Systems and methods for securing extranet transactions
First Claim
Patent Images
1. An access system, comprising:
- a certificate authentication component to verify a user'"'"'s identity from a digital certificate supplied by the user,a directory, coupled to the certificate authentication component, to maintain an account for each individual user, each account containing an access policy specifying at least one portion of a computer site to which the corresponding user is permitted access, the computer site being divided into isolated subnets, each at least one portion included in one of the subnets, each account further containing at least one of an internet protocol (IP) address and a certificate authorization method associated with the user, andan access control system, in computer hardware coupled to the directory, for controlling access to the computer site by permitting the user to access one or more of the subnets including one of said each at least one portion of the computer site and restricting the user from accessing at least one other portion of the computer site, based on the access policy associated with the individual user in the directory, wherein the access policy is used to provide tiered access for different sets of users to a plurality of security levels.
15 Assignments
0 Petitions
Accused Products
Abstract
The systems and methods described herein relate to secure extranets which utilize certificate authentication to mediate access, transactions, and user tracking. Such extranets may be employed to provide an interface accessible over a network, such as the Internet, capable of authenticating and recording transactions for business, medical, or other purposes.
-
Citations
19 Claims
-
1. An access system, comprising:
-
a certificate authentication component to verify a user'"'"'s identity from a digital certificate supplied by the user, a directory, coupled to the certificate authentication component, to maintain an account for each individual user, each account containing an access policy specifying at least one portion of a computer site to which the corresponding user is permitted access, the computer site being divided into isolated subnets, each at least one portion included in one of the subnets, each account further containing at least one of an internet protocol (IP) address and a certificate authorization method associated with the user, and an access control system, in computer hardware coupled to the directory, for controlling access to the computer site by permitting the user to access one or more of the subnets including one of said each at least one portion of the computer site and restricting the user from accessing at least one other portion of the computer site, based on the access policy associated with the individual user in the directory, wherein the access policy is used to provide tiered access for different sets of users to a plurality of security levels. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method, comprising:
-
receiving a request, in computer server hardware, from a user to access a computer site or a portion thereof, the request including information representative of the user'"'"'s identity; verifying the user'"'"'s identity from the information by consulting a directory that includes accounts for individual users, each account containing an access policy specifying at least one portion of the computer site to which the corresponding user is permitted access, the computer site being divided into isolated subnets, each at least one portion included in one of the subnets, each account further containing at least one of an internet protocol (IP) address and a certificate authorization method associated with the user; controlling access to the computer site by permitting the user to access one or more of the subnets including a portion of the computer site and restricting the user from accessing at least one other portion of the computer site, based on the access policy for the user, wherein the access policy is used to provide tiered access for different sets of users to a plurality of security levels; controlling access to the computer site by permitting the user to access a portion of the computer site and restricting the user from accessing at least one other portion of the computer site, based on the access policy associated with the user. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An access system for a computer site, comprising:
-
a certificate authentication component to verify a user'"'"'s identity from a digital certificate supplied by the user, a directory, coupled to the certificate authentication component, to maintain an account for each individual user, each account containing an access policy specifying at least one portion of a computer site to which the corresponding user is permitted access, the computer site being divided into isolated subnets, each at least one portion included in one of the subnets, each account further containing at least one of an internet protocol (IP) address and a certificate authorization method associated with the user, and an access control system, in computer hardware coupled to the directory, for controlling access to the computer site by permitting the user to access one or more of the subnets including one of said each at least one portion of the computer site and restricting the user from accessing at least one other portion of the computer site, based on the access policy associated with the individual user in the directory, wherein the access policy is used to provide tiered access for different sets of users to a plurality of security levels; and further wherein the access control system is configured to use information relating to the user to present to the user personalized information, the information relating to the user being at least one of the user'"'"'s navigation history and the user'"'"'s preferences, and the personalized information being at least one of information relating to new products and developments in the user'"'"'s field of interest.
-
Specification