Context-sensitive confidentiality within federated environments

US 8,484,699 B2
Filed: 03/08/2012
Issued: 07/09/2013
Est. Priority Date: 03/31/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method of achieving context-sensitive confidentiality within a federated environment, the method comprising:

determining a network route to be taken by a message to be transmitted in the federated environment, the network route crossing a plurality of security domains in the federated environment and the message requesting a service or content from at least a selected one of a plurality of nodes to be encountered on the determined route;

determining, prior to transmitting the message over the network route, at least one portion of the message that is security-sensitive and, for each of the nodes and each of the security-sensitive portions, whether the node is entitled to access the security-sensitive portion, wherein;

at least one security-sensitive portion of the message contains data for use by the selected one in performing the requested service or creating the requested content; and

one of the security-sensitive portions of the message contains identity information of a sender of the message, the identity information usable by the selected one to verify that the sender is entitled to receive results of the requested service or to receive the requested content;

selectively protecting, in the message prior to transmitting the message over the network route, each of the at least one security-sensitive portion of the message for each distinct one of the nodes which is entitled to access the security-sensitive portion;

creating a message receiver element for each of the selectively-protected at least one portion of the message and each of the one or more nodes which is entitled to access the selectively-protected portion, the message receiver element identifying the one or more nodes and providing a node-specific keyword corresponding to the one or more nodes; and

transmitting the message on the determined network route, the message receiver elements enabling each of the nodes to locate and access each security-sensitive portion which the node is entitled to access and preventing the node from accessing any security-sensitive portion which the node is not entitled to access.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are disclosed for achieving context-sensitive confidentiality within a federated environment for which content is aggregated in a distributed Web portal (or similar aggregation framework), ensuring that message portions that should be confidential are confidential to all entities in the federated environment except those entities to which the message portions may properly be divulged. The federation may comprise an arbitrary number of autonomous security domains, and these security domains may have independent trust models and authentication services. Using the disclosed techniques, messages can be routed securely within a cross-domain federation (irrespective of routing paths), thereby ensuring that confidential information is not exposed to unintended third parties and that critical information is not tampered with while in transit between security domains. Preferred embodiments leverage Web services techniques and a number of industry standards.

94 Citations

View as Search Results

20 Claims

1. A computer-implemented method of achieving context-sensitive confidentiality within a federated environment, the method comprising:
- determining a network route to be taken by a message to be transmitted in the federated environment, the network route crossing a plurality of security domains in the federated environment and the message requesting a service or content from at least a selected one of a plurality of nodes to be encountered on the determined route;
  
  determining, prior to transmitting the message over the network route, at least one portion of the message that is security-sensitive and, for each of the nodes and each of the security-sensitive portions, whether the node is entitled to access the security-sensitive portion, wherein;
  
  at least one security-sensitive portion of the message contains data for use by the selected one in performing the requested service or creating the requested content; and
  
  one of the security-sensitive portions of the message contains identity information of a sender of the message, the identity information usable by the selected one to verify that the sender is entitled to receive results of the requested service or to receive the requested content;
  
  selectively protecting, in the message prior to transmitting the message over the network route, each of the at least one security-sensitive portion of the message for each distinct one of the nodes which is entitled to access the security-sensitive portion;
  
  creating a message receiver element for each of the selectively-protected at least one portion of the message and each of the one or more nodes which is entitled to access the selectively-protected portion, the message receiver element identifying the one or more nodes and providing a node-specific keyword corresponding to the one or more nodes; and
  
  transmitting the message on the determined network route, the message receiver elements enabling each of the nodes to locate and access each security-sensitive portion which the node is entitled to access and preventing the node from accessing any security-sensitive portion which the node is not entitled to access.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method according to claim 1, wherein the identity information of the sender further comprises an authentication of the sender by an authentication authority, the authorization indicating that the authentication authority has authenticated the sender using security credentials thereof.
  - 3. The method according to claim 2, wherein:
    - the authentication of the sender is created by the authentication authority for a first of the security domains from which the message is transmitted; and
      
