USPTO eyeing encryption-in-use technology to secure claims data
The U.S. Patent and Trademark Office is considering the adoption of encryption-in-use technology to protect data as it builds out its zero-trust security architecture, Chief Information Officer Jamie Holcombe told FedScoop on Tuesday.
Traditional encryption protects data at rest or in transit but not when it’s in use by on-premise or cloud applications, and disk encryption solutions degrade performance and can lock users out.
Encryption-in-use secures only underlying sensitive data, regardless of location, and analyzes requests in real time to block suspicious ones. According to Holcombe, it could help USPTO protect sensitive claims information because the technology is less likely than traditional forms of encryption to degrade performance.
“I have an obligation to disseminate all public data as best I can, but the things that I need to keep secret are the claims that the patent applicants file with us,” Holcombe said. “And it’s only good from the first application date to 18 months later, then something has to happen to it.”
Until then claims are USPTO’s version of “top secret,” he added.
The companies developing encryption-in-use are mostly startups, but Holcombe isn’t interested in those adding it to USB devices. He wants the capability in the data center.
“That’s where your cloud storage companies come in because they’re buying that technology from these little guys, but I want to get it before it’s sold to them,” Holcombe said. “If it comes wrapped with [Amazon Web Services], that’s fine.”
USPTO operates on a three-year, procure-and-replace cycle and is working with different tech companies to satisfy all the pillars of the federal zero-trust strategy: users, apps, data, network and devices.
The agency is trying to mature multi-factor authentication to protect users and working with Venafi on a device management solution. USPTO has a partnership with Netskope for secure access service edge.
“We’re looking to spread that because that’s just one solution of many for the [zero-trust architecture],” Holcombe said.