Object-based security system
First Claim
1. A communication method comprising:
- in a fist system having a first process, transferring information for the first process to a security system where the security system is located in a second system;
in the security system, processing the information to authenticate the first process, and if the first process is authenticated, transferring a security association to the first system;
in the first system, receiving a message from the first process, inserting the security association into the message, and transferring the message with the security association to a third system;
in the third system, extracting the security association from the message and transferring the security association to the security system; and
in the security system, comparing the security association transferred to the first system with the security association received from the third system for a match to authenticate the message.
4 Assignments
0 Petitions
Accused Products
Abstract
The invention authenticates processes and inter-process messaging. In some examples of the invention, security is performed in three layers—the application layer, the middleware layer, and the transport layer. Some examples of the invention include software products. One software product comprises security software and middleware software stored on a software storage medium. The security software directs a processor to receive a log-in request for a process, generate a request to authenticate the process, transfer the request to authenticate the process, receive a security association for the process, and transfer the security association. The middleware software directs the processor to receive the security association from the security software, receive a message from the process, insert the security association into the message, and transfer the message. Another software product comprises security software stored on a software storage medium. The security software directs a processor to receive a request to authenticate a process, authenticate the process, generate a security association for the process, store the security association, transfer the security association, receive the security association extracted from a message, and check the security association extracted from the message with the stored security association to authenticate the message.
67 Citations
20 Claims
-
1. A communication method comprising:
-
in a fist system having a first process, transferring information for the first process to a security system where the security system is located in a second system;
in the security system, processing the information to authenticate the first process, and if the first process is authenticated, transferring a security association to the first system;
in the first system, receiving a message from the first process, inserting the security association into the message, and transferring the message with the security association to a third system;
in the third system, extracting the security association from the message and transferring the security association to the security system; and
in the security system, comparing the security association transferred to the first system with the security association received from the third system for a match to authenticate the message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
generating a random number;
processing the random number with a mathematical function to generate a first result;
encrypting the first result with a private key for the first process; and
wherein transferring the information for the first process to the security system comprises transferring the random number and the encrypted first result to the security system.
-
-
3. The method of claim 2 wherein, in the security system, processing the information to authenticate the first process comprises:
-
processing the random number with the mathematical function to generate a second result;
decrypting the encrypted first result with a public key for the first process; and
comparing the decrypted first result with the second result to authenticate the first process if the decrypted first result matches the second result.
-
-
4. The method of claim 1 further comprising:
-
generating the security association if the first process is authenticated;
encrypting the security association with a public key for the first process; and
wherein the transferring the security association to the first system comprises transferring the encrypted security association to the first system.
-
-
5. The method of claim 4 further comprising, in the first system, receiving the encrypted security association and decrypting the encrypted security association with a private key for the first process.
-
6. The method of claim 1 further comprising, in the security system, generating a security alarm if the security association transferred to the first system does not match the security association received from the third system.
-
7. The method of claim 1 further comprising, in the security system, generating a public key and a private key for the first system.
-
8. The method of claim 1 further comprising, in the first system:
-
receiving a password for the first process;
encrypting a private key for the first process with the password;
subsequently receiving the password from the first process;
decrypting the private key for the first process with the password received from the first process.
-
-
9. The method of claim 1 wherein the message comprises a TCP/IP message and wherein inserting the security association into the message and extracting the security association from the message comprises inserting the security association into a TCP/IP envelope for the message and extracting the security association from the TCP/IP envelope for the message.
-
10. The method of claim 1 wherein the first system comprises a user system and the third system comprises a service node in a communication system.
-
11. A communication system comprising:
-
a first system having a first process;
a second system; and
a security system in a third system;
wherein the first system is configured to transfer information for the first process to the security system;
wherein the security system is configured to process the information to authenticate the first process, and if the first process is authenticated, to transfer a security association to the first system;
wherein the first system is configured to receive a message from the first process, insert the security association into the message, and transfer the message with the security association to the second system;
wherein the second system is configured to extract the security association from the message and transfer the security association to the security system; and
wherein the security system is configured to compare the security association transferred to the first system with the security association received from the second system for a match to authenticate the message. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification