Securely inspecting electronic messages

US 7,574,601 B2
Filed: 08/24/2004
Issued: 08/11/2009
Est. Priority Date: 08/24/2004
Status: Expired due to Fees

First Claim

Patent Images

1. In a computer system connected to a network, the computer system including a component of a distributed application, the component of the distributed application at the computer system interoperating with components of the distributed application at other computer systems connected to the network through the exchange of distributed application messages to implement the functionality of the distributed application, a method for securely activating secure distributed application message inspection at the computer system, the method comprising the following:

an act of the computer system receiving a message inspection control message from another computer system connected to the network, the message inspection control message including message inspection instructions from an administrator, the message inspection instructions indicating how to configure distributed application message inspection at the computer system for any messages sent to the distributed application component, distributed application message inspection for inspecting the contents of subsequently received distributed application messages sent to the distributed application component;

an act of passing the received message inspection control message through one or more receiving path components positioned in a message receive path at the computer system situated prior to the distributed application component at the computer system, each of the receiving path components configured to modify electronic messages with at least one modification, the one or more receiving path components including an inspection component;

an act of passing the received message inspection control message to a security component in the message receive path subsequent to the received message inspection control message being passed through the one or more other receiving path components;

an act of the security component at the computer system authenticating the administrator and authenticating the contents of the received message inspection control message to determine that distributed application message inspection in accordance with the inspection instructions contained in the message inspection control message is permissible at the computer system, authentication of the administrator indicating an increased confidence that message inspection is to be activated in accordance with instructions from an authorized entity, authentication of the contents of the message inspection control message indicating a decreased likelihood that the inspection instructions contained in the message inspection control message have been altered;

an act of passing the received message inspection control message to an inspection control component included in the message receive path subsequently and in response to the security component at the computer system authenticating the administrator and authenticating the contents of the received message inspection control message and based on the increased confidence that message inspection is to be activated in accordance with instructions from an authorized entity and based on the decreased likelihood that the inspection instructions have been altered; and

an act of the inspection control component controlling the message inspection component to activate distributed application message inspection for distributed application messages sent to the distributed application component at the computer system in accordance with the inspection instructions contained in the message inspection control message received from the other computer system connected to the network so as to integrate message inspection activation for the distributed application component into the receive message path for the distributed application component.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention extends to methods, systems, and computer program products for securely inspecting electronic messages. A computer system receives a control message that is passed through one or more receiving path components, positioned in a message receiving path, to a security component. The security component authenticates the received control message and passes the received control message to an inspection control component. The inspection control component activates message inspection in accordance with instructions contained in the received control message. When message inspection is activated, the computer system passes accessed messages to corresponding inspection components positioned in message paths (either receiving or sending) of the accessed message. The inspection component generates an inspection report (e.g., including a portion of contents of the accessed message) in accordance with instructions contained in a previously authenticated control message.

22 Citations

View as Search Results

33 Claims

1. In a computer system connected to a network, the computer system including a component of a distributed application, the component of the distributed application at the computer system interoperating with components of the distributed application at other computer systems connected to the network through the exchange of distributed application messages to implement the functionality of the distributed application, a method for securely activating secure distributed application message inspection at the computer system, the method comprising the following:
- an act of the computer system receiving a message inspection control message from another computer system connected to the network, the message inspection control message including message inspection instructions from an administrator, the message inspection instructions indicating how to configure distributed application message inspection at the computer system for any messages sent to the distributed application component, distributed application message inspection for inspecting the contents of subsequently received distributed application messages sent to the distributed application component;
  
  an act of passing the received message inspection control message through one or more receiving path components positioned in a message receive path at the computer system situated prior to the distributed application component at the computer system, each of the receiving path components configured to modify electronic messages with at least one modification, the one or more receiving path components including an inspection component;
  
  an act of passing the received message inspection control message to a security component in the message receive path subsequent to the received message inspection control message being passed through the one or more other receiving path components;
  
  an act of the security component at the computer system authenticating the administrator and authenticating the contents of the received message inspection control message to determine that distributed application message inspection in accordance with the inspection instructions contained in the message inspection control message is permissible at the computer system, authentication of the administrator indicating an increased confidence that message inspection is to be activated in accordance with instructions from an authorized entity, authentication of the contents of the message inspection control message indicating a decreased likelihood that the inspection instructions contained in the message inspection control message have been altered;
  
