Object-based security system

US 6,330,677 B1
Filed: 10/27/1998
Issued: 12/11/2001
Est. Priority Date: 10/27/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method for operating a first computer system, a second computer system, and a security system, wherein the first computer system comprises a process, a security object, and first middleware, and wherein the second computer system comprises second middleware, the method comprising:

receiving a message from the process into the first middleware for transfer to the second computer system;

in the first middleware, inserting a security association into the message;

transferring the message from the first middleware;

receiving the message from the first middleware into the second middleware;

in the second middleware, extracting the security association from the message;

transferring the security association from the second middleware;

receiving the security association from the second middleware into the security system; and

checking security association extracted from the message with the stored security association to authenticate the message.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention authenticates processes and inter-process messaging. In some examples of the invention, security is performed in three layers—the application layer, the middleware layer, and the transport layer. Some examples of the invention include software products. One software product comprises security software and middleware software stored on a software storage medium. The security software directs a processor to receive a log-in request for a process, generate a request to authenticate the process, transfer the request to authenticate the process, receive a security association for the process, and transfer the security association. The middleware software directs the processor to receive the security association from the security software, receive a message from the process, insert the security association into the message, and transfer the message. Another software product comprises security software stored on a software storage medium. The security software directs a processor to receive a request to authenticate a process, authenticate the process, generate a security association for the process, store the security association, transfer the security association, receive the security association extracted from a message, and check the security association extracted from the message with the stored security association to authenticate the message.

83 Citations

View as Search Results

30 Claims

1. A method for operating a first computer system, a second computer system, and a security system, wherein the first computer system comprises a process, a security object, and first middleware, and wherein the second computer system comprises second middleware, the method comprising:
- receiving a message from the process into the first middleware for transfer to the second computer system;
  
  in the first middleware, inserting a security association into the message;
  
  transferring the message from the first middleware;
  
  receiving the message from the first middleware into the second middleware;
  
  in the second middleware, extracting the security association from the message;
  
  transferring the security association from the second middleware;
  
  receiving the security association from the second middleware into the security system; and
  
  checking security association extracted from the message with the stored security association to authenticate the message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1 further comprising:
3. The method of claim 2 wherein the process is a graphical user interface.
4. The method of claim 2 wherein the process is a communications provider agent.
5. The method of claim 2 wherein the process is a communications user agent.
6. The method of claim 2 wherein wherein the security object includes a Common Object Request Broker Architecture interface.
7. The method of claim 2 wherein the first middleware is an Object Request Broker.
8. The method of claim 7 wherein inserting the security association in the message comprises using an Object Request Broker interceptor to insert the security association.
9. The method of claim 2 wherein the second middleware is an Object Request Broker.
10. The method of claim 9 wherein extracting the security association in the message comprises using an Object Request Broker interceptor to extract the security association.
11. The method of claim 2 wherein the process has a private key, a public key, and a password, the method further comprising:
- transferring the password from the process to the security object;
  
  in the security object, encrypting the private key with the password; and
  
  storing the encrypted private key.
12. The method of claim 11 wherein the log-in request includes the password and further comprising:
- in the security object, decrypting the private key with the password;
  
  in the security object, encrypting a value with the private key; and
  
  wherein transferring the request to authenticate the process further comprises transferring the value and the encrypted value from the security object.
13. The method of claim 2 wherein authenticating the process in the security system further comprises:
- decrypting the value with the public key; and
  
  comparing the decrypted value with the value in the request to authenticate.
14. The method of claim 1 wherein the first computer system further comprises a first transport layer and the second computer system further comprises a second transport layer, the method further comprising:
- transferring the security association from the security object to the first transport layer;
  
  receiving the message from the first middleware into the first transport layer for transfer to the second computer system;
  
  in the first transport layer, inserting the security association into the message;
  
  transferring the message from the first transport layer;
  
  receiving the message from the first transport layer into the second transport layer;
  
  in the second transport layer, extracting the security association from the message;
  
  transferring the security association from the second transport layer;
  
  receiving the security association from the second transport layer into the security system; and
  
  checking security association extracted from the message with the stored security association to authenticate the message.
15. The method of claim 14 wherein the first transport layer and the second transport layer are asynchronous transfer mode.
16. The method of claim 14 wherein the first transport layer and the second transport layer are internet protocol.

17. A software product comprising:
- security software operational when executed by a processor to direct the processor to receive a log-in request for a process, generate a request to authenticate the process, transfer the request to authenticate the process, receive a security association for the process, and transfer the security association;
  
  middleware software operational when executed by the processor to direct the processor to receive the security association from the security software, receive a message from the process, insert the security association into the message, and transfer the message; and
  
  a software storage medium operational to store the security software and the middleware software.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 18. The software product of claim 17 wherein the security software includes a Common Object Request Broker Architecture interface.
  - 19. The software product of claim 18 wherein the middleware software is an Object Request Broker.
  - 20. The software product of claim 19 wherein the middleware software is further operational when executed by the processor to direct the processor to use an Object Request Broker interceptor to insert the security association.
  - 21. The software product of claim 17 wherein the middleware software is further operational when executed by the processor to direct the processor to receive another message from another process, to extract another security association from the other message, and transfer the other security association.
  - 22. The software product of claim 21 wherein the middleware software is further operational when executed by the processor to direct the processor to use an Object Request Broker interceptor to extract the other security association.
  - 23. The software product of claim 17 wherein the security software is further operational when executed by the processor to direct the processor to encrypt a private key with a password and to store the encrypted private key.
  - 24. The software product of claim 23 wherein the security software is further operational when executed by the processor to direct the processor to decrypt the private key with the password, to encrypt a value with the private key, and to transfer the value and the encrypted value.
  - 25. The software product of claim 17 further comprising transport software operational when executed by the processor to direct the processor to receive the message from the middleware software, insert the security association into the message, and transfer the message, and wherein the storage medium is further operational to store the transport software.
  - 26. The software product of claim 25 wherein the transport software is further operational when executed by the processor to direct the processor to receive another message, extract another security association from the other message, and transfer the other security association.
  - 27. The software product of claim 26 wherein the transport software is asynchronous transfer mode software.
  - 28. The software product of claim 26 wherein the transport software is internet protocol software.

29. A software product comprising:
- security software operational when executed by a processor to direct the processor to receive a request to authenticate a process, authenticate the process, generate a security association for the process, store the security association, transfer the security association, receive the security association extracted from a message, and check the security association extracted from the message with the stored security association to authenticate the message; and
  
  a software storage medium operational to store the security software.
- View Dependent Claims (30)
- - 30. The software product of claim 29 wherein the security software is further operational when executed by the processor to direct the processor to decrypt a value with a public key, and compare the decrypted value with a value in the request to authenticate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Madoukh, Ashraf T.
Primary Examiner(s)
HUA, LY

Application Number

US09/179,477
Time in Patent Office

1,141 Days
Field of Search

713/200, 713/201, 713/166
US Class Current

726/2
CPC Class Codes

G06F 21/445   by mutual authentication, e...

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

Object-based security system

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

83 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Object-based security system

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

83 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links