Secure system access

US 20040088560A1
Filed: 06/13/2003
Published: 05/06/2004
Est. Priority Date: 04/20/2000
Status: Abandoned Application

First Claim

Patent Images

1. A method of managing access to secure resources, the method including:

providing an schema of rights in respect of secure resources; and

, delegating to one or more users an ability to delegate a profile of selected rights in respect of one or more individual secure resources.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of managing access to secure resources (4-9), the method including: providing an schema of permission rights in respect of secure resources; and, delegating to one or more users an ability to delegate (32) a profile (31) of selected permission rights in respect of one or more secure resources.

51 Citations

View as Search Results

34 Claims

1. A method of managing access to secure resources, the method including:
- providing an schema of rights in respect of secure resources; and
  
  , delegating to one or more users an ability to delegate a profile of selected rights in respect of one or more individual secure resources.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 29, 30, 31, 32, 33, 34)
- - 2. A method according to claim 1, wherein each of the profiles of rights is centrally maintained in a central server.
  - 3. A method according to claim 2, wherein each of the profiles of rights constitutes one of the secure resources.
  - 4. A method according to claim 2, wherein one or more of the secure resources are hosted remotely from the central server.
  - 5. A method according to claim 4, wherein a plurality of the secure resources are hosted in, and are individually accessible within, a same server.
  - 6. A method according to any one of the preceding claims, wherein the rights include permission rights in respect of one or more secure resources.
  - 7. A method according to claim 6, wherein the schema of permission rights is a logical arrangement of different permission rights that have an implied hierarchical order.
  - 8. A method according to either one of claims 6 or 7, wherein the schema is extendable to allow the grant of permissions in relation to the secure resources.
  - 9. A method according to any one of the preceding claims, wherein the secure resources include information sources or applications.
  - 10. A method according to any one of the preceding claims, wherein the rights include delegation rights in respect of one or more of the secure resources.
  - 11. A method according to claim 10, wherein at least a first of the users is able to delegate to another user a profile of selected permission rights which is less than or equal to the permission rights held by the first user.
  - 12. A method according to claim 10, wherein at least a first of the users is able to delegate to another user a profile of selected permission rights in respect of one or more secure resources to which the first user does not have access.
  - 13. A method according to any one of the preceding claims, wherein the central server acts to grant or deny requests made by the user in respect of said secure resources.
  - 14. A method according to any one of the preceding claims, wherein activities of the users are centrally audited and tracked in the central server.
  - 15. A method according to any one of the preceding claims, wherein requests to the central server are referred by servers that receive requests from remote users.
  - 16. A method according to any of the preceding claims when dependent on claim 6, wherein each of said profiles of selected permission rights represents a profile in respect of a particular set of one or more secure resources.
  - 17. A method according to any one of the preceding claims when dependent on claim 6, wherein the permission rights govern access to generally restricted information or use of generally restricted functionality.
  - 18. A method according to any one of the preceding claims, wherein the secure resources are information-based or functionality-based resources, access to which is generally restricted subject to verification of access rights in respect of said resources.
  - 29. A method according to any one of the preceding claims, and further including using a software tool or wizard to develop and manage the permission rights.
  - 30. A method according to any one of the preceding claims, and further including delegating to one or more of the users the capability to issue digital identification certificates to other users.
  - 31. A method according to claim 30, wherein the digital identification certificates include Identrus certificates.
  - 32. A method according to either one of claims 30 or 31, wherein the secure server operates at a remote site and uses the digital certificates stored on a smart card to verify the permission rights of a third party.
  - 33. A method according to any one of the preceding claims, and further including downloading a software application or component onto a user'"'"'s computer for the purpose of encoding a smart card with a public key and a private key.
  - 34. A method according to claim 33, wherein the permission rights are managed by an administrator with the appropriate permission level to grant appropriate access rights to users'"'"'smart cards.

19. A method of allowing a secure access to a remote system via a network, the method including:
- (a) storing in a central server a database of permission rights for a plurality of secure resources hosted at one or more remote servers;
  
  (b) receiving an access request for access to one of the secure resources from one of the plurality of remote servers, (c) establishing the identity of a user making the access request;
  
  (d) determining whether the user has permission rights which are sufficient to allow the user to access the one secure resource; and
  
  (e) approving or declining the access request if the permission rights of the user are or are not sufficient to allow the user to access the one secure resource.
- View Dependent Claims (20)
- - 20. A method according to claim 19, wherein the request is made to one of the remote servers and is redirected from that remote server to the central server.

21. A method of allowing secure access to a remote system via a network, the method including:
- (a) receiving a request for access to a secure resource;
  
  (b) establishing the identity of a user making said access request;
  
  (c) determining whether the user has permission rights which are sufficient to allow the user to access the secure resource; and
  
  of (d) approving or declining said access request if the permission rights of the user are or are not sufficient to allow the user to access the secure resource;
  
  wherein the secure resource is hosted at a remote server, and requests for access to the secure resource are received at the remote server and redirected to a central server.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
- - 22. A method according to claim 21 wherein, upon approval of the access request, a second remote server directs the access request to a first remote server, and the first remote server responds to the user.
  - 23. A method according to either one of claims 21 or 22, wherein establishing the identity of the user involves the use of identification codes.
  - 24. A method according to claim 23, wherein the identification codes comprise digital certificates.
  - 25. A method according to claim 24, wherein the digital certifications use public key cryptography techniques.
  - 26. A method according to any one of claims 21 to 25, wherein one or more of the users with appropriate permission rights can issue identification codes for other users.
  - 27. A method according to claim 26, wherein said one or more of the users can specify the permission rights of the other users to whom identification codes are issued.
  - 28. A method according to any one of claims 21 to 27, wherein the secure resources are formatted in a manner specific to the user making the access request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cybertrust Australia Pty Ltd.
Original Assignee
Cybertrust Australia Pty Ltd.
Inventors
Danks, David Hilton

Application Number

US10/258,060
Publication Number

US 20040088560A1
Time in Patent Office

Days
Field of Search
US Class Current

713/200
CPC Class Codes

G06F 21/33   using certificates

G06F 21/34   involving the use of extern...

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 2221/2153   Using hardware token as a s...

Secure system access

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

51 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Secure system access

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links