      the authentication is usable by the selected one to enable the selected one to bypass performing a further authentication of the sender in a different one of the security domains in which the selected one receives the message.
  - 4. The method according to claim 1, wherein:
    - the message requests a service or content from each of at least two selected ones of the nodes; and
      
      for each of the selected ones, at least one security-sensitive portion of the message contains data for use by the selected one in performing the requested service or creating the requested content.
  - 5. The method according to claim 4, wherein:
    - the identity information of the sender further comprises an authentication of the sender by an authentication authority for a first of the security domains from which the message is transmitted, the authentication indicating that the authentication authority has authenticated the sender using security credentials thereof; and
      
      for each of the selected ones, the authentication of the sender is usable by the selected one to enable the selected one to bypass performing a further authentication of the sender in a different one of the security domains in which the selected one receives the message.
  - 6. The method according to claim 1, wherein the selectively protecting comprises encrypting at least one security-sensitive portion of the message.
  - 7. The method according to claim 1, wherein the selectively protecting comprises computing a digital signature over at least one security-sensitive portion of the message.
  - 8. The method according to claim 1, wherein determining, for each of the nodes and each of the security-sensitive portions, whether the node is entitled to access the security-sensitive portion further comprises consulting stored policy for each of the nodes to be encountered on the determined route, the stored policy specifying access rights of the nodes.
  - 9. The method according to claim 1, wherein the selectively protecting comprises encrypting each of the at least one security-sensitive portion of the message for each distinct one of the nodes which is entitled to access the security-sensitive portion, the encrypting enabling the node which is entitled to access the security-sensitive portion to decrypt the selectively-protected portion and preventing other nodes from decrypting the selectively-protected portion.
  - 10. The method according to claim 1, wherein:
    - the transmitted message contains security credentials of the sender, the security credentials having been authenticated, by an authentication authority for a first of the security domains from which the message is transmitted, and protected in the transmitted message such that only authorized ones of the nodes receiving the transmitted message in other ones of the security domains can access the protected security credentials; and
      
      the protected security credentials are encrypted using a public key of each of the authorized ones of the nodes receiving the transmitted message, such that each of the authorized ones can decrypt the protected security credentials using a corresponding private key.

11. A system for achieving context-sensitive confidentiality within a federated environment, comprising:
- a computer comprising a processor; and
  
  instructions which are executable, using the processor, to implement functions comprising;
  
  determining a network route to be taken by a message to be transmitted in the federated environment, the network route crossing a plurality of security domains in the federated environment and the message requesting a service or content from at least a selected one of a plurality of nodes to be encountered on the determined route;
  
  determining, prior to transmitting the message over the network route, at least one portion of the message that is security-sensitive and, for each of the nodes and each of the security-sensitive portions, whether the node is entitled to access the security-sensitive portion, wherein;
  
  at least one security-sensitive portion of the message contains data for use by the selected one in performing the requested service or creating the requested content; and
  
  one of the security-sensitive portions of the message contains identity information of a sender of the message, the identity information usable by the selected one to verify that the sender is entitled to receive results of the requested service or to receive the requested content;
  
  selectively protecting, in the message prior to transmitting the message over the network route, each of the at least one security-sensitive portion of the message for each distinct one of the nodes which is entitled to access the security-sensitive portion;
  
  creating a message receiver element for each of the selectively-protected at least one portion of the message and each of the one or more nodes which is entitled to access the selectively-protected portion, the message receiver element identifying the one or more nodes and providing a node-specific keyword corresponding to the one or more nodes; and
  
  transmitting the message on the determined network route, the message receiver elements enabling each of the nodes to locate and access each security-sensitive portion which the node is entitled to access and preventing the node from accessing any security-sensitive portion which the node is not entitled to access.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system according to claim 11, wherein the identity information of the sender further comprises an authentication of the sender by an authentication authority, the authorization indicating that the authentication authority has authenticated the sender using security credentials thereof.
  - 13. The system according to claim 12, wherein:
    - the authentication of the sender is created by the authentication authority for a first of the security domains from which the message is transmitted; and
      
