be imposed irrespective of various elements used to support communication by or otherwise associated with the corporate user (e.g., as noted above, irrespective of one or more of the user device used by the corporate user for the communication, a communication channel used for the communication, a communication medium used for the communication, a communication mode used for the communication, and the like). In one embodiment, the security blanket also may be extended to personal communications by the corporate user from any suitable user device (e.g., a corporate user device(s) and/or a personal user device(s)).
FIG. 1 depicts a high-level block diagram of an exemplary system illustrating use of communication context-based security profiles to provide secure communications for a corporate user.
As depicted in FIG. 1, system 100 includes a plurality of user devices 102 ₁-102 ₃(collectively, user devices 102) of a corporate user, a corporate network 110, a plurality of access networks 120 ₁-120 _N(collectively, access networks 120), a communication network 130, and a communication assurance network 140. The communication assurance network 140 includes a communication assurance agent 141, a profiles database 142, and a security assurance grading engine 145.
The user devices 102 of the corporate user include a corporate user device 102 ₁located within the corporate network 110 (e.g., associated with a corporate Intranet and/or behind a corporate firewall), a corporate user device 102 ₂located outside of the corporate network 110 and receiving network access from one of the access networks 120 (illustratively, access network 1200, and a personal user device 102 ₂located outside of the corporate network 110 and receiving network access from one of the access networks 120 (illustratively, access network 120 _N). The user devices 102 may include any suitable types of user devices (e.g., desktop computers, laptop computers, tablet computers, smart phones, cloud-based information stores, and the like). It is noted that the cloud-based information stores also may be considered as user devices (or user elements) as users may interact with such virtual entities to retrieve their information.
The user devices 102 are used by the corporate user to communicate regarding corporate matters, where communications regarding corporate matters also may be referred to herein as corporate communications or corporate-related communications. For example, the corporate user may use corporate user device 102 ₁for communications regarding corporate matters while in the office (e.g., where corporate user device 102 ₁is a computer located in the office of the corporate user) may use corporate user device 102 ₂for communications regarding corporate matters while traveling outside of the office (e.g., where corporate user device 102 ₂is a smart phone supplied to the corporate user by the corporation), and may use personal user device 102 ₃for communications regarding corporate matters while located at home (e.g., where corporate user device 102 ₃is a personal computer located in the home of the corporate user). This exemplary movement of the corporate user is depicted in FIG. 1. It will be appreciated that other uses of the user devices 102 by the corporate user are possible (e.g., the corporate user may use corporate user device 102 ₂while located in the office, the corporate user may use personal user device 102 ₃while located in the office or traveling, and the like, as well as various combinations thereof).
The user devices 102 may be used for any suitable types of corporate communications.
In one embodiment, for example, corporate communications by or otherwise associated with the corporate user may include voice calls (e.g., to other employees of the corporate user, suppliers, customers, partners, and the like), voicemails (e.g., to other employees of the corporate user, suppliers, customers, partners, and the like), e-mails (e.g., to other employees of the corporate user, suppliers, customers, partners, and the like), Simple Messaging Service (SMS) messaging, Instant Messaging (IM), web browsing (e.g., searching for information using a search engine and the like), video calls, social media related communications (e.g., corporate social media, public social media, and the like), commerce-related communications (e.g., eCommerce, Business-to-Business (B2B) Commerce, and the like), web-based conferencing services (e.g., LiveMeeting, NetMeeting, and the like), communications related to cloud interactions (e.g., public cloud interactions, private cloud interactions, and the like), and the like, as well as various combinations thereof.
In one embodiment, for example, corporate communications by or otherwise associated with the corporate user may include network-centric communications which may be part of communications initiated by the corporate user and/or may be complementary to the communications initiated by the corporate user (e.g., where the communications may be spawned in response to one or more conditions associated with communications initiated by the corporate user). For example, network-centric communications which may be part of communications initiated by the corporate user and/or may be complementary to the communications initiated by the corporate user may include call forwarding, email forwarding, voice mail, voice mail forwarding, voice mail transcription, content uploading, content tagging, multi-mode communication (e.g., where a session transforms from one type of session to another type of session, where a session transforms from one device to another device, and the like), multi-device interaction within a service, and the like, as well as various combinations thereof.
It is noted that the underlying communications capabilities (e.g., equipment, services, and the like) which may support the above-described corporate communication types will be understood by one skilled in the art. For example, voice calls may be supported using one or more of a Public Switched Telephone Network (PSTN), Voice Over IP (VoIP), Private Branch Exchanges (PBXs), IP-PBXs, wireline networks, wireless networks, cloud-based PBX capabilities, over-the-top (OTT) voice applications, and the like, as well as various combinations thereof. For example, e-mails may be supported using one or more of data communication networks, email services, and the like. The types of underlying communications capabilities used to support the other listed communication types will be understood.
It is noted that various combinations of such communication types of a corporation (and, optionally, the underlying communications capabilities supporting such communication types) may be referred to collectively herein as an open communications environment of the corporation (e.g., supporting user-to-user interactions, user-to-machine interactions, machine-to-user interactions, and machine-to-machine interactions).
The user devices 102 each are configured to detect communication requests initiated by the corporate user via the user devices 102. For example, when the corporate user initiates a request to communicate via one of the user devices 102, the user device 102 detects an indication of the request to communicate and propagates the indication of the request to communicate such that it is automatically detected by the communication assurance agent 141. The user device 102 also may determine information associated with the request to communicate (denoted herein as requested communication information) and propagate the information associated with the communication request such that it is automatically detected by the communication assurance agent. The manner in which the requested communication is initiated is expected to vary for the different communication types. For example, for voice communication the corporate user may dial a number and press a submit button to initiate a call, open a voice call application and select the name of a person to call, and the like. For example, for e-mail communication the corporate user may open an email application, log in to an email service, open an e-mail message to be sent and begin to enter information (e.g., the name(s) of the intended recipient(s), subject information, and the like), and the like. For example, for SMS communication the corporate user may open an SMS application, log in to an SMS service, open an SMS message to be sent and begin to enter information (e.g., the name(s) of the intended recipient(s), subject information, and the like), and the like. For example, for IM communication the corporate user may open an IM application, log into an IM service, open an IM message to be sent and begin to enter information, and the like. For example, for web browsing the corporate user may open a web browser, begin to enter search criteria into a search interface of a web browser, and the like. More generally, a request by the corporate user to communicate may be considered to include an action(s) via which an indication of a request to communicate may be automatically detected by the communication assurance agent 141 and, optionally, any associated information suitable for use by communication assurance agent 141 to determine the type of security to be applied to the requested communication of the corporate user.
It will be appreciated that, although primarily depicted and described with respect to the corporate user using three specific user devices 102 to communicate regarding corporate matters, the corporate user may use fewer or more user devices 102 to communicate regarding corporate matters and/or may use other types of user devices 102 to communicate regarding corporate matters.
