Generalized certificate use in policy-based secure messaging environments
First Claim
1. A system, comprising:
- a memory; and
a processor programmed to execute a secure messaging component to;
determine, at the secure messaging component as part of providing a generalized certificate use service within a secure messaging environment, that a request to send a message has been generated by a message sender, where the generalized certificate use service provides real-time selective use of different secured digital certificates for different messages sent by the message sender, and the different secured digital certificates are digital certificates other than a digital certificate of the message sender;
identify, within the memory, a message protection policy configured to process the message under the generalized certificate use service within the secure messaging environment, where the message protection policy specifies the different secured digital certificates that are each configured with an associated private key to digitally sign the message on behalf of the message sender;
determine, based upon the message protection policy, to digitally sign the message using the private key of a secured digital certificate selected from the different secured digital certificates specified in the message protection policy; and
sign the message on behalf of the message sender using the private key of the selected secured digital certificate.
1 Assignment
0 Petitions
Accused Products
Abstract
Within a secure messaging environment, a determination is made that a request to send a message has been generated by a message sender. A message protection policy configured to process the message within the secure messaging environment is identified. The message protection policy specifies that, within the secure messaging environment, a secured digital certificate, other than a digital certificate of the message sender, is configured with an associated private key to digitally sign the message on behalf of the message sender. Based upon the message protection policy, a determination is made to digitally sign the message using the private key of the secured digital certificate. The message is signed on behalf of the message sender using the private key of the secured digital certificate.
27 Citations
20 Claims
-
1. A system, comprising:
-
a memory; and a processor programmed to execute a secure messaging component to; determine, at the secure messaging component as part of providing a generalized certificate use service within a secure messaging environment, that a request to send a message has been generated by a message sender, where the generalized certificate use service provides real-time selective use of different secured digital certificates for different messages sent by the message sender, and the different secured digital certificates are digital certificates other than a digital certificate of the message sender; identify, within the memory, a message protection policy configured to process the message under the generalized certificate use service within the secure messaging environment, where the message protection policy specifies the different secured digital certificates that are each configured with an associated private key to digitally sign the message on behalf of the message sender; determine, based upon the message protection policy, to digitally sign the message using the private key of a secured digital certificate selected from the different secured digital certificates specified in the message protection policy; and sign the message on behalf of the message sender using the private key of the selected secured digital certificate. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer program product, comprising:
a computer readable storage medium having computer readable program code embodied therewith, where the computer readable storage medium is not a transitory signal per se and where the computer readable program code when executed on a computer causes the computer to; determine, at a secure messaging component that provides a generalized certificate use service within a secure messaging environment, that a request to send a message has been generated by a message sender, where the generalized certificate use service provides real-time selective use of different secured digital certificates for different messages sent by the message sender, and the different secured digital certificates are digital certificates other than a digital certificate of the message sender; identify a message protection policy configured to process the message under the generalized certificate use service within the secure messaging environment, where the message protection policy specifies the different secured digital certificates that are each configured with an associated private key to digitally sign the message on behalf of the message sender; determine, based upon the message protection policy, to digitally sign the message using the private key of a secured digital certificate selected from the different secured digital certificates specified in the message protection policy; and sign the message on behalf of the message sender using the private key of the selected secured digital certificate. - View Dependent Claims (11, 12, 13, 14)
-
15. A computer program product, comprising:
-
a machine readable data storage medium, where the machine readable data storage medium is not a transitory signal per se; and computer instructions stored in the machine readable data storage medium; where the computer instructions when executed by a processor(s) set cause the processor(s) set to perform operations comprising; creating a message protection policy for application in a secure messaging environment, with the message protection policy specifying that any delivery of a message according to the message protection policy requires a digital signature made using a private key that is managed by a queue manager that manages a secured message queue within the secure messaging environment; receiving, by the secure messaging environment, a message; determining, by the secure messaging environment, that the message protection policy is applicable to the message; responsive to the determination that the message protection policy is applicable to the message, creating, by the secure messaging environment, the digital signature using the private key managed by the queue manager; and associating, by the secure messaging environment, the message and the digital signature such that the message will be communicated with the digital signature in the secure messaging environment. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification