Intra-computer protected communications between applications

US 9,246,893 B2
Filed: 03/14/2014
Issued: 01/26/2016
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method for securely transferring a data object from a source application to a destination application on a computing device, the method comprising:

providing a source application and a destination application on a computing device, the source and destination applications each having original, post-compile object code;

modifying, using at least one processor operatively coupled with a memory, the original object code of the source application to create first replacement object code for the source application;

modifying, using the at least one processor operatively coupled with the memory, the original object code of the destination application to create second replacement object code for the destination application;

transferring, from the source application to the destination application, a data object that is encrypted with an object data protection key;

requesting, from the first replacement code of the source application to a security manager application on the computing device, a source application key that is associated with the source application;

decrypting the source application key using a data protection root key from the security manager application;

decrypting, by the first replacement code of the source application, the object data protection key with the decrypted source application key;

encrypting, by the first replacement code of the source application, the object data protection key with a data-sharing key or a destination application key, the destination application key associated with the destination application;

sharing with the destination application the object data protection key that is encrypted with the data-sharing key or destination application key;

decrypting, in the second replacement code of the destination application, the object data protection key that is encrypted with the data-sharing key or destination application key; and

decrypting, in the second replacement code of the destination application, the object data using the unencrypted object data protection key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods and machine-readable media for providing a security service are disclosed. The methods include receiving a modification of the application object code to allow the software application to transmit a request for the security service; retrieving the modified application object code corresponding to the software application from memory; receiving, via a processor, the request for the security service from the modified application object code; and providing, via the processor, the security service. The systems and machine-readable media performing operations according to the methods disclosed.

65 Citations

View as Search Results

20 Claims

1. A method for securely transferring a data object from a source application to a destination application on a computing device, the method comprising:
- providing a source application and a destination application on a computing device, the source and destination applications each having original, post-compile object code;
  
  modifying, using at least one processor operatively coupled with a memory, the original object code of the source application to create first replacement object code for the source application;
  
  modifying, using the at least one processor operatively coupled with the memory, the original object code of the destination application to create second replacement object code for the destination application;
  
  transferring, from the source application to the destination application, a data object that is encrypted with an object data protection key;
  
  requesting, from the first replacement code of the source application to a security manager application on the computing device, a source application key that is associated with the source application;
  
  decrypting the source application key using a data protection root key from the security manager application;
  
  decrypting, by the first replacement code of the source application, the object data protection key with the decrypted source application key;
  
  encrypting, by the first replacement code of the source application, the object data protection key with a data-sharing key or a destination application key, the destination application key associated with the destination application;
  
  sharing with the destination application the object data protection key that is encrypted with the data-sharing key or destination application key;
  
  decrypting, in the second replacement code of the destination application, the object data protection key that is encrypted with the data-sharing key or destination application key; and
  
  decrypting, in the second replacement code of the destination application, the object data using the unencrypted object data protection key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the sharing includes transferring the object data protection key that is encrypted with the data-sharing key or destination application key to the destination application.
  - 3. The method of claim 1, further comprising:
    - determining, by the security manager application, whether a transfer of the data object between the source and destination applications is constrained.
  - 4. The method of claim 1, further comprising:
    - verifying, by the security manager application, a signature of the source or destination application.
  - 5. The method of claim 4, wherein the signature is a product of a public key infrastructure (PKI) key.
  - 6. The method of claim 1, further comprising:
    - generating, by the security manager application, at least one of the source application key, the destination application key, and the data-sharing key.
  - 7. The method of claim 6, further comprising:
    - generating the source application key upon registration of the source application with the security manager application;
      
      orgenerating the destination application key upon registration of the destination application with the security manager application.
  - 8. The method of claim 6, further comprising:
    - prompting the user for a passcode; and
      
      generating the source application key or destination application key using the passcode.
  - 9. The method of claim 6, further comprising:
    - generating, by the security manager application, the data-sharing key upon a request by the source application.
  - 10. The method of claim 1, further comprising:
    - encrypting, by the second replacement code of the destination application, the object data protection key with the destination application key.
  - 11. The method of claim 1, wherein the computing device is a mobile device.
  - 12. The method of claim 1, further comprising:
    - retrieving, to the source application, a policy from a remote server, the policy specifying the encrypting.
  - 13. The method of claim 12, wherein the policy specifies no messaging, no chat, or no printing by the source application.
  - 14. The method of claim 1, wherein the original object code of the source application is selected from the group consisting of a .dylib file, a .so file, and a .dll file.

