System and method for policy enforcement in structured electronic messages

US 20060048210A1
Filed: 09/01/2004
Published: 03/02/2006
Est. Priority Date: 09/01/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method for policy verification in electronic messages, the method comprising:

identifying a policy to be applied to an electronic message sent from a first end entity to a second end entity;

identifying at least one business rule to be applied to the electronic message;

evaluating the electronic message for applicability with the identified policy; and

routing the electronic message in accordance with the policy evaluation and the business rule.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed a validation service, for example a digital certificate validation service (CVS), that facilitates the application of user-defined policies to structured electronic messages, for example E-mails, and the implementation of corresponding business rules based on user, system, device or electronic message attributes. The present invention provides an easily scalable, extensible and reliable solution to enforcing policies in electronic communications. The service includes a method for policy enforcement in electronic messages that includes identifying one or more policies to be applied to an electronic message send from a first end entity to a second end entity and identifying at least one business rule to be applied to the electronic message. The electronic message is evaluated for compliance with the identified policy or policies, and the electronic message is routed in accordance with the policy evaluation and the identified business rules. The service is also includes a system for policy enforcement containing a single centralized validation server capable of intercepting the electronic messages and of evaluating those messages for compliance with pre-defined policies and business rules. The extensible policy verification server also includes a policy engine, a policy builder capable, a policy engine definition file to store a complete definition of the policy engine, a messaging queue and a scheduler.

Citations

33 Claims

1. A method for policy verification in electronic messages, the method comprising:
- identifying a policy to be applied to an electronic message sent from a first end entity to a second end entity;
  
  identifying at least one business rule to be applied to the electronic message;
  
  evaluating the electronic message for applicability with the identified policy; and
  
  routing the electronic message in accordance with the policy evaluation and the business rule.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein the step of identifying a policy to be applied to an electronic message comprises:
    - selecting one or more decision points from a list of pre-defined decision points, each decision point defined to evaluate an attribute of the electronic message; and
      
      associating with each decision point one or more actions to be taken based upon the evaluation of the electronic message.
  - 3. The method of claim 2, wherein the list of pre-defined decision points comprises verifying that the electronic message is signed, verifying that the electronic message is signed using a signature certificate issued by a trusted certificate authority, verifying that the first end entity owns the signature certificate, verifying that the signature certificate has not expired, verifying the signature certificate by verifying a certificate authority signature, verifying that a certificate revocation list to be used to verify the signature certificate is available and updated, verifying that the electronic message has not been modified after being sent by the first end entity, verifying a domain associated with the first end entity, verifying a domain associated with the second end entity, verifying that the electronic message is in the proper format or combinations thereof.
  - 4. The method of claim 2, wherein the decision point actions comprise sending the electronic message to the second end entity, routing the electronic message to a third party, rejecting the electronic message, modifying the electronic message, notifying the first end entity regarding results of the policy evaluation, notifying the second end entity regarding the results of the policy evaluation, notifying the third party regarding the results of the policy evaluation, returning the electronic message to the first end entity or combinations thereof.
  - 5. The method of claim 2, further comprising:
    - creating one or more decision point selection templates to assist in selecting decision points based upon electronic message content; and
      
      selecting the decision points using one of the templates.
  - 6. The method of claim 2, wherein the step of identifying a policy to be applied to an electronic message further comprises inputting one or more user-defined decision points.
  - 7. The method of claim 2, further comprising applying electronic message-based factors when associating the decision point actions with the decision points.
  - 8. The method of claim 1, further comprising saving the identified policy to a policy definitions file.
  - 9. The method of claim 1, wherein the step of identifying a policy further comprises identifying a plurality of policies capable of being applied to the electronic message;
    - and selecting at least one policy from the plurality of policies to be applied to the electronic message.
  - 10. The method of claim 9, wherein the step of identifying a plurality of policies comprises:
    - selecting, for each policy, one or more decision points from a list of pre-defined decision points, each decision point defined to evaluate a quality of the electronic message; and
      
      associating with each decision point one or more actions to be taken based upon the evaluation of the electronic message.
  - 11. The method of claim 10, wherein the list of pre-defined decision points comprises verifying that the electronic message is signed, verifying that the electronic message is signed using a signature certificate issued by a trusted certificate authority, verifying that the first end entity owns the signature certificate, verifying that the signature certificate has not expired, verifying the signature certificate by verifying a certificate authority signature, verifying that a certificate revocation list to be used to verify the signature certificate is available and updated, verifying that the electronic message has not been modified after being sent by the first end entity, verifying a domain associated with the first end entity, verifying a domain associated with the second end entity, verifying that the electronic message is in the proper format or combinations thereof.
  - 12. The method of claim 9, wherein the step of selecting at least one policy comprises using electronic message-based factors to select each policy.
  - 13. The method of claim 1, wherein the step of identifying a policy comprises using electronic message-based factors to identify the policy.
  - 14. The method of claim 1, further comprising determining if the business rule applies to the electronic message using electronic message-based factors.
  - 15. The method of claim 1, wherein the step of evaluating the electronic message comprises:
    - checking a certificate revocation list; and
      
