Electronic authority server
First Claim
1. An authority server providing authority services for one or more users of one or more clients coupled to the authority server via secure connections, the one or more users being associated with a collective entity having a set of policies for the exercise of its authority, the authority services including allowing the users to indirectly exercise the authority of the collective entity through the authority server, the authority server comprising:
- a processing unit;
a memory in which applications can be executed by the processing unit;
a policy application configured to execute in the server with features that can only be directed by respective classes of users according to the set of policies; and
an authority application embodying the authority of the collective entity that is configured to respond to a request by a particular user of a particular class to direct a particular feature of the policy application by;
determining according to the set of policies and the particular class whether the particular user is allowed to direct the particular feature; and
when the particular user is allowed to direct the particular feature, executing the particular feature using any user information provided by the particular user in the request and forming a manifestation of the execution incorporating the user information when provided.
3 Assignments
0 Petitions
Accused Products
Abstract
An electronic communication authority server that provides centralized key management, implementation of role-based enterprise policies and workflow and projection of corporate authorities over trusted networks. The authority server includes a key database that associates keys, signatures and indicators of corporate authority (such as letterhead) with particular corporate roles. There can be multiple roles or a single role (e.g., employee) for each authority server. Users associated with one or more roles are permitted by the authority server to exercise authority or include the indicators of authority in their communications. The authority server also encrypts/decrypts and signs/verifies communications from/to a user using the keys and signatures associated with the role being exercised by the user for that communication. The authority server permits roles to be delegated or transferred, which facilitates the execution by the authority server of role-dependent workflow procedures. In another embodiment, keys are not associated with individual roles but with servers and/or groups of users. In this embodiment a server processes a request from one of its users in accordance with the role-based policies it embodies and then, if necessary, indicates the identity of the requesting user in the end product of the request, which it then signs using its own key and encrypts with appropriate destination keys.
496 Citations
54 Claims
-
1. An authority server providing authority services for one or more users of one or more clients coupled to the authority server via secure connections, the one or more users being associated with a collective entity having a set of policies for the exercise of its authority, the authority services including allowing the users to indirectly exercise the authority of the collective entity through the authority server, the authority server comprising:
-
a processing unit; a memory in which applications can be executed by the processing unit; a policy application configured to execute in the server with features that can only be directed by respective classes of users according to the set of policies; and an authority application embodying the authority of the collective entity that is configured to respond to a request by a particular user of a particular class to direct a particular feature of the policy application by; determining according to the set of policies and the particular class whether the particular user is allowed to direct the particular feature; and when the particular user is allowed to direct the particular feature, executing the particular feature using any user information provided by the particular user in the request and forming a manifestation of the execution incorporating the user information when provided. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 25, 27, 28, 30, 31)
-
-
24. An authority server infrastructure comprising:
-
a set of authority servers, each particular authority server providing authority services for one or more users of one or more clients coupled to the particular authority server via secure connections, the particular authority server being associated with a collective entity having a set of policies for the exercise of its authority, the authority services including allowing the users to indirectly exercise the authority of the collective entity through the authority server; the set of authority servers being interconnected so that each particular authority server provides authority services only for its associated one or more users and any other servers connected as a collective client to the particular authority server; the particular authority server comprising; a processing unit; a memory in which applications can be executed by the processing unit; a policy application configured to execute in the server with features that can only be directed by respective classes of users according to the set of policies; and an authority application embodying the authority of the collective entity that is configured to respond to a request by a particular user of a particular class to direct a particular feature of the policy application by; determining according to the set of policies and the particular class whether the particular user is allowed to direct the particular feature; and when the particular user is allowed to direct the particular feature, executing the particular feature using any user information provided by the particular user in the request and forming a manifestation of the execution incorporating the user information when provided; such that each of the particular servers need not be aware of the set of policies and the one or more users of any other of the servers. - View Dependent Claims (26, 29, 32, 33, 34, 35, 36)
-
-
37. An authority server configured to manage electronic communications for one or more users of one or more clients coupled to the authority server via secure connections, the one or more users being associated with a collective entity, each of the users having at least one role with the collective entity, the authority server comprising:
an authority server program configured to process a particular communication associated with a particular user so that a selected one of the one or more roles of the particular user is authoritatively associated with a processed version of the communication generated by the authority server program. - View Dependent Claims (38, 39)
-
40. An authority server configured to manage electronic communications to and from one or more users of one or more local clients coupled to the server via trusted connections, the authority server comprising:
-
a keys database associating each of a plurality of roles with at least one cryptographic key; and an authority server program configured to process a particular communication associated with a particular user in accordance with a trusted indication of the role of the particular user and information in the keys database associated with the particular user. - View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48, 49, 50)
-
-
51. An authority server configured to manage electronic communications to and from one or more users of the server who are associated with an enterprise, the authority server comprising:
-
a keys database associating one or more cryptographic key groups with the enterprise; and an authority server program configured to process a particular communication associated with a particular user in accordance with a trusted indication of the particular user'"'"'s association with the enterprise and information in the keys database. - View Dependent Claims (52, 54)
-
-
53. A computer program product configured to direct an authority server to manage electronic communications to and from one or more users of the server who are associated with an enterprise, the computer program product comprising:
-
a keys database associating one or more cryptographic key groups with the enterprise; and an authority server program configured to process a particular communication associated with a particular user in accordance with a trusted indication of the particular user'"'"'s association with the enterprise and information in the keys database.
-
Specification