Method and apparatus for secure message queuing
First Claim
1. A method for enabling a network of database systems to provably track a message, wherein the message is created at an origin system and is destined to a recipient system, wherein the message passes through a first database system and a second database system, and wherein the origin system, the recipient system, the first database system, and the second database system are different from one another, comprising:
- determining a first digest of the message at the first database system;
sending the first digest from the first database system to the second database system;
signing the first digest at the second database system using a second private encryption key that is associated with the second database system;
sending the signed first digest from the second database system to the first database system;
validating the signed first digest at the first database system using a second public encryption key that is associated with the second private encryption key; and
if the signed first digest is valid, persistently storing the signed first digest at the first database system, thereby enabling the first database system to prove that the second database system requested to receive the message.
2 Assignments
0 Petitions
Accused Products
Abstract
One embodiment of the present invention provides a system that facilitates secure messaging. The system starts by creating a message at an origin. Next, the system computes a digest of the message. This digest is signed using an origin private encryption key. The message and the signed digest are forwarded to a queue for delivery to a recipient. Upon receiving the message and the signed digest at the queue, the system verifies that the digest was signed at the origin by using an origin public encryption key. If the signature is valid, the origin cannot deny creating the message. Valid messages and digests are placed on the queue and the recipient is notified that the message is available.
25 Citations
9 Claims
-
1. A method for enabling a network of database systems to provably track a message, wherein the message is created at an origin system and is destined to a recipient system, wherein the message passes through a first database system and a second database system, and wherein the origin system, the recipient system, the first database system, and the second database system are different from one another, comprising:
-
determining a first digest of the message at the first database system; sending the first digest from the first database system to the second database system; signing the first digest at the second database system using a second private encryption key that is associated with the second database system; sending the signed first digest from the second database system to the first database system; validating the signed first digest at the first database system using a second public encryption key that is associated with the second private encryption key; and if the signed first digest is valid, persistently storing the signed first digest at the first database system, thereby enabling the first database system to prove that the second database system requested to receive the message. - View Dependent Claims (2, 3)
-
-
4. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for enabling a network of database systems to provably track a message, wherein the message is created at an origin system and is destined to a recipient system, wherein the message passes through a first database system and a second database system, and wherein the origin system, the recipient system, the first database system, and the second database system are different from one another, the method comprising:
-
determining a first digest of the message at the first database system; sending the first digest from the first database system to the second database system; signing the first digest at the second database system using a second private encryption key that is associated with the second database system; sending the signed first digest from the second database system to the first database system; validating the signed first digest at the first database system using a second public encryption key that is associated with the second private encryption key; and if the signed first digest is valid, persistently storing the signed first digest at the first database system, thereby enabling the first database system to prove that the second database system requested to receive the message. - View Dependent Claims (5, 6)
-
-
7. An apparatus for enabling a network of database systems to provably track a message, wherein the message is created at an origin system and is destined to a recipient system, wherein the message passes through a first database system and a second database system, and wherein the origin system, the recipient system, the first database system, and the second database system are different from one another, comprising:
-
a determining mechanism that is configured to determine a first digest of the message at the first database system; a first sending mechanism that is configured to send the first digest from the first database system to the second database system; a signing mechanism that is configured to use a second private encryption key that is associated with the second database system; a second sending mechanism that is configured to send the signed first digest from the second database system to the first database system; a validating mechanism that is configured to validate the signed first digest at the first database system using a second public encryption key that is associated with the second private encryption key; and a storing mechanism, wherein if the signed first digest is valid, the storing mechanism is configured to persistently store the signed first digest at the first database system, thereby enabling the first database system to prove that the second database system requested to receive the message. - View Dependent Claims (8, 9)
-
Specification