Apparatus, system, and method for message level security

US 7,644,266 B2
Filed: 09/23/2004
Issued: 01/05/2010
Est. Priority Date: 09/23/2004
Status: Active Grant

First Claim

Patent Images

1. A method to perform operations to facilitate message security, the operations comprising:

identifying a predetermined message class of an internode message, the predetermined message class identified by a message class indicator, each message class indicator mapped to a particular message security level by a security level map;

an application layer of a first node mapping the particular message security level to an encryption indicator and a digital signature indicator in accordance with a security level definition;

applying security to the internode message at the application layer in accordance with the encryption indicator;

applying a digital signature to the internode message at the application layer in accordance with the digital signature indicator;

wherein the application layer comprises an application programmed to selectively apply the particular message security level to the entire internode message as defined in the security level map;

communicating the message between the first node and a second node, wherein the security of the internode message is preserved between the first node and the second node,wherein a second application operating on the second node mares the message class indicator to the particular message security level, the second application comprising the same security level map for mapping the message class indicator to the particular message security level and wherein an application layer of the second node applies the particular message security level to the internode message to implement the particular message security level;

wherein a digital processing apparatus performs the operations by way of one or more of logic hardware comprising at least a processor and hardware memory.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus, system, and method are disclosed for selective, end-to-end message level security. The apparatus includes a message class definition module, a security module, and a messaging module. The message class definition module identifies a predetermined message class of an internode message. The security module applies security to the message at an application layer. The security that is applied to the message corresponds to a security level, which depends on the message class of the message. The security may include encryption, authentication, and/or other security features. The messaging module communicates the message between a first node and a second node. A third node, such as a broker, may be interposed between the first and second nodes, in which case the security of the message is preserved at the third node.

Citations

21 Claims

1. A method to perform operations to facilitate message security, the operations comprising:
- identifying a predetermined message class of an internode message, the predetermined message class identified by a message class indicator, each message class indicator mapped to a particular message security level by a security level map;
  
  an application layer of a first node mapping the particular message security level to an encryption indicator and a digital signature indicator in accordance with a security level definition;
  
  applying security to the internode message at the application layer in accordance with the encryption indicator;
  
  applying a digital signature to the internode message at the application layer in accordance with the digital signature indicator;
  
  wherein the application layer comprises an application programmed to selectively apply the particular message security level to the entire internode message as defined in the security level map;
  
  communicating the message between the first node and a second node, wherein the security of the internode message is preserved between the first node and the second node,wherein a second application operating on the second node mares the message class indicator to the particular message security level, the second application comprising the same security level map for mapping the message class indicator to the particular message security level and wherein an application layer of the second node applies the particular message security level to the internode message to implement the particular message security level;
  
  wherein a digital processing apparatus performs the operations by way of one or more of logic hardware comprising at least a processor and hardware memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 21)
- - 2. The method of claim 1, further comprising communicating the message in a synchronous communication environment.
  - 3. The method of claim 1, further comprising communicating the message in an asynchronous communication environment.
  - 4. The method of claim 1, further comprising encrypting the message.
  - 5. The method of claim 1, further comprising digitally signing the message.
  - 6. The method of claim 1, further comprising maintaining the security level definition descriptive of the particular message security level.
  - 7. The method of claim 1, further comprising maintaining the security level map mapping the particular message security level to the message class.
  - 8. The method of claim 1, further comprising maintaining a message class definition descriptive of a message type within the message class.
  - 9. The method of claim 1, wherein the particular message security level is selected from the group consisting of no security, privacy security, integrity security, and combined privacy and integrity security.
  - 21. The method of claim 1, further comprising:
    - delivering the internode message to a second application operating on the second node, the second application comprising the same security level map mapping the message class indicator to the particular message security level; and
      
      applying the particular message security level to the internode message at an application layer of the second node to implement the particular message security level.

