GENERALIZED CERTIFICATE USE IN POLICY-BASED SECURE MESSAGING ENVIRONMENTS

US 20170126666A1
Filed: 01/14/2017
Published: 05/04/2017
Est. Priority Date: 03/13/2013
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a memory; and

a processor programmed to;

determine, within a secure messaging environment, that a request to send a message has been generated by a message sender;

identify, within the memory, a message protection policy configured to process the message within the secure messaging environment, where the message protection policy specifies that, within the secure messaging environment, a secured digital certificate, other than a digital certificate of the message sender, is configured with an associated private key to digitally sign the message on behalf of the message sender;

determine, based upon the message protection policy, to digitally sign the message using the private key of the secured digital certificate; and

sign the message on behalf of the message sender using the private key of the secured digital certificate.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Within a secure messaging environment, a determination is made that a request to send a message has been generated by a message sender. A message protection policy configured to process the message within the secure messaging environment is identified. The message protection policy specifies that, within the secure messaging environment, a secured digital certificate, other than a digital certificate of the message sender, is configured with an associated private key to digitally sign the message on behalf of the message sender. Based upon the message protection policy, a determination is made to digitally sign the message using the private key of the secured digital certificate. The message is signed on behalf of the message sender using the private key of the secured digital certificate.

20 Citations

View as Search Results

10 Claims

1. A system, comprising:
- a memory; and
  
  a processor programmed to;
  
  determine, within a secure messaging environment, that a request to send a message has been generated by a message sender;
  
  identify, within the memory, a message protection policy configured to process the message within the secure messaging environment, where the message protection policy specifies that, within the secure messaging environment, a secured digital certificate, other than a digital certificate of the message sender, is configured with an associated private key to digitally sign the message on behalf of the message sender;
  
  determine, based upon the message protection policy, to digitally sign the message using the private key of the secured digital certificate; and
  
  sign the message on behalf of the message sender using the private key of the secured digital certificate.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system of claim 1, where the processor is further programmed to protect, by the secure messaging environment, the secured digital certificate against access by the message sender.
  - 3. The system of claim 1, where the secured digital certificate comprises at least one of:
    - a digital certificate assigned to a secure messaging component within the secure messaging environment; and
      
      a digital certificate managed by the secure messaging component within the secure messaging environment.
  - 4. The system of claim 3, where the secure messaging component comprises one of a queue manager within the secure messaging environment and a data protection module within the secure messaging environment that interfaces with the queue manager.
  - 5. The system of claim 1, where the message protection policy further specifies that the secured digital certificate is configured to digitally sign messages on behalf of a plurality of message senders, and the processor is further programmed to:
    - sign messages of the plurality of message senders using the private key of the secured digital certificate.

6. A computer program product, comprising:
- a computer readable storage medium having computer readable program code embodied therewith, where the computer readable storage medium is not a transitory signal per se and where the computer readable program code when executed on a computer causes the computer to;
  
  determine, within a secure messaging environment, that a request to send a message has been generated by a message sender;
  
  identify a message protection policy configured to process the message within the secure messaging environment, where the message protection policy specifies that, within the secure messaging environment, a secured digital certificate, other than a digital certificate of the message sender, is configured with an associated private key to digitally sign the message on behalf of the message sender;
  
  determine, based upon the message protection policy, to digitally sign the message using the private key of the secured digital certificate; and
  
  sign the message on behalf of the message sender using the private key of the secured digital certificate.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The computer program product of claim 6, where the computer readable program code when executed on the computer further causes the computer to protect, by the secure messaging environment, the secured digital certificate against access by the message sender.
  - 8. The computer program product of claim 6, where the secured digital certificate comprises at least one of:
    - a digital certificate assigned to a secure messaging component within the secure messaging environment; and
      
      a digital certificate managed by the secure messaging component within the secure messaging environment.
  - 9. The computer program product of claim 8, where the secure messaging component comprises one of a queue manager within the secure messaging environment and a data protection module within the secure messaging environment that interfaces with the queue manager.
  - 10. The computer program product of claim 6, where the message protection policy further specifies that the secured digital certificate is configured to digitally sign messages on behalf of a plurality of message senders, and the computer readable program code when executed on the computer further causes the computer to:
    - sign messages of the plurality of message senders using the private key of the secured digital certificate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Dixon, Bret W.

Granted Patent

US 9,948,635 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0435   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 63/0876   based on the identity of th...

H04L 63/104   Grouping of entities

H04L 63/126   the source of the received ...

H04L 63/20   for managing network securi...

H04L 9/3263   involving certificates, e.g...

GENERALIZED CERTIFICATE USE IN POLICY-BASED SECURE MESSAGING ENVIRONMENTS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

20 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

GENERALIZED CERTIFICATE USE IN POLICY-BASED SECURE MESSAGING ENVIRONMENTS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links