The corporate network 110 is a corporate intranet. The corporate network 110 may be owned/maintained by the corporation which employs the corporate user directly or indirectly and/or by one or more Managed Services entities. The corporate network 110 may include various elements and services as will be understood by one skilled in the art. For example, the corporate network 110 may include IT systems, IT networks, private clouds, hosted application centers, private data centers, public data centers, wireline and/or wireless networks, private communication networks, user devices, peripherals associated with user devices, and the like, as well as various combinations thereof. It is noted that, in general, corporations use security mechanisms to secure their corporate networks and communications by their employees via their corporate networks. For example, security mechanisms typically used in corporate networks include firewalls, encryption/decryption of communications, virtual private networks (VPNs), and the like, as well as various combinations thereof. However, such security mechanisms typically used in corporate networks do not always guarantee end-to-end communication assurance or information assurance for communications by employees via the corporate networks, and certainly do not guarantee end-to-end communication assurance or information assurance for communications by employees via external networks. The current security environment of the corporation cannot adequately monitor the complex interactions that are made by corporate users of the corporation and the open communications environment of the corporation.
The access networks 120 may include any suitable access networks via which the corporate user may communicate regarding corporate matters. For example, the access networks 120 may include wireline access networks (e.g., cable networks, DSL networks, and the like) and/or wireless access networks (e.g., cellular networks, Wireless Fidelity (Wi-Fi) networks, satellite networks, and the like).
The communication network 130 represents any wide area communication network(s) adapted to transport communications of the corporate user. For example, the communication network 130 may include backhaul networks, the Internet, and the like as well as various combinations thereof.
The communication assurance network 140 includes communication assurance agent 141, profiles database 142, and security assurance grading engine 145. The communication assurance agent 141 is configured to provide security mechanisms to improve security of communications by the corporate user regarding corporate matters. The communication assurance agent 141 also may be configured to provide security mechanisms to improve security of communications by the corporate user regarding personal matters. The communication assurance agent 141 is configured to provide such security mechanisms using information from profiles database 142 and/or using security assurance grading engine 145 (and/or information from security assurance grading engine 145).
The profiles database 142 includes a user profile 143 for the corporate user. The user profile 143 of the corporate user includes user information associated with the corporate user (e.g., name, address, network identification information, and the like, as well as various combinations thereof). The user profile 143 of the corporate user further includes communication context-based security profiles 144 (and/or otherwise points to communication context-based security profiles 144) associated with the corporate user.
The communication context-based security profiles 144 for the corporate user include one or more profiles to be used in conjunction with communications of the corporate user. In general, a communication context-based security profile 144 for the corporate user specifies a security policy that is defined based on the context of the communication of corporate user, where the security policy specifies one or more security mechanisms to be applied for the communication of corporate user (e.g., a requested communication of the corporate user having associated therewith requested communication information matching the communication context defined by the security policy has the associated security mechanism(s) of the security policy applied thereto).
The communication context-based security profiles 144 for the corporate user are defined and retrieved based on communication context. In one embodiment, communication context for a communication of the corporate user may be based on one or more of the type of communication to be used for the communication of the corporate user (e.g., voice, email, SMS, video, web browsing, and the like), an identity of the corporate user, a role of the corporate user (e.g., within the corporation, with a particular group within the corporation, for a particular project of the corporation, and the like), relationship-based information associated with the corporate user (an indication of a group within the corporation to which the corporate user belong, an indication of a project of the corporation on which the corporate user works, an indication of a relationship between the corporate user and an intended recipient(s) of the communication, and the like), a device type of the user device 102 used by the corporate user (e.g., fixed versus mobile, wireline versus wireless, computer versus smartphone, and the like), a network type of a network(s) to be used to support the communication, an identifier identifying the user device 102 being used by the corporate user for the communication, a recipient type of an intended recipient(s) of the communication, an identity of an intended recipient(s) of the communication, a subject of the communication, one or more details of the communication, and the like, as well as various combinations thereof. As noted above, the communication context-based security profiles 144 for the corporate user may be defined based on one or more of the above-described types of context information. Similarly, as noted above, when the corporate user initiates a request to communicate, requested communication information associated with the request to communicate and indicative of the context of the request to communicate (denoted herein as requested communication information) may be used to retrieve an appropriate communication context-based security profile 144 for use in providing security for the requested communication of the corporate user (e.g., in the form of one or more security mechanisms specified by the appropriate communication context-based security profile 144 retrieved for the requested communication of the corporate user).
The communication context-based security profiles 144 for the corporate user may be defined for communications of the corporate user which may be between any suitable entities/devices and may be of any suitable type. For example, the communication of the corporate user may be between two user devices (e.g., between two users, between a group of individuals, and the like), between more than two user devices (e.g., conference calls, video conferencing, chat rooms, and the like), machine(s)-to-machine(s), and the like, as well as various combinations thereof. For example, the communication type may be a voice-based communication (e.g., a voice call between the corporate user and another user, a voice call between the corporate user and multiple other users, and the like), an email-based communication (e.g., sending of an email by the corporate user, the corporate user receiving a voicemail as an attachment in an email message by a service provider, and the like), an SMS-based communication (e.g., the corporate user sending a text message, the corporate user receiving a text message including a voicemail transcribed into text and included within the text message, and the like), a video-based communication, a web browsing communication, and the like, as well as various combinations thereof. It is noted that such communication types also may be referred to herein as communication services or communication service types (e.g., voice services, email services, SMS services, video services, web browsing services, and the like, as well as various combinations thereof).
The communication context-based security profiles 144 for the corporate user may be defined using information from various resources. The resources may include one or more of: (1) one or more profiles of the corporate user (e.g., business profiles, personal profiles, social profiles, and the like), (2) the relationships and/or associations of the corporate user to one or more other users, one or more groups of users, one or more associations, one or more enterprises, one or more institutions, and the like, (3) the relationships and/or associations of the corporate user to a project, a type of project, an activity, a type of activity, a profession, a type of profession, an interest, a type of interest, a club, a type of club, and the like, (4) the relationships and/or associations of the corporate user to a service, a type of service, and the like, (5) the relationships and/or associations of the corporate user to a device or devices (e.g., to a device being used by the corporate user (e.g., corporate user device 102 ₁, corporate user device 102 ₂, personal user device 102 ₃, and the like), to a device with which the corporate user is to communicate, and the like), to a type of device (e.g., corporate versus personal, fixed versus mobile, computer versus smart phone, and the like), and the like, (6) the relationships and/or associations of the corporate user to use of a mode of communication, (7) communication environments and associated capabilities of the communication environments (e.g., where different communication environments offer different capabilities in terms of services, features, class of service, quality of service, user experience, identity management, storage, and the like), and (8) any other suitable type(s) of resources from which information may be determined for use in providing the communication context-based security profiles 144 for the corporate user. Although primarily depicted and described with respect to definition of the communication context-based security profiles 144 for the corporate user based on information specific to the corporate user, it is noted that the communication context-based security profiles 144 for the corporate user may be defined based on information associated with multiple corporate users (e.g., where communication context-based security profiles are defined for multiple corporate users based on information associated with the multiple corporate users and then the communication context-based security profiles are associated with each of the multiple corporate users for use in providing communication context-based security for the multiple corporate users). The communication context-based security profiles 144 for the corporate user also may be defined by deriving the context-based security profiles 144 for the corporate user from past communications by the corporate user (e.g., based on historical information associated with communication services/events as determined from various resources within one or more communication environments), and the like, as well as various combinations thereof.
