Transport envelope

US 10,505,905 B2
Filed: 03/24/2016
Issued: 12/10/2019
Est. Priority Date: 03/24/2015
Status: Active Grant

First Claim

Patent Images

1. A computing device comprising:

a processor;

at least one network interface coupled to the processor configured to enable communications via one or more communication networks;

a memory for content and programming;

a security client program stored in the memory, wherein execution of the security client program by the processor configures the computing device to perform acts comprising;

intercepting an operating system call performed by a calling application to create, modify or transmit an instance of a secure resource;

serializing a payload to create a serialized payload, the serialized payload comprising a first encrypted data, the first encrypted data corresponding to the instance of the secure resource;

prepending the serialized payload with a first header to create a first data packet;

encrypting the first data packet using a second key to create a second data packet, the second data packet providing a single representation of the instance of the secure resource, wherein the second key is specific to one authorized user identity of a plurality of authorized user identities and the instance of the secure resource;

prepending the second data packet with a second header to create a third data packet; and

completing the operating system call by transporting the third data packet to a destination via a secure data transport, the destination being based at least in part on the operating system call to create, modify or transmit the instance of the secure resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system of transporting data securely. A payload comprising a first encrypted data is serialized. The serialized payload is prepended with a first header to create a first data packet. The first data packet is encrypted using the second key to create a second data packet. The second data packet is prepended with a second header to create a third data packet. The third data packet is transported to a destination via a secure data transport.

31 Citations

20 Claims

1. A computing device comprising:
- a processor;
  
  at least one network interface coupled to the processor configured to enable communications via one or more communication networks;
  
  a memory for content and programming;
  
  a security client program stored in the memory, wherein execution of the security client program by the processor configures the computing device to perform acts comprising;
  
  intercepting an operating system call performed by a calling application to create, modify or transmit an instance of a secure resource;
  
  serializing a payload to create a serialized payload, the serialized payload comprising a first encrypted data, the first encrypted data corresponding to the instance of the secure resource;
  
  prepending the serialized payload with a first header to create a first data packet;
  
  encrypting the first data packet using a second key to create a second data packet, the second data packet providing a single representation of the instance of the secure resource, wherein the second key is specific to one authorized user identity of a plurality of authorized user identities and the instance of the secure resource;
  
  prepending the second data packet with a second header to create a third data packet; and
  
  completing the operating system call by transporting the third data packet to a destination via a secure data transport, the destination being based at least in part on the operating system call to create, modify or transmit the instance of the secure resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The computing device of claim 1, wherein the second key is received from an appliance server.
  - 3. The computing device of claim 1, wherein an encryption of the first encrypted data is by a private key of the computing device.
  - 4. The computing device of claim 1, wherein serializing the payload that comprises the first encrypted data is performed by a Java Script Object Notation (JSON) format.
  - 5. The computing device of claim 1, wherein the second header is a keyed-hash message authentication code (HMAC).
  - 6. The computing device of claim 1, wherein the serialized payload that comprises the first encrypted data includes a private key stored in the computing device and an encrypted resource record information.
  - 7. The computing device of claim 1, further comprising:
    - intercepting a subsequent operating system call performed by the calling application to create, modify, or transmit a subsequent instance of the secure resource; and
      
      serializing a subsequent payload to create a subsequent serialized payload that includes the subsequent instance of the secure resource;
      
      prepending the subsequent serialized payload with a subsequent first header to create a subsequent first data packet, andwherein the subsequent first data packet does not have a same signature as the first data packet.
  - 8. The computing device of claim 1, wherein the second key is specific to the computing device and the first encrypted data.
  - 9. The computing device of claim 1, wherein the secure data transport uses a Transport Layer Security (TLS) protocol.
  - 10. The computing device of claim 1, wherein the secure data transport uses a Secure Sockets Layer (SSL) protocol.
  - 11. The computing device of claim 1, wherein the one authorized user identity is associated with the computing device.
  - 12. The computing device of claim 1, further comprising:
    - receiving, resource information that indicates that a second user device is authorized to access the instance of the secure resource, andwherein the second key corresponds to the authorized user identity associated with the second user device and the instance of the secure resource.

13. A non-transitory computer-readable medium having stored thereon a plurality of sequences of instructions which, when executed by a processor, cause the processor to perform a method of transporting data, the method comprising:
- intercepting an operating system call performed by a calling application to create, modify or transmit an instance of a secure resource;
  
  serializing a payload to create a serialized payload, the serialized payload comprising a first encrypted data, the first encrypted data corresponding to the instance of the secure resource;
  
  prepending the serialized payload with a first header to create a first data packet;
  
  encrypting the first data packet using a second key to create a second data packet, the second key providing a computing device associated with one authorized user identity of a plurality of authorized user identities with access to the instance of the secure resource;
  
  prepending the second data packet with a second header to create a third data packet; and
  
  completing the operating system call by transporting the third data packet to a destination via a data transport, the destination being based at least in part on the operating system call to create, modify or transmit the instance of the secure resource.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The non-transitory computer-readable medium of claim 13, wherein the second key is received from an appliance server.
  - 15. The non-transitory computer-readable medium of claim 13, wherein an encryption of the first encrypted data is by a private key stored in the non-transitory computer-readable medium.
  - 16. The non-transitory computer-readable medium of claim 13, wherein serializing the payload comprising the first encrypted data is performed by a Java Script Object Notation (JSON) format.
  - 17. The non-transitory computer-readable medium of claim 13, wherein the second header is a keyed-hash message authentication code (HMAC).
  - 18. The non-transitory computer-readable medium of claim 13, wherein the serialized payload comprising the first encrypted data includes a private key stored in the non-transitory computer-readable medium and an encrypted resource record information.
  - 19. The non-transitory computer-readable medium of claim 13, wherein the first header is configured to be of variable length.
  - 20. The non-transitory computer-readable medium of claim 13, wherein the second key is specific to the computing device hosting the non-transitory computer-readable medium and the first encrypted data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Global Data Sentinel, Inc.
Original Assignee
Global Data Sentinel, Inc.
Inventors
Galinski, John-Philip, Walker, Nigel
Primary Examiner(s)
Doan, Trang T

Application Number

US15/079,438
Publication Number

US 20160285910A1
Time in Patent Office

1,356 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/62   Protecting access to data v...

H04L 63/0428   wherein the data content is...

H04L 63/0442   wherein the sending and rec...

H04L 63/0861   using biometrical features,...

H04L 63/10   for controlling access to d...

H04L 63/166   at the transport layer

H04L 69/22   Parsing or analysis of headers

Transport envelope

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

31 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Transport envelope

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links