Securing network communications is a difficult problem faced in many computing environments. When client computer systems communicate with online services, information may be transmitted over computer networks that are not under the direct control of either party to the communication. As a result, encryption is sometimes used to secure information flowing over a computer network between a client and an online service. Secure transport layer protocols such as Transport Layer Security (“TLS”) or Secure Sockets Layer (“SSL”) safeguard network communications by encrypting and decrypting data within the network stack. Applications on the client-side and the server-side exchange plaintext data with their respective secure transport layers, and the encryption and decryption operations can occur without interference or assistance from either application.
Secure transport layers are often used to protect data while the data is in transit over a computer network, but the protection afforded by a secure transport layer generally does not extend to the application layer. Secure transport layers do not generally contribute to data security before transmission or after reception by an application. For example, TLS/SSL may improve the security and integrity of data while the data is in the custody of the transport layer, but generally does not contribute to data security while the data is in the custody of an application.