The communication context-based security profiles 144 for the corporate user may be retrieved, in response to requests by the corporate user to communicate, based on requested communication information determined from the requests to communicate (where the requested communication information may include any of the types of information which may be used to define the communication context-based security profiles 144).
The communication context-based security profiles 144 are adapted to provide communication assurance for communication services used by the corporate user, as well as to provide information assurance for information transported via communication services used by the corporate user. The communication context-based security profiles 144 are adapted to provide information assurance even in cases where information of a communication by the corporate user has multiple states and/or multiple delivery mechanisms (e.g., where a caller leaves a voicemail for the corporate user that is later retrieved by the corporate user, where the corporate user leaves a voicemail for a fellow employee and the voicemail is sent to the employee as an attachment in an email, where a caller leaves a voicemail for the corporate user and the voicemail is converted into text and sent to the corporate user in a text message, and the like). The communication context-based security profiles 144 are adapted to provide communication/information assurance for communication services used for corporate communications within the corporation (e.g., between the corporate user and one or more corporate users and/or devices of the corporation), for communication services used for corporate communications outside of the corporation (e.g., between the corporate user and one or more users and/or devices outside of the corporation), for personal communications by the corporate user, and the like. In this manner, the communication context-based security profiles 144 are adapted to ensure that the end-to-end communication channel, and the information transported via the end-to-end communication channel, receives the appropriate level of security. Furthermore, the communication context-based security profiles 144 are adapted to ensure that the communication of the corporate user, and the information transported via the communication of the corporate user, are assured the appropriate level of security throughout the existence of that communication/information irrespective of its state or the delivery mechanism used.
As noted above, the communication context-based security profiles 144 may be defined based on communication context in a number of ways. The communication context-based security profiles 144 may be defined at any suitable granularity. The communication context-based security profiles 144 may be organized in any suitable manner (e.g., in a flat arrangement, in a hierarchical arrangement, and the like, as well as various combinations thereof). These and various other characteristics of the communication context-based security profiles 144 may be better understood by way of reference to exemplary communication context-based security profiles 144 depicted and described with respect to FIG. 2.
The security assurance grading engine 145 maintains a plurality of security grades 146 ₁-146 _Nand a custom security grade 146 _CUSTOM(collectively, security grades 146, which also are denoted as GRADE₁-GRADE_Nand GRADE_CUSTOM). The custom security grade 146 _CUSTOMmay be defined using two or more of security grades 146 ₁-146 _N.
The security assurance grading engine 145 may be configured to define the security grades 146. The security assurance grading engine 145 may be configured to define the security grades 146 based on the communication context-based security profiles 144 of the corporate user. The security assurance grading engine 145 may be configured to generate the security grades 146 (e.g., using information from the communication context-based security profiles 144 of the profile database 141). In one embodiment, the security grades 146 may be considered to be a representation of the communication context-based security profiles 144 of the corporate user (e.g., where each security grade 146 represents one or more of the communication context-based security profiles 144 maintained for the corporate user). In one embodiment, the security grades 146 may be generated via processing of the communication context-based security profiles 144 of the corporate user. It is noted that fewer or more security grades 146 may be defined/generated. It is noted that fewer or more than one custom grade 146 _CUSTOMmay be defined/generated. It is noted that the security grades 146 also may be referred to herein as security blankets.
The security grades 146 are adapted for use by communication assurance agent 140 (and, optionally, by the security assurance grading engine 145) to provide security mechanisms to provide security assurance for communications of the corporate user. In one embodiment, each security grade 146 has one or more security mechanisms associated therewith, where the security mechanism(s) associated with a security grade 146 include the security mechanism(s) to be applied for communications of the corporate user that are deemed to fall within that security grade 146. In one embodiment, when a communication type/service is deemed to be of a particular security grade 146, each communication associated with the communication type/service receives the same grade of service based on the security mechanism(s) of that security grade 146, where such security may be applied independent of time, network type, communication medium, storage medium, and the like.
The definition/generation and use of the security grades 146 may be better understood by way of reference to FIG. 3 and FIG. 4.
It is noted that, although primarily depicted and described with respect to embodiments in which the communication assurance agent 141, the profiles database 142, and the security grades database 145 are deployed within a network (illustratively, communication assurance network 140), the communication assurance agent 141, the profiles database 142, and/or the security grades database 145 may be deployed in any suitable manner (e.g., one or more of these elements may reside within a service provider network, one or more of these elements may reside within corporate network 110, one or more of these elements may reside within a Federated System, and the like, as well as various combinations thereof).
It is noted that, although system 100 is depicted and described with respect to improving security of a single corporate user, system 100 may be configured to improve security for any number of corporate users of any number of corporations.
It is noted that, although system 100 is depicted and described with respect to improving security of a corporate user, system 100 may be configured to improve security for any suitable type(s) of users (e.g., users employed by corporations but only looking to improve security of their personal communications, users not employed by corporations but looking to improve security of their personal communications, and the like, as well as various combinations thereof).
FIG. 2 depicts an exemplary user profile including a set of communication context-based security profiles for the corporate user of FIG. 1.
The user profile 143 of the corporate user includes user information associated with the corporate user. The user profile 143 of the corporate user further also includes and/or has associated therewith communication context-based security profiles 144.
The communication context-based security profiles 144 for the corporate user include a plurality of corporate security profiles 144 _C1-144 _CN(collectively, corporate security profiles 144 _C).
The corporate security profiles 144 _Cmay be better understood by considering an exemplary scenario in which the corporate user is a member of an organization within the corporation, is a member of an organization (ORG1) within the corporation, is a member of a group (GROUP 4) within the organization, and is assigned to work on two projects (PROJECT A within GROUP 4 and PROJECT F which is a multi-group project).
The corporate security profile 144 _C1is a profile defined for the corporation (e.g., to be used for any type of communication by the corporate user with any other member of the corporation).
The corporate security profile 144 _C2is a profile defined for ORG1 of which the corporate user is a member (e.g., to be used for any type of communication by the corporate user with any other member of ORG1).
The corporate security profile 144 _C3is a profile defined for GROUP 4 of which the corporate user is a member (e.g., to be used for any type of communication by the corporate user with any other member of GROUP 4). The corporate security profile 144 _C3includes two sub-profiles to be used for communications by the corporate user using two different user devices of the corporate user (e.g., a CORPORATE DEVICE profile to be used for communications by the corporate user with any other person of GROUP 4 where the corporate user is using a corporate user device (e.g., corporate user device 102 ₁or corporate user device 102 ₂) and a PERSONAL DEVICE profile to be used for communications by the corporate user with any other person of GROUP 4 where the corporate user is using a personal user device (e.g., personal user device 102 ₃)).
The corporate security profile 144 _C4is a profile defined for PROJECT A to which the corporate user is assigned and includes two sub-profiles to be used for different types of communications by the corporate user related to PROJECT A (e.g., a VOICE profile to be used for voice communications by the corporate user with any other person associated with project A and an EMAIL profile to be used for email communications by the corporate user with any other person associated with project A).
The corporate security profile 144 _C5is a profile defined for PROJECT F to which the corporate user is assigned and includes two sub-profiles to be used for communications by the corporate user with different groups working on PROJECT F (e.g., a GROUP 4 profile to be used for communications by the corporate user with any other person of GROUP 4 who is assigned to work on PROJECT F and an OTHER profile to be used for communications by the corporate user with any other person associated with PROJECT 4 but not in GROUP 4).
The corporate security profile 144 _C6is a profile defined for customers of the corporation (e.g., to be used for any type of communication by the corporate user with any of the customers of the corporation).
The corporate security profile 144 _C7is a profile defined for any voice-based communication by the corporate user.
The corporate security profile 144 _C7includes three sub-profiles to be used for communications by the corporate user using three different user devices of the corporate user (e.g., a CORPORATE DESKTOP DEVICE profile to be used for communications by the corporate user using corporate user device 102 ₁, a CORPORATE MOBILE DEVICE profile to be used for communications by the corporate user using corporate user device 102 ₂, and a PERSONAL DEVICE profile to be used for communications by the corporate user using corporate user device 102 ₃).
The corporate security profile 144 _C8is a profile defined for any web browsing to be performed by the corporate user.
The corporate security profile 144 _CNis intended to represent the fact that any suitable number of corporate security profiles 144 _Cmay be defined for the corporate user.
It is noted that the corporate security profiles 144 _Care merely exemplary and, thus, that any suitable numbers, types, and arrangements of corporate security profiles 144 _Cmay be maintained for the corporate user.
The corporate security profiles 144 _Cmay be defined by the corporation on behalf of the corporate user (and, optionally, modified by the corporate user as needed), defined by the corporate user, and the like, as well as various combinations thereof.
It is noted that, although depicted and described with respect to embodiments in which the corporate security profiles 144 _Care defined for the corporate user, the corporate security profiles 144 _Cmay be defined for any suitable set of corporate users of the corporation and the user profile of the corporate user may then simply point to the corporate security profiles 144 _Cto thereby associate those corporate security profiles 144 _Cwith the corporate user for use in improving security of corporation-related communications of the corporate user.
The communication context-based security profiles 144 for the corporate user also may include a plurality of personal security profiles 144 _P1-144 _PN(collectively, personal security profiles 144 _P).
The personal security profile 144 _P1is a profile defined for any personal voice communication to be performed by the corporate user.
The personal security profile 144 _P2is a profile defined for any personal e-mail communication to be performed by the corporate user and includes three sub-profiles to be used for e-mail communications with different groups of people (e.g., a first sub-profile for e-mails to family and friends of the corporate user, a second sub-profile for e-mails to acquaintances of the corporate user, and a third sub-profile for e-mails to doctors of the corporate user).
The personal security profile 144 _P3is a profile defined for any type of communication to be performed by the corporate user with one or more of the financial institutions of the corporate user.
The personal security profile 144 _P2is a profile defined for any web-related communications to be performed by the corporate user and includes two sub-profiles to be used for different types of web browsing (e.g., a first sub-profile for web browsing and a second sub-profile for web-based purchases made by the corporate user).
The personal security profile 144 _PNis intended to represent the fact that any suitable number of personal security profiles 144 _Pmay be defined for the corporate user.
It is noted that the personal security profiles 144 _Pare merely exemplary and, thus, that any suitable numbers, types, and arrangements of personal security profiles 144 _Pmay be maintained for the corporate user.
The personal security profiles 144 _Pmay be defined by the defined by the corporate user, defined by one or more other entities on behalf of the corporate user (and, optionally, modified by the corporate user as needed), and the like, as well as various combinations thereof.
It is noted that, although depicted and described with respect to embodiments in which the personal security profiles 144 _Pare defined for the corporate user, the personal security profiles 144 _Pmay be defined for any suitable set of users and the user profile of the corporate user may then simply point to the personal security profiles 144 _Pto thereby associate those personal security profiles 144 _Pwith the corporate user for use in improving security of personal communications of the corporate user.
The communication context-based security profiles 144 of the user profile 143 of the corporate user each may specify one or more security mechanisms to be used to secure the associated communications of the corporate user. For example, such security mechanisms may include use of encryption and decryption, and the like, as well as various combinations thereof. It will be appreciated that the types of security mechanisms associated with a given communication context-based security profile 144 may depend on factors such as the type of communication which may be used, the necessary or desired level of security for the communication, and the like, as well as various combinations thereof.
It is noted that, although primarily depicted and described with respect to embodiments in which the communication context-based security profiles 144 are stored in the profiles database 142 associated with communication assurance agent 141, some or all of the communication context-based security profiles 144 may be stored in other locations. For example, corporation-related communication context-based security profiles of the corporate user may be stored within the corporate network 110. For example, personal communication context-based security profiles of the corporate user may be stored within the corporate network 110 and/or a home network of the user. For example, personal communication context-based security profiles of the corporate user may be stored within the communications environments of entities with which the corporate user may communicate (e.g., Health Insurance Portability and Accounting Act (HIPPA)-related security profiles maintained within communications environments of doctors, Securities and Exchange Commission (SEC)-related security requirements maintained within communications environments of financial institutions, and the like). In at least some such embodiments, the profiles database 142 may store indexes to communication context-based security profiles 144 stored in the other location(s), such that the communication assurance agent 141 may use the indexes in order to retrieve the communication context-based security profiles 144 when needed. In this sense, it will be appreciated that communication context-based security profiles 144 may be considered to be maintained in any suitable storage location(s) such that they are accessible for use by communication assurance agent 141 in providing security mechanisms for the corporate user.
FIG. 3 depicts an exemplary set of security grades defined using communication context-based security profiles.
As depicted in FIG. 3 (and also depicted and described with respect to FIG. 1), security assurance grading engine 145 maintains service grades 146 which may be applied by communication assurance agent 140 (and, optionally, by the security assurance grading engine 145) to provide security mechanisms to provide security assurance for communications of the corporate user.
