Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
2000-12-01
2003-10-28
Gaffin, Jeffrey (Department: 2182)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S152000, C709S225000
Reexamination Certificate
active
06640307
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to systems and methods for controlling communication between networks, and in particular to a system and method for limiting access to documents stored on an internal network.
2. Background Information
Businesses today are acting cooperatively to achieve compatible business goals. For example, companies are using just-in-time manufacturing techniques to reduce overhead. To make this work, companies rely heavily on the ability of their suppliers to provide materials when needed.
At the same time, in this digital age business executives have become accustomed to receiving information from a number of sources both inside and outside the company almost instantaneously. They rely on such information to drive their day-to-day management decisions.
In order to provide outside organizations with relevant information in a timely manner, many companies have expanded their order-processing departments to handle increased call volumes. In this environment, outside partners call into the company's order-processing department to request specific information. This requires an employee to be available to answer calls, pull up information and verbally convey information to the partner. This option is very expensive, slow, and offers a poor level of service. What is needed is a system and method of streamlining the flow of information between partner companies while limiting access to company proprietary information.
The Internet provides one possible solution to this problem. The nature of the Internet makes it an ideal vehicle for organizations to communicate and share information. The Internet offers low cost universal access to information. Because of this, Internet transactions are expected to more than quadruple over the next two years, and partner communications via the Internet will almost double. Companies have begun to look to the Internet as a medium allowing quick, easy and inexpensive to business partners. To date, however, their Internet options have been limited.
One solution is to give business partners access to the company internal network. Companies are hesitant to do this, however, since such access, if abused, can lead to the disclosure of company sensitive information.
Another solution is to replicate necessary information to a web server located outside the company's firewall. Such an approach does allow organizations direct access to the information while at the same time limiting their access to company sensitive information. For this environment to work, however, the MIS department must manually transfer information from the internal network to the external server. Therefore, while this option offers organizations direct access to necessary data, that information can be 24 to 48 hours old. When dealing with just-in-time inventory levels and large dollar amounts, 24 hours is too late. This option also creates a bottleneck in MIS, redundancy of data, and decreased data integrity.
What is needed is a system and method for giving controlled access to designated documents stored on the internal network while restricting access to company sensitive information.
SUMMARY OF THE INVENTION
According to one aspect of the present invention, in a document control system including an internal network, an external interface, and a document server connected to the internal network and to the external interface, wherein the document server contains a plurality of go lists, wherein each go list is associated with a role and wherein each go list indicates if a client assigned to that role has access to a document in a document list, a system and method of modifying a go list is described. Client roles are defined client roles. Data Owners are defined, wherein each Data Owner sets access rights for one or more client roles, wherein the plurality of Data Owners include a first Data Owner, wherein the first Data Owner sets access rights for the first client role and not for the second client role. A go list for a client role associated with the first Data Owner is accessed and displayed as a directory tree. The directory tree is modified and mapped into a revised go list. The revised go list is saved to the document server.
REFERENCES:
patent: 3956615 (1976-05-01), Anderson et al.
patent: 4177510 (1979-12-01), Appell et al.
patent: 4584639 (1986-04-01), Hardy
patent: 4621321 (1986-11-01), Boebert et al.
patent: 4701840 (1987-10-01), Boebert et al.
patent: 4713753 (1987-12-01), Boebert et al.
patent: 4914568 (1990-04-01), Kodosky et al.
patent: 5124984 (1992-06-01), Engel
patent: 5179658 (1993-01-01), Izawa et al.
patent: 5204812 (1993-04-01), Kasiraj et al.
patent: 5272754 (1993-12-01), Boerbert
patent: 5276735 (1994-01-01), Boebert et al.
patent: 5311593 (1994-05-01), Carmi
patent: 5329623 (1994-07-01), Smith et al.
patent: 5455953 (1995-10-01), Russell
patent: 5544321 (1996-08-01), Theimer et al.
patent: 5566170 (1996-10-01), Bakke et al.
patent: 5586260 (1996-12-01), Hu
patent: 5606668 (1997-02-01), Shwed
patent: 5619648 (1997-04-01), Canale et al.
