Selective encryption in broker-based messaging systems and methods

US 8,788,824 B2
Filed: 08/13/2009
Issued: 07/22/2014
Est. Priority Date: 08/13/2009
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

transmitting, by a software application subsystem, a request to an encryption services server to route a message generated by an originating software application residing within a first client to a recipient software application residing within a second client through a message broker subsystem separate from the encryption services server, wherein the first client upon which the originating software application resides is configured to communicate directly with the encryption services server to acquire data representative of a current encryption configuration of the message broker subsystem, and the second client upon which the recipient software application resides is configured to communicate directly with the encryption services server to acquire data representative of a current encryption configuration of the recipient software application;

acquiring, by the software application subsystem by way of the direct communication between the first client and the encryption services server, the data representative of the current encryption configuration of the message broker subsystem from the encryption services server in response to the request; and

determining, by the software application subsystem, during a run time of the originating software application whether to encrypt or to not encrypt the message before the message is transmitted to the message broker subsystem for routing to the recipient software application, the determination based at least in part on the current encryption configuration of the message broker subsystem and the current encryption configuration of the recipient software application acquired from the encryption services server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An exemplary method includes transmitting, by a software application subsystem, a request to an encryption services subsystem to route a message generated by an originating software application to a recipient software application through a message broker subsystem, acquiring, by the software application subsystem, data representative of a current encryption configuration of the message broker subsystem from the encryption services subsystem in response to the request, and determining, by the software application subsystem, during a run time of the originating software application whether to encrypt the message before the message is transmitted to the message broker subsystem for routing to the recipient software application, the determination based at least in part on the current encryption configuration of the message broker subsystem. Corresponding methods and systems are also disclosed.

20 Citations

25 Claims

1. A method comprising:
- transmitting, by a software application subsystem, a request to an encryption services server to route a message generated by an originating software application residing within a first client to a recipient software application residing within a second client through a message broker subsystem separate from the encryption services server, wherein the first client upon which the originating software application resides is configured to communicate directly with the encryption services server to acquire data representative of a current encryption configuration of the message broker subsystem, and the second client upon which the recipient software application resides is configured to communicate directly with the encryption services server to acquire data representative of a current encryption configuration of the recipient software application;
  
  acquiring, by the software application subsystem by way of the direct communication between the first client and the encryption services server, the data representative of the current encryption configuration of the message broker subsystem from the encryption services server in response to the request; and
  
  determining, by the software application subsystem, during a run time of the originating software application whether to encrypt or to not encrypt the message before the message is transmitted to the message broker subsystem for routing to the recipient software application, the determination based at least in part on the current encryption configuration of the message broker subsystem and the current encryption configuration of the recipient software application acquired from the encryption services server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising encrypting and transmitting, by the software application subsystem, the message to the message broker subsystem if the data representative of the current encryption configuration indicates that the message broker subsystem is currently configured to accept encrypted messages.
  - 3. The method of claim 1, further comprising transmitting, by the software application subsystem, the message in cleartext to the message broker subsystem if the data representative of the current encryption configuration indicates that the message broker subsystem is not currently configured to accept encrypted messages.
  - 4. The method of claim 1, further comprising:
    - transmitting, by the software application subsystem, the message to the message broker subsystem;
      
      decrypting, by the message broker subsystem, the message if the message is in encrypted form;
      
      acquiring, by the message broker subsystem, data representative of a current encryption configuration of the recipient software application;
      
