Service-to-service digital path tracing
First Claim
1. A computer-implemented method, comprising:
- under control of one or more computer systems configured with executable instructions,receiving, from a service, a digital message, and a trace, the trace including an ordered set of a plurality of digital signatures of, and respectively added to the digital message by, a plurality of services of a service set, that participated in causing the digital message to be communicated and received and specifying an ordering of the plurality of services, the ordering according to an order of participation of the plurality of services in causing the digital message to be communicated and received and the digital message being of a particular type, the communication of the digital message specifying at least a first service and a second service;
determining, based at least in part on the trace, that the-plurality of services of the service set corresponds to a message communication path that has been recorded for the type of the digital message;
utilizing one or more digital certificates corresponding to the ordered set of digital signatures to verify that the ordered set of digital signatures are valid; and
as a result of the ordered set of digital signatures being valid, processing the digital message.
1 Assignment
0 Petitions
Accused Products
Abstract
A service receives from a sender service a digital message and a corresponding trace, which includes an ordered set of digital signatures of one or more services that participated in causing the service to receive the digital message. The trace may further specify an ordering of the one or more services, which may be generated according to the order of participation of these one or more services. The service may compare the received trace to recorded message paths to determine whether the ordering specified within the trace is valid. If the ordering is valid, the service may use one or more digital certificates to further verify the digital signatures included within the trace. If the service determines that these digital signatures are also valid, the service may process the message.
16 Citations
12 Claims
-
1. A computer-implemented method, comprising:
- under control of one or more computer systems configured with executable instructions,
receiving, from a service, a digital message, and a trace, the trace including an ordered set of a plurality of digital signatures of, and respectively added to the digital message by, a plurality of services of a service set, that participated in causing the digital message to be communicated and received and specifying an ordering of the plurality of services, the ordering according to an order of participation of the plurality of services in causing the digital message to be communicated and received and the digital message being of a particular type, the communication of the digital message specifying at least a first service and a second service; determining, based at least in part on the trace, that the-plurality of services of the service set corresponds to a message communication path that has been recorded for the type of the digital message; utilizing one or more digital certificates corresponding to the ordered set of digital signatures to verify that the ordered set of digital signatures are valid; and as a result of the ordered set of digital signatures being valid, processing the digital message. - View Dependent Claims (2, 3, 4)
- under control of one or more computer systems configured with executable instructions,
-
5. A non-transitory computer-readable storage medium having stored thereon executable instructions that, when executed by one or more processors of a computer system, cause the computer system to at least:
-
determine, in response to receiving a digital message of a particular type and a trace from a service, whether a message path specified within the trace corresponds to a recorded message path, wherein the trace including an ordered set of a plurality of digital signatures of, and respectively added to the digital message by, a plurality of services of a service set; identify from the recorded message an ordering of a plurality of services that participated in causing the digital message to be received and that respectively added a digital signature of the service to the digital message, wherein the ordering is according to an order of participation of the plurality of services in causing the digital message to be communicated and received; and wherein the communication of the digital message specifies at least a first service and a second service; utilize one or more digital certificates corresponding to the ordered set of the plurality of digital signatures to verify that the ordered set of digital signatures are valid; and process the digital message based on the ordered set of digital signatures being valid. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
-
Specification