Method and apparatus for processing administration of a secured community

US 5,968,177 A
Filed: 10/14/1997
Issued: 10/19/1999
Est. Priority Date: 10/14/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method for processing administration of a secure community, the method comprises the steps of:

a) obtaining, by an administrative entity, a permissions matrix in an encoded format from a serving entity of the secure community;

b) upon receiving the permissions matrix, verifying, by the administrative entity, authenticity of the permissions matrix based on the encoded format;

c) when the authenticity of the permissions matrix is verified, generating, by the administrative entity, an administrative request based on an administrator'"'"'s input and the permissions matrix, wherein the administrative request includes identity of the administrative entity;

d) providing, by the administrative entity, the administrative request to the serving entity over a secured link;

e) verifying, by the serving entity, identity of the administrative entity; and

f) when the identity of the administrative entity is verified and when the administrative request is consistent with the permissions matrix, processing, by the serving entity, the administrative request.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for processing administration in a secure community, or communication system, is accomplished by dividing the single computing devices functionality of the administrator/officer/server into physically separate computing devices that function as a serving entity and an administrative entity. In the secure system, when an administrative entity has an administrative function to perform for one of its end-users, it requests a permissions matrix from the serving entity. The serving entity, after authenticating the administrative entity, sends the permissions matrix to the requesting administrative entity in an encoded format. The permissions matrix indicates which administrative functions the requesting administrative entity is authorized to perform for its affiliated end-users. Upon receiving the permissions matrix, the administrative entity verifies the authenticity of the permissions matrix based on the encoded format. When the authenticity of the permissions matrix is verified, the administrative entity generates an administrative request based on an administrator'"'"'s input and the permissions matrix and sends it to the serving entity over a secure communication link. Upon receiving the administrative request, the serving entity verifies the identity of the administrative entity, verifies validity of the request according to the permissions matrix, and, if verified, processes the administrative requests on behalf of the particular end-user.

100 Citations

View as Search Results

33 Claims

1. A method for processing administration of a secure community, the method comprises the steps of:
- a) obtaining, by an administrative entity, a permissions matrix in an encoded format from a serving entity of the secure community;
  
  b) upon receiving the permissions matrix, verifying, by the administrative entity, authenticity of the permissions matrix based on the encoded format;
  
  c) when the authenticity of the permissions matrix is verified, generating, by the administrative entity, an administrative request based on an administrator'"'"'s input and the permissions matrix, wherein the administrative request includes identity of the administrative entity;
  
  d) providing, by the administrative entity, the administrative request to the serving entity over a secured link;
  
  e) verifying, by the serving entity, identity of the administrative entity; and
  
  f) when the identity of the administrative entity is verified and when the administrative request is consistent with the permissions matrix, processing, by the serving entity, the administrative request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 further comprises, within step (a), obtaining the permissions matrix from a single server or from one of a plurality of servers.
  - 3. The method of claim 1 further comprises, within step (a), obtaining the permissions matrix that includes a list of administrator functions that the administrative entity is authorized to process.
  - 4. The method of claim 3 further comprises including, as the administrator functions, at least one of:
    - key recovery, key addition, key deletion, change of secure community policy, change of end-user attributes, change of administrative entity attributes, authority to change other entities attributes and permissions.
  - 5. The method of claim 1 further comprises, within step (a),from time to time, providing, by the administrative entity, a permission request to the serving entity of the secure community, wherein the permission request includes an identity of the administrative entity and a request to receive the permissions matrix;
    - determining, by the serving entity, the permissions matrix for the administrative entity; and
      
      providing, by the serving entity, the permissions matrix in an encoded format to the remote administrative entity.
  - 6. The method of claim 5 further comprises:
    - encoding the permissions matrix using a public key of the administrative entity to produce an encrypted permissions matrix; and
      
      signing the encrypted permissions matrix by the serving entity.
  - 7. The method of claim 6 further comprises:
    - upon receipt of the encrypted permissions matrix and the signature of the serving entity, verifying authenticity of the signature of serving entity; and
      
      when the signature has been authenticated, decrypting the encrypted permissions matrix using a private key of the administrative entity.
  - 8. The method of claim 1 further comprises, within step (c), generating, by the administrative entity, graphical user interface for valid administrative options based on the permissions matrix.
  - 9. The method of claim 1 further comprises, within step (d) providing the administrative request over a secure on-line communication path or a secure store-and-forward communication path.
  - 10. The method of claim 1 further comprises, within steps (d)-(f):
    - providing, by the administrative entity, a plurality of administrative requests;
      
      verifying, by the serving entity, identity of the administrative entity for each of the plurality of administrative requests to produce verified administrative requests; and
      
