Virtual distributed security system
First Claim
1. In a distributed computing system environment that includes a plurality of computing devices that each comprise a processor and system memory, a method of transmitting a secure message from a first party to a second party, the first party using a first cryptographic technology and the second party using a second cryptographic technology, wherein the first and second parties are within a generic security framework and wherein the generic security framework abstracts cryptographic technologies and license formats, the method comprising:
- determining that a message is to be sent to the second party;
a processor creating at least one security credential using a modular security policy and creating an encrypted message from the message, wherein the modular security policy;
establishes security rules and procedures of the generic security framework;
implements a security policy of the generic security framework with one or more protocols and transports; and
describes security aspects, including properties, capabilities, requirements and interaction semantics, of a plurality of modular security components which define behaviors corresponding to the first and second cryptographic technologies used by the first and second parties, and which are written in a security policy language as selectable, deployable and combinable security modules and which enables the security components to be negotiated, partitioned and modified, and rather than being hard-coded, and which include;
a store component for storing, retrieving, encrypting, and managing credentials;
an integrity component for signing portions of a message and for verifying integrity and signatures of received messages; and
a confidentiality component for encrypting and decrypting portions of a message; and
formatting a second message with a markup language wherein the markup language comprises at least one header and wherein the second message contains the encrypted message;
inserting at least the one security credential into the at least one header in the markup language in the second message; and
transmitting the second message to the second party and wherein the second party can use the modular security policy to decrypt and verify the message.
1 Assignment
0 Petitions
Accused Products
Abstract
A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.
-
Citations
20 Claims
-
1. In a distributed computing system environment that includes a plurality of computing devices that each comprise a processor and system memory, a method of transmitting a secure message from a first party to a second party, the first party using a first cryptographic technology and the second party using a second cryptographic technology, wherein the first and second parties are within a generic security framework and wherein the generic security framework abstracts cryptographic technologies and license formats, the method comprising:
-
determining that a message is to be sent to the second party; a processor creating at least one security credential using a modular security policy and creating an encrypted message from the message, wherein the modular security policy; establishes security rules and procedures of the generic security framework; implements a security policy of the generic security framework with one or more protocols and transports; and describes security aspects, including properties, capabilities, requirements and interaction semantics, of a plurality of modular security components which define behaviors corresponding to the first and second cryptographic technologies used by the first and second parties, and which are written in a security policy language as selectable, deployable and combinable security modules and which enables the security components to be negotiated, partitioned and modified, and rather than being hard-coded, and which include; a store component for storing, retrieving, encrypting, and managing credentials; an integrity component for signing portions of a message and for verifying integrity and signatures of received messages; and a confidentiality component for encrypting and decrypting portions of a message; and formatting a second message with a markup language wherein the markup language comprises at least one header and wherein the second message contains the encrypted message; inserting at least the one security credential into the at least one header in the markup language in the second message; and transmitting the second message to the second party and wherein the second party can use the modular security policy to decrypt and verify the message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer program product for use at a computer system, the computer program product for implementing a method of transmitting a secure message from a first party to a second party, the first party using a first cryptographic technology and the second party using a second cryptographic technology, wherein the first and second parties are within a generic security framework and wherein the generic security framework abstracts cryptographic technologies and license formats, the computer program product comprising one or more computer-readable storage media having stored thereon computer-executable instructions that, when executed at a processor, cause the computer system to perform the method, including the following:
-
determine that a message is to be sent to the second party; create at least one security credential using a modular security policy and create an encrypted message from the message, wherein the modular security policy; establishes security rules and procedures of the generic security framework; implements a security policy of the generic security framework with one or more protocols and transports; and describes security aspects, including properties, capabilities, requirements and interaction semantics, of a plurality of modular security components which define behaviors corresponding to the first and second cryptographic technologies used by the first and second parties, and which are written in a security policy language as selectable, deployable and combinable security modules and which enables the security components to be negotiated, partitioned and modified, and rather than being hard-coded, and which include; a store component for storing, retrieving, encrypting, and managing credentials; an integrity component for signing portions of a message and for verifying integrity and signatures of received messages; and a confidentiality component for encrypting and decrypting portions of a message; and format a second message with a markup language wherein the markup language comprises at least one header and wherein the second message contains the encrypted message; inserting at least the one security credential into the at least one header in the markup language in the second message; and transmit the second message to the second party and wherein the second party can use the modular security policy to decrypt and verify the message. - View Dependent Claims (19)
-
-
20. A computer system, the computer system comprising:
-
one or more processors; system memory; and one or more computer-readable storage media having stored thereon computer-executable instructions representing a virtual distributed security system, wherein the virtual distributed security system is configured to; determine that a message is to be sent to the second party; create at least one security credential using a modular security policy and create an encrypted message from the message, wherein the modular security policy; establishes security rules and procedures of a generic security framework; implements a security policy of the generic security framework with one or more protocols and transports; and describes security aspects, including properties, capabilities, requirements and interaction semantics, of a plurality of modular security components which define behaviors corresponding to the first and second cryptographic technologies used by the first and second parties, and which are written in a security policy language as selectable, deployable and combinable security modules and which enables the security components to be negotiated, partitioned and modified, and rather than being hard-coded, and which include; a store component for storing, retrieving, encrypting, and managing credentials; an integrity component for signing portions of a message and for verifying integrity and signatures of received messages; and a confidentiality component for encrypting and decrypting portions of a message; and format a second message with a markup language wherein the markup language comprises at least one header and wherein the second message contains the encrypted message; inserting at least the one security credential into the at least one header in the markup language in the second message; and transmit the second message to the second party and wherein the second party can use the modular security policy to decrypt and verify the message.
-
Specification