| CPC G06F 21/6209 (2013.01) [G06F 3/0622 (2013.01); G06F 3/0637 (2013.01); G06F 3/0673 (2013.01); G06F 21/602 (2013.01); G06F 21/6218 (2013.01); G06F 2221/2113 (2013.01); G06F 2221/2147 (2013.01)] | 14 Claims |
|
1. A method, comprising:
generating, by an application runtime of an application having a current authentication state, application data, wherein:
the application defines a plurality of data categories for data in the application data,
the application data includes a plurality of containers into which the application data is segregated and securely stored in encrypted format to prevent unauthorized access, and
the current authentication state is associated with one or more credentials that are currently available to the application runtime;
requesting, by the application runtime, access to data associated with a particular one of the plurality of data categories;
determining, by the application runtime, whether the current authentication state includes a credential combination corresponding to the particular one of the plurality of data categories;
in response to determining that the current authentication state includes the credential combination corresponding to the particular one of the plurality of data categories, obtaining, by the application runtime, an access level key corresponding to one access level of a plurality of access levels associated with the current authentication state, wherein the access level key is encrypted by one or more credentials associated with the one access level;
decrypting, by the application runtime, an encrypted container key corresponding to the one access level by using the access level key;
decrypting, by the application runtime, application data stored in a particular one of the plurality of containers by using the decrypted container key; and
providing access to the decrypted application data in the particular one of the plurality of containers.
|