Secure end-to-end notification
First Claim
1. In a network that includes at least one notification source and at least one notification sink, the network supporting a notification mechanism by which the notification source passes notifications to the notification sink via at least one message transit point, a method for securely passing a notification from the notification source to the notification sink using the notification mechanism while providing end-to-end security despite the existence of the at least one message transit point, the method comprising the following:
- an act of negotiating security information between the notification source and the notification sink out of band from the notification mechanism;
after the security information has been negotiated, an act of using the security information to generate a message that includes an encrypted form of the notification, as well as clear-text supplemental information that may be used to decrypt the notification using the security information; and
an act of initiating transmission of the message to the notification sink via the at least one message transit point using the notification mechanism.
2 Assignments
0 Petitions
Accused Products
Abstract
Providing secure end-to-end notifications from a notification source to a notification sink despite the notification mechanism including one or more message transit points between the notification source and the notification sink. Initially, security information (e.g., the master security, the cryptographic algorithm, and the like) is negotiated out-of-band from the one or more message transit points so that the message transit points are not apprised of the security information. When a designated event occurs, the notification source generates a push message that includes the notification encrypted using the pre-negotiated security information. When the notification sink receives the push message, the notification sink decrypts the notification using the pre-negotiated security information, as well as supplemental information provided in the push message. Thus, the message transit points only have access to the encrypted form of the notification.
-
Citations
29 Claims
-
1. In a network that includes at least one notification source and at least one notification sink, the network supporting a notification mechanism by which the notification source passes notifications to the notification sink via at least one message transit point, a method for securely passing a notification from the notification source to the notification sink using the notification mechanism while providing end-to-end security despite the existence of the at least one message transit point, the method comprising the following:
-
an act of negotiating security information between the notification source and the notification sink out of band from the notification mechanism;
after the security information has been negotiated, an act of using the security information to generate a message that includes an encrypted form of the notification, as well as clear-text supplemental information that may be used to decrypt the notification using the security information; and
an act of initiating transmission of the message to the notification sink via the at least one message transit point using the notification mechanism. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. In a network that includes at least one notification source and at least one notification sink, the network supporting a notification mechanism by which the notification source passes notifications to the notification sink via at least one message transit point, a method for securely passing a notification from the notification source to the notification sink using the notification mechanism while providing end-to-end security despite the existence of the at least one message transit point, the method comprising the following:
-
a step for drafting a message so as to ensure secure end-to-end notification between the notification source and the notification sink; and
an act of initiating transmission of the message to the notification sink via the at least one message transit point using the notification mechanism. - View Dependent Claims (19)
-
-
20. A computer program product for use in a network that includes at least one notification source and at least one notification sink, the network supporting a notification mechanism by which the notification source passes notifications to the notification sink via at least one message transit point, the computer program product for implementing a method for securely passing a notification from the notification source to the notification sink using the notification mechanism while providing end-to-end security despite the existence of the at least one message transit point, the computer program product comprising one or more computer-readable media having stored thereon the following:
-
computer-executable instructions for negotiating security information between the notification source and the notification sink out of band from the notification mechanism;
computer-executable instructions for using the security information to generate a message after the security information has been negotiated, the message including an encrypted form of the notification, as well as clear-text supplemental information that may be used to decrypt the notification using the security information; and
computer-executable instructions for causing the message to be transmitted to the notification sink via the at least one message transit point using the notification mechanism. - View Dependent Claims (21, 22, 23, 24, 25)
-
-
26. In a network that includes at least one notification source and at least one notification sink, the network supporting a notification mechanism by which the notification source passes notifications to the notification sink via at least one message transit point, a method for securely receiving a notification from the notification source using the notification mechanism while providing end-to-end security despite the existence of the at least one message transit point, the method comprising the following:
-
an act of negotiating security information between the notification source and the notification sink out of band from the notification mechanism;
after the security information has been negotiated, an act of receiving a message from the notification source that was received via the at least one message transit point using the notification mechanism; and
an act of using the security information along with clear-text supplemental information included in the message to decrypt an encrypted form of the notification also included in the message. - View Dependent Claims (27, 28)
-
-
29. A computer program product for use in a network that includes at least one notification source and at least one notification sink, the network supporting a notification mechanism by which the notification source passes notifications to the notification sink via at least one message transit point, the computer program product for implementing a method for securely receiving a notification from the notification source using the notification mechanism while providing end-to-end security despite the existence of the at least one message transit point, the computer program product comprising one or more computer-readable media having stored thereon the following:
-
computer-executable instructions for negotiating security information between the notification source and the notification sink out of band from the notification mechanism;
computer-executable instructions for detecting the receipt of a message from the notification source after negotiating the security information, the message being received via the at least one message transit point using the notification mechanism; and
computer-executable instructions for using the security information along with clear-text supplemental information included in the message to decrypt an encrypted form of the notification also included in the message.
-
Specification