      the authentication is usable by the selected one to enable the selected one to bypass performing a further authentication of the sender in a different one of the security domains in which the selected one receives the message.
  - 14. The system according to claim 11, wherein:
    - the message requests a service or content from each of at least two selected ones of the nodes; and
      
      for each of the selected ones, at least one security-sensitive portion of the message contains data for use by the selected one in performing the requested service or creating the requested content.
  - 15. The system according to claim 14, wherein:
    - the identity information of the sender further comprises an authentication of the sender by an authentication authority for a first of the security domains from which the message is transmitted, the authentication indicating that the authentication authority has authenticated the sender using security credentials thereof; and
      
      for each of the selected ones, the authentication of the sender is usable by the selected one to enable the selected one to bypass performing a further authentication of the sender in a different one of the security domains in which the selected one receives the message.

16. A computer program product for achieving context-sensitive confidentiality within a federated environment, the computer program product embodied on one or more non-transitory computer-readable storage media and comprising computer-readable program code for:
- determining a network route to be taken by a message to be transmitted in the federated environment, the network route crossing a plurality of security domains in the federated environment and the message requesting a service or content from at least a selected one of a plurality of nodes to be encountered on the determined route;
  
  determining, prior to transmitting the message over the network route, at least one portion of the message that is security-sensitive and, for each of the nodes and each of the security-sensitive portions, whether the node is entitled to access the security-sensitive portion, wherein;
  
  at least one security-sensitive portion of the message contains data for use by the selected one in performing the requested service or creating the requested content; and
  
  one of the security-sensitive portions of the message contains identity information of a sender of the message, the identity information usable by the selected one to verify that the sender is entitled to receive results of the requested service or to receive the requested content;
  
  selectively protecting, in the message prior to transmitting the message over the network route, each of the at least one security-sensitive portion of the message for each distinct one of the nodes which is entitled to access the security-sensitive portion;
  
  creating a message receiver element for each of the selectively-protected at least one portion of the message and each of the one or more nodes which is entitled to access the selectively-protected portion, the message receiver element identifying the one or more nodes and providing a node-specific keyword corresponding to the one or more nodes; and
  
  transmitting the message on the determined network route, the message receiver elements enabling each of the nodes to locate and access each security-sensitive portion which the node is entitled to access and preventing the node from accessing any security-sensitive portion which the node is not entitled to access.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer program product according to claim 16, wherein the identity information of the sender further comprises an authentication of the sender by an authentication authority, the authorization indicating that the authentication authority has authenticated the sender using security credentials thereof.
  - 18. The computer program product according to claim 17, wherein:
    - the authentication of the sender is created by the authentication authority for a first of the security domains from which the message is transmitted; and
      
      the authentication is usable by the selected one to enable the selected one to bypass performing a further authentication of the sender in a different one of the security domains in which the selected one receives the message.
  - 19. The computer program product according to claim 16, wherein:
    - the message requests a service or content from each of at least two selected ones of the nodes; and
      
      for each of the selected ones, at least one security-sensitive portion of the message contains data for use by the selected one in performing the requested service or creating the requested content.
  - 20. The computer program product according to claim 19, wherein:
    - the identity information of the sender further comprises an authentication of the sender by an authentication authority for a first of the security domains from which the message is transmitted, the authentication indicating that the authentication authority has authenticated the sender using security credentials thereof; and
      
      for each of the selected ones, the authentication of the sender is usable by the selected one to enable the selected one to bypass performing a further authentication of the sender in a different one of the security domains in which the selected one receives the message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Nadalin, Anthony J., Wesley, Ajamu A.
Primary Examiner(s)
Gergiso, Techane

Application Number

US13/414,736
Publication Number

US 20120167173A1
Time in Patent Office

488 Days
Field of Search

726/2, 713/185, 380/28, 709/225
US Class Current

726/2
CPC Class Codes

G06F 21/6209   to a single file or object,...

H04L 63/0428   wherein the data content is...

H04L 63/126   the source of the received ...

Context-sensitive confidentiality within federated environments

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

94 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Context-sensitive confidentiality within federated environments

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

94 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others