  an act of passing the received message inspection control message to an inspection control component included in the message receive path subsequently and in response to the security component at the computer system authenticating the administrator and authenticating the contents of the received message inspection control message and based on the increased confidence that message inspection is to be activated in accordance with instructions from an authorized entity and based on the decreased likelihood that the inspection instructions have been altered; and
  
  an act of the inspection control component controlling the message inspection component to activate distributed application message inspection for distributed application messages sent to the distributed application component at the computer system in accordance with the inspection instructions contained in the message inspection control message received from the other computer system connected to the network so as to integrate message inspection activation for the distributed application component into the receive message path for the distributed application component.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method as recited in claim 1, wherein the act of receiving a message inspection control message comprises an act receiving a Simple Object Access Protocol (SOAP) envelope.
  - 3. The method as recited in claim 2, wherein the act of receiving a Simple Object Access Protocol (SOAP) envelope comprises an act of receiving a Simple Object Access Protocol (SOAP) envelope having a header that contains an inspection configuration.
  - 4. The method as recited in claim 1, wherein the act of passing the received message inspection control message through one or more receiving path components comprises an act of passing the received control message through one or more of a performance counter component and a role set component.
  - 5. The method as recited in claim 1, wherein the act of passing the received message inspection control message to a security component comprises an act of passing the received message inspection control message to a security component that is positioned before the inspection control component in the receiving path.
  - 6. The method as recited in claim 1, wherein the act of the security component authenticating the administrator and contents of the received message inspection control message comprises an act of validating a digital signature.
  - 7. The method as recited in claim 6, further comprising:
    - an act of decrypting the message inspection control message.
  - 8. The method as recited in claim 1, wherein the act of passing the received message inspection control message to an inspection control component comprises an act of passing the received message inspection control message to an inspection control component that is positioned after the security component in the receive path.
  - 9. The method as recited in claim 1, wherein the act of the inspection control component activating message inspection in accordance with instructions contained in the received message inspection control message comprises an act of activating message inspection in accordance with instructions contained in a Simple Object Access Protocol (SOAP) header.
  - 10. The method as recited in claim 1, wherein the act of the inspection control component controlling the message inspection component to activate message inspection in accordance with instructions contained in the received message inspection control message comprises an act of sending instructions to one on or more inspection components to load a message filter.
  - 11. The method as recited in claim 10, wherein the message filter is loaded from a filter table.
  - 12. The method as recited in claim 10, wherein the message filter includes XPath statements.
  - 13. The method as recited in claim 1, further comprising the inspection control component loading a message filter to activate message inspection in accordance with instructions contained in the received message inspection control message.

14. In a computer system connected to a network, the computer system including a component of a distributed application, the component of the distributed application at the computer system interoperating with components of the distributed application at other computer systems connected to the network through the exchange of distributed application messages to implement the functionality of the distributed application, a method for securely inspecting a distributed application message, the method comprising the following:
- an act of the computer system receiving a distributed application message from a first one of the other computer systems connected to the network, the distributed application message for delivery to the distributed application component at the computer system;
  
  an act of passing the received distributed application message to a message receive path at the computer system, the message receive path having one or more message path components including a message inspection component positioned prior to a security component in the message receive path and an inspection control component positioned after the security component in the message receive path, the message inspection component having previously been controlled by the inspection control component to integrate message inspection activation for any message sent to the distributed application component into the receive message path by loading one or more filters from a filter table in response to inspection instructions contained in a previously received message inspection control message, the message inspection control message received from a second one of the other computer systems connected to the network, the sender and contents of the previously received message inspection control message having been authenticated by the security component, authentication of the sender indicating an increased confidence that the message inspection is to be activated in accordance with instructions from an authorized entity, authentication of the contents of the message inspection control message indicating a decreased likelihood that the inspection instructions contained in the message inspection control message have been altered;
  
  an act of the inspection component detecting that the content of the received distributed application message from the first other computer system matches the filter criteria of at least one of the one or more loaded filters;
  
  an act of the inspection component performing a corresponding inspection operation on the received distributed application message from the first other computer system in response to the detected match, the corresponding filter action performed in accordance with inspection instructions contained in the previously received and authenticated message inspection control message received from the second other computer system, the filter operation including extracting a portion of the received distributed application message for inclusion in an inspection report; and
  
  an act of passing the accessed message through one or more message path components that are positioned in the message receive path subsequent to performing the corresponding filter action and prior to delivering the distributed application message to the distributed application component at the computer system.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 15. The method as recited in claim 14, wherein the act of receiving a message comprises an act of accessing a Simple Object Access Protocol (SOAP) envelope.
  - 16. The method as recited in claim 14, further comprising:
    - an act of generating the inspection report for the received message, the inspection report including data from the received message related to the performed filter operation.
  - 17. The method as recited in claim 16, wherein the act of detecting that the content of the received message matches the contents of the received message comprises an act of matching the contents of the received message to a portion of an XPath statement.
  - 18. The method as recited in claim 14, wherein the act of performing a corresponding filter action on the received message comprises an act of including a portion of the contents of the received message in an inspection report.
  - 19. The method as recited in claim 18, further comprising:
    - an act of storing the inspection report.
  - 20. The method as recited in claim 18, further comprising:
    - an act of sending the inspection report to an extensibility module.
  - 21. The method as recited in claim 14, wherein the act of passing the received message through one or more message path components comprises an act of passing the received message through one or more receive path components.
  - 22. The method as recited in claim 21, further comprising:
    - an act of delivering a modified message to a Web service.
  - 23. The method as recited in claim 14, wherein the act of passing the received message through one or more message path components comprises an act of passing the received message through one or more send path components at the computer system.
  - 24. The method as recited in claim 23, further comprising:
    - an act of delivering a modified message to another computer system.

25. A computer program product for use at a computer connected to a network, the computer system including a component of a distributed application, the component of the distributed application at the computer system interoperating with components of the distributed application at other computer systems connected to the network through the exchange of distributed application messages to implement the functionality of the distributed application, the computer program product for implementing a method for securely activating secure distributed application message inspection, the computer program product comprising one or more computer storage media having stored thereon computer-executable instructions that, when executed by a processor, cause the computer system to perform the following:
- receive a message inspection control message from another computer system connected to the network, the message inspection control message including message inspection instructions from an administrator, the message inspection instructions indicating how to configure distributed application message inspection at the computer system for any messages sent to the distributed application component, distributed application message inspection for inspecting the contents of subsequently received distributed application messages sent to the distributed application component;
  
  pass the received message inspection control message through one or more receiving path components that are positioned in a message receive path at the computer system situated prior to the distributed application component at the computer system, each of the receiving path components configured to modify electronic messages with at least one modification, the one or more receiving path components including an inspection component;
  
  pass the received message inspection control message to a security component in the message receive path subsequent to the received message inspection control message being passed through the one or more other receiving path components;
  
  authenticate the administrator and the contents of the received message inspection control message at the security component to determine that distributed application message inspection in accordance with the inspection instructions contained in the message inspection control message is permissible at the computer system, authentication of the administrator indicating an increased confidence that message inspection is to be activated in accordance with instructions from an authorized entity, authentication of the contents of the message inspection control message indicating a decreased likelihood that the inspection instructions contained in the message inspection control message have been altered;
  
  pass the received message inspection control message to an inspection control component included in the message receive path subsequently and in response to the security component at the computer system authenticating the administrator and authenticating the contents of the received message inspection control message and based on the increased confidence that message inspection is to be activated in accordance with instructions from an authorized entity and based on the decreased likelihood that the inspection instructions have been altered; and
  