As further depicted in FIG. 3, security grades 146 are defined based on corporate requirements 310 ₁, regulation requirements 310 ₂, user preferences 310 ₃, device capabilities 310 ₄, and network capabilities 310 ₅. It is noted that fewer or more, as well as other, types of information may be used to define the security grades 146 (e.g., just as fewer or more, as well as other, types of information may be used to define the communication context-based security profiles 144 of the corporate user).
As further depicted in FIG. 3, each security grade 146 ₁-146 _Nand 146 _CUSTOMhas a set of security mechanisms 320 ₁-320 _Nand 320 _CUSTOM(collectively, security mechanisms 320) associated therewith, respectively. It is noted that a set of security mechanisms 320 associated with a service grade 146 may include one or more security mechanisms to be applied for that security grade (e.g., encryption/decryption, use of a VPN, and the like). For example, security mechanisms 320 ₁for security grade 146 ₁may specify use of encryption/decryption for communications by the corporate user that are deemed to fall within security grade 146 ₁. For example, security mechanisms 320 ₂for security grade 146 ₂may specify use of a VPN for communications by the corporate user that are deemed to fall within security grade 146 ₂. For example, security mechanisms 320 _Nfor security grade 146 _Nmay specify use of encryption/decryption and a VPN for communications by the corporate user that are deemed to fall within security grade 146 _N. It is noted that any other suitable types of security mechanisms may be applied as part of the sets of security mechanisms 320.
FIG. 4 depicts use of the exemplary security grades of FIG. 3 to provide security for communications of the corporate user of FIG. 1.
As depicted in FIG. 4, the corporate user of FIG. 1 has a plurality of user devices including user devices 102 ₁-102 ₃depicted and described with respect to FIG. 1 as well as one or more additional user devices 102 (collectively, user devices 102) available for use by the corporate user to communicate. The association of the security grades 146 ₁-146 _Nwith the user devices 102 ₁-102 _Nillustrates exemplary cases in which, for a given one of the user devices 102, the corporate user selects the user device 102 and then initiates a communication with the selected user device 102 and the context of the initiated communication results in use of the associated security grade 146 for the initiated communication.
As further depicted in FIG. 4, communication assurance network 140 of FIG. 1 is available to provide communication assurance for communications of the corporate user. The communication assurance network 140 is depicted and described in detail with respect to FIG. 1-FIG. 3.
The use of security grades 146 of the corporate user in order to secure the communications by the corporate user may be better understood by way of the following examples.
In a first example, the user selects user device 102 ₁(e.g., a corporate smart phone of the corporate user) and initiates a voice call to his or her doctor. The context of the initiated communication of the corporate user (e.g., a voice call from the corporate user to the doctor via the corporate smart phone) results in selection of a particular security grade for use in securing the initiated communication (illustratively, the security grade 146 ₁which also is denoted as G1). As illustrated in FIG. 4, the end-to-end communication from the user device 102 ₁of the corporate user to the user device of the doctor is secured by the security mechanisms specified for security grade 146 ₁. Additionally, where the corporate user leaves a message for the doctor, the message also is secured by the security mechanisms specified for security grade 146 ₁(as illustrated by use of the security mechanisms specified for security grade 416 ₁to store the voicemail as an asset within in the network 410 ₁). In this manner, the communication of the corporate user and its associated information is assured end-to-end as long as the asset is available.
In a second example, the user selects user device 102 ₂(e.g., a personal smart phone of the corporate user) and initiates a voice call to his or her colleague at the corporation. The context of the initiated communication of the corporate user (e.g., a voice call from the corporate user to another corporate user via the personal smart phone) results in selection of a particular security grade for use in securing the initiated communication (illustratively, the security grade 146 ₂which also is denoted as G2). As illustrated in FIG. 4, the end-to-end communication from the user device 102 ₂of the corporate user to the user device of the colleague is secured by the security mechanisms specified for security grade 146 ₂. Additionally, where the corporate user leaves a message for the colleague, the message also is secured by the security mechanisms specified for security grade 146 ₂(as illustrated by use of the security mechanisms specified for security grade 146 ₂to store the voicemail as an asset within in the network 410 ₂). In this manner, the communication of the corporate user and its associated information is assured end-to-end as long as the asset is available.
The use of communication context-based security profiles 144 to improve security of communications by the corporate user is depicted and described with respect to FIG. 5.
FIG. 5 depicts one embodiment of a method for using communication context-based security profiles of the corporate user to improve the security of communications by the corporate user.
At step 505, method 500 begins.
At step 510, the user device of the corporate user detects a communication request. As described herein, detection of the communication request may vary across different communication types. For example, for voice communications the user device may detect entry of a telephone number and pressing of a submit button to initiate a call, opening of a voice call application and selecting of the name of a person to call, and the like. For example, for e-mail communication the user device may detect opening of an email application, logging in to an email service, opening of an e-mail message to be sent and entry of information, and the like. For example, for SMS communication the user device may detect opening of an SMS application, logging in to an SMS service, opening of an SMS message to be sent and entry of information, and the like. For example, for web browsing the user device may detect opening of a web browser, entry of search criteria into a search interface of a web browser, and the like. More generally, a request by the corporate user to communicate may be considered to include an action via which an indication of a request to communicate may be detected by the user device 110.
At step 515, the user device of the corporate user determines communication request information associated with the communication request. For example, the communication request information may include an identity of the corporate user of the user device, an identifier identifying the user device of the corporate user, an indication of a type of user device of the corporate user (e.g., corporate versus personal, fixed versus mobile, and the like), an identity of at least one entity and/or device intended as a destination of the requested communication, a communication type of the requested communication (e.g., voice call, e-mail, SMS message, web browsing, and the like), a subject of the requested communication, one or more details of the requested communication, and the like, as well as various combinations thereof. It is noted that, in at least some cases, a portion of the communication request information may be determined as part of step 510.
At step 520, the user device of the corporate user propagates the communication request information toward the communication assurance agent. At step 525, the communication assurance agent receives the communication request information from the user device of the corporate user.
At step 530, the communication assurance agent selects a communication context-based security profile based on the communication request information.
The communication assurance agent identifies the communication context-based security profiles associated with the corporate user (e.g., from information included within the communication request information received at the communication assurance agent from the user device). The communication assurance agent then selects one of the communication context-based security profiles associated with the corporate user, as the communication context-based security profile to be used for the requested communication of the corporate user, based on the communication request information received at the communication assurance agent from the user device. The selection of the communication context-based security profile may be performed based on keyword matching between information included in the communication request information and information included in the communication context-based security profiles associated with the corporate user, by considering the communication context-based security profiles associated with the corporate user in priority order until identifying one of the communication context-based security profiles as being a match satisfying a matching threshold, by considering portions of the communication request information in priority order until identifying one of the communication context-based security profiles as being a match satisfying a matching threshold, and the like, as well as various combinations thereof.
In one embodiment, where multiple communication context-based security profiles apply to the requested communication of the corporate user, any potential conflict between the multiple communication context-based security profiles may be resolved in any suitable manner (e.g., based on priority levels assigned to the communication context-based security profiles, using a lowest common denominator approach via comparison of security features of the communication context-based security profiles, using a greatest common denominator approach, via comparison of security features of the communication context-based security profiles, and the like, as well as various combinations thereof).
