Multiple level security adapter
First Claim
1. A computer executable method of exchanging data, the method comprising:
- receiving data to be transmitted from a first protected enclave on behalf of a first application of the first protected enclave using a first protocol standard, the data having information content in a first format that is compatible with the first protocol standard, wherein the first protected enclave is associated with a first security level that limits information that can be sent from the first protect enclave;
determining whether a security gateway service that enforces the first security level is operable to determine whether the information content of the data is authorized to be accessed outside the first protected enclave based on the first security level, wherein when the first format of the data is compatible with a second protocol standard that is associated with the security gateway service, the security gateway service is operable to determine whether the information content is authorized to be accessed outside the first protected enclave;
when the first format of the data is not compatible with the second protocol standard, automatically transforming the data to a second format that enables the security gateway service to parse the information content; and
transmitting the data using the second format, to the security gateway service to determine whether the information content is authorized to be accessed outside the first protected enclave based on the first security level.
1 Assignment
0 Petitions
Accused Products
Abstract
In exemplary embodiments, data with a format compatible with a first protocol standard is received on behalf of a first application. When the format of the data is not compatible with a second protocol standard, the format of the data is automatically transformed to a format that is compatible with the second protocol standard. The data is transmitted to a second application service using the second protocol standard. The data may be received from the second application. When the format of the data is not compatible with a third protocol standard, the format of the data is automatically transformed to a format that is compatible with the third protocol standard. The data is transmitted on behalf of a third application using the third protocol standard. The first and third applications may be in first and second protected enclaves. The second application may include a security gateway service.
-
Citations
29 Claims
-
1. A computer executable method of exchanging data, the method comprising:
-
receiving data to be transmitted from a first protected enclave on behalf of a first application of the first protected enclave using a first protocol standard, the data having information content in a first format that is compatible with the first protocol standard, wherein the first protected enclave is associated with a first security level that limits information that can be sent from the first protect enclave; determining whether a security gateway service that enforces the first security level is operable to determine whether the information content of the data is authorized to be accessed outside the first protected enclave based on the first security level, wherein when the first format of the data is compatible with a second protocol standard that is associated with the security gateway service, the security gateway service is operable to determine whether the information content is authorized to be accessed outside the first protected enclave; when the first format of the data is not compatible with the second protocol standard, automatically transforming the data to a second format that enables the security gateway service to parse the information content; and transmitting the data using the second format, to the security gateway service to determine whether the information content is authorized to be accessed outside the first protected enclave based on the first security level. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 20, 21, 22, 23, 24, 25, 26, 27, 29)
-
-
9. A non-transitory computer readable storage medium, comprising:
-
computer readable program code executable by a processor to receive data to be sent from a first protected enclave on behalf of a first application using a first protocol standard, the data having information content in a first format that is compatible with the first protocol standard, wherein the first protected enclave is associated with a first security level that limits information that can be sent from the first protected enclave; computer readable program code executable by the processor to determine whether a security gateway that enforces the first security level is operable to determine whether the information content is authorized to be accessed outside the first protected enclave, wherein when the first format is compatible with a second protocol standard the security gateway is operable to determine whether the information content is authorized to be accessed outside the first protected enclave; computer readable program code executable by the processor to transform the data to a second format that is compatible with the second protocol standard when the first format is not compatible with the second protocol standard; and computer readable program code executable by the processor to transmit the data using the second format to the security gateway to determine whether the information content is authorized to be accessed outside the first protected enclave based on the first security level. - View Dependent Claims (10, 11)
-
-
12. A system comprising:
-
a first computer processing component configured to receive data to be sent out of a first protected enclave from a first application, the data having a first format compatible with a first protocol standard, wherein the first protected enclave is associated with a first security level that limits information that can be sent from the first protected enclave; a second computer processing component configured to determine whether the first format is compatible with a second protocol standard, wherein the second protocol standard is associated with a security gateway that determines whether the information content is authorized to be transmitted outside the first protected enclave based on the first security level, wherein the security gateway is operable to determine whether the information content is authorized to be accessed outside the first protected enclave when the first format of the data is compatible with a second protocol standard that is associated with the security gateway; a third computer processing component configured to automatically transform the data to a second format that is compatible with the second protocol standard when the first format is not compatible with the second protocol standard; and a fourth computer processing component configured to transmit the data using the second format to the security gateway to determine whether the information content of the data is authorized to be transmitted outside the first protected enclave based on the first security level. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 28)
-
Specification