Method and apparatus for a broker entity

US 20040220882A1
Filed: 04/29/2003
Published: 11/04/2004
Est. Priority Date: 04/29/2003
Status: Active Grant

First Claim

Patent Images

1. An apparatus for providing an end-to end, open, and secure commerce transactional environment, comprising:

an external module API;

a secure execution engine;

a protocol handler;

a message cache and routing table component;

an XML and regular expression parser; and

an XML message API.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for a broker entity is provided. A high-speed embedded firewall, a message-processing router, secure session protocol, transport management, and integrated intrusion detection is provided in a single-chip format.

Citations

63 Claims

1. An apparatus for providing an end-to end, open, and secure commerce transactional environment, comprising:
- an external module API;
  
  a secure execution engine;
  
  a protocol handler;
  
  a message cache and routing table component;
  
  an XML and regular expression parser; and
  
  an XML message API.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 2. The apparatus of claim 1, wherein said external module API and said XML message API are interface components to subscribing clients.
  - 3. The apparatus of claim 1, wherein said protocol handler allows communication with other such broker entities across a network, wherein said network is any of, but is not limited to a virtual private network and the Internet.
  - 4. The apparatus of claim 1, wherein said protocol handler can negotiate and destroy secure sessions dynamically.
  - 5. The apparatus of claim 1, wherein said protocol handler is installed at different contact points within a network.
  - 6. The apparatus of claim 1, wherein said protocol handler allows setting and following a security policy that chooses acceptable protocol.
  - 7. The apparatus of claim 1, wherein said message cache and routing table component provides a table in high-speed cache that is updated in real-time of all broker entities and corresponding services that are trusted.
  - 8. The apparatus of claim 1, wherein said message cache and routing table component provides status of available devices.
  - 9. The apparatus of claim 1, wherein said message cache and routing table component provides current security level, services provided, services subscribed to, and indications of detected presence of other broker entities, services offered by said other detected broker entities, or services to which said other detected broker entities subscribe.
  - 10. The apparatus of claim 1, wherein when a network connection breaks down said message cache and routing table component holds onto a request until the request can be fulfilled.
  - 11. The apparatus of claim 1, wherein said XML and regular expression parser is embedded in hardware for performing character parsing in high speed.
  - 12. The apparatus of claim 1, wherein said external module API stores configuration information and data about outside systems.
  - 13. The apparatus of claim 1, wherein said XML message API provides an open, standardized API to systems of record and/or to any database.
  - 14. The apparatus of claim 13, wherein said XML message API provides message types and rules information.
  - 15. The apparatus of claim 1, further comprising:
    - functionality onboard using Application-Specific Integrated Circuit (ASIC) and Field Programmable Gate-Array (FPGA) technology.
  - 16. The apparatus of claim 1, further comprising:
    - means for discovering other broker entities and setting up services to other broker entities using basic XML-based protocol.
  - 17. The apparatus of claim 1, further comprising:
    - Universal Description, Discovery and Integration (UDDI) specification for looking up and registering new services and connection rules as they become available online.
  - 18. The apparatus of claim 1, further comprising:
    - means for flashing with new transport protocols and basic messaging protocols.
  - 19. The apparatus of claim 1, further comprising:
    - means for allowing agreements to be configured on message exchanges, resulting in, but not limited to, configured messages.
  - 20. The apparatus of claim 19, wherein said configured messages comprise, but are not limited to, timeout values, latency period, round-trip times, and allowable return messages.
  - 21. The apparatus of claim 19, further comprising:
    - means for configuring to perform alternate procedures when said agreements are violated.
  - 22. The apparatus of claim 1, further comprising:
    - when a broker entity or subscribing service becomes available for transactions or becomes unavailable for transactions, means for notifying other broker entities on said table.
  - 23. The apparatus of claim 1, further comprising:
    - a Secure Sockets Layer/WTLS/lnternet Protocol Security (SSL/WTLS/IPSEC) connection with other broker entities.
  - 24. The apparatus of claim 1, further comprising:
    - means for selectively encrypting/decrypting XML messages and verifying signatures on XML messages at tag level.
  - 25. The apparatus of claim 1, further comprising:
    - means for using compact certificate technology, wherein each broker entity has a transaction definition table to decode transaction certificates received from other broker entities.
  - 26. The apparatus of claim 1, further comprising:
    - a message dictionary data source and a corresponding API for custom-defined the processing and security rules.
  - 27. The apparatus of claim 1, wherein permissions and authentication processing is embedded in a hard real-time kernel.
  - 28. The apparatus of claim 1, further comprising:
    - means for communicating with , but not limited to, MQ-Series and Common Object Request Broker Architecture (CORBA) and Enterprise JavaBeans (EJBs) via the Simple Object Access Protocol (SOAP) protocol.
  - 29. The apparatus of claim 1, further comprising:
    - maintenance interface enabling code running onboard allowing updating and system level testing to be performed while in operation.
  - 30. The apparatus of claim 1, further comprising:
    - subscription architecture for connecting to subscribing systems anywhere in the world, wherein a subscriber is any data source subscribing to a shared XML space in either of, but not limited to, a point-to-point or publish and subscribe configuration.

