Object-based security system

US 6,594,763 B1
Filed: 09/25/2001
Issued: 07/15/2003
Est. Priority Date: 10/27/1998
Status: Expired due to Fees

First Claim

Patent Images

1. A software product for secure communications using a computer system, the software product comprising:

message interface software configured to direct the computer system to transfer messages between Graphical User Interface (GUI) software and security software and between the GUI software and transport software, to provide the GUI software with language-neutral method calls to the security software, to insert first security associations into the messages transferred from the computer system, to extract second security associations from the messages received by the computer system, and to transfer the second security associations for authentication by a security system; and

a storage media that stores the message interface software.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention authenticates processes and inter-process messaging. In some examples of the invention, security is performed in three layers—the application layer, the middleware layer, and the transport layer. Some examples of the invention include software products. One software product comprises security software and middleware software stored on a software storage medium. The security software directs a processor to receive a log-in request for a process, generate a request to authenticate the process, transfer the request to authenticate the process, receive a security association for the process, and transfer the security association. The middleware software directs the processor to receive the security association from the security software, receive a message from the process, insert the security association into the message, and transfer the message. Another software product comprises security software stored on a software storage medium. The security software directs a processor to receive a request to authenticate a process, authenticate the process, generate a security association for the process, store the security association, transfer the security association, receive the security association extracted from a message, and check the security association extracted from the message with the stored security association to authenticate the message.

Citations

38 Claims

1. A software product for secure communications using a computer system, the software product comprising:
- message interface software configured to direct the computer system to transfer messages between Graphical User Interface (GUI) software and security software and between the GUI software and transport software, to provide the GUI software with language-neutral method calls to the security software, to insert first security associations into the messages transferred from the computer system, to extract second security associations from the messages received by the computer system, and to transfer the second security associations for authentication by a security system; and
  
  a storage media that stores the message interface software.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The software product of claim 1 wherein the message interface software is configured to direct the computer system to store information indicating ports, Internet addresses, and object identifiers for software objects.
  - 3. The software product of claim 1 wherein the message interface software is configured to direct the computer system to implement an Interface Description Language (IDL).
  - 4. The software product of claim 1 wherein the message interface software is configured to direct the computer system to implement Microsoft DCOM.
  - 5. The software product of claim 1 wherein a portion of the messages are CORBA exception messages.
  - 6. The software product of claim 1 further comprising the transport software configured to direct the computer system to transfer the messages between the message interface software and a communication network, to insert the first security associations into the messages transferred from computer system, and to extract the second security associations from the messages received by the computer system, and transfer the second security associations for authentication by a security system, and wherein the storage media stores the transport software.
  - 7. The software product of claim 6 wherein the message interface software is configured to direct the computer system to insert a first portion of the first security associations into the messages transferred from the computer system, and wherein the transport software is configured to direct the computer system to insert a second portion of the first security associations into the messages transferred from computer system.
  - 8. The software product of claim 6 wherein the GUI software is configured to direct the computer system to provide Internet access and the transport software is configured to direct the computer system to implement an Internet Protocol.
  - 9. The software product of claim 1 further comprising the security software configured to direct the computer system to receive a password from the GUI software through the message interface, decrypt a private key with the password, encrypt a result with the private key, and transfer the encrypted result for authentication by the security system, and wherein the storage media stores the security software.
  - 10. The software product of claim 1 wherein the GUI software is configured to direct the computer system to provide an employee with access to an employer communication network over the Internet.
  - 11. The software product of claim 1 wherein the GUI software is configured to direct the computer system to provide a customer with access to a service over the Internet.
  - 12. The software product of claim 1 wherein the GUI software is configured to direct the computer system to provide a network customer with access to a communication network manager over the Internet.