15. A machine-readable non-transitory storage medium embodying information indicative of instructions for causing one or more machines to perform operations comprising:
- providing a source application and a destination application on a computing device, the source and destination applications each having original, post-compile object code;
  
  modifying, using at least one processor operatively coupled with a memory, the original object code of the source application to create first replacement object code for the source application;
  
  modifying, using the at least one processor operatively coupled with the memory, the original object code of the destination application to create second replacement object code for the destination application;
  
  transferring, from the source application to the destination application, a data object that is encrypted with an object data protection key;
  
  requesting, from the first replacement code of the source application to a security manager application on the computing device, a source application key that is associated with the source application;
  
  decrypting the source application key using a data protection root key from security manager application;
  
  decrypting, by the first replacement code of the source application, the object data protection key with the decrypted source application key;
  
  encrypting, by the first replacement code of the source application, the object data protection key with a data-sharing key or a destination application key, the destination application key associated with the destination application;
  
  sharing with the destination application the object data protection key that is encrypted with the data-sharing key or destination application key;
  
  decrypting, in the second replacement code of the destination application, the object data protection key that is encrypted with the data-sharing key or destination application key; and
  
  decrypting, in the second replacement code of the destination application, the object data using the unencrypted object data protection key.
- View Dependent Claims (16, 17)
- - 16. The medium of claim 15, wherein the sharing includes transferring the object data protection key that is encrypted with the data-sharing key or destination application key to the destination application.
  - 17. The medium of claim 15, wherein the operations further comprise:
    - verifying, by the security manager application, a signature of the source or destination application.

18. A computer system executing instructions in a computer program, the computer system comprising:
- a processor; and
  
  a memory operatively coupled with the processor, the processor executing program code for;
  
  providing a source application and a destination application on a computing device, the source and destination applications each having original, post-compile object code;
  
  modifying, using at least one processor operatively coupled with a memory, the original object code of the source application to create first replacement object code for the source application;
  
  modifying, using the at least one processor operatively coupled with the memory, the original object code of the destination application to create second replacement object code for the destination application;
  
  transferring, from the source application to the destination application, a data object that is encrypted with an object data protection key;
  
  requesting, by the first replacement code of the source application to a security manager application on the computing device, a source application key that is associated with the source application;
  
  decrypting the source application key using a data protection root key from the security manager application;
  
  decrypting, by the first replacement code of the source application, the object data protection key with the decrypted source application key;
  
  encrypting, by the first replacement code of the source application, the object data protection key with a data-sharing key or a destination application key, the destination application key associated with the destination application;
  
  sharing with the destination application the object data protection key that is encrypted with the data-sharing key or destination application key;
  
  decrypting, in the second replacement code of the destination application, the object data protection key that is encrypted with the data-sharing key or destination application key; and
  
  decrypting, in the second replacement code of the destination application, the object data using the unencrypted object data protection key.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein the sharing includes transferring the object data protection key that is encrypted with the data-sharing key or destination application key to the destination application.
  - 20. The system of claim 18, wherein the processor further executes program code for:
    - verifying, by the security manager application, a signature of the source or destination application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Boyer, John Jules Alexander, Ahmed, Ali Kamran, Shephard, Timothy Michael, Prabhu, Vinay, Tewari, Ruchir
Primary Examiner(s)
To, Baotran N

Application Number

US14/213,244
Publication Number

US 20140281548A1
Time in Patent Office

683 Days
Field of Search

713/171, 380/277
US Class Current

1/1
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

H04L 2463/062   applying encryption of the ...

H04L 63/06   for supporting key manageme...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

Intra-computer protected communications between applications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

65 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Intra-computer protected communications between applications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

65 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links