31. A method for providing an end-to end, open, and secure commerce transactional environment, comprising the steps of:
- providing an external module API;
  
  providing a secure execution engine;
  
  providing a protocol handler;
  
  providing a message cache and routing table component;
  
  providing an XML and regular expression parser; and
  
  providing an XML message API.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60)
- - 32. The method of claim 31, wherein said external module API and said XML message API are interface components to subscribing clients.
  - 33. The method of claim 31, wherein said protocol handler allows communication with other such broker entities across a network, wherein said network is any of, but is not limited to a virtual private network and the Internet.
  - 34. The method of claim 31, wherein said protocol handler can negotiate and destroy secure sessions dynamically.
  - 35. The method of claim 31, wherein said protocol handler is installed at different contact points within a network.
  - 36. The method of claim 31, wherein said protocol handler allows setting and following a security policy that chooses acceptable protocol.
  - 37. The method of claim 31, wherein said message cache and routing table component provides a table in high-speed cache that is updated in real-time of all broker entities and corresponding services that are trusted.
  - 38. The method of claim 31, wherein said message cache and routing table component provides status of available devices.
  - 39. The method of claim 31, wherein said message cache and routing table component provides current security level, services provided, services subscribed to, and indications of detected presence of other broker entities, services offered by said other detected broker entities, or services to which said other detected broker entities subscribe.
  - 40. The method of claim 31, wherein when a network connection breaks down said message cache and routing table component holds onto a request until the request can be fulfilled.
  - 41. The method of claim 31, wherein said XML and regular expression parser is embedded in hardware for performing character parsing in high speed.
  - 42. The method of claim 31, wherein said external module API stores configuration information and data about outside systems.
  - 43. The method of claim 31, wherein said XML message API provides an open, standardized API to systems of record and/or to any database.
  - 44. The method of claim 43, wherein said XML message API provides message types and rules information.
  - 45. The method of claim 31, further comprising the step of:
    - using Application-Specific Integrated Circuit (ASIC) and Field Programmable Gate-Array (FPGA) technology.
  - 46. The method of claim 31, further comprising the step of:
    - discovering other broker entities and setting up services to other broker entities using basic XML-based protocol.
  - 47. The method of claim 31, further comprising the step of:
    - using Universal Description, Discovery and Integration (UDDI) specification for looking up and registering new services and connection rules as they become available online.
  - 48. The method of claim 31, further comprising the step of:
    - flashing with new transport protocols and basic messaging protocols.
  - 49. The method of claim 31, further comprising the step of:
    - allowing agreements to be configured on message exchanges, resulting in, but not limited to, configured messages.
  - 50. The method of claim 49, wherein said configured messages comprise, but are not limited to, timeout values, latency period, round-trip times, and allowable return messages.
  - 51. The method of claim 49, further comprising the step of:
    - configuring to perform alternate procedures when said agreements are violated.
  - 52. The method of claim 31, further comprising the step of:
    - when a broker entity or subscribing service becomes available for transactions or becomes unavailable for transactions, notifying other broker entities on said table.
  - 53. The method of claim 31, further comprising the step of:
    - providing a Secure Sockets Layer/WTLS/Internet Protocol Security (SSLUWTLS/IPSEC) connection with other broker entities.
  - 54. The method of claim 31, further comprising the step of:
    - selectively encrypting/decrypting XML messages and verifying signatures on XML messages at tag level.
  - 55. The method of claim 31, further comprising the step of:
    - using compact certificate technology, wherein each broker entity has a transaction definition table to decode transaction certificates received from other broker entities.
  - 56. The method of claim 31, further comprising the step of:
    - providing a message dictionary data source and a corresponding API for custom-defined the processing and security rules.
  - 57. The method of claim 31, wherein permissions and authentication processing is embedded in a hard real-time kernel.
  - 58. The method of claim 31, further comprising the step of:
    - communicating with, but not limited to, MQ-Series and Common Object Request Broker Architecture (CORBA) and Enterprise JavaBeans (EJBS) via the Simple Object Access Protocol (SOAP) protocol.
  - 59. The method of claim 31, further comprising the step of:
    - providing maintenance interface enabling code running onboard allowing updating and system level testing to be performed while in operation.
  - 60. The method of claim 31, further comprising the step of:
    - providing subscription architecture for connecting to subscribing systems anywhere in the world, wherein a subscriber is any data source subscribing to a shared XML space in either of, but not limited to, a point-to-point or publish and subscribe configuration.

