Generalized certificate use in policy-based secure messaging environments

摘要

Within a secure messaging environment, a determination is made that a request to send a message has been generated by a user. A message protection policy configured to process the message within the secure messaging environment is identified. The message protection policy specifies that, within the secure messaging environment, a secured digital certificate, other than a user-assigned digital certificate of the user, is configured with an associated private key to digitally sign the message on behalf of the user. Based upon the message protection policy, a determination is made to digitally sign the message using the private key of the secured digital certificate. The message is signed on behalf of the user using the private key of the secured digital certificate.

主权项

1. A method, comprising:
determining, within a secure messaging environment, that a request to send a message has been generated by a message sender; identifying a message protection policy configured to process the message within the secure messaging environment, where the message protection policy specifies that, within the secure messaging environment, a secured digital certificate, other than a digital certificate of the message sender, is configured with an associated private key to digitally sign the message on behalf of the message sender; determining, based upon the message protection policy, to digitally sign the message using the private key of the secured digital certificate; signing the message on behalf of the message sender using the private key of the secured digital certificate; determining whether the message protection policy specifies a single recipient or a plurality of recipients; encrypting the message for the single recipient using a public key of the secured digital certificate in response to determining that the message protection policy specifies the single recipient; and encrypting the message for the plurality of recipients using the public key of the secured digital certificate in response to determining that the message protection policy specifies the plurality of recipients.