Message exchange in an information technology network

US 20030081791A1
Filed: 10/26/2001
Published: 05/01/2003
Est. Priority Date: 10/26/2001
Status: Active Grant

First Claim

Patent Images

1. A method of requesting a service from a first enterprise, wherein at least an aspect of a request for the service requires authorisation by a second enterprise, the method comprising the steps of:

generating a document having a first module including first data, and a second module including encrypted second data;

sending the document to the first enterprise;

at the first enterprise, separating the first and second modules, and sending the second module to the second enterprise;

at the second enterprise, decrypting the second encrypted data within the second module, and on the basis of the second data, generating an authorisation for the first enterprise to proceed with the service request; and

sending the authorisation to the first enterprise.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Messages including encrypted data and having the form of XML documents are exchanged within an information technology network according to Simple Object Access Protocol (SOAP). Each message includes a session key (encrypted to the public key of the party receiving the message) within the XML document containing the encrypted data, meaning that each message is interpretable in a “stand alone” condition, without reference to some shared state (such as the session key for instance) between the parties involved in the messaging. Tags are used to generate modules within the document, and enable easy and convenient separation of elements of the document for distribution by the SOAP gateway protocol handler to the relevant application.

Citations

28 Claims

1. A method of requesting a service from a first enterprise, wherein at least an aspect of a request for the service requires authorisation by a second enterprise, the method comprising the steps of:
- generating a document having a first module including first data, and a second module including encrypted second data;
  
  sending the document to the first enterprise;
  
  at the first enterprise, separating the first and second modules, and sending the second module to the second enterprise;
  
  at the second enterprise, decrypting the second encrypted data within the second module, and on the basis of the second data, generating an authorisation for the first enterprise to proceed with the service request; and
  
  sending the authorisation to the first enterprise.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. A method according to claim 1 wherein the second module additionally includes data required in order to decrypt the second encrypted data.
  - 3. A method according to claim 2 wherein the data required to decrypt the second encrypted data is a session key, encrypted to a public key of the second enterprise.
  - 4. A method according to claim 1 wherein the second module is located within the first module.
  - 5. A method according to claim 1 wherein the document is structured so that the first and second modules are separately located.
  - 6. A method according to claim 1 wherein the first module additionally contains encrypted data, and data required to decrypt the first encrypted data.
  - 7. A method according to claim 6 wherein the data required to decrypt the first data is a session key, encrypted using a public key of the first enterprise.
  - 8. A method according to claim 1 wherein the first data additionally includes a public key of a requester of the service.
  - 9. A method according to claim 8 further comprising the step of sending a reply to the service request to the requester, the reply being encrypted to the public key of the requester.
  - 10. A method according to claim 9 wherein the reply is encrypted to a session key included within the reply, and the reply is encrypted to the public key of the requester as a result of the session key being encrypted to the public key of the requester.
  - 11. A method according to claim 1 wherein the modules of the document are defined by a markup language.
  - 12. A method according to claim 11 wherein the document is an XML document and the first and second modules are defined by XML tags.

13. A method of communicating with first and second enterprises via a publicly accessible network comprising the steps of:
- generating a markup language request document containing first data for processing by the first enterprise, and second data, encrypted for decryption by the second enterprise, and structuring the document to locate the first data in a first module of the document, and the second data in a second module of the document, separable from the first module without decryption of the second module; and
  
  sending the request document to the first enterprise.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. A method according to claim 13 further comprising the step, subsequent to receipt of the document by the first enterprise, of separating the first and second modules, and passing the second module to the second enterprise.
  - 15. A method according to claim 14, further comprising the steps, subsequent to receipt of the document by the second enterprise, of:
    - decrypting encrypted data within the second module;
      
      mapping at least one parameter in the second module to at least one parameter interpretable by the first enterprise;
      
      generating a further document including at least the interpretable parameter; and
      
      sending the further document to the first enterprise.
  - 16. A message according to claim 13 wherein data within the second module is encrypted to a session key which is included within the second module.
  - 17. A method according to claim 15 further comprising the step, prior to despatch of the further document to the first enterprise, of encrypting the interpretable parameter to the public key of the first enterprise.
  - 18. A method according to claim 15, wherein the method further comprises the steps, subsequent to receipt of the further document from the second enterprise, of:
    - generating a reply document, including a reply to the service request;
      
      encrypting the reply to the service request to a session key; and
      
      sending the reply document to the end user together with the further session key.

19. A method of exchanging messages between a first and a second party in accordance with an XML-based messaging Protocol comprising the steps of:
- generating, on behalf of the first party, an outbound message including a first XML document, and including within the first XML document an outbound session key to which at least part one parameter within the first XML document is encrypted;
  
  generating on behalf of the second party a reply message including a second XML document, and including within the second XML document a reply session key to which at least one further parameter within the second XML document is encrypted.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 20. A method according to claim 19 wherein the reply session key is the same as the outbound session key.
  - 21. A method according to claim 19 wherein the reply session key is different to the outbound session key.
  - 22. A method according to claim 19 further comprising the step of including a public key of the first party in the outbound message, to enable encryption of the reply session key to the aforesaid public key.
  - 23. A method according to claim 22 wherein the outbound message additionally includes a service request written in the clear.
  - 24. A method according to claim 19 wherein the messaging protocol requires each message including an XML document to include a message header and a message body, the outbound and reply session keys each being located within the header.
  - 25. A method according to claim 24 wherein the header additionally contains a signature to authenticate provenance of the message.
  - 26. A method according to claim 19, wherein the outbound message includes a plurality of modules defined by XML tags, wherein one of the modules contains the outbound session key, and a different module contains data encrypted to the outbound session key.
  - 27. A method according to claim 19 wherein the outbound message includes a plurality of modules defined by XML tags including:
    - a first module containing a default session key, a second module containing at least one parameter encrypted to the default session key, and a further module containing a special session key and a special parameter encrypted to the special session key.
  - 28. A method according to claim 27 wherein an indication that the special parameter is encrypted with a session key other than the default session key is contained within attributes of XML tags defining the further module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Company (HP Inc.)
Inventors
Schlageter, Mark, Erickson, John S.

Granted Patent

US 7,103,773 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/282
CPC Class Codes

G06F 21/606   by securing the transmissio...

G06F 21/6209   to a single file or object,...

H04L 63/0428   wherein the data content is...

Message exchange in an information technology network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Message exchange in an information technology network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links