Inter-application secure data sharing workflow

US 10,469,478 B2
Filed: 02/24/2017
Issued: 11/05/2019
Est. Priority Date: 12/07/2016
Status: Active Grant

First Claim

Patent Images

1. A method for secure data sharing between applications, comprising:

initiating an inter-application workflow request from a first application to a second application, the workflow request identifying at least one memory location in a shared memory for secure data transfer between the first application and the second application;

monitoring the at least one memory location in the shared memory for presence of a public key of the second application, the public key of the second application being generated and stored in the at least one memory location by the second application in response to the workflow request;

in response to the public key of the second application being present in the shared memory, retrieving the public key from the shared memory;

encrypting an access interval key using the public key to provide an encrypted access interval key, the access interval key being associated with a sign on session of the first application; and

storing the encrypted access interval key in the at least one memory location in the shared memory for retrieval by the second application to extend the sign on session to the second application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To extend a sign on session among applications, an inter-application workflow request can be initiated from a first to a second application. The workflow request can identify one or more memory locations in a shared memory for secure data transfer between the applications. The first application can then monitor the memory locations for the presence of a public key stored in shared memory by the second application in response to the workflow request. Once the public key is present in the shared memory, the first application can retrieve and use it to encrypt an access interval key. The encrypted access interval key can then be stored in the shared memory for retrieval by the second application. The access interval key is associated with a sign on session of the first application, and the second application can retrieve and decrypt it to extend the sign on session to the second application.

4 Citations

View as Search Results

20 Claims

1. A method for secure data sharing between applications, comprising:
- initiating an inter-application workflow request from a first application to a second application, the workflow request identifying at least one memory location in a shared memory for secure data transfer between the first application and the second application;
  
  monitoring the at least one memory location in the shared memory for presence of a public key of the second application, the public key of the second application being generated and stored in the at least one memory location by the second application in response to the workflow request;
  
  in response to the public key of the second application being present in the shared memory, retrieving the public key from the shared memory;
  
  encrypting an access interval key using the public key to provide an encrypted access interval key, the access interval key being associated with a sign on session of the first application; and
  
  storing the encrypted access interval key in the at least one memory location in the shared memory for retrieval by the second application to extend the sign on session to the second application.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, wherein:
    - the access interval key comprises a session key of the first application; and
      
      the shared memory comprises a master key encrypted by the session key.
  - 3. The method according to claim 2, wherein the shared memory comprises at least one data element encrypted by the master key, the at least one data element including data accessible by the second application through decryption using the master key during the sign on session of the first application.
  - 4. The method according to claim 1, further comprising:
    - generating an asymmetric key pair, the asymmetric key pair comprising the public key and a private key of the second application; and
      
      storing the public key of the second application in the at least one memory location in the shared memory in response to the workflow request.
  - 5. The method according to claim 4, further comprising:
    - retrieving, by the second application, the encrypted access interval key from the shared memory; and
      
      decrypting, by the second application, the encrypted access interval key using the private key of the second application.
  - 6. The method according to claim 5, further comprising:
    - retrieving, by the second application, an encrypted master key from the shared memory; and
      
      decrypting, by the second application, the encrypted master key, wherein the shared memory comprises at least one data element encrypted by the master key, the at least one data element including data accessible by the second application through decryption using the master key during the sign on session of the first application.
  - 7. The method according to claim 5, further comprising, after retrieving the encrypted access interval key from the shared memory, clearing the public key and the encrypted access interval key from the shared memory.

8. A non-transitory computer-readable medium embodying program code executable in at least one computing device for secure data sharing between applications that, when executed by the at least one computing device, directs the at least one computing device to at least:
- initiate an inter-application workflow request from a first application to a second application, the workflow request identifying at least one memory location in a shared memory for secure data transfer between the first application and the second application;
  
  monitor the at least one memory location in the shared memory for presence of a public key of the second application, the public key of the second application being generated and stored in the at least one memory location by the second application in response to the workflow request;
  
  in response to the public key of the second application being present in the shared memory, retrieve the public key from the shared memory;
  
  encrypt an access interval key using the public key to provide an encrypted access interval key, the access interval key being associated with a sign on session of the first application; and
  