      processing, by the serving entity, each of the verified administrative requests in an asynchronous manner.
  - 11. The method of claim 1 further comprises, within steps (d)-(f),providing a plurality of administrative requests by a plurality of administrative entities;
    - verifying, by the serving entity, identity of each of the plurality of administrative entities;
      
      verifying, by the serving entity, whether each of the plurality of administrative entities is authorized to access a corresponding one of the of the plurality of administrative requests based on the permissions matrix of each of the plurality of administrative entities; and
      
      processing the corresponding ones of the plurality of administrative requests for each of the plurality of administrative entities that is authorized to access the corresponding one of the plurality of administrative requests.
  - 12. The method of claim 11 further comprises, when access to a corresponding one of the plurality of administrative requests is not authorized because a signature of another one of the plurality of administrative entities is lacking, queuing the corresponding one of the plurality of administrative requests until the signature is received or a subsequent one of the plurality of administrative requests that completes the corresponding one of the plurality of administrative requests is received.

13. A method for an administrative entity to facilitate processing administration of a secure community, the method comprises the steps of:
- a) obtaining a permissions matrix in an encoded format from a serving entity of the secure community;
  
  b) upon receiving the permissions matrix, verifying authenticity of the permissions matrix based on the encoded format;
  
  c) when the authenticity of the permissions matrix is verified, generating an administrative request based on an administrator'"'"'s input and the permissions matrix, wherein the administrative request includes identity of the administrative entity; and
  
  d) providing the administrative request to the serving entity over a secured link.
- View Dependent Claims (14, 15, 16)
- - 14. The method of claim 13 further comprises, within step (a), obtaining the permissions matrix that includes a list of administrator functions that the administrative entity is authorized to process.
  - 15. The method of claim 14 further comprises including, as the administrator functions, at least one of:
    - key recovery, key addition, key deletion, change of secure community policy, change of end-user attributes, change of administrative entity attributes, authority to change other entities attributes and permissions.
  - 16. The method of claim 13 further comprises, within step (a), from time to time, providing a permission request to the serving entity of the secure community, wherein the permission request includes an identity of the administrative entity and a request to receive the permissions matrix.

17. A method for a serving entity to facilitate processing administration of a secure community, the method comprises the steps of:
- a) receiving an administrative request from an administrative entity over a secured link;
  
  b) verifying identity of the administrative entity;
  
  c) determining whether the administrative request is consistent with a permissions matrix of the administrative entity; and
  
  d) when the identity of the administrative entity is verified and when the administrative request is consistent with a permissions matrix, processing the administrative request.
- View Dependent Claims (18, 19)
- - 18. The method of claim 17 further comprises:
    - from time to time, receiving, from the administrative entity, a permission request that includes an identity of the administrative entity and a request to receive the permissions matrix;
      
      determining the permissions matrix for the administrative entity; and
      
      providing the permissions matrix in an encoded format to the remote administrative entity.
  - 19. The method of claim 18 further comprises:
    - encoding the permissions matrix using a public key of the administrative entity to produce an encrypted permissions matrix; and
      
      signing the encrypted permissions matrix.

20. A server entity comprising:
- a processing unit; and
  
  memory operably coupled to the processing unit, wherein the memory stores programming instructions that, when read by the processing unit, causes the processing unit to (a) receive an administrative request from an administrative entity over a secured link;
  
  (b) verify identity of the administrative entity;
  
  (c) determine whether the administrative request is consistent with a permissions matrix of the administrative entity; and
  
  (d) process the administrative request when the identity of the administrative entity is verified and when the administrative request is consistent with a permissions matrix.
- View Dependent Claims (21, 22)
- - 21. The serving entity of claim 20 further comprises, within the memory, programming instructions that, when read by the processing unit causes the processing unit to, from time to time, receive, from the administrative entity, a permission request that includes an identity of the administrative entity and a request to receive the permissions matrix;
    - determine the permissions matrix for the administrative entity; and
      
      provide the permissions matrix in an encoded format to the remote administrative entity.
  - 22. The serving entity of claim 21 further comprises, within the memory, programming instructions that, when read by the processing unit causes the processing unit to encode the permissions matrix using a public key of the administrative entity to produce an encrypted permissions matrix;
    - and sign the encrypted permissions matrix.

