Selective encryption in broker-based messaging systems and methods
First Claim
1. A method comprising:
- transmitting, by a software application subsystem, a request to an encryption services server to route a message generated by an originating software application residing within a first client to a recipient software application residing within a second client through a message broker subsystem separate from the encryption services server, wherein the first client upon which the originating software application resides is configured to communicate directly with the encryption services server to acquire data representative of a current encryption configuration of the message broker subsystem, and the second client upon which the recipient software application resides is configured to communicate directly with the encryption services server to acquire data representative of a current encryption configuration of the recipient software application;
acquiring, by the software application subsystem by way of the direct communication between the first client and the encryption services server, the data representative of the current encryption configuration of the message broker subsystem from the encryption services server in response to the request; and
determining, by the software application subsystem, during a run time of the originating software application whether to encrypt or to not encrypt the message before the message is transmitted to the message broker subsystem for routing to the recipient software application, the determination based at least in part on the current encryption configuration of the message broker subsystem and the current encryption configuration of the recipient software application acquired from the encryption services server.
1 Assignment
0 Petitions
Accused Products
Abstract
An exemplary method includes transmitting, by a software application subsystem, a request to an encryption services subsystem to route a message generated by an originating software application to a recipient software application through a message broker subsystem, acquiring, by the software application subsystem, data representative of a current encryption configuration of the message broker subsystem from the encryption services subsystem in response to the request, and determining, by the software application subsystem, during a run time of the originating software application whether to encrypt the message before the message is transmitted to the message broker subsystem for routing to the recipient software application, the determination based at least in part on the current encryption configuration of the message broker subsystem. Corresponding methods and systems are also disclosed.
20 Citations
25 Claims
-
1. A method comprising:
-
transmitting, by a software application subsystem, a request to an encryption services server to route a message generated by an originating software application residing within a first client to a recipient software application residing within a second client through a message broker subsystem separate from the encryption services server, wherein the first client upon which the originating software application resides is configured to communicate directly with the encryption services server to acquire data representative of a current encryption configuration of the message broker subsystem, and the second client upon which the recipient software application resides is configured to communicate directly with the encryption services server to acquire data representative of a current encryption configuration of the recipient software application; acquiring, by the software application subsystem by way of the direct communication between the first client and the encryption services server, the data representative of the current encryption configuration of the message broker subsystem from the encryption services server in response to the request; and determining, by the software application subsystem, during a run time of the originating software application whether to encrypt or to not encrypt the message before the message is transmitted to the message broker subsystem for routing to the recipient software application, the determination based at least in part on the current encryption configuration of the message broker subsystem and the current encryption configuration of the recipient software application acquired from the encryption services server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising:
-
receiving, by a message broker subsystem, a message generated by an originating software application residing within a first client, the message comprising routing instructions directing the message broker subsystem to route the message to a recipient software application residing within a second client, wherein the first client upon which the originating software application resides is configured to communicate directly with an encryption services server to acquire data representative of a current encryption configuration of the message broker subsystem, and the second client upon which the recipient software application resides is configured to communicate directly with the encryption services server to acquire data representative of a current encryption configuration of the recipient software application; acquiring, by the message broker subsystem, the data representative of the current encryption configuration of the recipient software application from the encryption services server separate from the message broker subsystem; and determining, by the message broker subsystem, whether to encrypt or to not encrypt the message before the message is routed to the recipient software application, the determination based at least in part on the current encryption configuration of the recipient software application acquired from the encryption services server. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A system comprising:
-
a communication facility configured to communicate with a message broker subsystem and an encryption services server separate from the message broker subsystem; and a messaging facility selectively and communicatively coupled to the communication facility and configured to direct the communication facility to transmit a request to the encryption services server to route a message generated by an originating software application residing within a first client to a recipient software application residing within a second client through the message broker subsystem, wherein the first client upon which the originating software application resides is configured to communicate directly with the encryption services server to acquire data representative of a current encryption configuration of the message broker subsystem, and the second client upon which the recipient software application resides is configured to communicate directly with the encryption services server to acquire data representative of a current encryption configuration of the recipient software application, acquire data representative of the current encryption configuration of the message broker subsystem by way of the direct communication between the first client and the encryption services server in response to the request, and determine during a run time of the originating software application whether to encrypt or to not encrypt the message before the message is transmitted to the message broker subsystem for routing to the recipient software application, the determination based at least in part on the current encryption configuration of the message broker subsystem and the current encryption configuration of the recipient software application acquired from the encryption services server.
-
-
17. The system of 16, wherein the messaging facility is further configured to encrypt the message and direct the communication facility to transmit the encrypted message to the message broker subsystem if the data representative of the current encryption configuration indicates that the message broker subsystem is currently configured to accept encrypted messages.
-
18. The system of 16, wherein the messaging facility is further configured to direct the communication facility to transmit the message to the message broker subsystem as cleartext.
-
19. A system comprising:
-
a routing facility configured to receive a message generated by an originating software application residing within a first client, the message comprising routing instructions directing the routing facility to route the message to a recipient software application residing within a second client, wherein the first client upon which the originating software application resides is configured to communicate directly with an encryption services server to acquire data representative of a current encryption configuration of the message broker subsystem, and the second client upon which the recipient software application resides is configured to communicate directly with the encryption services server to acquire data representative of a current encryption configuration of the recipient software application; a messaging facility selectively and communicatively coupled to the routing facility and configured to acquire the data representative of the current encryption configuration of the recipient software application from the encryption services server separate from the messaging facility, and determine whether to encrypt or to not encrypt the message before the message is routed to the recipient software application, the determination based at least in part on the current encryption configuration of the recipient software application acquired from the encryption services server.
-
-
20. The system of 19, wherein the messaging facility is further configured to encrypt the message and direct the routing facility to route the encrypted message to the recipient software application if the data representative of the current encryption configuration indicates that the recipient software application is currently configured to accept encrypted messages.
-
21. The system of 19, wherein the messaging facility is further configured to direct the routing facility to route the message to the recipient software application as cleartext if the data representative of the current encryption configuration indicates that the recipient software application is not currently configured to accept encrypted messages.
-
22. A system comprising:
-
a first client having an originating software application residing thereon that generates a message to be routed to a recipient software application residing on a second client; a message broker selectively and communicatively coupled to the client and configured to facilitate the routing of the message from the originating software application to the recipient software application; and an encryption services server separate from the message broker selectively and communicatively coupled to the first client and to the message broker, the encryption services server configured to maintain data representative of a current encryption configuration of the recipient software application and data representative of a current encryption configuration of the message broker, wherein the first client upon which the originating software application resides is configured to communicate directly with the encryption services server to acquire data representative of the current encryption configuration of the message broker, and the second client upon which the recipient software application resides is configured to communicate directly with the encryption services server to acquire data representative of the current encryption configuration of the recipient software application; wherein the first client is further configured to acquire, by way of the direct communication between the first client and the encryption services server, the data representative of the current encryption configuration of the message broker from the encryption services server, and determine during a run time of the originating software application whether to encrypt or to not encrypt the message before the message is transmitted to the message broker for routing to the recipient software application, the determination based at least in part on the current encryption configuration of the message broker and the current encryption configuration of the recipient software application acquired from the encryption services server. - View Dependent Claims (23, 24, 25)
-
Specification