公开(公告)号：US6073242A

公开(公告)日：2000-06-06

申请号：US44607

申请日：1998-03-19

申请人： Ann Ewing Hardy ,  Norman Hardy ,  E. Dean Tribble

发明人： Ann Ewing Hardy ,  Norman Hardy ,  E. Dean Tribble

IPC分类号： G06F21/60 ,  H04L9/08 ,  H04L9/32 ,  H04L29/06 ,  G09C3/08

CPC分类号： H04L63/102 ,  G06F21/604 ,  H04L63/12 ,  H04L63/20 ,  H04L9/083 ,  H04L9/321 ,  H04L9/3247 ,  G06F2211/007 ,  H04L2209/76

摘要： An electronic communication authority server that provides centralized key management, implementation of role-based enterprise policies and workflow and projection of corporate authorities over trusted networks. The authority server includes a key database that associates keys, signatures and indicators of corporate authority (such as letterhead) with particular corporate roles. There can be multiple roles or a single role (e.g., employee) for each authority server. Users associated with one or more roles are permitted by the authority server to exercise authority or include the indicators of authority in their communications. The authority server also encrypts/decrypts and signs/verifies communications from/to a user using the keys and signatures associated with the role being exercised by the user for that communication. The authority server permits roles to be delegated or transferred, which facilitates the execution by the authority server of role-dependent workflow procedures. In another embodiment, keys are not associated with individual roles but with servers and/or groups of users. In this embodiment a server processes a request from one of its users in accordance with the role-based policies it embodies and then, if necessary, indicates the identity of the requesting user in the end product of the request, which it then signs using its own key and encrypts with appropriate destination keys.

摘要翻译： 电子通信授权服务器，提供集中式密钥管理，基于角色的企业策略和工作流的实现以及企业机构对可信网络的预测。 授权服务器包括密钥数据库，将密钥，签名和公司权限指示符（例如信头）与特定的公司角色相关联。 每个权限服务器可以有多个角色或单个角色（例如，员工）。 与一个或多个角色相关联的用户由授权服务器允许在其通信中行使权限或包括权限指标。 权威服务器还使用与该用户正在为该通信正在行使的角色相关联的密钥和签名来加密/解密和验证来自/向用户的通信。 权限服务器允许角色委派或传输，这有助于授权服务器执行角色相关的工作流程序。 在另一个实施例中，密钥不与个体角色相关联，而是与服务器和/或用户组相关联。 在该实施例中，服务器根据其所体现的基于角色的策略来处理来自其一个用户的请求，然后，如果需要，在请求的最终产品中指示请求用户的身份，然后使用它 自己的密钥，并用适当的目的地密钥进行加密。