  store the encrypted access interval key in the at least one memory location in the shared memory for retrieval by the second application to extend the sign on session to the second application.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory computer-readable medium according to claim 8, wherein:
    - the access interval key comprises a session key of the first application; and
      
      the shared memory comprises a master key encrypted by the session key.
  - 10. The non-transitory computer-readable medium according to claim 9, wherein the shared memory comprises at least one data element encrypted by the master key, the at least one data element including data accessible by the second application through decryption using the master key during the sign on session of the first application.
  - 11. The non-transitory computer-readable medium according to claim 8, wherein the at least one computing device is further directed to at least:
    - generate an asymmetric key pair, the asymmetric key pair comprising the public key and a private key of the second application; and
      
      store the public key of the second application in the at least one memory location in the shared memory in response to the workflow request.
  - 12. The non-transitory computer-readable medium according to claim 11, wherein the at least one computing device is further directed to at least:
    - retrieve, by the second application, the encrypted access interval key from the shared memory; and
      
      decrypt, by the second application, the encrypted access interval key using the private key of the second application.
  - 13. The non-transitory computer-readable medium according to claim 12, wherein the at least one computing device is further directed to at least:
    - retrieve, by the second application, an encrypted master key from the shared memory; and
      
      decrypt, by the second application, the encrypted master key, wherein the shared memory comprises at least one data element encrypted by the master key, the at least one data element including data accessible by the second application through decryption using the master key during the sign on session of the first application.
  - 14. The non-transitory computer-readable medium according to claim 12, wherein the at least one computing device is further directed to at least clear the public key and the encrypted access interval key from the shared memory after the encrypted access interval key is retrieved from the shared memory.

15. A system for secure data sharing between applications, comprising:
- a memory device configured to store computer-readable instructions thereon; and
  
  at least one processing device configured, through execution of the computer-readable instructions, to;
  
  initiate an inter-application workflow request from a first application to a second application, the workflow request identifying at least one memory location in a shared memory for secure data transfer between the first application and the second application;
  
  monitor the at least one memory location in the shared memory for presence of a public key of the second application, the public key of the second application being generated and stored in the at least one memory location by the second application in response to the workflow request;
  
  in response to the public key of the second application being present in the shared memory, retrieve the public key from the shared memory;
  
  encrypt an access interval key using the public key to provide an encrypted access interval key, the access interval key being associated with a sign on session of the first application; and
  
  store the encrypted access interval key in the at least one memory location in the shared memory for retrieval by the second application to extend the sign on session to the second application.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system according to claim 15, wherein:
    - the access interval key comprises a session key of the first application; and
      
      the shared memory comprises a master key encrypted by the session key.
  - 17. The system according to claim 16, wherein the shared memory comprises at least one data element encrypted by the master key, the at least one data element including data accessible by the second application through decryption using the master key during the sign on session of the first application.
  - 18. The system according to claim 15, wherein the at least one processing device is further configured to at least:
    - generate an asymmetric key pair, the asymmetric key pair comprising the public key and a private key of the second application; and
      
      store the public key of the second application in the at least one memory location in the shared memory in response to the workflow request.
  - 19. The system according to claim 18, wherein the at least one processing device is further configured to at least:
    - retrieve, by the second application, the encrypted access interval key from the shared memory; and
      
      decrypt, by the second application, the encrypted access interval key using the private key of the second application.
  - 20. The system according to claim 19, wherein the at least one processing device is further configured to at least clear the public key and the encrypted access interval key from the shared memory after the encrypted access interval key is retrieved from the shared memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
VMware, Inc. (Broadcom, Inc.)
Inventors
Sajja, Kishore, Chen, Lucas, Rajan, Raghuram, Panwar, Anuj, Naga Kaipu, Sandeep, Singh, Rajiv
Primary Examiner(s)
Le, Khoi V

Application Number

US15/442,239
Publication Number

US 20180157433A1
Time in Patent Office

984 Days
Field of Search
US Class Current
CPC Class Codes

G06F 3/0622   in relation to access

G06F 3/0659   Command handling arrangemen...

G06F 3/067   Distributed or networked st...

H04L 63/0442   wherein the sending and rec...

H04L 63/0815   providing single-sign-on or...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0894   Escrow, recovery or storing...

Inter-application secure data sharing workflow

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

4 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Inter-application secure data sharing workflow

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

4 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links