 Utilizing information redundancy to improve text searches |
| The following presents a simplified summary of the invention in order to provide a basic ... |
|
| Compiling glyphs into instructions for imaging for execution on a general purpose computer |
| The present invention is a method and apparatus for receiving glyph data, specifying glyphs ... |
|
| Support bound probes and methods of analysis using the same |
| The present invention provides improved methods useful for de novo sequencing of an unknown polymer ... |
|
| Synchronous content addressable memory |
| A content addressable memory (CAM) device is disclosed. The CAM device is a synchronous device that ... |
|
| Step to access native script in a legacy database management system using XML message |
| The present invention overcomes the disadvantages of the prior art by providing a technique which ... |
|
| Digital signature purpose encoding |
| OF THE INVENTION FIG. 1 is a diagram of ordinary digital signature generation without purpose ... |
|
| High speed system and method for replicating a large database at a remote location |
| In summary, the present invention is a distributed computer database system having a local computer ... |
|
| Document processing apparatus for adding predetermined design types to an original document |
| The present invention has been made to solve the above-described drawbacks of the conventional ... |
|
| Method for determining the skew of a printhead of a printer |
| A first method of the invention is for determining the skew of a printhead of a printer. The first ... |
|
|
Electronic authority server
| Details |
Inventors: Hardy, Ann Ewing; Hardy, Norman; Tribble, E. Dean;
Assignee: Agorics, Inc. (Los Altos, CA)
Primary Examiner: Peeso; Thomas R.
Assistant Examiner:
Attorney, Agent or Firm: Caserza; Steven F. Flehr, Hohbach Test Albritton & Herbert, LLP
An electronic communication authority server that provides centralized key management, implementation of role-based enterprise policies and workflow and projection of corporate authorities over trusted networks. The authority server includes a key database that associates keys, signatures and indicators of corporate authority (such as letterhead) with particular corporate roles. There can be multiple roles or a single role (e.g., employee) for each authority server. Users associated with one or more roles are permitted by the authority server to exercise authority or include the indicators of authority in their communications. The authority server also encrypts/decrypts and signs/verifies communications from/to a user using the keys and signatures associated with the role being exercised by the user for that communication. The authority server permits roles to be delegated or transferred, which facilitates the execution by the authority server of role-dependent workflow procedures. In another embodiment, keys are not associated with individual roles but with servers and/or groups of users. In this embodiment a server processes a request from one of its users in accordance with the role-based policies it embodies and then, if necessary, indicates the identity of the requesting user in the end product of the request, which it then signs using its own key and encrypts with appropriate destination keys. |
|
DETAILED DESCRIPTION In summary, the present invention is an authority server that supports the implementation of role-based enterprise policies for expressing and exercising authority and the projection and transfer of those authorities over networks of communicating electronic systems.
A key aspect of the present invention is that the authority server exclusively embodies the authorities of the enterprise and allows its users to indirectly wield those authorities only as permitted by enterprise policies.
By only allowing the authority of the enterprise to be wielded indirectly, the present invention can monitor and control representations by a user of his role and/or authority and can limit actions taken by a user to those within the scope of the user's authority.
For example, an insurance company authority server might only allow users with underwriting authority to issue an insurance binder online.
The present invention can also promptly revoke authorities (eliminating the need for receiver verification of authority) and audit invocation of authority.
As a result, the present invention is well-suited to implement the equivalents of paper processes, such as letterhead, in networked computer systems.
In particular, the present invention includes an authority server coupled to one or more clients or other servers via secure connections (i.
e.
, connections supporting confidentiality, authenticity and integrity).
Each client can be used by at least one user, each with their own name, roles, (e.
g.
, employee, CFO, President), authorities (e.
g.
, special authorities such as system administration or check signing, or default authorities associated with their role), and each uniquely identifiable to the server.
In this context, a secure connection is a connection where the level of confidentiality, authentication, and integrity is sufficient for the purposes of the system owners and users.
Standard mechanisms for confidentiality include: Admonition by corporate policy (e.
g.
, violators will be terminated); Shared key encryption (DES, etc
|
| Related patents |
|
|
System, method and article of manufacture for providing an attribute system with primitive support of dynamic and evolvable roles in support of fluid and integrative application development
A system, method and article of manufacture are provided for managing data items. One or more roles are defined with each role comprising a set of attributes. The roles ...
|
|
|
Object model for network policy management
The present invention is directed to a unified policy management system where various policies, namely, the set of rules and instructions that determine the network's ...
|
|
|
Word/phrase classification processing method and apparatus
A first object of the present invention is to provide a word/phrase classification processing apparatus and method thereof which can automatically classify word and ...
|
|
|
Optical waveguide device, optical and electrical elements combined device, method of driving the same, and electronic equipment using the same
It is an object of the present invention to provide an optical waveguide device having a configuration adapted to selectively receive a desired signal of optical signals ...
|
|
|
Apparatus and method for extracting data
The present invention is a method, system and apparatus for extracting data from another location and saving it in a local environment. According to one embodiment, the ...
|
|
|
Method and apparatus for representing multidimensional data
The invention is directed towards method and apparatus for representing multidimensional data. Some embodiments of the invention provide a two-layered data structure to ...
|
|
|
Call traffic based exception generating system
It is an object of the present invention to provide a new and improved call traffic based monitoring system of central office switch. The invention, therefore, according ...
|
|
|
Database system with improved methods for asynchronous logging of transactions
The asynchronous logging system of the present invention provides improved methods for storing log records in a manner that reduces contention for logging resources of a ...
|
|
|
Format conversion of storage data using an efficient division of data
OF PREFERRED EMBODIMENTS The database apparatus according to a preferred embodiment of the present invention will be described using an example of the apparatus applied ...
|
|
|
Device and method for automatically classifying documents using vector analysis
The invention has been conceived to solve the drawbacks of the related art and aims at realizing self-organizing classification of an aggregation of documents through ...
|
|
|
File Sharing 