      differentiating between revocation codes for cause and revocation codes for administrative purposes.
  - 16. The method of claim 1, wherein the step of routing comprises sending the electronic message to the second end entity, routing the electronic message to a third party, rejecting the electronic message, modifying the electronic message, notifying the first end entity regarding results of the policy evaluation, notifying the second end entity regarding the results of the policy evaluation, notifying the third party regarding the results of the policy evaluation, returning the electronic message to the first end entity or combinations thereof.
  - 17. The method of claim 1, further comprising:
    - signing the electronic message using a private key associated with the first end entity;
      
      encoding the signed electronic message using a public key associated with the second end entity; and
      
      sending the encoded, signed electronic message from the first end entity to the second end entity.

18. A system for enforcing policies and business rules in electronic messages exchanged across a network among a plurality of end entities, the system comprising at least one certificate verification server capable of intercepting the electronic messages and of evaluating those messages for compliance with pre-defined policies and business rules.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
- - 19. The system of claim 18, wherein the certificate verification server comprises a single, centralized server.
  - 20. The system of claim 18, wherein the certificate validation server comprises an extensible policy verification server.
  - 21. The system of claim 18, wherein the certificate verification server further comprises:
    - a policy engine capable of enforcing the policies and business rules;
      
      a policy builder capable of building the policy engine; and
      
      a policy engine definition file to store a complete definition of the policy engine.
  - 22. The system of claim 21, wherein the policy engine comprises:
    - a plurality of simple policy nodes, each defining a specific policy test and resulting action; and
      
      a plurality of macro policy nodes that define combinations of simple policy nodes.
  - 23. The system of claim 21, wherein the certificate verification server further comprises:
    - a messaging queue to intercept incoming and outgoing electronic messages for evaluation by the policy engine; and
      
      a scheduler to schedule the evaluation of electronic by the policy engine.
  - 24. The system of claim 18, wherein the certificate verification server is in communication with one or more certificate revocation lists, the certificate revocation lists used to evaluate compliance with the pre-defined policies.
  - 25. The system of claim 24, further comprising a plurality of policy engines, each policy engine associated with at least one certificate authority, each certificate authority comprising one or more of the certificate revocation lists.

26. A computer readable medium containing a computer executable code that when read by a computer causes the computer to perform a method for policy verification in electronic messages, the method comprising:
- identifying a policy to be applied to an electronic message send from a first end entity to a second end entity;
  
  identifying at least one business rule to be applied to the electronic message;
  
  evaluating the electronic message for applicability with the identified policy; and
  
  routing the electronic message in accordance with the policy evaluation and the applicable business rules.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33)
- - 27. The computer readable medium of claim 26, wherein the step of identifying a policy to be applied to an electronic message comprises:
    - selecting one or more decision points from a list of pre-defined decision points, each decision point defined to evaluate an attribute of the electronic message; and
      
      associating with each decision point one or more actions to be taken based upon the evaluation of the electronic message.
  - 28. The computer readable medium of claim 27, further comprising:
    - creating one or more decision point selection templates to assist in selecting decision points based upon electronic message content; and
      
      selecting the decision points based using one of the templates.
  - 29. The computer readable medium of claim 27, wherein the step of identifying a policy to be applied to an electronic message further comprises inputting one or more user-defined decision points.
  - 30. The computer readable medium of claim 27, further comprising applying electronic message-based factors when associating the decision point actions with the decision points.
  - 31. The computer readable medium of claim 26, further comprising saving the identified policy to a policy definitions file.
  - 32. The computer readable medium of claim 26, further comprising determining if the business rule applies to the electronic message using electronic message-based factors.
  - 33. The computer readable medium of claim 26, further comprising:
    - signing the electronic message using the first end entity'"'"'s private key;
      
      encoding the signed electronic message using the second end entity'"'"'s public key; and
      
      sending the encoded, signed electronic message from the first end entity to the second end entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Eric Arnold Hildre, Theodore Delano Putnam
Original Assignee
Eric Arnold Hildre, Theodore Delano Putnam
Inventors
Hildre, Eric Arnold, Putnam, Theodore Delano

Application Number

US10/931,876
Publication Number

US 20060048210A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 63/0823   using certificates cryptogr...

H04L 9/006   involving public key infras...

H04L 9/3268   using certificate validatio...

H04L 9/40   Network security protocols

System and method for policy enforcement in structured electronic messages

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for policy enforcement in structured electronic messages

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links