| 发明名称 |
Authenticating Connections and Program Identity in a Messaging System |
| 摘要 |
A messaging system enables client applications to send and receive messages. The messaging system includes independent component programs performing different functions of the messaging system, such as connection managers that maintain network connections with the client applications, a message router that sends received messages to recipient applications through network connections, and a dispatcher that authenticates other component programs. A messaging server may authenticate client applications using certificate-based authentication (e.g., private and public keys), authentication transfer from another trusted messaging server, or other methods (e.g., user name and password). To authenticate a component program, the dispatcher compares instantiation information (e.g., user identity, process identifier, creation time) of the component program provided by the operating system with instantiation information saved in a shared memory at the time of the component program's instantiation. In response to a match, the dispatcher provides the component program with secure information through an inter-process communication socket. |
| 申请公布号 |
US2016226835(A1) |
申请公布日期 |
2016.08.04 |
| 申请号 |
US201615011334 |
申请日期 |
2016.01.29 |
| 申请人 |
BlackRock Financial Management, Inc. |
发明人 |
Hamburger Elliot;Harris Jonathan S.;Litvin Jeffrey A.;Sahi Sauhard;Valois John D.;Basil Ara;Fradin Randall B. |
| 分类号 |
H04L29/06;G06F15/167;H04L12/58 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method of authenticating component programs in a messaging system where the component programs includes at least one from a group consisting of a dispatcher, a message router, and a connection manager, the method comprising:
storing a private key in a memory accessible by a root user identity; creating an inter-process communication (IPC) socket connection with a component program that is either a message router or a connection manager; determining that the component program is running, wherein the component program does not have permission to access the memory storing the private key; connecting the component program to the IPC socket connection; and responsive to the component program connecting the IPC socket connection: obtaining a first set of instantiation information describing the component program from shared memory; obtaining a second set of instantiation information from an operating system regarding the component program; comparing the first instantiation information to the second instantiation information; and responsive to the first instantiation information matching the second instantiation information, sending the component program the private key through the IPC socket connection. |
| 地址 |
New York NY US |