61. A high-speed hardware device for end-to-end, open, and secure financial transactions, comprising:
- a firewall;
  
  a virtual private network (VPN);
  
  a transport manager;
  
  an intrusion detection feature;
  
  a secure logger;
  
  a message processor;
  
  a message forwarder;
  
  a directory service; and
  
  a cryptographic processor.

62. An apparatus for end-to-end, open, and secure financial transactions, comprising:
- a self-repairing transactional mesh with integrated failover when security relevant events or service interruption are detected at any node;
  
  integrated hardware-based cryptographic operations for any transaction;
  
  hardware-based state machine technology, capable of loading C/C++ as well as Java-based objects for onboard execution;
  
  means for storing, routing, and executing application objects and network connections in a multi-level secure memory space;
  
  a hardware-based XML parser, for parsing and performing operations on XML objects within said secure memory space; and
  
  means for performing security filtering and logging on encrypted network streams as said streams enter said secure memory space.

63. A method for providing a multi-gigabit high-speed backplane, comprising the steps of:
- providing multiple embedded XML parsers broker entity boards;
  
  placing some or all of said boards in rack-mountable systems; and
  
  interconnecting some or all of said rack-mountable systems.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Wells Fargo Bank NA (Wells Fargo & Company)
Original Assignee
Wells Fargo Bank NA (Wells Fargo & Company)
Inventors
Colbert, Pamela, Akinyemi, Julius, Suto, Lawrence B., Wanta, Rebecca

Granted Patent

US 7,900,038 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/64
CPC Class Codes

G06Q 20/382   insuring higher security of...

H04L 2463/102   applying security measure f...

H04L 63/0272   Virtual private networks

H04L 63/04   for providing a confidentia...

H04L 63/0823   using certificates cryptogr...

H04L 63/166   at the transport layer

H04L 67/14   Session management for real...

H04L 67/288   Distributed intermediate de...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Method and apparatus for a broker entity

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

63 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for a broker entity

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

63 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links