Written by Dave Nichepier
The USPTO is considering in-use encryption to protect data as it builds out its zero-trust security architecture, Jamie Holcombe, chief information officer at the USPTO, told FedScoop on Tuesday.
Traditional encryption protects data at rest or in transit, but not when used by on-premises or cloud applications, while disk encryption solutions can slow performance and potentially lock users out.
Encryption in use protects only the underlying sensitive data, regardless of location, and analyzes requests in real-time to block suspicious data. According to Holcombe, it could help the USPTO protect sensitive claims information because the technology is less likely to degrade performance compared to traditional forms of encryption.
“I have an obligation to disseminate all public data to the best of my ability, but what I need to keep confidential is the claims that patent applicants submit to us,” Holcomb said. “And it’s only good 18 months from the first application date, and then something has to happen.”
Until then, the claim was a “top secret” version of the USPTO, he added.
Companies developing encryption in use are mostly startups, but Holcombe isn’t interested in adding it to USB devices. He wants data center capabilities.
“That’s where your cloud storage companies come in, because they’ve bought this technology from these little guys, but I want to get it before it sells to them,” Holcombe said. “If it wraps [Amazon Web Services], It’s ok. “
The USPTO operates on a three-year acquisition and replacement cycle and works with diverse technology companies to meet all pillars of the federal Zero Trust strategy: users, applications, data, networks and devices.
The agency is experimenting with mature multi-factor authentication to protect users, and is working with Venafi to develop a device management solution. USPTO and Netskope have a partnership for secure access to the service edge.
“We’re looking to spread it because it’s just one solution out of many [zero-trust architecture]Holcomb said.