  control the message inspection component to activate distributed application message inspection for distributed application messages sent to the distributed application component at the computer system in accordance with the inspection instructions contained in the message inspection control message received from the other computer system connected to the network so as to integrate message inspection activation for the distributed application component into the receive message path for the distributed application component.
- View Dependent Claims (26, 27, 28, 29)
- - 26. The method as recited in claim 25, wherein computer-executable instructions that when executed cause the computer system to receive a message inspection control message comprise computer-executable instructions that when executed cause the computer system to receive a Simple Object Access Protocol (SOAP) envelope.
  - 27. The method as recited in claim 25, wherein computer-executable instructions that when executed cause the computer system to pass the received message inspection control message to a security component comprise computer-executable instructions that when executed cause the computer system to pass the received message inspection control message to a security component positioned before the inspection control component in the message receive path.
  - 28. The method as recited in claim 25, wherein computer-executable instructions that when executed cause the computer system to pass the received message inspection control message to an inspection control component comprise computer-executable instructions that when executed cause the computer system pass the received message inspection control message to an inspection control component positioned before the security component in the receive path.
  - 29. The method as recited in claim 25, wherein computer-executable instructions that when executed cause the computer system to activate message inspection comprise computer computer-executable instructions that when executed cause the computer system to activate message inspection in accordance instructions contained in a Simple Object Access Protocol (SOAP) envelope header.

30. A computer program product for use at a computer system connected to a network, the computer system including a component of a distributed application, the component of the distributed application at the computer system interoperating with components of the distributed application at other computer systems connected to the network through the exchange of distributed application messages to implement the functionality of the distributed application, the computer program product for implementing a method for securely inspecting a distributed application message, the computer program product comprising one or more computer storage media having stored thereon computer-executable instructions that, when executed by a processor, cause the computer system to perform the following:
- receive a distributed application message from a first one of the other computer systems connected to the network, the distributed application message for delivery to the distributed application component at the computer system;
  
  pass the received distributed application message to a message receive path at the computer system, the message receive path having one or more message path components including a message inspection component positioned prior to a security component in the message receive path and an inspection control component positioned after the security component in the message receive path, the message inspection component having previously been controlled by the inspection control component to integrate message inspection activation for any message sent to the distributed application component into the receive message path by loading one or more filters from a filter table in response to inspection instructions contained in a previously received message inspection control message, the message inspection control message received from a second one of the other computer systems connected to the network, the sender and contents of the previously received message inspection control message having been authenticated by the security component, authentication of the sender indicating an increased confidence that the message inspection is to be activated in accordance with instructions from an authorized entity, authentication of the contents of the message inspection control message indicating a decreased likelihood that the inspection instructions contained in the message inspection control message have been altered;
  
  detect that the content of the received distributed application message from the first other computer system matches the filter criteria of at least one of the one or more loaded filters;
  
  perform a corresponding inspection operation on the received distributed application message from the first other computer system in response to the detected match, the corresponding filter action performed in accordance with inspection instructions contained in the previously received and authenticated message inspection control message received from the second other computer system, the filter operation including extracting a portion of the received distributed application message for inclusion in an inspection report;
  
  pass the accessed message through one or more message path components that are positioned in the message receive path subsequent to performing the corresponding filter action and prior to delivering the distributed application message to the distributed application component at the computer system.
- View Dependent Claims (31, 32, 33)
- - 31. The method as recited in claim 30, wherein computer-executable instructions that when executed cause the computer system to receive a message comprise computer-executable instructions that when executed cause the computer system to receive a Simple Object Access Protocol (SOAP) envelope.
  - 32. The computer program product as recited in claim 30, further comprising:
    - computer-executable instructions that, when executed, cause the computer system to generate an inspection report for the received message, the inspection report including data related to the performed filter operation.
  - 33. The method as recited in claim 32, wherein computer-executable instructions that when executed cause the computer system generate an inspection report for the received message comprise computer-executable instructions that when executed cause the computer system to generate an inspection report in accordance with instructions contained in a header of a Simple Object Access Protocol (SOAP) envelope.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Noss, John F., Jahromi, Babak G., Muhlestein, Travis John, Mahajan, Dhananjay M., Roth, Daniel W., Seely, Scott Christopher
Primary Examiner(s)
Moazzami; Nasser G
Assistant Examiner(s)
JOHNSON, CARLTON

Application Number

US10/925,024
Publication Number

US 20060048220A1
Time in Patent Office

1,813 Days
Field of Search

726/22
US Class Current

713/168
CPC Class Codes

H04L 51/234 for tracking messages

Securely inspecting electronic messages

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

33 Claims

Specification

Use Cases

Quick Links

Others

Securely inspecting electronic messages

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

33 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others