Flexible electronic message security mechanism
First Claim
1. In a network environment that includes a plurality of computing systems capable of communicating using electronic messaging, a method for a source computing system constructing an electronic message, the method comprising the following:
- an act of designating at least one destination address in the electronic message, the destination address corresponding to one or more recipient computing devices;
an act of including a first security token in a header portion of the electronic message, the first security token being at least derived from a first credential of a first credential type; and
an act of including a second security token in the header portion of the electronic message, the second security token being at least derived from a second credential of a second credential type.
2 Assignments
0 Petitions
Accused Products
Abstract
Multiple different credentials and/or signatures based on different credentials may be included in a header portion of a single electronic message. Different recipients of intermediary computing systems may use the different credentials/signatures to identify the signer. The electronic message may include an encoding algorithm and a type identification of a credential included in the electronic message, allowing the recipient to decode and process the credential as appropriate given the type of credential. Also, the electronic message may include a pointer that references a credential associated with a signature included in the electronic message. That referenced credential may be accessed from the same electronic message, or from some other location. The recipient may then compare the references credential from the credentials used to generate the signature. If a match occurs, the integrity of the electronic message has more likely been preserved.
-
Citations
71 Claims
-
1. In a network environment that includes a plurality of computing systems capable of communicating using electronic messaging, a method for a source computing system constructing an electronic message, the method comprising the following:
-
an act of designating at least one destination address in the electronic message, the destination address corresponding to one or more recipient computing devices;
an act of including a first security token in a header portion of the electronic message, the first security token being at least derived from a first credential of a first credential type; and
an act of including a second security token in the header portion of the electronic message, the second security token being at least derived from a second credential of a second credential type. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A computer program product for use in a network environment that includes a plurality of computing systems capable of communicating using electronic messaging, the computer program product for implementing a method for a source computing system constructing an electronic message, the computer program product comprising one or more computer-readable media have thereon the following:
-
computer-executable instructions for designating at least one destination address in the electronic message, the destination address corresponding to one or more recipient computing devices;
computer-executable instructions for including a first security token in a header portion of the electronic message, the first security token being at least derived from a first credential of a first credential type; and
computer-executable instructions for including a second security token in the header portion of the electronic message, the second security token being at least derived from a second credential of a second credential type. - View Dependent Claims (24, 25, 26, 27)
-
-
28. One or more computer-readable media having stored thereon a data structure that represents an electronic message, the electronic message including a header field and a body field, the header field including the following:
-
a first data field that represents at least one destination address in the electronic message, the destination address corresponding to one or more recipient computing devices;
a second data field that represents a first security token in a header field, the first security token being at least derived from a first credential of a first credential type; and
a third data field that represents a second security token in the header field, the second security token being at least derived from a second credential of a second credential type. - View Dependent Claims (29, 30, 31, 32, 33, 34)
-
-
35. A computer program product for use in a network environment that includes a plurality of computing systems capable of communicating using electronic messaging, a method for identifying a source computing system of an electronic message, the computer program product comprising one or more computer-readable media having stored thereon the following:
-
computer-executable instructions for detecting the receipt of an electronic message;
computer-executable instructions for selecting one of a plurality of credentials included in a header portion of the electronic message; and
computer-executable instructions for identifying the source computer system using the selected credential. - View Dependent Claims (36)
-
-
37. A computer program product for use in a network environment that includes a plurality of computing systems capable of communicating using electronic messaging, a method for identifying a source computing system of an electronic message, the computer program product comprising one or more computer-readable media having stored thereon the following:
-
computer-executable instructions for detecting the receipt of an electronic message;
computer-executable instructions for reading a credential from the electronic message;
computer-executable instructions for determining how to handle the credential and the electronic message based on a position of the credential within a logical hierarchical tree of credentials. computer-executable instructions for handling the credential and the electronic message as determined. - View Dependent Claims (38, 39, 40, 41, 42)
-
-
43. One or more computer-readable media having stored thereon a data structure, the data structure comprising the following:
-
a first data field that represents a first credential;
a second data field that represents a second credential;
a third data field that represents a chain of semantics inheritance between the first and second credential.
-
-
44. In a network environment that includes a plurality of computing systems capable of communicating using electronic messaging, a method for a source computing system constructing an electronic message, the method comprising the following:
-
an act of encoding a credential that identifies the source computing device;
an act of including the credential in a header portion of an electronic message; and
an act of including, in the header portion, information indicative of a type of the credential. - View Dependent Claims (45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55)
-
-
56. A computer program product for use in a network environment that includes a plurality of computing systems capable of communicating using electronic messaging, the computer program product for implementing a method for a source computing system constructing an electronic message, the computer program product comprising one or more computer-readable media having stored thereon the following:
-
a first software module that, when executed by one or more processors, is adapted to encode a credential that identifies the source computing device;
a second software module that, when executed by one of more processors, is adapted to include the credential in a header portion of the electronic message;
a third software module that, when executed by one of more processors, is adapted to include, in the header portion, an identification of an encoding format of the credential; and
a fourth software module that, when executed by one of more processors, is adapted to include, in the header portion, an identification of a type of the credential. - View Dependent Claims (57)
-
-
58. In a network environment that includes a plurality of computing systems capable of communicating using electronic messaging, a method for a source computing system constructing an electronic message, the method comprising the following:
-
an act of including an electronic signature in a header portion of an electronic message, the electronic signature generated by a user;
an act of generating a reference indicating where a credential associated with the electronic signature may be found;
an act of including the reference in the header portion of the electronic message. - View Dependent Claims (59, 60, 61, 62, 63, 64)
-
-
65. In a network environment that includes a plurality of computing systems capable of communicating using electronic messaging, a method for a recipient computing system to verify the identity of a sender of an electronic message, the method comprising the following:
-
an act of receiving the electronic message;
an act of reading an electronic signature from a header portion of the electronic message, the electronic signature generated by a user;
an act of reading a reference from the header portion, the reference indicating where a credential associated with the user may be found;
an act of using the reference to find the credential; and
an act of determining if the credential corresponds with the electronic signature. - View Dependent Claims (66, 67)
-
-
68. A computer program product for use in a network environment that includes a plurality of computing systems capable of communicating using electronic messaging, the computer program product for implementing a method for a recipient computing system to verify the identity of a sender of an electronic message, the computer program product comprising one or more computer-readable media having thereon the following:
-
computer-executable instructions for detecting the receipt of the electronic message;
computer-executable instructions for reading an electronic signature from a header portion of the electronic message, the electronic signature generated by a user;
computer-executable instructions for reading a reference from the header portion, the reference indicating where a credential associated with the user may be found;
computer-executable instructions for using the reference to find the credential; and
computer-executable instructions for determining if the credential corresponds with the electronic signature. - View Dependent Claims (69)
-
-
70. In a network environment that includes a plurality of computing systems capable of communicating using electronic messaging, a method for a source computing system constructing a Simple Object Access Protocol envelope, the method comprising the following:
-
an act of designating at least one destination address in the SOAP envelope, the destination address corresponding to one or more recipient computing devices; and
an act of including a first security token in a header portion of the SOAP envelope, the first security token being at least derived from a first credential of a first credential type. - View Dependent Claims (71)
-
Specification