Distributed access management of information resources

Assignee

• enCommerce, Inc. · US

Inventors

• Teresa Win · Sunnyvale, US
• Emilio Belmonte · San Francisco, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L67/306
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Using a method for controlling access to information resources, a single secure sign-on gives the user access to authorized resources, based on the user's role in the organization. The information resources are stored on a protected server. A user of a client or browser logs in to the system. A runtime module on the protected server receives the login request and intercepts all other request by the client to use a resource. The runtime module connects to an access server that can determine whether a particular user is authentic and which resources the user is authorized to access. User information is associated with roles and functional groups of an organization to which the user belongs; the roles are associated with access privileges. The access server connects to a registry server that stores information about users, roles, functional groups, resources, and associations among them. The access server and registry server exchange encrypted information that authorized the user to use the resource. The access server passes encrypted tokens that define the user's roles and authorization rights to the browser or client, which stores the tokens in memory. The user is presented with a c…