At step 535, the communication assurance agent propagates an indication of the selected communication context-based security profile toward the user device. At step 540, the user device receives the indication of the selected communication context-based security profile from the communication assurance agent.
At step 545, the user device initiates the requested communication based on the selected communication context-based security profile. The communication context-based security profile indicates one or more security mechanisms to be used for the requested communication of the corporate user. It will be appreciated that the initiation of the requested communication based on the selected communication context-based security profile depends, at least in part, on the type of communication. Thus, the initiation of the requested communication based on the selected communication context-based security profile may be better understood by considering examples related to different types of communication which may be initiated by the corporate user.
For example, where the indication of the requested communication indicates initiation of a voice call, initiation of the requested communication based on the selected communication context-based security profile may include initiating signaling for establishing the voice session such that the voice session is based on one or more security parameters (e.g., using a particular type of encryption/decryption).
For example, where the indication of the requested communication indicates sending of an e-mail, initiation of the requested communication based on the selected communication context-based security profile may include sending the email from the user device using one or more security mechanisms (e.g., using a particular type of encryption/decryption, and the like).
For example, where the indication of the requested communication indicates sending of an SMS message, initiation of the requested communication based on the selected communication context-based security profile may include sending the SMS message from the user device using one or more security mechanisms (e.g., using a particular type of encryption/decryption, and the like).
For example, where the indication of the requested communication indicates entry of information for browsing the Internet, initiation of the requested communication based on the selected communication context-based security profile may include sending the search request from the user device using one or more security mechanisms related to web browsing.
For example, where the indication of the requested communication indicates entry of information for making a purchase via the Internet, initiation of the requested communication based on the selected communication context-based security profile may include sending the search request from the user device using one or more security mechanisms (e.g., using a particular type of encryption/decryption, and the like).
It is noted that the security mechanisms may be applied in any suitable manner, which may depend on the type(s) of security mechanism(s) to be applied. In at least some embodiments, one or more of the security mechanisms may be delivered as security application programming interfaces (APIs).
At step 550, the method 500 ends.
It is noted that, although primarily depicted and described with respect to embodiments in which the communication assurance agent propagates an indication of the selected communication context-based security profile toward the user device, the communication assurance agent alternatively or additionally may propagate an indication of the selected communication context-based security profile toward at least one network device which may be configured to apply one or more security mechanisms for the requested communication of the user device. For example, the communication assurance agent alternatively or additionally may propagate an indication of the selected communication context-based security profile toward a boundary device of the corporate network with which the user device is associated, toward one or more devices of an access network with which the user device is associated, toward one or more devices of a core network supporting the requested communication of the corporate user, toward one or more servers providing services related to the requested communication, toward one or more application servers related to the requested communication, and the like, as well as various combinations thereof.
It is noted that, although primarily depicted and described with respect to embodiments in which the communication assurance agent selects one communication context-based security profile for the requested communication of the corporate user, in at least some embodiments the communication assurance agent may be configured to select multiple communication context-based security profile for the requested communication of the corporate user.
In one embodiment, the communication assurance agent may select one of the multiple communication context-based security profiles on behalf of the user device (e.g., selecting the profiles based on a prioritization of the profiles, selecting the profile having the most stringent security requirements, and or using any other suitable selection criteria) and propagate an indication of the selected one of the communication context-based security profiles toward the user device for use by the user device for the requested communication of the corporate user.
In one embodiment, the communication assurance agent may select two or more of the communication context-based security profiles on behalf of the user device (e.g., based on any suitable selection criteria, such as those discussed above for selection of one of the communication context-based security profiles by the communication assurance agent on behalf of the user device) and propagate indications of the selected communication context-based security profiles toward the user device. In one embodiment, the communication assurance agent may propagate indications of each of the selected communication context-based security profiles toward the user device. In one embodiment, in which the user device receives indications of multiple communication context-based security profiles from the communication assurance agent, the user device may select one of the multiple communication context-based security profiles to use for the requested communication, and then to use the selected one of the communication context-based security profiles for the requested communication. In one embodiment, in which the user device receives indications of multiple communication context-based security profiles from the communication assurance agent, the user device may use some or all of the multiple communication context-based security profiles (to the extent that such communication context-based security policies are consistent with each other) for the requested communication (e.g., applying all security mechanisms specified in the communication context-based security profiles, applying the most stringent of each of the security mechanisms specified in the communication context-based security profiles, and the like).
It is noted that, although primarily depicted and described with respect to embodiments in which a communication context-based security profile is determined only for the source side of a requested communication, a communication context-based security profile also may be determined for the destination side of a requested communication. In one embodiment, the process performed for the destination side of the requested communication is similar to the process performed for the source side of the requested communication as depicted and described with respect to FIGS. 1-5. In one embodiment, the source and destination user devices communicate with the same communication assurance agent for determining the respective communication context-based security profiles to be used by the source and destination user devices. In one embodiment, the source and destination user devices communicate with different communication assurance agents for determining the respective communication context-based security profiles to be used by the source and destination user devices. In one embodiment, in which the source and destination user devices use different communication assurance agents, the communication assurance agents may be configured to communicate with each other for purposes of determining a set of security mechanisms to be used for communication between the source and destination user devices. In one embodiment, in which the source and destination user devices use different communication assurance agents, the communication assurance agents may be configured to communicate with one or more other elements (e.g., a higher level communication assurance agent in a hierarchy of communication assurance agents) for purposes of determining a set of security mechanisms to be used for communication between the source and destination user devices. In one embodiment, where processing is performed to determine a set of security mechanisms to be used for communication between the source and destination user devices, the processing may be performed using any suitable mechanism for reconciling the respective communication context-based security profiles to be used by the source and destination user devices (e.g., selecting security mechanisms common to the respective communication context-based security profiles selected for the source and destination user devices, selecting the highest level of security common to the respective communication context-based security profiles selected for the source and destination user devices, selecting the highest level of security specified by the respective communication context-based security profiles selected for the source and destination user devices, and the like).
