Service A sends a message to Service B which reads the values in the message header to determine whether to forward the message to Service C or Service D. Because of recent attacks on Services C and D, it has been decided to protect the body content of messages using some form of encryption. However, certain restrictions within the design of Service B will not permit it to be changed to support the encryption and decryption of messages. Only Services A, C and D can support message encryption and decryption. Which of the following approaches fulfill these security requirements without changing the role of Service B?
Currently there are no comments in this discussion, be the first to comment!