Providing consistent cryptographic operations across several applications

US 9,009,473 B2
Filed: 10/13/2011
Issued: 04/14/2015
Est. Priority Date: 10/13/2011
Status: Expired due to Fees

First Claim

Patent Images

1. A method for providing consistent cryptographic operations for a plurality of applications executing in a data processing system, the method comprising:

receiving, by a security middleware component, through the use of an application programming interface, a data input from an originating application operating in application space, both the application and the middleware component executing in the data processing system;

retrieving a security schema object by the security middleware component from an object store, the security schema object describing a sequence of cryptographic operations, wherein the security schema object includes a plurality of components, each component describing an aspect of the cryptographic operations;

transforming the data input from a first format to a second format, wherein one of the first and second formats is a secure structured data object formed using the sequence of cryptographic operations;

populating a property of the secure structured data object, separate from the transformed data input, such that the property is usable by a consumer application to access the security schema object to recover the data input from the secure structured data object at the consumer application; and

transmitting the data input in the second format to the consumer application operating in application space.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Providing consistent cryptographic operations across several applications using secure structured data objects includes a security middleware component, using an application programming interface, receiving a data input from an originating application operating in application space. Both the application and the middleware component execute in the data processing system. A security schema object is retrieved by the security middleware component from an object store, the security schema object describing a sequence of cryptographic operations and includes several components describing aspects of the cryptographic operations. The data input is transformed from a first format to a second format where one of the formats is a secure structured data object formed using the sequence of cryptographic operations. A property of the secure structured data object contains data about the security schema object. The data input is transmitted in the second format to a consumer application operating in application space.

Citations

20 Claims

1. A method for providing consistent cryptographic operations for a plurality of applications executing in a data processing system, the method comprising:
- receiving, by a security middleware component, through the use of an application programming interface, a data input from an originating application operating in application space, both the application and the middleware component executing in the data processing system;
  
  retrieving a security schema object by the security middleware component from an object store, the security schema object describing a sequence of cryptographic operations, wherein the security schema object includes a plurality of components, each component describing an aspect of the cryptographic operations;
  
  transforming the data input from a first format to a second format, wherein one of the first and second formats is a secure structured data object formed using the sequence of cryptographic operations;
  
  populating a property of the secure structured data object, separate from the transformed data input, such that the property is usable by a consumer application to access the security schema object to recover the data input from the secure structured data object at the consumer application; and
  
  transmitting the data input in the second format to the consumer application operating in application space.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the security middleware component is called by a plurality of originating applications by means of an application programming interface to provide consistent cryptographic operations in the data processing system.
  - 3. The method of claim 1, wherein the second format is the secure structured data object and the method further comprises:
    - receiving the secure structured data object at the security middleware component from the consumer application through the use of an application programming interface, in a request for validation and restoration of the secure structured data object;
      
      retrieving the security schema object using the property of the secure structured data object populated with data about the security schema object;
      
      validating the secure structured data object by the security middleware component using the security schema object; and
      
      restoring the secure structured data object to the data input by the security middleware component using the security schema object, so that cryptographic operations used by the originating and consumer applications are consistent through the use of the security schema object and the security middleware component.
  - 4. The method of claim 1, wherein the security schema object includes a transformation component, a layout component, and a data flow component and wherein the transformation component describes an output format, the layout component describes a normalized input format and the data flow component of the security schema object describes a sequence of cryptographic operations to be followed when using the security schema object.
  - 5. The method of claim 1, wherein a first application is both the originating application and the consumer application.
  - 6. The method of claim 1, wherein the property of the secure structured data object is a reference to the security schema object.
  - 7. The method of claim 1, further comprising:
    - parsing, by the security middleware component, the data input in the first format;
      
      normalizing, by the security middleware component, the data input to a layout format;
      
      applying, by the security middleware component, transformation of elements in the layout format according to the security schema object;
      
      applying, by the security middleware component, protection of elements in the layout format according to the security schema object; and
      
      formatting, by the security middleware component, the transformed and protected elements to the second format.
  - 8. The method of claim 7, wherein the applying the transformation and applying the protection comprise a calling of services in the data processing system in a runtime services or platform services layer.
  - 9. The method of claim 8, wherein the called services are selected from a group of encryption services, digital signing services or hashing services.
  - 10. The method of claim 8, wherein keys and certificates for use by the middleware security component are stored in a platform services layer.

11. A computer usable program product comprising a computer usable storage device including computer usable code for providing consistent cryptographic operations for a plurality of applications executing in a data processing system, the computer usable program product comprising:
- computer usable code for receiving, by a security middleware component, through the use of an application programming interface, a data input from an originating application operating in application space, both the application and the middleware component executing in the data processing system;
  
  computer usable code for retrieving a security schema object by the security middleware component from an object store, the security schema object describing a sequence of cryptographic operations, wherein the security schema object includes a plurality of components, each component describing an aspect of the cryptographic operations;
  
  computer usable code for transforming the data input from a first format to a second format, wherein one of the first and second formats is a secure structured data object formed using the sequence of cryptographic operations;
  
  computer usable code for populating a property of the secure structured data object, separate from the transformed data input, such that the property is usable by a consumer application to access the security schema object to recover the data input from the secure structured data object at the consumer application; and
  
  computer usable code for transmitting the data input in the second format to the consumer application operating in application space.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The computer usable program product of claim 11, wherein the security middleware component is called by a plurality of originating applications by means of an application programming interface to provide consistent cryptographic operations in the data processing system.
  - 13. The computer usable program product of claim 11, wherein the second format is the secure structured data object and the computer usable program product further comprises:
    - computer usable code for receiving the secure structured data object at the security middleware component from the consumer application through the use of an application programming interface, in a request for validation and restoration of the secure structured data object;
      
      computer usable code for retrieving the security schema object using the property of the secure structured data object populated with data about the security schema object;
      
      computer usable code for validating the secure structured data object by the security middleware component using the security schema object; and
      
      computer usable code for restoring the secure structured data object to the data input by the security middleware component using the security schema object, so that cryptographic operations used by the originating and consumer applications are consistent through the use of the security schema object and the security middleware component.
  - 14. The computer usable program product of claim 11, wherein the security schema object includes a transformation component, a layout component, and a data flow component and wherein the transformation component describes an output format, the layout component describes a normalized input format and the data flow component of the security schema object describes a sequence of cryptographic operations to be followed when using the security schema object.
  - 15. The computer usable program product of claim 11, wherein a first application is both the originating application and the consumer application.
  - 16. The computer usable program product of claim 11, wherein the property of the secure structured data object is a reference to the security schema object.
  - 17. The computer usable program product of claim 11, wherein the security middleware component, further comprises:
    - computer usable code for parsing the data input in the first format;
      
      computer usable code for normalizing the data input to a layout format;
      
      computer usable code for applying transformation of elements in the layout format according to the security schema object;
      
      computer usable code for applying protection of elements in the layout format according to the security schema object; and
      
      computer usable code for formatting the transformed and protected elements to the second format.
  - 18. The computer usable program product of claim 11, wherein the computer usable code for receiving, the computer usable code for retrieving, the computer usable code for transforming, and the computer usable code for transmitting are stored in a first computer readable storage device in a data processing system, and wherein the computer usable code for receiving, the computer usable code for retrieving, the computer usable code for transforming, and the computer usable code for transmitting are transferred over a network from a remote data processing system.
  - 19. The computer usable program product of claim 11, wherein the computer usable code for receiving, the computer usable code for retrieving, the computer usable code for transforming, and the computer usable code for transmitting are stored in a first computer readable storage device in a server data processing system, and wherein the computer usable code for receiving, the computer usable code for retrieving, the computer usable code for transforming, and the computer usable code for transmitting are downloaded over a network to a remote data processing system for use in a second computer readable storage device associated with the remote data processing system.

20. A data processing system for providing consistent cryptographic operations for a plurality of applications executing in a data processing system, the data processing system comprising:
- a storage device including wherein the storage device stores computer usable program code; and
  
  a processor, wherein the processor executes the computer usable program code, and wherein the computer usable program code comprises;
  
  computer usable code for receiving, by a security middleware component, through the use of an application programming interface, a data input from an originating application operating in application space, both the application and the middleware component executing in the data processing system;
  
  computer usable code for retrieving a security schema object by the security middleware component from an object store, the security schema object describing a sequence of cryptographic operations, wherein the security schema object includes a plurality of components, each component describing an aspect of the cryptographic operations;
  
  computer usable code for transforming the data input from a first format to a second format, wherein one of the first and second formats is a secure structured data object formed using the sequence of cryptographic operations;
  
  computer usable code for populating a property of the secure structured data object, separate from the transformed data input, such that the property is usable by a consumer application to access the security schema object to recover the data input from the secure structured data object at the consumer application; and
  
  computer usable code for transmitting the data input in the second format to the consumer application operating in application space.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Coria, Eduardo Martin, Lanza, Mariela Claudia, Manzato, Guillermo, Prediletto, Mariano Alejandro, Reyna Almandos, Patricio Marcelo, Whitmore, James J
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Shepperd, Eric W

Application Number

US13/272,967
Publication Number

US 20130097425A1
Time in Patent Office

1,279 Days
Field of Search

713150-152, 713160-161, 713/164, 713/167, 713/176, 726/1, 709/228, 709/236, 709/246
US Class Current

713/167
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

H04L 2209/68   Special signature format, e...

H04L 63/20   for managing network securi...

H04L 9/3247   involving digital signatures

Providing consistent cryptographic operations across several applications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Providing consistent cryptographic operations across several applications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links