It is noted that, although primarily depicted and described herein with respect to embodiments in which the security mechanism/service grade is applied to the requested communication of the corporate user, the security mechanism(s)/service grade to be applied to the requested communication of the corporate user, and/or any other suitable the security mechanism(s)/service grade, may be applied to any communication/service derived from the requested communication of the corporate user irrespective of whether or not the corporate user or the user device of the corporate user is involved (directly or indirectly) in communication/service derived from the requested communication of the corporate user. This may be used, for example, where one or more communications/services are spawned by some action or actions taken by or otherwise associated with the corporate user.
For example, when the corporate user leaves a voicemail for an intended recipient and the delivery of the voicemail to a voice mailbox of the intended recipient is secured using an appropriate security mechanism(s)/security grade, one or more settings for the intended recipient may result in initiation by a network device of a voicemail transcription service which enables a text transcription of the voicemail to be delivered to the intended recipient via email or text message and the delivery of the text transcription of the voicemail may then be secured using an appropriate security mechanism(s)/security grade (which may be the same as or different than the security mechanism(s)/security grade used to deliver the voicemail to the voice mailbox of the intended recipient) in accordance with embodiments depicted and described herein.
For example, when the corporate user is having a health problem and initiates a call to his or her doctor, a voice connection is established between the corporate user and the doctor using an appropriate security mechanism(s)/security grade based on the context of the requested communication. In this case, during the voice call between the corporate user and the doctor, a service hosted within the network and monitoring the content of the voice call may detect distress on the part of the corporate user and, in response, may automatically initiate conversion of the voice call to a video call between the corporate user and the doctor such that the doctor can perform a visual inspection of the corporate user almost immediately. In this case, the video call that is spawned automatically as a result of monitoring performed within the network may then be secured using an appropriate security mechanism(s)/security grade (which may be the same as or different than the security mechanism(s)/security grade used for the voice call between the corporate user and the doctor) in accordance with embodiments depicted and described herein.
It will be appreciated that these are merely a few of the ways in which derived instances of a requested communication of a corporate user may be provided with appropriate security and assurance in accordance with embodiments depicted and described herein. In one embodiment, the communication assurance agent 141 is configured to detect initiation of a derived instance of the requested communication. The derived instance of the requested communication may include one or both of a service and a communication. The communication assurance agent 141 may be configured to initiate application of the at least one security mechanism to the derived instance of the requested communication. The communication assurance agent 141, where the communication context-based security profile selected for the requested communication of the corporate user is a first communication context-based security profile, may be configured to select a second communication context-based security profile for the derived instance of the requested communication, and propagate an indication of the selected second communication context-based security profile toward at least one of the user device and a network device for use in applying at least one security mechanism to the derived instance of the requested communication.
It is noted that, although primarily depicted and described with respect to embodiments in which the communication assurance agent 141 is hosted within a network, the communication assurance agent 141 may be hosted at any other suitable location. In one embodiment, for example, the communication assurance agent 141 may be hosted within the corporate network 110 for use by multiple corporate users (including the corporate user depicted and described with respect to FIG. 1). In one embodiment, for example, the communication assurance agent 141 may be hosted on each of the user devices 102 of the corporate user (in which case method 500 of FIG. 5 includes communication between elements of the user device 102 from which the communication request is initiated). In one embodiment, for example, the functions of the communication assurance agent 141 for the corporate user may be arranged using a combination of such embodiments (e.g., where at least some communication assurance agent functions are hosted within the network while at least some communication assurance agent functions are hosted on the user devices 102 of the corporate user).
Although primarily depicted and described with respect to providing security for communications of corporate users, the various embodiments depicted and described herein may be adapted for use in providing security for communications of any other suitable types of end users.
FIG. 6 depicts a high-level block diagram of a computer suitable for use in performing functions described herein.
As depicted in FIG. 6, computer 600 includes a processor element 602 (e.g., a central processing unit (CPU) and/or other suitable processor(s)) and a memory 604 (e.g., random access memory (RAM), read only memory (ROM), and the like). The computer 600 also may include a cooperating module/process 605 and/or various input/output devices 606 (e.g., a user input device (such as a keyboard, a keypad, a mouse, and the like), a user output device (such as a display, a speaker, and the like), an input port, an output port, a receiver, a transmitter, and storage devices (e.g., a tape drive, a floppy drive, a hard disk drive, a compact disk drive, and the like)).
It will be appreciated that the functions depicted and described herein may be implemented in software (e.g., via implementation of software on one or more processors) and/or may be implemented in hardware (e.g., using a general purpose computer, one or more application specific integrated circuits (ASIC), and/or any other hardware equivalents).
It will be appreciated that the functions depicted and described herein may be implemented in software (e.g., for executing on a general purpose computer (e.g., via execution by one or more processors) so as to implement a special purpose computer) and/or may be implemented in hardware (e.g., using one or more application specific integrated circuits (ASIC) and/or one or more other hardware equivalents).
In one embodiment, the cooperating process 605 can be loaded into memory 604 and executed by the processor 602 to implement functions as discussed herein. Thus, cooperating process 605 (including associated data structures) can be stored on a computer readable storage medium, e.g., RAM memory, magnetic or optical drive or diskette, and the like.
It will be appreciated that computer 600 depicted in FIG. 6 provides a general architecture and functionality suitable for implementing functional elements described herein and/or portions of functional elements described herein. For example, the computer 600 provides a general architecture and functionality suitable for implementing one or more of corporate user device 102 ₁, corporate user device 102 ₂, personal user device 102 ₃, communication assurance agent 141, and profiles database 142. For user devices 102, for example, computer 600 may be implemented using any suitable forms and factors, both stationary and mobile, which may be used for a user device (e.g., desktops, laptops, tablets, smartphones, handsets, palmtops, and the like). For elements other than user devices 102, for example, computer 600 may be implemented as a server, a server farm, a cloud computing platform, one or more virtual machines over one or more hardware platforms, a mainframe computer or its variations, and the like, as well as various combinations thereof.
It is contemplated that some of the steps discussed herein as software methods may be implemented within hardware, for example, as circuitry that cooperates with the processor to perform various method steps. Portions of the functions/elements described herein may be implemented as a computer program product wherein computer instructions, when processed by a computer, adapt the operation of the computer such that the methods and/or techniques described herein are invoked or otherwise provided. Instructions for invoking the inventive methods may be stored in fixed or removable media, transmitted via a data stream in a broadcast or other signal bearing medium, and/or stored within a memory within a computing device operating according to the instructions.
Although various embodiments which incorporate the teachings of the present invention have been shown and described in detail herein, those skilled in the art can readily devise many other varied embodiments that still incorporate these teachings.

