Advertisement

USPTO eyeing encryption-in-use technology to secure claims data

CIO Jamie Holcombe says the capability could help protect patent applicants' sensitive claims data.
(Getty Images)

The U.S. Patent and Trademark Office is considering the adoption of encryption-in-use technology to protect data as it builds out its zero-trust security architecture, Chief Information Officer Jamie Holcombe told FedScoop on Tuesday.

Traditional encryption protects data at rest or in transit but not when it’s in use by on-premise or cloud applications, and disk encryption solutions degrade performance and can lock users out.

Encryption-in-use secures only underlying sensitive data, regardless of location, and analyzes requests in real time to block suspicious ones. According to Holcombe, it could help USPTO protect sensitive claims information because the technology is less likely than traditional forms of encryption to degrade performance.

“I have an obligation to disseminate all public data as best I can, but the things that I need to keep secret are the claims that the patent applicants file with us,” Holcombe said. “And it’s only good from the first application date to 18 months later, then something has to happen to it.”

Advertisement

Until then claims are USPTO’s version of “top secret,” he added.

The companies developing encryption-in-use are mostly startups, but Holcombe isn’t interested in those adding it to USB devices. He wants the capability in the data center.

“That’s where your cloud storage companies come in because they’re buying that technology from these little guys, but I want to get it before it’s sold to them,” Holcombe said. “If it comes wrapped with [Amazon Web Services], that’s fine.”

USPTO operates on a three-year, procure-and-replace cycle and is working with different tech companies to satisfy all the pillars of the federal zero-trust strategy: users, apps, data, network and devices.

The agency is trying to mature multi-factor authentication to protect users and working with Venafi on a device management solution. USPTO has a partnership with Netskope for secure access service edge. 

Advertisement

“We’re looking to spread that because that’s just one solution of many for the [zero-trust architecture],” Holcombe said.

Dave Nyczepir

Written by Dave Nyczepir

Dave Nyczepir is a technology reporter for FedScoop. He was previously the news editor for Route Fifty and, before that, the education reporter for The Desert Sun newspaper in Palm Springs, California. He covered the 2012 campaign cycle as the staff writer for Campaigns & Elections magazine and Maryland’s 2012 legislative session as the politics reporter for Capital News Service at the University of Maryland, College Park, where he earned his master’s of journalism.

Latest Podcasts