23. An administrative entity comprises:
- a processing unit; and
  
  memory operably coupled to the processing unit, wherein the memory stores programming instructions that, when read by the processing unit, causes the processing unit to (a) obtain a permissions matrix in an encoded format from a serving entity of the secure community;
  
  (b) upon receiving the permissions matrix, verifying authenticity of the permissions matrix based on the encoded format;
  
  (c) generate an administrative request based on an administrator'"'"'s input and the permissions matrix when the authenticity of the permissions matrix is verified, wherein the administrative request includes identity of the administrative entity; and
  
  (d) provide the administrative request to the serving entity over a secured link.
- View Dependent Claims (24, 25, 26)
- - 24. The administrative entity of claim 23 further comprises, within the memory, programming instructions that, when read by the processing unit causes the processing unit to obtain the permissions matrix that includes a list of administrator functions that the administrative entity is authorized to process.
  - 25. The administrative entity of claim 24 further comprises, within the memory, programming instructions that, when read by the processing unit causes the processing unit to include, as the administrator functions, at least one of:
    - key recovery, key addition, key deletion, change of secure community policy, change of end-user attributes, change of administrative entity attributes, authority to change other entities attributes and permissions.
  - 26. The administrative entity of claim 23 further comprises, within the memory, programming instructions that, when read by the processing unit causes the processing unit to provide, from time to time, a permission request to the serving entity of the secure community, wherein the permission request includes an identity of the administrative entity and a request to receive the permissions matrix.

27. A digital storage medium for storing programming instructions that, when read by a processing unit, causes the processing unit to facilitate processing administration of a secure community, the digital storage medium comprises:
- first means for storing programming instructions that, when read by the processing unit, causes the processing unit to receive an administrative request from an administrative entity over a secured link;
  
  second means for storing programming instructions that, when read by the processing unit, causes the processing unit to verify identity of the administrative entity;
  
  third means for storing programming instructions that, when read by the processing unit, causes the processing unit to determine whether the administrative request is consistent with a permissions matrix of the administrative entity; and
  
  fourth means for storing programming instructions that, when read by the processing unit, causes the processing unit to process the administrative request when the identity of the administrative entity is verified and when the administrative request is consistent with a permissions matrix.
- View Dependent Claims (28, 29)
- - 28. The digital storage medium of claim 27 further comprises means for storing programming instructions that, when read by the processing unit causes the processing unit to receive from the administrative entity a permission request that includes an identity of the administrative entity and a request to receive the permissions matrix;
    - determine the permissions matrix for the administrative entity; and
      
      provide the permissions matrix in an encoded format to the remote administrative entity.
  - 29. The digital storage medium of claim 28 further comprises storage means for storing programming instructions that, when read by the processing unit causes the processing unit to encode the permissions matrix using a public key of the administrative entity to produce an encrypted permissions matrix;
    - and sign the encrypted permissions matrix.

30. A digital storage medium for storing programming instructions that, when read by a processing unit, causes the processing unit to facilitate processing administration of a secure community, the digital storage medium comprises:
- first means for storing programming instructions that, when read by the processing unit, causes the processing unit to obtain a permissions matrix in an encoded format from a serving entity of the secure community;
  
  second means for storing programming instructions that, when read by the processing unit, causes the processing unit to upon receiving the permissions matrix, verifying authenticity of the permissions matrix based on the encoded format;
  
  third means for storing programming instructions that, when read by the processing unit, causes the processing unit to generate an administrative request based on an administrator'"'"'s input and the permissions matrix when the authenticity of the permissions matrix is verified, wherein the administrative request includes identity of the administrative entity; and
  
  fourth means for storing programming instructions that, when read by the processing unit, causes the processing unit to provide the administrative request to the serving entity over a secured link.
- View Dependent Claims (31, 32, 33)
- - 31. The digital storage medium of claim 30 further comprises means for storing programming instructions that, when read by the processing unit causes the processing unit to obtain the permissions matrix that includes a list of administrator functions that the administrative entity is authorized to process.
  - 32. The digital storage medium of claim 31 further comprises storage means for storing programming instructions that, when read by the processing unit causes the processing unit to include, as the administrator functions, at least one of:
    - key recovery, key addition, key deletion, change of secure community policy, change of end-user attributes, change of administrative entity attributes, authority to change other entities attributes and permissions.
  - 33. The digital storage medium of claim 30 further comprises means for storing programming instructions that, when read by the processing unit causes the processing unit to provide, from time to time, a permission request to the serving entity of the secure community, wherein the permission request includes an identity of the administrative entity and a request to receive the permissions matrix.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Entrust Incorporated (Entrust Corp.), Entrust Technologies Limited
Original Assignee
Entrust Technologies Limited
Inventors
Batten-Carew, Mark, Buchler, Marek, Hiller, Stephen William, Otway, Josanne Mary
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
Baderman, Scott T.

Application Number

US08/949,609
Time in Patent Office

735 Days
Field of Search

713/200, 713/201, 713/202, 709/229, 707/9, 380/21-23, 380/25-30, 380/42, 380/43
US Class Current

726/4
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 2211/008   Public Key, Asymmetric Key,...

H04L 41/28   Restricting access to netwo...

H04L 63/0823   using certificates cryptogr...

H04L 63/102   Entity profiles

H04L 63/123   received data contents, e.g...

Method and apparatus for processing administration of a secured community

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

100 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for processing administration of a secured community

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

100 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links