patent: 5623601 (1997-04-01), Vu
patent: 5636371 (1997-06-01), Yu
patent: 5673322 (1997-09-01), Pepe et al.
patent: 5684951 (1997-11-01), Goldman et al.
patent: 5689566 (1997-11-01), Nguyen
patent: 5701137 (1997-12-01), Kiernan et al.
patent: 5708780 (1998-01-01), Levergood et al.
patent: 5784566 (1998-07-01), Viavant et al.
patent: 5802299 (1998-09-01), Logan et al.
patent: 5819271 (1998-10-01), Mahoney et al.
patent: 5826029 (1998-10-01), Gore, Jr. et al.
patent: 5864683 (1999-01-01), Boebert et al.
patent: 5864871 (1999-01-01), Kitain et al.
patent: 5870544 (1999-02-01), Curtis
patent: 5884033 (1999-03-01), Duvall et al.
patent: 5884312 (1999-03-01), Dustan et al.
patent: 5892905 (1999-04-01), Brandt et al.
patent: 5903732 (1999-05-01), Reed et al.
patent: 5911143 (1999-06-01), Deinhart et al.
patent: 5913024 (1999-06-01), Green et al.
patent: 5915087 (1999-06-01), Hammond et al.
patent: 5918013 (1999-06-01), Mighdoll et al.
patent: 5933600 (1999-08-01), Shieh et al.
patent: 5950195 (1999-09-01), Stockwell et al.
patent: 5961601 (1999-10-01), Iyengar
patent: 5987611 (1999-11-01), Freund
patent: 6023765 (2000-02-01), Kuhn
patent: 6055637 (2000-04-01), Hudson et al.
patent: 6088679 (2000-07-01), Barkley
patent: 0697662 (1996-02-01), None
patent: 0 743 777 (1996-11-01), None
patent: 0811939 (1997-12-01), None
patent: 96/13113 (1996-05-01), None
patent: 97/13340 (1997-04-01), None
patent: 97/16911 (1997-05-01), None
patent: 97/26731 (1997-07-01), None
International Search Report, PCT Application No. PCT/US 95/12681, 8 p., (mailed Apr. 9, 1996).
Ancilotti, P., et al., “Language Features for Access Control”,IEEE Transactions on Software Engineering, SE-9, 16-25, (Jan. 1983).
Atkinson, R., “IP Authentication Header”, Network Working Group, Request for Comment No. 1826, http/ds.internic.net/rfc/rfc1826.txt, 11 p., (Aug. 1995).
Atkinson, R., “IP Encapsulating Security Payloid (ESP)”, Network Working Group, Request for Comment No. 1827, http/ds.internic.net/rfc/rfc1827.txt, 12 p., (Aug. 1995).
Atkinson, R., “Security Architecture for the Internet Protocol”, Network Working Group, Reqest for Comment No. 1825, http/ds.internic.net/rfc/rfc1825.txt, 21 p., (Aug. 1995).
Baclace, P.E., “Competitive Agents for Information Filtering”,Communications of the ACM, 35, p. 50, (Dec. 1992).
Badger, L., et al., “Practical Domain and Type Enforcement for UNIX”,Proceedings of the 1995 Symposium on Security and Privacy, p. 66-77, (May 1995).
Belkin, N.J., et al., “Information Filtering and Information Retrieval: Two Sides of the Same Coin?”,Communications of the ACM, 35, 29-38, (Dec. 1992).
Bellovin, S.M., et al., “Network Firewalls”,IEEE Communications Magazine, 32, 50-57, (Sep. 1994).
Bevier, W.R., et al., “Connection Policies and Controlled Interference”,Proceedings of the Eighth IEEE Computer Security Foundations Workshop, Kenmare, Ireland, p. 167-176, (Jun. 13-15, 1995).
Boebert, W.E., et al., “Secure Ada Target: Issues, System Design, and Verification”,Proceedin
Greve Paula Budig
Herberg Wayne W.
Motes David G.
Viets Richard R.
Nguyen Tanh Q
Schwegman Lundberg Woessner & Kluth P.A.
Secure Computing Corporation
LandOfFree
System and method for controlling access to documents stored... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for controlling access to documents stored..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for controlling access to documents stored... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3118202