Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-02-17
2002-03-12
Lee, Thomas (Department: 2182)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C709S225000, C713S152000
Reexamination Certificate
active
06357010
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to systems and methods for controlling communication between networks, and in particular to a system and method for limiting access to documents stored on an internal network.
2. Background Information
Businesses today are acting cooperatively to achieve compatible business goals. For example, companies are using just-in-time manufacturing techniques to reduce overhead. To make this work, companies rely heavily on the ability of their suppliers to provide materials when needed.
At the same time, in this digital age business executives have become accustomed to receiving information from a number of sources both inside and outside the company almost instantaneously. They rely on such information to drive their day-to-day management decisions.
In order to provide outside organizations with relevant information in a timely manner, many companies have expanded their order-processing departments to handle increased call volumes. In this environment, outside partners call into the company's order-processing department to request specific information. This requires an employee to be available to answer calls, pull up information and verbally convey information to the partner. This option is very expensive, slow, and offers a poor level of service. What is needed is a system and method of streamlining the flow of information between partner companies while limiting access to company proprietary information.
The Internet provides one possible solution to this problem. The nature of the Internet makes it an ideal vehicle for organizations to communicate and share information. The Internet offers low cost universal access to information. Because of this, Internet transactions are expected to more than quadruple over the next two years, and partner communications via the Internet will almost double. Companies have begun to look to the Internet as a medium allowing quick, easy and inexpensive to business partners. To date, however, their Internet options have been limited.
One solution is to give business partners access to the company internal network. Companies are hesitant to do this, however, since such access, if abused, can lead to the disclosure of company sensitive information.
Another solution is to replicate necessary information to a web server located outside the company'firewall. Such an approach does allow organizations direct access to the information while at the same time limiting their access to company sensitive information. For this environment to work, however, the MIS department must manually transfer information from the internal network to the external server. Therefore, while this option offers organizations direct access to necessary data, that information can be 24 to 48 hours old. When dealing with just-in-time inventory levels and large dollar amounts, 24 hours is too late. This option also creates a bottleneck in MIS, redundancy of data, and decreased data integrity.
What is needed is a system and method for giving controlled access to designated documents stored on the internal network while restricting access to company sensitive information.
SUMMARY OF THE INVENTION
The present invention is a system and method of limiting access from an external network to documents stored on an internal network. A client list is built in which each client is assigned to one or more roles. Each role has access to one or more documents as defined on a document list. A request from an external network is reviewed and, if possible, the request is associated with a client on the client list. The requested document is then compared to the document list associated with the client'role and, if the requested document is in the list of documents available to a client in the client's role, the requested document is fetched, cleaned and sent to the client.
According to another aspect of the present invention, a document control system is described. The document control system includes an internal network, an external interface, a document server connected to the internal network, and a document control server connected to the internal network and to the external interface. The document server controls access to a plurality of documents, including a first document. The document control server includes a go list processor for determining if the user has authorization to access said first document and a document processor for reading the first document from the document server, cleaning the first document and forwarding a clean version of said first document to the user. In operation, the document control server receives a document request from the external interface for the first document, determines a user associated with the document request, authenticates the user, determines if the user has authorization to access said first document and, if authorized, reads the first document from the document server, cleans the first document and forwards a clean version of said first document to the user.
REFERENCES:
patent: 3956615 (1976-05-01), Anderson et al.
patent: 4177510 (1979-12-01), Appell et al.
patent: 4584639 (1986-04-01), Hardy
patent: 4621321 (1986-11-01), Boebert et al.
patent: 4701840 (1987-10-01), Boebert et al.
patent: 4713753 (1987-12-01), Boebert et al.
patent: 4914568 (1990-04-01), Kodosky et al.
patent: 5124984 (1992-06-01), Engle
patent: 5179658 (1993-01-01), Izawa
patent: 5204812 (1993-04-01), Kasiraj et al.
patent: 5272754 (1993-12-01), Boebert
patent: 5276735 (1994-01-01), Boebert et al.
patent: 5311593 (1994-05-01), Carmi
patent: 5329623 (1994-07-01), Smith et al.
patent: 5455953 (1995-10-01), Russell
patent: 5544321 (1996-08-01), Theimer et al.
patent: 5566170 (1996-10-01), Bakke et al.
patent: 5586260 (1996-12-01), Hu
patent: 5606668 (1997-02-01), Shwed
patent: 5619648 (1997-04-01), Canale et al.
patent: 5623601 (1997-04-01), Vu
patent: 5636371 (1997-06-01), Yu
patent: 5673322 (1997-09-01), Pepe et al.
patent: 5684951 (1997-11-01), Goldman et al.
patent: 5689566 (1997-11-01), Nguyen
patent: 5701137 (1997-12-01), Kiernan et al.
patent: 5708780 (1998-01-01), Levergood et al.
patent: 5784566 (1998-07-01), Viavant et al.
patent: 5802299 (1998-09-01), Logan et al.
patent: 5819271 (1998-10-01), Mahoney et al.
patent: 5826029 (1998-10-01), Gore, Jr. et al.
patent: 5864683 (1999-01-01), Boebert et al.
patent: 5864871 (1999-01-01), Kitain et al.
patent: 5870544 (1999-02-01), Curtis
patent: 5884033 (1999-03-01), Duvall et al.
patent: 5884312 (1999-03-01), Dustan et al.
patent: 5892905 (1999-04-01), Brandt et al.
patent: 5903732 (1999-05-01), Reed et al.
patent: 5911143 (1999-06-01), Deinhart et al.
patent: 5913024 (1999-06-01), Green et al.
patent: 5915087 (1999-06-01), Hammond et al.
patent: 5918013 (1999-06-01), Mighdoll et al.
patent: 5933600 (1999-08-01), Shieh et al.
patent: 5950195 (1999-09-01), Stockwell et al.
patent: 5961601 (1999-10-01), Iyengar
patent: 5987611 (1999-11-01), Freund
patent: 6023765 (2000-02-01), Kuhn
patent: 6055637 (2000-04-01), Hudson et al.
patent: 6088679 (2000-07-01), Barkley
patent: 0697662 (1996-02-01), None
patent: 0 743 777 (1996-11-01), None
patent: 0811939 (1997-12-01), None
patent: 97/13340 (1997-04-01), None
patent: 97/16911 (1997-05-01), None
patent: 97/26731 (1997-07-01), None
Yialelis et al. “Role-Based Security for Distributed Object Systems”, IEEE Proceeding, 1996, pp. 80-85.*
Sandhu et al. “Role-Based Access Control Models”, IEEE Computer, Feb. 1996, pp. 38-47.*
Tari et al. “Role-Based Access Control For Intranet Security”, IEEE Internet Computing, 1997, pp. 24-34.*
International Search Report , PCT Application No. PCT/US 95/12681, 8 p. (mailed Apr. 9, 1996).
Ancilotti, P., et al., “Language Features for Access Control”,IEEE Transactions on Software Engineering, SE-9, 16-25 (Jan. 1983).
Atkinson, R., “IP Authentication Header”, Network Working Group, Request For Comment No. 1826, http//ds.internic.net/rfc/rfc1826.txt, 9 p. (Aug. 1995).
Atkinson, R., “IP Encapsulating Security Payload (ESP)”, Network Working Group, Request For C
Greve Paula Budig
Herberg Wayne W.
Motes David G.
Viets Richard R.
Lee Thomas
Nguyen Tanh Q.
Schwegman, Lundberg, Woesnner & Kluth, P.A.
Secure Computing Corporation
LandOfFree
System and method for controlling access to documents stored... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for controlling access to documents stored..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for controlling access to documents stored... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2826982