Apparatus, system, and method for message level security
First Claim
1. A method to perform operations to facilitate message security, the operations comprising:
- identifying a predetermined message class of an internode message, the predetermined message class identified by a message class indicator, each message class indicator mapped to a particular message security level by a security level map;
an application layer of a first node mapping the particular message security level to an encryption indicator and a digital signature indicator in accordance with a security level definition;
applying security to the internode message at the application layer in accordance with the encryption indicator;
applying a digital signature to the internode message at the application layer in accordance with the digital signature indicator;
wherein the application layer comprises an application programmed to selectively apply the particular message security level to the entire internode message as defined in the security level map;
communicating the message between the first node and a second node, wherein the security of the internode message is preserved between the first node and the second node,wherein a second application operating on the second node mares the message class indicator to the particular message security level, the second application comprising the same security level map for mapping the message class indicator to the particular message security level and wherein an application layer of the second node applies the particular message security level to the internode message to implement the particular message security level;
wherein a digital processing apparatus performs the operations by way of one or more of logic hardware comprising at least a processor and hardware memory.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus, system, and method are disclosed for selective, end-to-end message level security. The apparatus includes a message class definition module, a security module, and a messaging module. The message class definition module identifies a predetermined message class of an internode message. The security module applies security to the message at an application layer. The security that is applied to the message corresponds to a security level, which depends on the message class of the message. The security may include encryption, authentication, and/or other security features. The messaging module communicates the message between a first node and a second node. A third node, such as a broker, may be interposed between the first and second nodes, in which case the security of the message is preserved at the third node.
-
Citations
21 Claims
-
1. A method to perform operations to facilitate message security, the operations comprising:
-
identifying a predetermined message class of an internode message, the predetermined message class identified by a message class indicator, each message class indicator mapped to a particular message security level by a security level map; an application layer of a first node mapping the particular message security level to an encryption indicator and a digital signature indicator in accordance with a security level definition; applying security to the internode message at the application layer in accordance with the encryption indicator; applying a digital signature to the internode message at the application layer in accordance with the digital signature indicator; wherein the application layer comprises an application programmed to selectively apply the particular message security level to the entire internode message as defined in the security level map; communicating the message between the first node and a second node, wherein the security of the internode message is preserved between the first node and the second node, wherein a second application operating on the second node mares the message class indicator to the particular message security level, the second application comprising the same security level map for mapping the message class indicator to the particular message security level and wherein an application layer of the second node applies the particular message security level to the internode message to implement the particular message security level; wherein a digital processing apparatus performs the operations by way of one or more of logic hardware comprising at least a processor and hardware memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 21)
-
-
10. An apparatus to facilitate message security, the apparatus comprising:
-
a logic unit comprising a processor; a hardware memory in communication with the processor, the hardware memory comprising; a message class definition module configured to identify a predetermined message class of an internode message, the predetermined message class identified by a message class indicator, each message class indicator mapped to a particular message security level by a security level map; a security module configured to map the particular message security level to an encryption indicator and a digital signature indicator in accordance with a security level definition at an application layer of a first node; wherein the security module is further configured to apply security to the internode message at the application layer in accordance with the encryption indicator; wherein the security module is further configured to apply a digital signature to the internode message at the application layer in accordance with the digital signature indicator; wherein the application layer comprises an application programmed to selectively apply the particular message security level to the entire internode message as defined in the security level map; and a messaging module configured to communicate the message between the first node and a second node, wherein the security of the internode message is preserved between the first node and the second node, wherein a second application operating on the second node maps the message class indicator to the particular message security level, the second application comprising the same security level map for mapping the message class indicator to the particular message security level and wherein an application layer of the second node applies the particular message security level to the internode message to implement the particular message security level. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A system to facilitate message security, the system comprising:
-
an electronic storage device configured to store a message class definition descriptive of a predetermined message class; a message apparatus comprising a logic unit a processor in communication with a hardware memory, the logic unit configured to identify a message class of an internode message, the predetermined message class identified by a message class indicator, each message class indicator mapped to a particular message security level by a security level map, wherein the message apparatus is configured to map the particular message security level to an encryption indicator and a digital signature indicator in accordance with a security level definition at an application layer of a first node; wherein the message apparatus is further configured to apply security to the internode message at the application layer in accordance with the encryption indicator; wherein the message apparatus is further configured to apply a digital signature to the internode message at the application layer in accordance with the digital signature indicator, the application layer comprising an application programmed to selectively apply the particular message security level to the entire internode message as defined in the security level map; wherein a second application operating on the second node maps the message class indicator to the particular message security level, the second application comprising the same security level map for mapping the message class indicator to the particular message security level and wherein an application layer of the second node applies the particular message security level to the internode message to implement the particular message security level; and a network interface configured to transmit the internode message from the first node to a second node, wherein the security of the internode message is preserved between the first node and the second node. - View Dependent Claims (19, 20)
-
Specification