13. A method of operating a computer system for secure communications, the method comprising:
- transferring messages through a message interface between a Graphical User Interface (GUI) and a security process and between the GUI and a transport interface;
  
  in the message interface, providing the GUI software with language-neutral method calls to the security software;
  
  in the message interface, inserting first security associations into the messages transferred from the computer system;
  
  in the message interface, extracting second security associations from the messages received by the computer system; and
  
  transferring the second security associations from the message interface for authentication by a security system.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The method of claim 13 wherein providing the GUI with the language-neutral method calls to the security process comprises storing information indicating ports, Internet addresses, and object identifiers for software objects.
  - 15. The method of claim 13 wherein providing the GUI with the language-neutral method calls to the security process comprises implementing an Interface Description Language (IDL).
  - 16. The method of claim 13 wherein providing the GUI with the language-neutral method calls to the security process comprises implementing Microsoft DCOM.
  - 17. The method of claim 13 wherein a portion of the messages are CORBA exception messages.
  - 18. The method of claim 13 further comprising:
19. The method of claim 18 wherein inserting the first security associations into the messages transferred from the computer system comprises:
- in the message interface, inserting a first portion of the first security associations into the messages transferred from the computer system; and
  
  in the transport interface, inserting a second portion of the first security associations into the messages transferred from computer system.
20. The method of claim 18 wherein transferring the messages through the message interface and the transport interface between the GUI and the communication network comprises providing Internet access using an Internet Protocol.
21. The method of claim 13 further comprising:
- in the security process, receiving a password from the GUI through the message interface;
  
  in the security process, decrypting a private key with the password;
  
  in the security process, encrypting a result with the private key; and
  
  transferring the encrypted result from the security process for authentication by the security system.
22. The method of claim 13 wherein the GUI is configured to provide an employee with access to an employer communication network over the Internet.
23. The method of claim 13 wherein the GUI is configured to provide a customer with access to a service over the Internet.
24. The method of claim 13 wherein the GUI is configured to provide a network customer with access to a communication network manager over the Internet.

25. A communication system comprising:
- a session manager configured to exchange network control messages with user systems, process the network control messages to control communication services for the user systems, insert first security associations in two different layers of the network control messages transferred to the user systems, extract second security associations from the two different layers of the network control messages received from the user systems; and
  
  a security system configured to exchange security messages with the user systems to authenticate the user systems, and to process the second security associations to authenticate the network control messages received from the user systems.
- View Dependent Claims (26, 27, 28, 29, 30, 31)
- - 26. The communication system of claim 25 wherein one of the layers comprises a network transport layer.
  - 27. The communication system of claim 25 wherein one of the layers comprises a language-neutral message interface layer.
  - 28. The communication system of claim 25 wherein one of the layers comprises an Internet Protocol layer.
  - 29. The communication system of claim 25 wherein one of the layers comprises a Microsoft DCOM layer.
  - 30. The communication system of claim 25 wherein one of the layers comprises a CORBA layer.
  - 31. The communication system of claim 25 wherein the security system is configured to generate the first security associations and the second security associations.

32. A method of operating a communication system, the method comprising:
- exchanging security messages with user systems to authenticate the user systems;
  
  exchanging network control messages with user systems and processing the network control messages to control communication services for the user systems;
  
  inserting first security associations in two different layers of the network control messages transferred to the user systems;
  
  extracting second security associations from the two different layers of the network control messages received from the user systems; and
  
  processing the second security associations to authenticate the network control messages received from the user systems.
- View Dependent Claims (33, 34, 35, 36, 37, 38)
- - 33. The method of claim 32 wherein one of the layers comprises a network transport layer.
  - 34. The method of claim 32 wherein one of the layers comprises a language-neutral message interface layer.
  - 35. The method of claim 32 wherein one of the layers comprises an Internet Protocol layer.
  - 36. The method of claim 32 wherein one of the layers comprises a Microsoft DCOM layer.
  - 37. The method of claim 32 wherein one of the layers comprises a CORBA layer.
  - 38. The method of claim 32 further comprising generating the first security associations and the second security associations.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Madoukh, Ashraf T.
Primary Examiner(s)
HUA, LY

Application Number

US09/963,158
Time in Patent Office

658 Days
Field of Search

713/200, 713/201, 713/202, 713/155, 713/151, 713/168, 713/156, 709/229, 709/328, 380/251, 380/255, 380/277, 380/287
US Class Current

726/1
CPC Class Codes

G06F 21/445   by mutual authentication, e...

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

Object-based security system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Object-based security system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links