Object-based security system
First Claim
1. A method for operating a first computer system, a second computer system, and a security system, wherein the first computer system comprises a process, a security object, and first middleware, and wherein the second computer system comprises second middleware, the method comprising:
- receiving a message from the process into the first middleware for transfer to the second computer system;
in the first middleware, inserting a security association into the message;
transferring the message from the first middleware;
receiving the message from the first middleware into the second middleware;
in the second middleware, extracting the security association from the message;
transferring the security association from the second middleware;
receiving the security association from the second middleware into the security system; and
checking security association extracted from the message with the stored security association to authenticate the message.
5 Assignments
0 Petitions
Accused Products
Abstract
The invention authenticates processes and inter-process messaging. In some examples of the invention, security is performed in three layers—the application layer, the middleware layer, and the transport layer. Some examples of the invention include software products. One software product comprises security software and middleware software stored on a software storage medium. The security software directs a processor to receive a log-in request for a process, generate a request to authenticate the process, transfer the request to authenticate the process, receive a security association for the process, and transfer the security association. The middleware software directs the processor to receive the security association from the security software, receive a message from the process, insert the security association into the message, and transfer the message. Another software product comprises security software stored on a software storage medium. The security software directs a processor to receive a request to authenticate a process, authenticate the process, generate a security association for the process, store the security association, transfer the security association, receive the security association extracted from a message, and check the security association extracted from the message with the stored security association to authenticate the message.
-
Citations
30 Claims
-
1. A method for operating a first computer system, a second computer system, and a security system, wherein the first computer system comprises a process, a security object, and first middleware, and wherein the second computer system comprises second middleware, the method comprising:
-
receiving a message from the process into the first middleware for transfer to the second computer system;
in the first middleware, inserting a security association into the message;
transferring the message from the first middleware;
receiving the message from the first middleware into the second middleware;
in the second middleware, extracting the security association from the message;
transferring the security association from the second middleware;
receiving the security association from the second middleware into the security system; and
checking security association extracted from the message with the stored security association to authenticate the message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
transferring a log-in request from the process to the security object;
transferring a request to authenticate the process from the security object;
receiving the request to authenticate the process into the security system;
in the security system, authenticating the process and generating the security association;
storing the security association and transferring the security association from the security system;
receiving the security association into the security object; and
transferring the security association from the security object to the first middleware.
-
-
3. The method of claim 2 wherein the process is a graphical user interface.
-
4. The method of claim 2 wherein the process is a communications provider agent.
-
5. The method of claim 2 wherein the process is a communications user agent.
-
6. The method of claim 2 wherein wherein the security object includes a Common Object Request Broker Architecture interface.
-
7. The method of claim 2 wherein the first middleware is an Object Request Broker.
-
8. The method of claim 7 wherein inserting the security association in the message comprises using an Object Request Broker interceptor to insert the security association.
-
9. The method of claim 2 wherein the second middleware is an Object Request Broker.
-
10. The method of claim 9 wherein extracting the security association in the message comprises using an Object Request Broker interceptor to extract the security association.
-
11. The method of claim 2 wherein the process has a private key, a public key, and a password, the method further comprising:
-
transferring the password from the process to the security object;
in the security object, encrypting the private key with the password; and
storing the encrypted private key.
-
-
12. The method of claim 11 wherein the log-in request includes the password and further comprising:
-
in the security object, decrypting the private key with the password;
in the security object, encrypting a value with the private key; and
wherein transferring the request to authenticate the process further comprises transferring the value and the encrypted value from the security object.
-
-
13. The method of claim 2 wherein authenticating the process in the security system further comprises:
-
decrypting the value with the public key; and
comparing the decrypted value with the value in the request to authenticate.
-
-
14. The method of claim 1 wherein the first computer system further comprises a first transport layer and the second computer system further comprises a second transport layer, the method further comprising:
-
transferring the security association from the security object to the first transport layer;
receiving the message from the first middleware into the first transport layer for transfer to the second computer system;
in the first transport layer, inserting the security association into the message;
transferring the message from the first transport layer;
receiving the message from the first transport layer into the second transport layer;
in the second transport layer, extracting the security association from the message;
transferring the security association from the second transport layer;
receiving the security association from the second transport layer into the security system; and
checking security association extracted from the message with the stored security association to authenticate the message.
-
-
15. The method of claim 14 wherein the first transport layer and the second transport layer are asynchronous transfer mode.
-
16. The method of claim 14 wherein the first transport layer and the second transport layer are internet protocol.
-
17. A software product comprising:
-
security software operational when executed by a processor to direct the processor to receive a log-in request for a process, generate a request to authenticate the process, transfer the request to authenticate the process, receive a security association for the process, and transfer the security association;
middleware software operational when executed by the processor to direct the processor to receive the security association from the security software, receive a message from the process, insert the security association into the message, and transfer the message; and
a software storage medium operational to store the security software and the middleware software. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A software product comprising:
-
security software operational when executed by a processor to direct the processor to receive a request to authenticate a process, authenticate the process, generate a security association for the process, store the security association, transfer the security association, receive the security association extracted from a message, and check the security association extracted from the message with the stored security association to authenticate the message; and
a software storage medium operational to store the security software. - View Dependent Claims (30)
-
Specification