System And Methods For Secure Service Oriented Architectures

US 20070050376A1
Filed: 08/18/2006
Published: 03/01/2007
Est. Priority Date: 08/24/2005
Status: Active Grant

First Claim

Patent Images

1. A method of controlling and securing a service oriented architecture, comprising:

intercepting a message between a requesting web service and a source web service;

validating the message;

logging a result of the validation; and

adding a security profile to the message if a security profile is not already present.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is a method for intercepting a message between a requesting web service and a source web service, validating the message, logging the result of the validations, and adding a security profile to the message. The method may also include examining the message to determine whether a security profile is embedded therein. If the message is valid, access to the message by the requesting web service is permitted. If the message is not valid, access to the message by the requesting web service is prevented.

44 Citations

View as Search Results

20 Claims

1. A method of controlling and securing a service oriented architecture, comprising:
- intercepting a message between a requesting web service and a source web service;
  
  validating the message;
  
  logging a result of the validation; and
  
  adding a security profile to the message if a security profile is not already present.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising examining the message to determine whether a security profile is embedded therein.
  - 3. The method of claim 2, wherein if a security profile is embedded in the message, validating the message comprises:
    - comparing the security profile embedded in the message with a second security profile associated with the requesting service.
  - 4. The method of claim 2, wherein if no security profile is embedded in the message, validating the message comprises:
    - authenticating a user associated with the requesting web service; and
      
      , if the user is legitimate, creating a security profile and embedding the security profile in the message.
  - 5. The method of claim 1, wherein if the message is valid, permitting access to the message by the requesting web service.
  - 6. The method of claim 1, wherein if the message is not valid, preventing access to the message by the requesting web service.
  - 7. The method of claim 1, further comprising:
    - generating a new message capable of being requested by the requesting web service;
      
      defining a security profile; and
      
      embedding the security profile in the message such that the message may be validated when requested by the requesting web service.
  - 8. The method of claim 2, wherein the security profile comprises a data security designation, a services security designation, and a user security designation determined based on a security policy.

9. A computer-readable medium storing a software program that, when executed by a processor, causes the processor to:
- intercept a message between a requesting web service and a source web service;
  
  validate the message;
  
  log a result of the validation; and
  
  add a security profile to the message if a security profile is not already present.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer-readable medium storing a software program of claim 9, that, when executed, further causes the processor to examine the message to determine whether a security profile is embedded therein.
  - 11. The computer-readable medium storing a software program of claim 9, wherein if a security profile is embedded in the message, the program further causes the processor to validate the message by comparing the security profile embedded in the message with a second security profile associated with the requesting service.
  - 12. The computer-readable medium storing a software program of claim 9, wherein if a security profile is not embedded in the message, the program further causes the processor to validate the message by authenticating a user associated with the requesting web service;
    - and, if the user is legitimate, create a security profile and embedding the security profile in the message.
  - 13. The computer-readable medium storing a software program of claim 9, wherein if the message is valid, the program further causes the processor to permit access to the message by the requesting web service.
  - 14. The computer-readable medium storing a software program of claim 9, wherein if the message is not valid, the program further causes the processor prevent access to the message by the requesting web service.
  - 15. The computer-readable medium storing a software program of claim 9, that, when executed, further causes the processor to:
    - generate a new message capable of being requested by the requesting web service;
      
      define a security profile; and
      
      embed the security profile in the message such that the message may be validated when requested by the requesting web service.
  - 16. The computer-readable medium storing a software program of claim 9, wherein the security profile comprises a data security designation, a services security designation, and a user security designation determined based on a security policy.

17. A secure service oriented architecture, comprising:
- one or more web services operable to pass data messages between the one or more web services;
  
  wherein each web service is operably coupled for communication of data messages through an intermediary;
  
  wherein each intermediary is operable to;
  
  intercept a message between a requesting web service and a source web service;
  
  validate the message by examining the message to determine whether a security profile is embedded therein;
  
  if the message is valid, permit access to the message by the requesting web service;
  
  if the message is not valid, prevent access to the message by the requesting web service;
  
  log a result of the validation; and
  
  add a security profile to the message if a security profile is not already present.
- View Dependent Claims (18, 19, 20)
- - 18. The architecture of claim 17, wherein:
    - if a security profile is embedded in the message, the intermediary is further operable to validate the message by comparing the security profile embedded in the message with a second security profile associated with the requesting service; and
      
      if a security profile is not embedded in the message, the intermediary is further operable to validate the message by authenticating a user associated with the requesting web service; and
      
      , if the user is legitimate, create a security profile and embedding the security profile in the message.
  - 19. The architecture of claim 17, wherein each intermediary is further operable to:
    - generate a new message capable of being requested by the requesting web service;
      
      define a security profile; and
      
      embed the security profile in the message such that the message may be validated when requested by the requesting web service.
  - 20. The architecture of claim 17, wherein each intermediary communicates with the other intermediaries to maintain an architecture-level data engine populated with security profiles for messages and services within the architecture.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Metasecure Corporation
Original Assignee
Metasecure Corporation
Inventors
Maida-Smith, Kathy, Engle, Steven, Lindsey, John, Nieves, Michael

Granted Patent

US 7,647,627 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/958   Organisation or management ...

H04L 63/0281   Proxies

H04L 63/101   Access control lists [ACL]

H04L 63/168   above the transport layer

H04L 67/02   based on web technology, e....

H04L 67/51   Discovery or management the...

System And Methods For Secure Service Oriented Architectures

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

44 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System And Methods For Secure Service Oriented Architectures

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links