System, method and computer program product for auditing XML messages in a network-based message stream
First Claim
Patent Images
1. A method for auditing a message in a message stream, comprising:
- a) capturing messages in a message stream traversing a security boundary having an encrypted side and a plaintext side with messages being captured in the message stream on both the encrypted and plaintext sides, wherein the messages captured on the encrypted side are in an encrypted format and the messages captured on the plaintext side are in a plaintext format, wherein the messages include at least one message in an extensible markup language (XML) format, at least a portion of the messages being captured using an enhanced operating system kernel having a socket option that suppresses output functions;
b) extracting the at least one message in the XML format from the captured messages from both the encrypted side and the plaintext side so that an encrypted version of the at least one message is extracted from the encrypted side and a plaintext version of the at least one message is extracted from the plaintext side;
c) applying a timestamp to each version of the extracted at least one message in the XML format using a module running on a tamperproof machine and having a secure time source; and
d) storing both versions of the timestamped at least one message in the XML format in a storage device with one version of the timestamped at least one message in the XML format stored as a first set of data and the other version of the timestamped at least one message in the XML format stored as a second set of data.
4 Assignments
0 Petitions
Accused Products
Abstract
A system, method and computer program product for auditing a message in a message stream are disclosed. Messages in a message stream are captured including at least one message in an extensible markup language (XML) format. Each message in the XML format is then extracted from the captured messages and has a timestamp applied thereto. Each timestamped message in the XML format is then stored in a memory.
80 Citations
21 Claims
-
1. A method for auditing a message in a message stream, comprising:
-
a) capturing messages in a message stream traversing a security boundary having an encrypted side and a plaintext side with messages being captured in the message stream on both the encrypted and plaintext sides, wherein the messages captured on the encrypted side are in an encrypted format and the messages captured on the plaintext side are in a plaintext format, wherein the messages include at least one message in an extensible markup language (XML) format, at least a portion of the messages being captured using an enhanced operating system kernel having a socket option that suppresses output functions; b) extracting the at least one message in the XML format from the captured messages from both the encrypted side and the plaintext side so that an encrypted version of the at least one message is extracted from the encrypted side and a plaintext version of the at least one message is extracted from the plaintext side; c) applying a timestamp to each version of the extracted at least one message in the XML format using a module running on a tamperproof machine and having a secure time source; and d) storing both versions of the timestamped at least one message in the XML format in a storage device with one version of the timestamped at least one message in the XML format stored as a first set of data and the other version of the timestamped at least one message in the XML format stored as a second set of data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for auditing a message in a message stream, comprising:
-
a) logic for capturing messages in a message stream traversing a security boundary having an encrypted side and a plaintext side with messages being captured in the message stream on both the encrypted and plaintext sides, wherein the messages captured on the encrypted side are in an encrypted format and the messages captured on the plaintext side are in a plaintext format, wherein the messages include at least one message in an extensible markup language (XML) format, at least a portion of the messages being captured using an enhanced operating system kernel having a socket option that suppresses output functions; b) logic for extracting the at least one message in the XML format from the captured messages from both the encrypted side and the plaintext side so that an encrypted version of the at least one message is extracted from the encrypted side and a plaintext version of the at least one message is extracted from the plaintext side; c) logic for applying a timestamp to each version of the extracted at least one message in the XML format using a module running on a tamperproof machine and having a secure time source; and d) logic for storing both versions of the timestamped at least one message in the XML format in a storage device with one version of the timestamped at least one message in the XML format stored as a first set of data and the other version of the time stamped at least one message in the XML format stored as a second set of data. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A computer program product for auditing a message in a message stream, comprising:
-
a) computer code for capturing messages in a message stream traversing a security boundary having an encrypted side and a plaintext side with messages being captured in the message stream on both the encrypted and plaintext sides, wherein the messages captured on the encrypted side are in an encrypted format and the messages captured on the plaintext side are in a plaintext format, wherein the messages include at least one message in an extensible markup language (XML) format, at least a portion of the messages being captured using an enhanced operating system kernel having a socket option that suppresses output functions; b) computer code for extracting the at least one message in the XML format from the captured messages from both the encrypted side and the plaintext side so that an encrypted version of the at least one message is extracted from the encrypted side and a plaintext version of the at least one message is extracted from the plaintext side; c) computer code for applying a timestamp to each version of the extracted at least one message in the XML format using a module running on a tamperproof machine and having a secure time source; and d) computer code for storing both versions of the time stamped at least one message in the XML format in a storage device with one version of the time stamped at least one message in the XML format stored as a first set of data and the other version of the timestamped at least one message in the XML format stored as a second set of data. - View Dependent Claims (19, 20, 21)
-
Specification