Systems and methods for securing extranet transactions

US 8,302,153 B1
Filed: 10/25/1999
Issued: 10/30/2012
Est. Priority Date: 06/09/1999
Status: Expired due to Fees

First Claim

Patent Images

1. An access system, comprising:

a certificate authentication component to verify a user'"'"'s identity from a digital certificate supplied by the user,a directory, coupled to the certificate authentication component, to maintain an account for each individual user, each account containing an access policy specifying at least one portion of a computer site to which the corresponding user is permitted access, the computer site being divided into isolated subnets, each at least one portion included in one of the subnets, each account further containing at least one of an internet protocol (IP) address and a certificate authorization method associated with the user, andan access control system, in computer hardware coupled to the directory, for controlling access to the computer site by permitting the user to access one or more of the subnets including one of said each at least one portion of the computer site and restricting the user from accessing at least one other portion of the computer site, based on the access policy associated with the individual user in the directory, wherein the access policy is used to provide tiered access for different sets of users to a plurality of security levels.

View all claims

15 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The systems and methods described herein relate to secure extranets which utilize certificate authentication to mediate access, transactions, and user tracking. Such extranets may be employed to provide an interface accessible over a network, such as the Internet, capable of authenticating and recording transactions for business, medical, or other purposes.

Citations

19 Claims

1. An access system, comprising:
- a certificate authentication component to verify a user'"'"'s identity from a digital certificate supplied by the user,a directory, coupled to the certificate authentication component, to maintain an account for each individual user, each account containing an access policy specifying at least one portion of a computer site to which the corresponding user is permitted access, the computer site being divided into isolated subnets, each at least one portion included in one of the subnets, each account further containing at least one of an internet protocol (IP) address and a certificate authorization method associated with the user, andan access control system, in computer hardware coupled to the directory, for controlling access to the computer site by permitting the user to access one or more of the subnets including one of said each at least one portion of the computer site and restricting the user from accessing at least one other portion of the computer site, based on the access policy associated with the individual user in the directory, wherein the access policy is used to provide tiered access for different sets of users to a plurality of security levels.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The access system of claim 1, further comprising a digital signing module that produces and stores at least one of a digital signature and a timestamp for a transaction.
  - 3. The access system of claim 1, wherein users are categorized into discrete sets, and each set is granted access to a particular portion of the computer site according to the access policy.
  - 4. The access system of claim 1, the system configured to use information relating to the user to present to the user personalized information.
  - 5. The access system of claim 4, wherein the information relating to the user is at least one of the user'"'"'s navigation history and the user'"'"'s preferences.
  - 6. The access system of claim 4, wherein the personalized information is at least one of information relating to new products and developments in the user'"'"'s field of interest.
  - 7. The access system of claim 1, the system configured to maintain an archive relating to the account, the archive including information relating to at least one of purchases made, available credit, applicable discounts, and links to specific recorded transactions.
  - 8. The access system of claim 1, the system being configured for supporting desired functionality of designated users.
  - 9. The access system of claim 1, further comprising an automation component to permit automation of certificate authorization.

10. A method, comprising:
- receiving a request, in computer server hardware, from a user to access a computer site or a portion thereof, the request including information representative of the user'"'"'s identity;
  
  verifying the user'"'"'s identity from the information by consulting a directory that includes accounts for individual users, each account containing an access policy specifying at least one portion of the computer site to which the corresponding user is permitted access, the computer site being divided into isolated subnets, each at least one portion included in one of the subnets, each account further containing at least one of an internet protocol (IP) address and a certificate authorization method associated with the user;
  
  controlling access to the computer site by permitting the user to access one or more of the subnets including a portion of the computer site and restricting the user from accessing at least one other portion of the computer site, based on the access policy for the user, wherein the access policy is used to provide tiered access for different sets of users to a plurality of security levels;
  
  controlling access to the computer site by permitting the user to access a portion of the computer site and restricting the user from accessing at least one other portion of the computer site, based on the access policy associated with the user.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method of claim 10, further comprising producing and storing at least one of a digital signature and a timestamp for a transaction.
  - 12. The method of claim 10, further comprising categorizing users into discrete sets, and granting each set access to a particular portion of the computer site according to the access policy.
  - 13. The method of claim 10, further comprising using information relating to the user to present to the user personalized information.
  - 14. The method of claim 13, wherein the information relating to the user is at least one of the user'"'"'s navigation history and the user'"'"'s preferences.
  - 15. The method of claim 13, wherein the personalized information is at least one of information relating to new products and developments in the user'"'"'s field of interest.
  - 16. The method of claim 10, further comprising maintaining an archive relating to the account, the archive including information relating to at least one of purchases made, available credit, applicable discounts, and links to specific recorded transactions.
  - 17. The method of claim 10, further comprising supporting desired functionality of designated users.
  - 18. The method of claim 10, further comprising automating certificate authorization.

19. An access system for a computer site, comprising:
- a certificate authentication component to verify a user'"'"'s identity from a digital certificate supplied by the user,a directory, coupled to the certificate authentication component, to maintain an account for each individual user, each account containing an access policy specifying at least one portion of a computer site to which the corresponding user is permitted access, the computer site being divided into isolated subnets, each at least one portion included in one of the subnets, each account further containing at least one of an internet protocol (IP) address and a certificate authorization method associated with the user, andan access control system, in computer hardware coupled to the directory, for controlling access to the computer site by permitting the user to access one or more of the subnets including one of said each at least one portion of the computer site and restricting the user from accessing at least one other portion of the computer site, based on the access policy associated with the individual user in the directory, wherein the access policy is used to provide tiered access for different sets of users to a plurality of security levels;
  
  and further wherein the access control system is configured to use information relating to the user to present to the user personalized information, the information relating to the user being at least one of the user'"'"'s navigation history and the user'"'"'s preferences, and the personalized information being at least one of information relating to new products and developments in the user'"'"'s field of interest.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
Garrity, Sharyn Marie, Scott, Ronald Lewis, Helsinger, Aaron Mark
Primary Examiner(s)
BROWN, CHRISTOPHER J

Application Number

US09/426,442
Time in Patent Office

4,754 Days
Field of Search

713/156, 713/166, 713/182, 726/2
US Class Current

726/2
CPC Class Codes

G06F 21/33   using certificates

H04L 63/0209   Architectural arrangements,...

H04L 63/0823   using certificates cryptogr...

H04L 63/102   Entity profiles

Systems and methods for securing extranet transactions

First Claim

15 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for securing extranet transactions

First Claim

15 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links