Object-based security system
First Claim
1. A software product for secure communications using a computer system, the software product comprising:
- message interface software configured to direct the computer system to transfer messages between Graphical User Interface (GUI) software and security software and between the GUI software and transport software, to provide the GUI software with language-neutral method calls to the security software, to insert first security associations into the messages transferred from the computer system, to extract second security associations from the messages received by the computer system, and to transfer the second security associations for authentication by a security system; and
a storage media that stores the message interface software.
4 Assignments
0 Petitions
Accused Products
Abstract
The invention authenticates processes and inter-process messaging. In some examples of the invention, security is performed in three layers—the application layer, the middleware layer, and the transport layer. Some examples of the invention include software products. One software product comprises security software and middleware software stored on a software storage medium. The security software directs a processor to receive a log-in request for a process, generate a request to authenticate the process, transfer the request to authenticate the process, receive a security association for the process, and transfer the security association. The middleware software directs the processor to receive the security association from the security software, receive a message from the process, insert the security association into the message, and transfer the message. Another software product comprises security software stored on a software storage medium. The security software directs a processor to receive a request to authenticate a process, authenticate the process, generate a security association for the process, store the security association, transfer the security association, receive the security association extracted from a message, and check the security association extracted from the message with the stored security association to authenticate the message.
-
Citations
38 Claims
-
1. A software product for secure communications using a computer system, the software product comprising:
-
message interface software configured to direct the computer system to transfer messages between Graphical User Interface (GUI) software and security software and between the GUI software and transport software, to provide the GUI software with language-neutral method calls to the security software, to insert first security associations into the messages transferred from the computer system, to extract second security associations from the messages received by the computer system, and to transfer the second security associations for authentication by a security system; and
a storage media that stores the message interface software. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method of operating a computer system for secure communications, the method comprising:
-
transferring messages through a message interface between a Graphical User Interface (GUI) and a security process and between the GUI and a transport interface;
in the message interface, providing the GUI software with language-neutral method calls to the security software;
in the message interface, inserting first security associations into the messages transferred from the computer system;
in the message interface, extracting second security associations from the messages received by the computer system; and
transferring the second security associations from the message interface for authentication by a security system. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
transferring the messages through the transport interface between the message interface and a communication network;
in the transport interface, inserting the first security associations into the messages transferred from computer system;
in the transport interface, extracting the second security associations from the messages received by the computer system; and
transferring the second security associations from the transport interface for authentication by a security system.
-
-
19. The method of claim 18 wherein inserting the first security associations into the messages transferred from the computer system comprises:
-
in the message interface, inserting a first portion of the first security associations into the messages transferred from the computer system; and
in the transport interface, inserting a second portion of the first security associations into the messages transferred from computer system.
-
-
20. The method of claim 18 wherein transferring the messages through the message interface and the transport interface between the GUI and the communication network comprises providing Internet access using an Internet Protocol.
-
21. The method of claim 13 further comprising:
-
in the security process, receiving a password from the GUI through the message interface;
in the security process, decrypting a private key with the password;
in the security process, encrypting a result with the private key; and
transferring the encrypted result from the security process for authentication by the security system.
-
-
22. The method of claim 13 wherein the GUI is configured to provide an employee with access to an employer communication network over the Internet.
-
23. The method of claim 13 wherein the GUI is configured to provide a customer with access to a service over the Internet.
-
24. The method of claim 13 wherein the GUI is configured to provide a network customer with access to a communication network manager over the Internet.
-
25. A communication system comprising:
-
a session manager configured to exchange network control messages with user systems, process the network control messages to control communication services for the user systems, insert first security associations in two different layers of the network control messages transferred to the user systems, extract second security associations from the two different layers of the network control messages received from the user systems; and
a security system configured to exchange security messages with the user systems to authenticate the user systems, and to process the second security associations to authenticate the network control messages received from the user systems. - View Dependent Claims (26, 27, 28, 29, 30, 31)
-
-
32. A method of operating a communication system, the method comprising:
-
exchanging security messages with user systems to authenticate the user systems;
exchanging network control messages with user systems and processing the network control messages to control communication services for the user systems;
inserting first security associations in two different layers of the network control messages transferred to the user systems;
extracting second security associations from the two different layers of the network control messages received from the user systems; and
processing the second security associations to authenticate the network control messages received from the user systems. - View Dependent Claims (33, 34, 35, 36, 37, 38)
-
Specification