Secure asymmetric key application data sharing
First Claim
1. A method for secure data sharing between applications of a client device, comprising:
- retrieving an encrypted master key from a shared memory of the client device, the shared memory comprising a memory area for secure data sharing among a plurality of single sign on applications;
decrypting the encrypted master key using an access interval key to provide a master key, the access interval key being generated using an access code as a seed to a key derivative function, encrypted by at least one public key of at least one of the plurality of single sign on applications, and stored in the shared memory to establish a current sign on session;
retrieving at least one encrypted shared data element from the shared memory; and
decrypting the at least one encrypted shared data element using the master key, wherein the at least one encrypted shared data element comprises a data element shared between the plurality of single sign on applications.
2 Assignments
0 Petitions
Accused Products
Abstract
To establish a sign on session among single sign on (SSO)-enabled applications, a user can be prompted by an application for an access code. An access interval key can be generated using a key derivative function based on the access code. The access interval key can be considered a session key, and it can be used during a valid SSO session to decrypt a master key stored in a shared memory. In turn, the master key can be used to encrypt and decrypt the contents of the shared memory. To securely distribute the access interval key among the SSO-enabled applications during a current session, individual SSO-enabled applications can each store a public key in the shared memory. The access interval key can then be encrypted, respectively, by the public keys of the SSO-enabled applications and stored in the shared memory to be retrieved securely by the SSO-enabled applications.
4 Citations
20 Claims
-
1. A method for secure data sharing between applications of a client device, comprising:
-
retrieving an encrypted master key from a shared memory of the client device, the shared memory comprising a memory area for secure data sharing among a plurality of single sign on applications; decrypting the encrypted master key using an access interval key to provide a master key, the access interval key being generated using an access code as a seed to a key derivative function, encrypted by at least one public key of at least one of the plurality of single sign on applications, and stored in the shared memory to establish a current sign on session; retrieving at least one encrypted shared data element from the shared memory; and decrypting the at least one encrypted shared data element using the master key, wherein the at least one encrypted shared data element comprises a data element shared between the plurality of single sign on applications. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable medium embodying program code executable in a client device for secure data sharing between applications of the client device, wherein the program code, when executed by the client device, directs the client device to at least:
-
retrieve an encrypted master key from a shared memory local to a client device, the shared memory comprising a memory area for secure data sharing among a plurality of single sign on applications; decrypt the encrypted master key using an access interval key to provide a master key, the access interval key being generated using an access code as a seed to a key derivative function, encrypted by at least one public key of at least one of the plurality of single sign on applications, and stored in the shared memory to establish a current sign on session; retrieve at least one encrypted shared data element from the shared memory; and decrypt the at least one encrypted shared data element using the master key, wherein the at least one encrypted shared data element comprises a data element shared between the plurality of single sign on applications. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system for secure data sharing between applications of a client device, the system comprising:
-
a memory device configured to store computer-readable instructions thereon; and at least one processing device configured, through execution of the computer-readable instructions, to; retrieve an encrypted master key from a shared memory of the client device, the shared memory comprising a memory area for secure data sharing among a plurality of single sign on applications; decrypt the encrypted master key using an access interval key to provide a master key, the access interval key being generated using an access code as a seed to a key derivative function, encrypted by at least one public key of at least one of the plurality of single sign on applications, and stored in the shared memory to establish a current sign on session; retrieve at least one encrypted shared data element from the shared memory; and decrypt the at least one encrypted shared data element using the master key, wherein the at least one encrypted shared data element comprises a data element shared between the plurality of single sign on applications. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification