Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1998-04-01
2002-09-03
Hayes, Gail (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C713S170000
Reexamination Certificate
active
06446206
ABSTRACT:
FIELD OF THE INVENTION
This invention relates generally to message queuing systems, and more particularly to access control of a message queue in a message queuing system.
BACKGROUND OF THE INVENTION
A message queuing system implements asynchronous communications which enable an application in a distributed processing network to send messages to, and receive messages from, other applications. A message may contain data in any format that is understood by both the sending and receiving applications. When the receiving application receives a request message, it processes the request according to the content of the message and, if required, sends a response message back to the original sending application. The sending and receiving applications may be on the same machine or on separate machines connected by a network. While messages are in transit between the sending and receiving applications, the message queuing system keeps the messages in holding areas called message queues. The message queues protect messages from being lost in transit and provide a place for an application to look for messages sent to it when it is ready.
In the context of distributed processing, asynchronous communications provide significant advantages over synchronous communications. Communications are synchronous when the sender of a request must wait for a response from the receiver of the request before it can proceed to perform other tasks. If the receiving application is slow or for any reason cannot promptly process the request, a significant amount of time of the sending application will be wasted in waiting. Moreover, with synchronous communications, the sending application must wait for the receiving application to return a response before it can make a request to another application.
In contrast, with asynchronous communications in the form of exchanging messages, an application can send multiple request messages to different receiving applications at one time and can turn immediately to other tasks without having to wait for any of the receiving applications to respond to the request messages. The messages can be sent regardless of whether the receiving applications are running or reachable over the network. The message queuing system is relied upon to ensure that the messages are properly delivered. The asynchronous message delivery also makes it easy to journal the communications and allows a receiving application to prioritize the processing of the messages.
The asynchronous message delivery, however, makes it more difficult to implement message security. It is important for a message queue. (MQ) server to selectively allow or deny permission to users or groups of users to send messages to a given message queue. A conventional way to implement access control for a data file is to use a security descriptor which contains a discretionary access control list indicating which users or groups are given or denied access to the file. When a user attempts to access the file, the credentials of the user are checked against the security descriptor to determine whether the access request should be allowed or denied.
This conventional scheme, however, is not directly applicable in a message queuing system where the communications are asynchronous. A user can run an application that sends a message to a destination queue and then log off before the message reaches the receiving MQ server which maintains the destination queue. In fact, the user can log off even before the message leaves the sending computer. If the message arrives at the receiving server after the user has logged off, the user credentials are no longer available for the receiving server to verify the identity of the user who sent the message.
It has been proposed to implement access control based on a unique security identification (SID) assigned to each user. When a message is sent, the user's SID is added to the message. Upon receiving the message, the receiving server uses the SID as an unambiguous identification of the user who sent the message. The server checks the security descriptor associated with the destination queue to determine whether the user or any of the groups of which the user is a member is permitted to place messages in the queue. The problem with this scheme is that the SID received with the message is not by itself a reliable indication of the true identity of the person who sent the message. This is because a SID has to be known to the public to serve the function of identifying a user. In other words, it is not a secret. Thus, a hacker may hack the sending computer to insert someone else's SID into a message. The SID associated with a message may also be tampered with when the message traverses the network to the receiver.
SUMMARY OF THE INVENTION
In accordance with the present invention, there is provided a method and system for controlling access to a message queue in a message queuing system with asynchronous message delivery. The access control utilizes a user certificate to authenticate a message sent by the user and uses a database of the message queuing system as a trusted entity in the authentication process. When the user runs an application which sends a message to a target queue, a digital signature for the message is generated with a private key associated with a selected certificate of the user. The message is sent with the digital signature and the certificate. When the receiving MQ server receives the message packet, it verifies the digital signature of the message. If the signature is verified, the receiving MQ server queries the database of the message queuing system to obtain the security identification (SID) that is associated with the certificate and therefore identifies the user who sent the message. The MQ server then checks a security descriptor of the target queue to decide whether the message with the SID should be placed in the target queue.
It is a feature of the invention that the certificate used in the message queue access control may be an internal certificate generated by the message queuing system. The use of an internal certificate avoids the need for the user to obtain an external certificate from a certification authority. Alternatively, the user can select to use an external certificate which provides compatibility with other certificate-based authentication operations.
The advantages of the invention will become apparent with reference to the following detailed description when taken in conjunction with the drawings in which:
REFERENCES:
patent: 4499576 (1985-02-01), Fraser
patent: 4584679 (1986-04-01), Livingston et al.
patent: 4623886 (1986-11-01), Livingston
patent: 4656474 (1987-04-01), Mollier et al.
patent: 4736369 (1988-04-01), Barzilai et al.
patent: 4769815 (1988-09-01), Hinch et al.
patent: 5063562 (1991-11-01), Barzilai et al.
patent: 5163131 (1992-11-01), Row et al.
patent: 5193090 (1993-03-01), Filipiak
patent: 5247676 (1993-09-01), Ozur et al.
patent: 5261002 (1993-11-01), Perlman et al.
patent: 5285445 (1994-02-01), Lehnert et al.
patent: 5287103 (1994-02-01), Kasprzyk et al.
patent: 5367523 (1994-11-01), Chang et al.
patent: 5412717 (1995-05-01), Fischer
patent: 5465328 (1995-11-01), Dievendorff et al.
patent: 5499297 (1996-03-01), Boebert
patent: 5526358 (1996-06-01), Gregerson et al.
patent: 5526489 (1996-06-01), Nilakantan et al.
patent: 5546391 (1996-08-01), Hochschild
patent: 5555415 (1996-09-01), Allen
patent: 5557748 (1996-09-01), Norris
patent: 5572522 (1996-11-01), Calamvokis et al.
patent: 5572582 (1996-11-01), Riddle
patent: 5627766 (1997-05-01), Beaven
patent: 5758184 (1998-05-01), Lucovsky et al.
patent: 5761507 (1998-06-01), Govett
patent: 5764625 (1998-06-01), Bournas
patent: 5777987 (1998-07-01), Adams et al.
patent: 5778384 (1998-07-01), Provino et al.
patent: 5793861 (1998-08-01), Haigh
patent: 5812819 (1998-09-01), Rodwin et al.
patent: 5815667 (1998-09-01), Chien et al.
patent: 5819042 (1998-10-01), Hansen
patent: 5828653 (1998-10-01), Goss
patent: 5835727 (1998-11-01), Wong et al.
patent: 5838907 (1998-11-01), Hansen
patent: 5
Hayes Gail
Leydig , Voit & Mayer, Ltd.
Microsoft Corporation
LandOfFree
Method and system for access control of a message queue does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for access control of a message queue, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for access control of a message queue will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2837116