Intra-computer protected communications between applications
First Claim
1. A method for securely transferring a data object from a source application to a destination application on a computing device, the method comprising:
- providing a source application and a destination application on a computing device, the source and destination applications each having original, post-compile object code;
modifying, using at least one processor operatively coupled with a memory, the original object code of the source application to create first replacement object code for the source application;
modifying, using the at least one processor operatively coupled with the memory, the original object code of the destination application to create second replacement object code for the destination application;
transferring, from the source application to the destination application, a data object that is encrypted with an object data protection key;
requesting, from the first replacement code of the source application to a security manager application on the computing device, a source application key that is associated with the source application;
decrypting the source application key using a data protection root key from the security manager application;
decrypting, by the first replacement code of the source application, the object data protection key with the decrypted source application key;
encrypting, by the first replacement code of the source application, the object data protection key with a data-sharing key or a destination application key, the destination application key associated with the destination application;
sharing with the destination application the object data protection key that is encrypted with the data-sharing key or destination application key;
decrypting, in the second replacement code of the destination application, the object data protection key that is encrypted with the data-sharing key or destination application key; and
decrypting, in the second replacement code of the destination application, the object data using the unencrypted object data protection key.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods and machine-readable media for providing a security service are disclosed. The methods include receiving a modification of the application object code to allow the software application to transmit a request for the security service; retrieving the modified application object code corresponding to the software application from memory; receiving, via a processor, the request for the security service from the modified application object code; and providing, via the processor, the security service. The systems and machine-readable media performing operations according to the methods disclosed.
65 Citations
20 Claims
-
1. A method for securely transferring a data object from a source application to a destination application on a computing device, the method comprising:
-
providing a source application and a destination application on a computing device, the source and destination applications each having original, post-compile object code; modifying, using at least one processor operatively coupled with a memory, the original object code of the source application to create first replacement object code for the source application; modifying, using the at least one processor operatively coupled with the memory, the original object code of the destination application to create second replacement object code for the destination application; transferring, from the source application to the destination application, a data object that is encrypted with an object data protection key; requesting, from the first replacement code of the source application to a security manager application on the computing device, a source application key that is associated with the source application; decrypting the source application key using a data protection root key from the security manager application; decrypting, by the first replacement code of the source application, the object data protection key with the decrypted source application key; encrypting, by the first replacement code of the source application, the object data protection key with a data-sharing key or a destination application key, the destination application key associated with the destination application; sharing with the destination application the object data protection key that is encrypted with the data-sharing key or destination application key; decrypting, in the second replacement code of the destination application, the object data protection key that is encrypted with the data-sharing key or destination application key; and decrypting, in the second replacement code of the destination application, the object data using the unencrypted object data protection key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A machine-readable non-transitory storage medium embodying information indicative of instructions for causing one or more machines to perform operations comprising:
-
providing a source application and a destination application on a computing device, the source and destination applications each having original, post-compile object code; modifying, using at least one processor operatively coupled with a memory, the original object code of the source application to create first replacement object code for the source application; modifying, using the at least one processor operatively coupled with the memory, the original object code of the destination application to create second replacement object code for the destination application; transferring, from the source application to the destination application, a data object that is encrypted with an object data protection key; requesting, from the first replacement code of the source application to a security manager application on the computing device, a source application key that is associated with the source application; decrypting the source application key using a data protection root key from security manager application; decrypting, by the first replacement code of the source application, the object data protection key with the decrypted source application key; encrypting, by the first replacement code of the source application, the object data protection key with a data-sharing key or a destination application key, the destination application key associated with the destination application; sharing with the destination application the object data protection key that is encrypted with the data-sharing key or destination application key; decrypting, in the second replacement code of the destination application, the object data protection key that is encrypted with the data-sharing key or destination application key; and decrypting, in the second replacement code of the destination application, the object data using the unencrypted object data protection key. - View Dependent Claims (16, 17)
-
-
18. A computer system executing instructions in a computer program, the computer system comprising:
-
a processor; and a memory operatively coupled with the processor, the processor executing program code for; providing a source application and a destination application on a computing device, the source and destination applications each having original, post-compile object code; modifying, using at least one processor operatively coupled with a memory, the original object code of the source application to create first replacement object code for the source application; modifying, using the at least one processor operatively coupled with the memory, the original object code of the destination application to create second replacement object code for the destination application; transferring, from the source application to the destination application, a data object that is encrypted with an object data protection key; requesting, by the first replacement code of the source application to a security manager application on the computing device, a source application key that is associated with the source application; decrypting the source application key using a data protection root key from the security manager application; decrypting, by the first replacement code of the source application, the object data protection key with the decrypted source application key; encrypting, by the first replacement code of the source application, the object data protection key with a data-sharing key or a destination application key, the destination application key associated with the destination application; sharing with the destination application the object data protection key that is encrypted with the data-sharing key or destination application key; decrypting, in the second replacement code of the destination application, the object data protection key that is encrypted with the data-sharing key or destination application key; and decrypting, in the second replacement code of the destination application, the object data using the unencrypted object data protection key. - View Dependent Claims (19, 20)
-
Specification