      determining, by the message broker subsystem, whether to encrypt or to not encrypt the message before the message is routed to the recipient software application, the determination by the message broker subsystem based at least in part on the current encryption configuration of the recipient software application.
  - 5. The method of claim 4, further comprising:
    - encrypting and routing, by the message broker subsystem, the message to the recipient software application if the data representative of the current encryption configuration of the recipient software application indicates that the recipient software application is currently configured to accept encrypted messages.
  - 6. The method of claim 4, further comprising routing, by the message broker subsystem, the message in cleartext to the recipient software application if the data representative of the current encryption configuration of the recipient software application indicates that the recipient software application is not currently configured to accept encrypted messages.
  - 7. The method of claim 1, further comprising establishing, by the software application subsystem, a secure connection between the software application subsystem and the message broker subsystem if the data representative of the current encryption configuration indicates that the message broker subsystem is currently configured to accept encrypted messages.
  - 8. The method of claim 1, further comprising establishing, by the software application subsystem, a non-secure connection between the software application subsystem and the message broker subsystem if the data representative of the current encryption configuration indicates that the message broker subsystem is not currently configured to accept encrypted messages.
  - 9. The method of claim 1, wherein the determining of whether to encrypt or to not encrypt the message is further based on whether the software application subsystem and message broker subsystem are in the same subnet.
  - 10. The method of claim 1, further comprising updating, by the encryption services server, the data representative of the current encryption configuration of the message broker subsystem when data representative of a change in the current encryption configuration of the message broker subsystem is transmitted to the encryption services server.

11. A method comprising:
- receiving, by a message broker subsystem, a message generated by an originating software application residing within a first client, the message comprising routing instructions directing the message broker subsystem to route the message to a recipient software application residing within a second client, wherein the first client upon which the originating software application resides is configured to communicate directly with an encryption services server to acquire data representative of a current encryption configuration of the message broker subsystem, and the second client upon which the recipient software application resides is configured to communicate directly with the encryption services server to acquire data representative of a current encryption configuration of the recipient software application;
  
  acquiring, by the message broker subsystem, the data representative of the current encryption configuration of the recipient software application from the encryption services server separate from the message broker subsystem; and
  
  determining, by the message broker subsystem, whether to encrypt or to not encrypt the message before the message is routed to the recipient software application, the determination based at least in part on the current encryption configuration of the recipient software application acquired from the encryption services server.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, further comprising encrypting and routing, by the message broker subsystem, the message to the recipient software application if the data representative of the current encryption configuration of the recipient software application indicates that the recipient software application is currently configured to accept encrypted messages.
  - 13. The method of claim 11, further comprising routing, by the message broker subsystem, the message in cleartext to the recipient software application if the data representative of the current encryption configuration indicates that the recipient software application is not currently configured to accept encrypted messages.
  - 14. The method of claim 11, further comprising:
    - updating, by the encryption services server, the data representative of the current encryption configuration of the recipient software application when data representative of a change in the current encryption configuration of the recipient software application is transmitted to the encryption services server.
  - 15. The method of claim 11, wherein the message received by the message broker subsystem is encrypted, and wherein the method further comprises decrypting, by the message broker subsystem, the message to obtain routing information corresponding to the message.

16. A system comprising:
- a communication facility configured to communicate with a message broker subsystem and an encryption services server separate from the message broker subsystem; and
  
  a messaging facility selectively and communicatively coupled to the communication facility and configured todirect the communication facility to transmit a request to the encryption services server to route a message generated by an originating software application residing within a first client to a recipient software application residing within a second client through the message broker subsystem, wherein the first client upon which the originating software application resides is configured to communicate directly with the encryption services server to acquire data representative of a current encryption configuration of the message broker subsystem, and the second client upon which the recipient software application resides is configured to communicate directly with the encryption services server to acquire data representative of a current encryption configuration of the recipient software application,acquire data representative of the current encryption configuration of the message broker subsystem by way of the direct communication between the first client and the encryption services server in response to the request, anddetermine during a run time of the originating software application whether to encrypt or to not encrypt the message before the message is transmitted to the message broker subsystem for routing to the recipient software application, the determination based at least in part on the current encryption configuration of the message broker subsystem and the current encryption configuration of the recipient software application acquired from the encryption services server.

17. The system of 16, wherein the messaging facility is further configured to encrypt the message and direct the communication facility to transmit the encrypted message to the message broker subsystem if the data representative of the current encryption configuration indicates that the message broker subsystem is currently configured to accept encrypted messages.

