Digital certificate issuer-correlated digital signature verification
First Claim
Patent Images
1. A system, comprising:
- a memory configured to store a data protection policy, where the data protection policy comprises one of a system-wide data protection policy and a target queue-level data protection policy, and if the data protection policy comprises the target queue-level data protection policy and a separate system-wide data protection policy is also specified, then the target queue-level data protection policy takes precedence over the separate system-wide data protection policy; and
a processor programmed to;
receive a message comprising a digital signature of a message originator;
determine, in response to determining that the message originator is authorized by the data protection policy to originate the message, whether a specific authorized certificate issuer is configured for the message originator within the data protection policy; and
in response to determining that the specific authorized certificate issuer is configured for the message originator within the data protection policy;
determine whether a message originator certificate used to generate the digital signature of the message originator is issued by the specific authorized certificate issuer configured for the message originator within the data protection policy.
1 Assignment
0 Petitions
Accused Products
Abstract
A message including a digital signature is received at a processor. It is determined whether a specific authorized certificate issuer is configured for a message originator within a data protection policy. In response to determining that the specific authorized certificate issuer is configured for the message originator within the data protection policy, it is determined whether a message originator certificate used to generate the digital signature is issued by the configured specific authorized certificate issuer.
25 Citations
10 Claims
-
1. A system, comprising:
-
a memory configured to store a data protection policy, where the data protection policy comprises one of a system-wide data protection policy and a target queue-level data protection policy, and if the data protection policy comprises the target queue-level data protection policy and a separate system-wide data protection policy is also specified, then the target queue-level data protection policy takes precedence over the separate system-wide data protection policy; and a processor programmed to; receive a message comprising a digital signature of a message originator; determine, in response to determining that the message originator is authorized by the data protection policy to originate the message, whether a specific authorized certificate issuer is configured for the message originator within the data protection policy; and in response to determining that the specific authorized certificate issuer is configured for the message originator within the data protection policy; determine whether a message originator certificate used to generate the digital signature of the message originator is issued by the specific authorized certificate issuer configured for the message originator within the data protection policy. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer program product comprising a computer readable storage medium including computer readable program code, where the computer readable program code when executed on a computer causes the computer to:
-
receive a message comprising a digital signature of a message originator; determine, in response to determining that the message originator is authorized by a data protection policy to originate the message, whether a specific authorized certificate issuer is configured for the message originator within the data protection policy, where the data protection policy comprises one of a system-wide data protection policy and a target queue-level data protection policy, and if the data protection policy comprises the target queue-level data protection policy and a separate system-wide data protection policy is also specified, then the target queue-level data protection policy takes precedence over the separate system-wide data protection policy; and in response to determining that the specific authorized certificate issuer is configured for the message originator within the data protection policy;
determine whether a message originator certificate used to generate the digital signature of the message originator is issued by the specific authorized certificate issuer configured for the message originator within the data protection policy. - View Dependent Claims (7, 8, 9, 10)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsDixon, Bret W., Rumsey, Jonathan L.
-
Primary Examiner(s)KIM, TAE K
-
Application NumberUS13/532,155Publication NumberTime in Patent Office967 DaysField of Search713155-159US Class Current713/157CPC Class CodesH04L 2209/64 Self-signed certificatesH04L 2209/72 Signcrypting, i.e. digital ...H04L 63/06 for supporting key manageme...H04L 63/0823 using certificates cryptogr...H04L 63/20 for managing network securi...H04L 9/006 involving public key infras...H04L 9/14 using a plurality of keys o...H04L 9/30 Public key, i.e. encryption...H04L 9/3247 involving digital signaturesH04L 9/3263 involving certificates, e.g...H04L 9/3265 using certificate chains, t...
