Context-sensitive confidentiality within federated environments

US 20050223412A1
Filed: 03/31/2004
Published: 10/06/2005
Est. Priority Date: 03/31/2004
Status: Active Grant

First Claim

Patent Images

1. A method of achieving context-sensitive confidentiality among security domains within a federated environment, the method comprising steps of:

determining a route to be taken by a message to be transmitted in the federated environment, where the route spans a plurality of the security domains;

determining rights of nodes to be encountered on the determined route to access security-sensitive portions of the message;

selectively protecting the security-sensitive portions of the message, according to the determined access rights; and

transmitting the message with its selectively-protected portions on the determined route.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are disclosed for achieving context-sensitive confidentiality within a federated environment for which content is aggregated in a distributed Web portal (or similar aggregation framework), ensuring that message portions that should be confidential are confidential to all entities in the federated environment except those entities to which the message portions may properly be divulged. The federation may comprise an arbitrary number of autonomous security domains, and these security domains may have independent trust models and authentication services. Using the disclosed techniques, messages can be routed securely within a cross-domain federation (irrespective of routing paths), thereby ensuring that confidential information is not exposed to unintended third parties and that critical information is not tampered with while in transit between security domains. Preferred embodiments leverage Web services techniques and a number of industry standards.

148 Citations

21 Claims

1. A method of achieving context-sensitive confidentiality among security domains within a federated environment, the method comprising steps of:
- determining a route to be taken by a message to be transmitted in the federated environment, where the route spans a plurality of the security domains;
  
  determining rights of nodes to be encountered on the determined route to access security-sensitive portions of the message;
  
  selectively protecting the security-sensitive portions of the message, according to the determined access rights; and
  
  transmitting the message with its selectively-protected portions on the determined route.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method according to claim 1, wherein the selectively protecting step further comprises the step of encrypting at least one security-sensitive portion of the message.
  - 3. The method according to claim 1, wherein the selectively protecting step further comprises the step of computing a digital signature over at least one security-sensitive portion of the message.
  - 4. The method according to claim 1, wherein the step of determining the route further comprises the step of consulting policy to determine the route to be taken for this message.
  - 5. The method according to claim 1, wherein the step of determining the access rights further comprises the step of consulting policy for each of the nodes to be encountered.
  - 6. The method according to claim 1, further comprising the step of determining a role of at least one of the nodes to be encountered, and wherein the step of determining the access rights further comprises the step of consulting policy for each determined role, wherein the policy specifies access rights for that role.
  - 7. The method according to claim 1, wherein the selectively protecting step further comprises the step of encrypting each security-sensitive portion of the message for each node determined to have access rights to that portion.
  - 8. The method according to claim 7, wherein the encrypting step uses a public key associated with each of the nodes for which the encrypting step operates.
  - 9. The method according to claim 1, wherein the determined route is specified in the transmitted message.
  - 10. The method according to claim 1, further comprising the step of determining a role of at least one of the nodes to be encountered, and wherein the selectively protecting step further comprises the step of encrypting each security-sensitive portion of the message for each of the roles that are determined to have access rights to that portion.
  - 11. The method according to claim 10, wherein the encrypting step uses a public key associated with each of the roles for which the encrypting step operates.
  - 12. The method according to claim 1, further comprising the steps of:
    - receiving the transmitted message at a selected one of the nodes on the determined route; and
      
      securely accessing only those ones of the selectively-protected portions of the received message to which the selected node has access rights.
  - 13. The method according to claim 1, wherein the transmitted message contains information identifying an authentication authority from a first of the security domains, and indicates that this authentication authority has already authenticated a party for which the message requests access to services, such that nodes receiving the message in other ones of the security domains can bypass authentication of the party for access to services of that other security domain, upon verifying authenticity of the authentication authority and establishing that the authentication authority vouches for the received message.
  - 14. The method according to claim 13, wherein the authentication authority is determined to vouch for the received message if a digital signature computed by the authentication authority and transmitted with the message is determined, by the node receiving the message in the one of the other security domains, to be valid.
  - 15. The method according to claim 13, wherein the transmitted message contains security credentials of the party, where those security credentials have been authenticated by the identified authentication authority and are protected such that only authorized ones of the nodes receiving the message in other ones of the security domains can access the protected security credentials.
  - 16. The method according to claim 15, wherein the protected security credentials are encrypted using a public key of each of the authorized ones of the nodes receiving the message, such that each of the authorized ones can decrypt the protected security credentials using a corresponding private key.

17. A system for achieving context-sensitive confidentiality among security domains within a federated environment, the system comprising:
- means for determining a route to be taken by a message to be transmitted in the federated environment, where the route spans a plurality of the security domains;
  
  means for determining rights of nodes to be encountered on the determined route to access security-sensitive portions of the message;
  
  means for selectively protecting the security-sensitive portions of the message, according to the determined access rights; and
  
  means for transmitting the message with its selectively-protected portions on the determined route.

18. A computer program product for securely transmitting context-sensitive confidential message content among security domains within a federated environment, the computer program product embodied on one or more computer-readable media and comprising:
- computer-readable program code means for determining a route to be taken by a message to be transmitted in the federated environment, where the route spans a plurality of the security domains;
  
  computer-readable program code means for determining rights of nodes to be encountered on the determined route to access security-sensitive portions of the message;
  
  computer-readable program code means for selectively protecting the security-sensitive portions of the message, according to the determined access rights; and
  
  computer-readable program code means for transmitting the message with its selectively-protected portions on the determined route.

19. A method of providing a message confidentiality service for securely transmitting messages among security domains within a federated environment, the method comprising steps of:
- determining a route to be taken by a message to be transmitted in the federated environment, where the route spans a plurality of the security domains;
  
  determining rights of nodes to be encountered on the determined route to access security-sensitive portions of the message; and
  
  determining how the security-sensitive portions of the message should be protected, according to the determined access rights.

20. The method according to claim 20, further comprising the step of charging a fee for one or more of the determining steps.
- View Dependent Claims (21)
- - 21. The method according to claim 20, further comprising the step of applying the determined protections to the security-sensitive portions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Wesley, Ajamu A., Nadalin, Anthony J.

Granted Patent

US 7,467,399 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

G06F 21/6209   to a single file or object,...

H04L 63/0428   wherein the data content is...

H04L 63/126   the source of the received ...

Context-sensitive confidentiality within federated environments

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

148 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

Context-sensitive confidentiality within federated environments

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

148 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others