System, method and computer program product for auditing XML messages in a network-based message stream

US 7,124,299 B2
Filed: 05/18/2001
Issued: 10/17/2006
Est. Priority Date: 05/18/2001
Status: Active Grant

First Claim

Patent Images

1. A method for auditing a message in a message stream, comprising:

a) capturing messages in a message stream traversing a security boundary having an encrypted side and a plaintext side with messages being captured in the message stream on both the encrypted and plaintext sides, wherein the messages captured on the encrypted side are in an encrypted format and the messages captured on the plaintext side are in a plaintext format, wherein the messages include at least one message in an extensible markup language (XML) format, at least a portion of the messages being captured using an enhanced operating system kernel having a socket option that suppresses output functions;

b) extracting the at least one message in the XML format from the captured messages from both the encrypted side and the plaintext side so that an encrypted version of the at least one message is extracted from the encrypted side and a plaintext version of the at least one message is extracted from the plaintext side;

c) applying a timestamp to each version of the extracted at least one message in the XML format using a module running on a tamperproof machine and having a secure time source; and

d) storing both versions of the timestamped at least one message in the XML format in a storage device with one version of the timestamped at least one message in the XML format stored as a first set of data and the other version of the timestamped at least one message in the XML format stored as a second set of data.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and computer program product for auditing a message in a message stream are disclosed. Messages in a message stream are captured including at least one message in an extensible markup language (XML) format. Each message in the XML format is then extracted from the captured messages and has a timestamp applied thereto. Each timestamped message in the XML format is then stored in a memory.

80 Citations

View as Search Results

21 Claims

1. A method for auditing a message in a message stream, comprising:
- a) capturing messages in a message stream traversing a security boundary having an encrypted side and a plaintext side with messages being captured in the message stream on both the encrypted and plaintext sides, wherein the messages captured on the encrypted side are in an encrypted format and the messages captured on the plaintext side are in a plaintext format, wherein the messages include at least one message in an extensible markup language (XML) format, at least a portion of the messages being captured using an enhanced operating system kernel having a socket option that suppresses output functions;
  
  b) extracting the at least one message in the XML format from the captured messages from both the encrypted side and the plaintext side so that an encrypted version of the at least one message is extracted from the encrypted side and a plaintext version of the at least one message is extracted from the plaintext side;
  
  c) applying a timestamp to each version of the extracted at least one message in the XML format using a module running on a tamperproof machine and having a secure time source; and
  
  d) storing both versions of the timestamped at least one message in the XML format in a storage device with one version of the timestamped at least one message in the XML format stored as a first set of data and the other version of the timestamped at least one message in the XML format stored as a second set of data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the storage device comprises a memory.
  - 3. The method of claim 1, wherein socket connections associated the first and second sets of data are matched together to afford correlation of the first set of data to the second set of data to determine whether the first and second sets of data are the same to authenticate the data.
  - 4. The method of claim 1, wherein the message stream comprises a plurality of messages utilizing a plurality of protocols.
  - 5. The method of claim 1, wherein the captured messages are parsed to identify the at least one message in the XML format for extraction.
  - 6. The method of claim 1, wherein the message stream is carried out over a communication path having one or more segments, and wherein messages are captured at each segment.
  - 7. The method of claim 6, wherein the captured messages are transmitted from each segment to an aggregation module prior to extraction of the at least one message in the XML format.
  - 8. The method of claim 1, wherein the timestamp includes a digital signature.
  - 9. The method of claim 1, wherein the storage device comprises a write once storage medium.
  - 10. The method of claim 1, wherein a report relating to the captured messages is generated.
  - 11. The method of claim 1, wherein the timestamped at least one message in the XML format is encrypted prior to storage in the storage device.
  - 12. The method of claim 1, wherein the encrypted and plaintext version of the at least one message in the XML format are correlated to detect any changes between the versions of the at least one message in the XML format.

13. A system for auditing a message in a message stream, comprising:
- a) logic for capturing messages in a message stream traversing a security boundary having an encrypted side and a plaintext side with messages being captured in the message stream on both the encrypted and plaintext sides, wherein the messages captured on the encrypted side are in an encrypted format and the messages captured on the plaintext side are in a plaintext format, wherein the messages include at least one message in an extensible markup language (XML) format, at least a portion of the messages being captured using an enhanced operating system kernel having a socket option that suppresses output functions;
  
  b) logic for extracting the at least one message in the XML format from the captured messages from both the encrypted side and the plaintext side so that an encrypted version of the at least one message is extracted from the encrypted side and a plaintext version of the at least one message is extracted from the plaintext side;
  
  c) logic for applying a timestamp to each version of the extracted at least one message in the XML format using a module running on a tamperproof machine and having a secure time source; and
  
  d) logic for storing both versions of the timestamped at least one message in the XML format in a storage device with one version of the timestamped at least one message in the XML format stored as a first set of data and the other version of the time stamped at least one message in the XML format stored as a second set of data.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The system of claim 13, wherein the message stream comprises a plurality of message utilizing a plurality of protocols.
  - 15. The system of claim 13, wherein the captured messages are parsed to identify the at least one message in the XML format for extraction.
  - 16. The system of claim 13, wherein the timestamp includes a digital signature.
  - 17. The system of claim 13, wherein the timestamped at least one message in the XML format is encrypted prior to storage in the storage device.

18. A computer program product for auditing a message in a message stream, comprising:
- a) computer code for capturing messages in a message stream traversing a security boundary having an encrypted side and a plaintext side with messages being captured in the message stream on both the encrypted and plaintext sides, wherein the messages captured on the encrypted side are in an encrypted format and the messages captured on the plaintext side are in a plaintext format, wherein the messages include at least one message in an extensible markup language (XML) format, at least a portion of the messages being captured using an enhanced operating system kernel having a socket option that suppresses output functions;
  
  b) computer code for extracting the at least one message in the XML format from the captured messages from both the encrypted side and the plaintext side so that an encrypted version of the at least one message is extracted from the encrypted side and a plaintext version of the at least one message is extracted from the plaintext side;
  
  c) computer code for applying a timestamp to each version of the extracted at least one message in the XML format using a module running on a tamperproof machine and having a secure time source; and
  
  d) computer code for storing both versions of the time stamped at least one message in the XML format in a storage device with one version of the time stamped at least one message in the XML format stored as a first set of data and the other version of the timestamped at least one message in the XML format stored as a second set of data.
- View Dependent Claims (19, 20, 21)
- - 19. The computer program product of claim 18, wherein the message stream comprises a plurality of message utilizing a plurality of protocols.
  - 20. The computer program product of claim 18, wherein the timestamp includes a digital signature.
  - 21. The computer program product of claim 18, wherein the timestamped at least one message in the XML format is encrypted prior to storage in the storage device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Chemtron Research LLC (Intellectual Ventures LLC)
Original Assignee
Claymore Systems, Inc.
Inventors
Dick, Kevin Stewart, Rescorla, Eric Kenneth
Primary Examiner(s)
Jung, David

Application Number

US09/861,264
Publication Number

US 20020174340A1
Time in Patent Office

1,978 Days
Field of Search

713178-182, 713/170, 713/168, 715511-516
US Class Current

713/178
CPC Class Codes

H04L 2463/121   Timestamp cryptographic mec...

H04L 63/0428   wherein the data content is...

H04L 63/068   using time-dependent keys, ...

H04L 63/12   Applying verification of th...

H04L 63/123   received data contents, e.g...

System, method and computer program product for auditing XML messages in a network-based message stream

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

80 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and computer program product for auditing XML messages in a network-based message stream

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

80 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links