Method and Apparatus for Encryption and Pass-Through Handling of Confidential Information in Software Applications
First Claim
1. A method of securely transmitting sensitive information to a remote device at the request of an application program, the method comprising:
- generating a request, with the application program, to a secure channel provider to make a transmission to a remote device;
passing a first message from the application program to the secure channel provider, the first message containing insertion point codes indicating locations within the first message where the sensitive information should be inserted, when the secure channel provider receives the first message;
obtaining the sensitive information from a source outside of the application program;
inserting the sensitive information into the first message at the locations in the first message indicated by the insertion point codes to form a second message containing the sensitive information;
encrypting the second message to form an encrypted unit; and
transmitting the encrypted unit to the remote device,wherein the sensitive information is unaccessed by the application program during execution of the method.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus for securely transmitting sensitive information to a remote device at the request of an application program are provided. The application program generates a request to a secure channel provider to make a transmission to a remote device. A first message is passed from the from the application program to the secure channel provider containing insertion point codes indicating locations within the first message where the sensitive information should be inserted. Sensitive information is obtained from a source outside of the application program and the sensitive information is inserted into the first message at the locations in the first message indicated by the insertion point codes to form a second message containing the sensitive information. The second message is encrypted and this encrypted message is transmitted to the remote device. The sensitive information is unaccessed by the application program during the execution of the method.
24 Citations
39 Claims
-
1. A method of securely transmitting sensitive information to a remote device at the request of an application program, the method comprising:
-
generating a request, with the application program, to a secure channel provider to make a transmission to a remote device; passing a first message from the application program to the secure channel provider, the first message containing insertion point codes indicating locations within the first message where the sensitive information should be inserted, when the secure channel provider receives the first message; obtaining the sensitive information from a source outside of the application program; inserting the sensitive information into the first message at the locations in the first message indicated by the insertion point codes to form a second message containing the sensitive information; encrypting the second message to form an encrypted unit; and transmitting the encrypted unit to the remote device, wherein the sensitive information is unaccessed by the application program during execution of the method. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 27)
-
-
15. A method of securely transmitting sensitive information to a remote device at the request of an application program, the method comprising:
-
generating a request to transmit data and a first message, with the application program located on a data processing system, to a secure channel provider located on the data processing system, to make a transmission to a remote device; inserting insertion point codes in the first message, the insertion point codes indicating locations within the first message where sensitive information should be inserted; passing the first message to the secure channel provider; passing the first message to a cryptographic service provider located on a peripheral device; in response to the cryptographic service provider receiving the first message, obtaining the sensitive information from a card reader on the peripheral device and inserting the sensitive information into the first message at the locations in the first message indicated by the insertion point codes to form a second message containing the sensitive information and determining a message authentication code for the second message; passing the message authentication code from the cryptographic service provider to the secure channel provider; in response to the secure channel provider receiving the message authentication code, appending the message authentication codes to the first message to form a first unit containing the first message and the message authentication code; passing the first unit to the cryptographic service provider; in response to the cryptographic service provider receiving the first unit, obtaining the sensitive information and inserting the sensitive information into the second message contained in the first unit at the locations in the data indicated by the insertion point codes to form the second message containing the sensitive information and forming a second unit containing the second message and the message authentication code before encrypting the second unit containing the sensitive information to form an encrypted unit; passing the encrypted unit to the secure channel provider; and in response to the secure channel provider receiving the encrypted unit, transmitting the encrypted unit to the remote device, wherein only the cryptographic service provider has access to the sensitive information in an unencrypted from during the execution of the method.
-
-
16. A data processing system for securely transmitting sensitive information to a remote device at the request of an application program, the data processing system comprising:
-
at least one processing unit; at least one memory storage device operatively coupled to the at least one processing unit; and a program module stored in the at least one memory storage device operative for providing instructions to the at least one processing unit, the at least one processing unit responsive to the instructions of the program module, the program module operative to; invoke an application program and a secure channel provider; generate a request with the application program, to the secure channel provider to make a transmission to a remote device; pass a first message from the application program to the secure channel provider, the first message containing insertion point codes indicating locations within the first message where the sensitive information should be inserted when the secure channel provider receives the first message; obtain the sensitive information from a source outside of the application program; insert the sensitive information into the first message at the locations in the first message indicated by the insertion point codes to form a second message containing the sensitive information; encrypt the second message to form an encrypted unit; and transmit the encrypted unit to the remote device with the secure channel provider, wherein the sensitive information is unaccessed by the application program during the execution of the method. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
28. A system for securely transmitting sensitive information to a remote device at the request of an application program, the system comprising:
-
a peripheral device operative to receive input containing the sensitive information; and a data processing system, operatively coupled to the peripheral device and operative to receive data from the peripheral device, the data processing system having; at least one processing unit; at least one memory storage device operatively coupled to the processing unit; and a program module stored in the at least one memory storage device operative for providing instructions to the at least one processing unit, the at least one processing unit responsive to the instructions of the program module, the program module operative for; invoke an application program and a secure channel provider; generate a request with the application program, to the secure channel provider to make a transmission to a remote device; pass a first message from the application program to the secure channel provider, the first message containing insertion point codes indicating locations within the first message where the sensitive information should be inserted when the secure channel provider receives the first message; transmit the first message to the periphery device; in response to receiving an encrypted unit from the periphery device, transmitting the encrypted unit to the remote device, wherein the peripheral device is operative to; invoke a cryptographic service provider; in response to receiving the second message from the data processing system; obtain the sensitive information from a source; insert the sensitive information into the first message at the locations in the first message indicated by the insertion point codes to form a second message containing the sensitive information; encrypt the second message to form an encrypted unit; and transmit the encrypted unit to the data processing system, wherein the sensitive information is unaccessed by the application program during the execution of the method. - View Dependent Claims (29, 30, 31, 32, 33)
-
-
34. A peripheral device for securely encoding sensitive information in a message passed to the peripheral device from a data processing system operatively connected to the peripheral device, the device comprising:
-
at least one processing unit; memory operatively coupled to the processing unit; and a program module stored in the memory operative for providing instructions to the at least one processing unit, the at least one processing unit responsive to the instructions of the program module, the program module operative to; in response to receiving a first message from the data processing system, obtain the sensitive information from a source; insert the sensitive information into the first message at the locations in the first message indicated by the insertion point codes to form a second message containing the sensitive information; and pass the second message to the data processing system. - View Dependent Claims (35, 36, 38)
-
-
37. (canceled)
-
39. (canceled)
Specification