Secure app ecosystem with key and data exchange according to enterprise information control policy
First Claim
1. A computer implemented method for providing a secure ecosystem comprising at least a plurality of apps on a computing device, wherein the apps in the ecosystem securely exchange encrypted data according to an information control policy of an enterprise, without allowing unauthorized access from outside of the ecosystem, the method comprising:
- creating, by an ecosystem agent on the computing device, an ecosystem directory, the ecosystem directory containing an entry for each specific app in the ecosystem, each entry comprising policy information concerning the specific app and identification information concerning the specific app, wherein the ecosystem agent is an app in the ecosystem;
generating, by each specific ecosystem-ready app on the computing device, an asymmetric key pair, a public key of which the specific app shares only with apps in the ecosystem, and a private key of which the specific app does not share at all;
securely communicating data between apps in the ecosystem, such that the communicated data cannot be accessed from outside of the ecosystem without authorization from within the ecosystem;
wherein securely communicating data between apps in the ecosystem further comprises encrypting data with a first key by a providing app in the ecosystem, such that at least one receiving app in the ecosystem can decrypt the data with a second key;
reading, by a first ecosystem app, a public key of a second ecosystem app, from the ecosystem directory;
encrypting, by the first ecosystem app using the public key of the second ecosystem app, at least one from a group consisting of;
a message to securely communicate to the second ecosystem app and a data object to securely share with the second ecosystem app;
performing at least one from a group of steps consisting of;
communicating the encrypted message from the first ecosystem app to the second ecosystem app and sharing the encrypted data object with the second ecosystem app by the first ecosystem; and
decrypting, by the second ecosystem app, using a private key of the second ecosystem app, at least one from a group consisting of;
the communicated message and the data object; and
complying, by each specific app in the ecosystem, with enterprise information control policy.
5 Assignments
0 Petitions
Accused Products
Abstract
Multiple apps of an ecosystem on a computer securely exchange encrypted data according to an information control policy of an enterprise, without allowing unauthorized access from outside of the ecosystem. An ecosystem agent creates an ecosystem directory, which contains policy information and identification information concerning each specific app in the ecosystem, including the ecosystem agent. Each ecosystem app generates an asymmetric key pair, the public key of which it shares only with apps in the ecosystem through the directory. The ecosystem agent'"'"'s private key is used to encrypt the directory. Data is securely communicated between apps in the ecosystem, by encrypting and decrypting messages and data objects with the appropriate ecosystem app keys. Each specific app in the ecosystem complies with enterprise information control policy. Ecosystem apps can read a policy from the directory, and receive policy updates from the enterprise.
-
Citations
19 Claims
-
1. A computer implemented method for providing a secure ecosystem comprising at least a plurality of apps on a computing device, wherein the apps in the ecosystem securely exchange encrypted data according to an information control policy of an enterprise, without allowing unauthorized access from outside of the ecosystem, the method comprising:
-
creating, by an ecosystem agent on the computing device, an ecosystem directory, the ecosystem directory containing an entry for each specific app in the ecosystem, each entry comprising policy information concerning the specific app and identification information concerning the specific app, wherein the ecosystem agent is an app in the ecosystem; generating, by each specific ecosystem-ready app on the computing device, an asymmetric key pair, a public key of which the specific app shares only with apps in the ecosystem, and a private key of which the specific app does not share at all; securely communicating data between apps in the ecosystem, such that the communicated data cannot be accessed from outside of the ecosystem without authorization from within the ecosystem; wherein securely communicating data between apps in the ecosystem further comprises encrypting data with a first key by a providing app in the ecosystem, such that at least one receiving app in the ecosystem can decrypt the data with a second key;
reading, by a first ecosystem app, a public key of a second ecosystem app, from the ecosystem directory;
encrypting, by the first ecosystem app using the public key of the second ecosystem app, at least one from a group consisting of;
a message to securely communicate to the second ecosystem app and a data object to securely share with the second ecosystem app;
performing at least one from a group of steps consisting of;
communicating the encrypted message from the first ecosystem app to the second ecosystem app and sharing the encrypted data object with the second ecosystem app by the first ecosystem; and
decrypting, by the second ecosystem app, using a private key of the second ecosystem app, at least one from a group consisting of;
the communicated message and the data object; andcomplying, by each specific app in the ecosystem, with enterprise information control policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 19)
-
-
17. At least one non-transitory computer readable medium for providing a secure ecosystem comprising at least a plurality of apps on a computing device, wherein the apps in the ecosystem securely exchange encrypted data according to an information control policy of an enterprise, without allowing unauthorized access from outside of the ecosystem, the at least one non-transitory computer readable medium storing program code that, when loaded into computer memory and executed by a processor performs the following steps:
-
creating, by an ecosystem agent on the computing device, an ecosystem directory, the ecosystem directory containing an entry for each specific app in the ecosystem, each entry comprising policy information concerning the specific app and identification information concerning the specific app, wherein the ecosystem agent is an app in the ecosystem; generating, by each specific ecosystem-ready app on the computing device, an asymmetric key pair, a public key of which the specific app shares only with apps in the ecosystem, and a private key of which the specific app does not share at all; securely communicating data between apps in the ecosystem, such that the communicated data cannot be accessed from outside of the ecosystem without authorization from within the ecosystem; wherein securely communicating data between apps in the ecosystem further comprises encrypting data with a first key by a providing app in the ecosystem, such that at least one receiving app in the ecosystem can decrypt the data with a second key;
reading, by a first ecosystem app, a public key of a second ecosystem app, from the ecosystem directory;
encrypting, by the first ecosystem app using the public key of the second ecosystem app, at least one from a group consisting of;
a message to securely communicate to the second ecosystem app and a data object to securely share with the second ecosystem app;
performing at least one from a group of steps consisting of;
communicating the encrypted message from the first ecosystem app to the second ecosystem app and sharing the encrypted data object with the second ecosystem app by the first ecosystem; and
decrypting, by the second ecosystem app, using a private key of the second ecosystem app, at least one from a group consisting of;
the communicated message and the data object; andcomplying, by each specific app in the ecosystem, with enterprise information control policy.
-
-
18. A mobile computing device for providing a secure ecosystem comprising at least a plurality of mobile apps, wherein the mobile apps in the ecosystem securely exchange encrypted data according to an information control policy of an enterprise, without allowing unauthorized access from outside of the ecosystem, the mobile computing device comprising:
-
computer memory; at least one processor; a directory creating module residing in the computer memory, configured to create an ecosystem directory, the ecosystem directory containing an entry for each specific mobile app in the ecosystem, each entry comprising policy information concerning the specific mobile app and identification information concerning the specific mobile app; a key generating module residing in the computer memory, configured to generate, by each specific ecosystem-ready mobile app on the mobile computing device, an asymmetric key pair, a public key of which the specific mobile app shares only with mobile apps in the ecosystem, and a private key of which the specific mobile app does not share at all; a communicating module residing in the computer memory, configured to communicate data securely between mobile apps in the ecosystem, such that the communicated data cannot be accessed from outside of the ecosystem without authorization from within the ecosystem; wherein securely communicating data between mobile apps in the ecosystem further comprises encrypting data with a first key by a providing mobile app in the ecosystem, such that at least one receiving mobile app in the ecosystem can decrypt the data with a second key;
reading, by a first ecosystem app, a public key of a second ecosystem app, from the ecosystem directory;
encrypting, by the first ecosystem app using the public key of the second ecosystem app, at least one from a group consisting of;
a message to securely communicate to the second ecosystem app and a data object to securely share with the second ecosystem app;
performing at least one from a group of steps consisting of;
communicating the encrypted message from the first ecosystem app to the second ecosystem app and sharing the encrypted data object with the second ecosystem app by the first ecosystem; and
decrypting, by the second ecosystem app, using a private key of the second ecosystem app, at least one from a group consisting of;
the communicated message and the data object; anda policy complying module residing in the computer memory, configured to comply, by each specific mobile app in the ecosystem, with enterprise information control policy.
-
Specification