Claims

What is claimed is:

1. An apparatus, comprising:

a processor and a memory communicatively coupled to the processor, the processor configured to:

receive, from a user device of a corporate user, communication request information associated with a communication request initiated via the user device, the communication request information specifying a context of the requested communication

select a communication context-based security profile for the requested communication based on the communication request information; and

propagate an indication of the selected communication context-based security profile toward at least one of the user device and a network device for use in applying at least one security mechanism to the requested communication.

2. The apparatus of claim 1, wherein the communication request information comprises at least one of a type of communication of the requested communication, an identity of the corporate user, a role of the corporate user, relationship-based information associated with the corporate user, a device type of the user device used by the corporate user, a network type of a network to be used to support the requested communication, an identifier identifying the user device being used by the corporate user for the requested communication, a recipient type of an intended recipient of the requested communication, an identity of an intended recipient of the requested communication, a subject of the requested communication, and one or more details of the requested communication.

3. The apparatus of claim 2, wherein the relationship-based information associated with the corporate user comprises at least one of an indication of a relationship of the corporate user to at least one of a corporation employing the corporate user, an organization within the corporation, a group within the corporation, a project of the corporation, a supplier of the corporation, and a customer of the corporation.

4. The apparatus of claim 1, wherein the communication context-based security profile specifies at least one security mechanism, the at least one security mechanism comprising at least one of an encryption/decryption mechanism, a secure tunneling mechanism, and a Virtual Private Networking (VPN) mechanism.

5. The apparatus of claim 1, wherein the requested communication comprises at least one of a voice call, an e-mail message, a text message, a video communication, and a web-related communication.

6. The apparatus of claim 1, wherein the user device is a corporate user device or a personal user device, wherein the requested communication is a corporate-related communication of the corporate user or a personal communication of the corporate user.

7. The apparatus of claim 1, wherein the processor is configured to:

determine, from the selected communication context-based security profile, a security grade to be applied for the requested communication; and

propagate the indication of the selected communication context-based security profile toward the user device via propagation of an indication of the security grade.

8. The apparatus of claim 1, wherein the processor is configured to:

update the communication context-based security profile based on application of the at least one security mechanism to the requested communication.

9. The apparatus of claim 1, wherein the processor is configured to:

detect initiation of a derived instance of the requested communication.

10. The apparatus of claim 9, wherein the derived instance of the requested communication comprises a service or a communication.

11. The apparatus of claim 9, wherein the processor is configured to:

initiate application of the at least one security mechanism to the derived instance of the requested communication.

12. The apparatus of claim 9, wherein the communication context-based security profile is a first communication context-based security profile, wherein the processor is configured to:

select a second communication context-based security profile for the derived instance of the requested communication; and

propagate an indication of the selected second communication context-based security profile toward at least one of the user device and a network device for use in applying at least one security mechanism to the derived instance of the requested communication.

13. A method, comprising:

using a processor for:

receiving, from a user device of a corporate user, communication request information associated with a communication request initiated via the user device, the communication request information specifying a context of the requested communication

selecting a communication context-based security profile for the requested communication based on the communication request information; and

propagating an indication of the selected communication context-based security profile toward at least one of the user device and a network device for use in applying at least one security mechanism to the requested communication.

14. An apparatus, comprising:

detect initiation of a communication request at a user device;

determine communication request information associated with the communication request;

propagate the communication request information toward a communication assurance agent; and

receive, from the communication assurance agent, an indication of a communication context-based security profile selected by the communication assurance agent for use by the user device in applying at least one security mechanism to the requested communication.

15. The apparatus of claim 14, wherein the communication request information comprises at least one of a type of communication of the requested communication, an identity of the corporate user, a role of the corporate user, relationship-based information associated with the corporate user, a device type of the user device used by the corporate user, a network type of a network to be used to support the requested communication, an identifier identifying the user device being used by the corporate user for the requested communication, a recipient type of an intended recipient of the requested communication, an identity of an intended recipient of the requested communication, a subject of the requested communication, and one or more details of the requested communication

16. The apparatus of claim 14, wherein the communication context-based security profile specifies at least one security mechanism, the at least one security mechanism comprising at least one of an encryption/decryption mechanism, a secure tunneling mechanism, and a Virtual Private Networking (VPN) mechanism.

17. The apparatus of claim 14, wherein the requested communication comprises at least one of a voice call, an e-mail message, a text message, a video communication, and a web-related communication.

18. The apparatus of claim 14, wherein the user device is a corporate user device or a personal user device, wherein the requested communication is a corporate-related communication of the corporate user or a personal communication of the corporate user.

19. The apparatus of claim 14, wherein the processor is configured to:

initiate the requested communication using the at least one security mechanism.

20. A method, comprising:

using a processor for:

detecting initiation of a communication request at a user device;

determining communication request information associated with the communication request;

propagating the communication request information toward a communication assurance agent; and

receiving, from the communication assurance agent, an indication of a communication context-based security profile selected by the communication assurance agent for use by the user device in applying at least one security mechanism to the requested communication.