What technology area does this patent fall under?

Primary CPC classification H04L63/0815. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Nov 05 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Inter-application secure data sharing workflow

US10469478B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10469478-B2
Application number	US-201715442239-A
Country	US
Kind code	B2
Filing date	Feb 24, 2017
Priority date	Dec 7, 2016
Publication date	Nov 5, 2019
Grant date	Nov 5, 2019

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

To extend a sign on session among applications, an inter-application workflow request can be initiated from a first to a second application. The workflow request can identify one or more memory locations in a shared memory for secure data transfer between the applications. The first application can then monitor the memory locations for the presence of a public key stored in shared memory by the second application in response to the workflow request. Once the public key is present in the shared memory, the first application can retrieve and use it to encrypt an access interval key. The encrypted access interval key can then be stored in the shared memory for retrieval by the second application. The access interval key is associated with a sign on session of the first application, and the second application can retrieve and decrypt it to extend the sign on session to the second application.

First claim

Opening claim text (preview).

Therefore, the following is claimed: 1. A method for secure data sharing between applications, comprising: initiating an inter-application workflow request from a first application to a second application, the workflow request identifying at least one memory location in a shared memory for secure data transfer between the first application and the second application; monitoring the at least one memory location in the shared memory for presence of a public key of the second application, the public key of the second application being generated and stored in the at least one memory location by the second application in response to the workflow request; in response to the public key of the second application being present in the shared memory, retrieving the public key from the shared memory; encrypting an access interval key using the public key to provide an encrypted access interval key, the access interval key being associated with a sign on session of the first application; and storing the encrypted access interval key in the at least one memory location in the shared memory for retrieval by the second application to extend the sign on session to the second application. 2. The method according to claim 1 , wherein: the access interval key comprises a session key of the first application; and the shared memory comprises a master key encrypted by the session key. 3. The method according to claim 2 , wherein the shared memory comprises at least one data element encrypted by the master key, the at least one data element including data accessible by the second application through decryption using the master key during the sign on session of the first application. 4. The method according to claim 1 , further comprising: generating an asymmetric key pair, the asymmetric key pair comprising the public key and a private key of the second application; and storing the public key of the second application in the at least one memory location in the shared memory in response to the workflow request. 5. The method according to claim 4 , further comprising: retrieving, by the second application, the encrypted access interval key from the shared memory; and decrypting, by the second application, the encrypted access interval key using the private key of the second application. 6. The method according to claim 5 , further comprising: retrieving, by the second application, an encrypted master key from the shared memory; and decrypting, by the second application, the encrypted master key, wherein the shared memory comprises at least one data element encrypted by the master key, the at least one data element including data accessible by the second application through decryption using the master key during the sign on session of the first application. 7. The method according to claim 5 , further comprising, after retrieving the encrypted access interval key from the shared memory, clearing the public key and the encrypted access interval key from the shared memory. 8. A non-transitory computer-readable medium embodying program code executable in at least one computing device for secure data sharing between applications that, when executed by the at least one computing device, directs the at least one computing device to at least: initiate an inter-application workflow request from a first application to a second application, the workflow request identifying at least one memory location in a shared memory for secure data transfer between the first application and the second application; monitor the at least one memory location in the shared memory for presence of a public key of the second application, the public key of the second application being generated and stored in the at least one memory location by the second application in response to the workflow request; in response to the public key of the second application being present in the shared memory, retrieve the public key from the shared memory; encrypt an access interval key using the public key to provide an encrypted access interval key, the access interval key being associated with a sign on session of the first application; and store the encrypted access interval key in the at least one memory location in the shared memory for retrieval by the second application to extend the sign on session to the second application. 9. The non-transitory computer-readable medium according to claim 8 , wherein: the access interval key comprises a session key of the first application; and the shared memory comprises a master key encrypted by the session key. 10. The non-transitory computer-readable medium according to claim 9 , wherein the shared memory comprises at least one data element encrypted by the master key, the at least one data element including data accessible by the second application through decryption using the master key during the sign on session of the first application. 11. The non-transitory computer-readable medium according to claim 8 , wherein the at least one computing device is further directed to at least: generate an asymmetric key pair, the asymmetric key pair comprising the public key and a private key of the second application; and store the public key of the second application in the at least one memory location in the shared memory in response to the workflow request. 12. The non-transitory computer-readable medium according to claim 11 , wherein the at least one computing device is further directed to at least: retrieve, by the second application, the encrypted access interval key from the shared memory; and decrypt, by the second application, the encrypted access interval key using the private key of the second application. 13. The non-transitory computer-readable medium according to claim 12 , wherein the at least one computing device is further directed to at least: retrieve, by the second application, an encrypted master key from the shared memory; and decrypt, by the second application, the encrypted master key, wherein the shared memory comprises at least one data element encrypted by the master key, the at least one data element including data accessible by the second application through decryption using the master key during the sign on session of the first application. 14. The non-transitory computer-readable medium according to claim 12 , wherein the at least one computing device is further directed to at least clear the public key and the encrypted access interval key from the shared memory after the encrypted access interval key is retrieved from the shared memory. 15. A system for secure data sharing between applications, comprising: a memory device configured to store computer-readable instructions thereon; and at least one processing device configured, through execution of the computer-readable instructions, to: initiate an inter-application workflow request from a first application to a second application, the workflow request identifying at least one memory location in a shared memory for secure data transfer between the first application and the second application; monitor the at least one memory location in the shared memory for presence of a public key of the second application, the public key of the second application being generated and stored in the at least one memory location by the second application in response to the workflow request; in response to the public key of the second application being present in the shared memory, retrieve the public key from the shared memory; encrypt an access interval key using the public key to provide an encrypted access interval key, the access interval key be

Assignees

Vmware Inc

Inventors

Classifications

G06F3/0659
Command handling arrangements, e.g. command buffers, queues, command scheduling · CPC title
H04L9/0894
Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage · CPC title
H04L9/0825
using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates · CPC title
G06F3/0622
in relation to access · CPC title
H04L63/0815Primary
providing single-sign-on or federations · CPC title

Patent family

Related publications grouped by family.

View patent family 62243185

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10469478B2 cover?: To extend a sign on session among applications, an inter-application workflow request can be initiated from a first to a second application. The workflow request can identify one or more memory locations in a shared memory for secure data transfer between the applications. The first application can then monitor the memory locations for the presence of a public key stored in shared memory by the…
Who is the assignee on this patent?: Vmware Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/0815. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Nov 05 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).