18. The system of 16, wherein the messaging facility is further configured to direct the communication facility to transmit the message to the message broker subsystem as cleartext.

19. A system comprising:
- a routing facility configured to receive a message generated by an originating software application residing within a first client, the message comprising routing instructions directing the routing facility to route the message to a recipient software application residing within a second client, wherein the first client upon which the originating software application resides is configured to communicate directly with an encryption services server to acquire data representative of a current encryption configuration of the message broker subsystem, and the second client upon which the recipient software application resides is configured to communicate directly with the encryption services server to acquire data representative of a current encryption configuration of the recipient software application;
  
  a messaging facility selectively and communicatively coupled to the routing facility and configured toacquire the data representative of the current encryption configuration of the recipient software application from the encryption services server separate from the messaging facility, anddetermine whether to encrypt or to not encrypt the message before the message is routed to the recipient software application, the determination based at least in part on the current encryption configuration of the recipient software application acquired from the encryption services server.

20. The system of 19, wherein the messaging facility is further configured to encrypt the message and direct the routing facility to route the encrypted message to the recipient software application if the data representative of the current encryption configuration indicates that the recipient software application is currently configured to accept encrypted messages.

21. The system of 19, wherein the messaging facility is further configured to direct the routing facility to route the message to the recipient software application as cleartext if the data representative of the current encryption configuration indicates that the recipient software application is not currently configured to accept encrypted messages.

22. A system comprising:
- a first client having an originating software application residing thereon that generates a message to be routed to a recipient software application residing on a second client;
  
  a message broker selectively and communicatively coupled to the client and configured to facilitate the routing of the message from the originating software application to the recipient software application; and
  
  an encryption services server separate from the message broker selectively and communicatively coupled to the first client and to the message broker, the encryption services server configured to maintain data representative of a current encryption configuration of the recipient software application and data representative of a current encryption configuration of the message broker, wherein the first client upon which the originating software application resides is configured to communicate directly with the encryption services server to acquire data representative of the current encryption configuration of the message broker, and the second client upon which the recipient software application resides is configured to communicate directly with the encryption services server to acquire data representative of the current encryption configuration of the recipient software application;
  
  wherein the first client is further configured toacquire, by way of the direct communication between the first client and the encryption services server, the data representative of the current encryption configuration of the message broker from the encryption services server, anddetermine during a run time of the originating software application whether to encrypt or to not encrypt the message before the message is transmitted to the message broker for routing to the recipient software application, the determination based at least in part on the current encryption configuration of the message broker and the current encryption configuration of the recipient software application acquired from the encryption services server.
- View Dependent Claims (23, 24, 25)
- - 23. The system of claim 22, wherein the first client is further configured to encrypt and transmit the message to the message broker for routing to the recipient software application if the data representative of the current encryption configuration of the message broker indicates that the message broker is currently configured to accept encrypted messages.
  - 24. The system of claim 22, wherein the message broker comprises:
    - a first message broker corresponding to the originating software application; and
      
      a second message broker corresponding to the recipient software application;
      
      wherein the first message broker is configured to transmit the message to the second message broker; and
      
      wherein the second message broker is configured to route the message to the recipient software application.
  - 25. The system of claim 24, wherein the first message broker is configured to encrypt or not to encrypt the message before transmitting the message to the second message broker based on a current encryption configuration of the second message broker.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
Jonnagadla, Suresh, Daugherty, Robert, Gola, Shailender, Nham, Ha Tam, Taylor, Lawrence
Primary Examiner(s)
Dada, Beemet
Assistant Examiner(s)
GYORFI, THOMAS A

Application Number

US12/540,746
Publication Number

US 20110040973A1
Time in Patent Office

1,804 Days
Field of Search

713/170, 713/1, 380/279, 380/286
US Class Current

713/170
CPC Class Codes

H04L 63/0428 wherein the data content is...

H04L 67/561 Adding application-function...

Selective encryption in broker-based messaging systems and methods

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

20 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Selective encryption in broker-based messaging systems and methods

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links