10. An apparatus to facilitate message security, the apparatus comprising:
- a logic unit comprising a processor;
  
  a hardware memory in communication with the processor, the hardware memory comprising;
  
  a message class definition module configured to identify a predetermined message class of an internode message, the predetermined message class identified by a message class indicator, each message class indicator mapped to a particular message security level by a security level map;
  
  a security module configured to map the particular message security level to an encryption indicator and a digital signature indicator in accordance with a security level definition at an application layer of a first node;
  
  wherein the security module is further configured to apply security to the internode message at the application layer in accordance with the encryption indicator;
  
  wherein the security module is further configured to apply a digital signature to the internode message at the application layer in accordance with the digital signature indicator;
  
  wherein the application layer comprises an application programmed to selectively apply the particular message security level to the entire internode message as defined in the security level map; and
  
  a messaging module configured to communicate the message between the first node and a second node, wherein the security of the internode message is preserved between the first node and the second node, wherein a second application operating on the second node maps the message class indicator to the particular message security level, the second application comprising the same security level map for mapping the message class indicator to the particular message security level and wherein an application layer of the second node applies the particular message security level to the internode message to implement the particular message security level.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The apparatus of claim 10, wherein the messaging module is further configured to communicate the message in a synchronous communication environment.
  - 12. The apparatus of claim 10, wherein the messaging module is further configured to communicate the message in an asynchronous communication environment.
  - 13. The apparatus of claim 10, further comprising an encryption module configured to encrypt the message.
  - 14. The apparatus of claim 10, further comprising a signature module configured to digitally sign the message.
  - 15. The apparatus of claim 10, wherein the message class definition module is further configured to maintain the message class definition descriptive of a message type within the message class.
  - 16. The apparatus of claim 10, further comprising a security level definition module configured to maintain the security level definition descriptive of the security level.
  - 17. The apparatus of claim 10, further comprising a security level mapping module configured to map the security level to the message class.

18. A system to facilitate message security, the system comprising:
- an electronic storage device configured to store a message class definition descriptive of a predetermined message class;
  
  a message apparatus comprising a logic unit a processor in communication with a hardware memory, the logic unit configured to identify a message class of an internode message, the predetermined message class identified by a message class indicator, each message class indicator mapped to a particular message security level by a security level map,wherein the message apparatus is configured to map the particular message security level to an encryption indicator and a digital signature indicator in accordance with a security level definition at an application layer of a first node;
  
  wherein the message apparatus is further configured to apply security to the internode message at the application layer in accordance with the encryption indicator;
  
  wherein the message apparatus is further configured to apply a digital signature to the internode message at the application layer in accordance with the digital signature indicator, the application layer comprising an application programmed to selectively apply the particular message security level to the entire internode message as defined in the security level map;
  
  wherein a second application operating on the second node maps the message class indicator to the particular message security level, the second application comprising the same security level map for mapping the message class indicator to the particular message security level and wherein an application layer of the second node applies the particular message security level to the internode message to implement the particular message security level; and
  
  a network interface configured to transmit the internode message from the first node to a second node, wherein the security of the internode message is preserved between the first node and the second node.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, further comprising a security level mapping module configured to map the security level to the message class.
  - 20. The system of claim 18, wherein the message apparatus is further configured to communicate the message in an asynchronous communication environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Khangaonkar, Manoj, Zhang, Kai Mike, Ahuja, Pratima
Primary Examiner(s)
Vu; Kimyen
Assistant Examiner(s)
SHAN, APRIL YING

Application Number

US10/948,609
Publication Number

US 20060064751A1
Time in Patent Office

1,930 Days
Field of Search

713/151, 713/166, 713/176, 713/152, 726/14, 719/313, 719/314, 719/315, 709/201, 709/227, 709/229, 705/79
US Class Current

713/151
CPC Class Codes

G06F 2221/2113   Multi-level security, e.g. ...

H04L 63/105   Multiple levels of security

H04L 63/12   Applying verification of th...

H04L 63/168   above the transport layer

H04L 63/20   for managing network securi...

Apparatus, system, and method for message level security

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus, system, and method for message level security

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links