Transport envelope
First Claim
Patent Images
1. A computing device comprising:
- a processor;
at least one network interface coupled to the processor configured to enable communications via one or more communication networks;
a memory for content and programming;
a security client program stored in the memory, wherein execution of the security client program by the processor configures the computing device to perform acts comprising;
intercepting an operating system call performed by a calling application to create, modify or transmit an instance of a secure resource;
serializing a payload to create a serialized payload, the serialized payload comprising a first encrypted data, the first encrypted data corresponding to the instance of the secure resource;
prepending the serialized payload with a first header to create a first data packet;
encrypting the first data packet using a second key to create a second data packet, the second data packet providing a single representation of the instance of the secure resource, wherein the second key is specific to one authorized user identity of a plurality of authorized user identities and the instance of the secure resource;
prepending the second data packet with a second header to create a third data packet; and
completing the operating system call by transporting the third data packet to a destination via a secure data transport, the destination being based at least in part on the operating system call to create, modify or transmit the instance of the secure resource.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system of transporting data securely. A payload comprising a first encrypted data is serialized. The serialized payload is prepended with a first header to create a first data packet. The first data packet is encrypted using the second key to create a second data packet. The second data packet is prepended with a second header to create a third data packet. The third data packet is transported to a destination via a secure data transport.
31 Citations
20 Claims
-
1. A computing device comprising:
-
a processor; at least one network interface coupled to the processor configured to enable communications via one or more communication networks; a memory for content and programming; a security client program stored in the memory, wherein execution of the security client program by the processor configures the computing device to perform acts comprising; intercepting an operating system call performed by a calling application to create, modify or transmit an instance of a secure resource; serializing a payload to create a serialized payload, the serialized payload comprising a first encrypted data, the first encrypted data corresponding to the instance of the secure resource; prepending the serialized payload with a first header to create a first data packet; encrypting the first data packet using a second key to create a second data packet, the second data packet providing a single representation of the instance of the secure resource, wherein the second key is specific to one authorized user identity of a plurality of authorized user identities and the instance of the secure resource; prepending the second data packet with a second header to create a third data packet; and completing the operating system call by transporting the third data packet to a destination via a secure data transport, the destination being based at least in part on the operating system call to create, modify or transmit the instance of the secure resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable medium having stored thereon a plurality of sequences of instructions which, when executed by a processor, cause the processor to perform a method of transporting data, the method comprising:
-
intercepting an operating system call performed by a calling application to create, modify or transmit an instance of a secure resource; serializing a payload to create a serialized payload, the serialized payload comprising a first encrypted data, the first encrypted data corresponding to the instance of the secure resource; prepending the serialized payload with a first header to create a first data packet; encrypting the first data packet using a second key to create a second data packet, the second key providing a computing device associated with one authorized user identity of a plurality of authorized user identities with access to the instance of the secure resource; prepending the second data packet with a second header to create a third data packet; and completing the operating system call by transporting the third data packet to a destination via a data transport, the destination being based at least in part on the operating system call to create, modify or transmit the instance of the secure resource. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification