TW464812B - Query interface to policy server - Google Patents

Abstract

A scalable access filter that is used together with others like it in a virtual private network to control access by users at clients in the network to information resources provided by servers in the network. Each access filter use a local copy of an access control data base to determine whether an access request made by a user. Changes made by administrators in the local copies are propagated to all of the other local copies. Each user belongs to one or more user groups and each information resource belongs to one or more information sets. Access is permitted or denied according to of access policies which define access in terms of the user groups and information sets. The rights of administrators are similarly determined by administrative policies. Access is further permitted only if the trust levels of a mode of identification of the user and of the path in the network by which the access is made are sufficient for the sensitivity level of the information resource. If necessary, the access filter automatically encrypts the request with an encryption method whose trust level is sufficient. The first access filter in the path performs the access check and encrypts and authenticates the request; the other access filters in the path do not repeat the access check. A policy server component of the access filter has been separated from the access filter and the policies have been generalized to permit administrators of the policy server to define new types of actions and new types of entities for which policies can be made as well as time intervals during which the policies are in force and entity attributes that specify how the entity is to be used when access is granted to it. The interface used by applications to determine whether a user has access to an entity is now an SQL query. There is no table in the policy server to which the query applies; instead, the policy server assembles the information needed for the response to the query from various information sources, including sources external to the policy server. Policy server administrators can define methods of acquiring and using the information. The policy server uses the acquired information to authenticate a user or to determine a user's membership in a user group or can simply pass the information on to the application program.

Description

464812 A7

V. Description of the invention (1) Cross reference to related patent applications printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs. Neil et al. Use a standard database system interface to check the priority of access to a resource. This patent application is also a standardized tactical server of the PCT / US99 / 1485 Hanil et al., Which was filed on June 28, 1998, and has a priority date on June 29, 1998. , And contains the entire detailed description of that patent application and the new information of the figure in this patent application, starting with the improvement in the standardization of the strategic word L, and including new schemes 38-54. BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates generally to systems used to respond to queries, and more particularly to such systems as components of a system that controls access to data. 2 · Description of technology The Internet has revolutionized data communications. This has been achieved by providing many protocols and addressing schemes, regardless of the physical hardware of the computer system, the type of physical network to which it is connected, or used to send information from a computer system to What is the type of many physical networks of another computer system? This solution makes it possible for any computer system anywhere in the world and any other computer system to exchange funds. All requirements for two computer systems to exchange information are: each computer system must have an Internet address and software required for the communication protocol; and 'through some combination of many physical networks, two machines There will be a route between them, which may be used to carry -4-This paper size applies the Zhongguanjia Standard (CNS) A4 specification (210 X 297). (Please read the notes on the back before filling (This page) Install -------- order i U ^^ 1 ^^ 1 n J I. 464812 A7-~ ——___ B7___ V. Description of the invention (2) Message constructed by communication protocol. {Please read the notes on the back before filling out this page.) However, the ease with which computer systems may exchange information via the Internet has caused many problems. On the one hand, it has made accessing information easier and cheaper than ever: on the other hand, it has made it more difficult to guarantee compliance sil. The Internet has made it more difficult to protect information in two ways: • It is more difficult to restrict access. If it is possible to access the information via the Internet ', it is possible to access anyone's information as the Internet information is accessed. -Once information is accessed via the Internet, blocking skilled intruders becomes a difficult technical problem. • It is difficult to maintain security en route via the Internet. The Internet is constructed as a packet switching network. It is impossible to predict what route the message will take through the network. It is even more impossible to guarantee the security of all information exchanges, or to include those parts of the message that specify their source or destination: they have not been read or changed along the way. Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs Figure 1 shows the current technology used to increase the security of networks that can access information via the Internet. Figure 1 shows: Network 101, which consists of two separate internal networks 103 (A) and 103 (B), both of which are connected by Internet 1j. Although the two networks 103 (A) and 103 (B) are generally inaccessible, in a sense, they are both part of the Internet; computers on these networks Systems have Internet addresses, and they all use Internet protocols to exchange information. Two such computer systems appear in Figure 1, like the requestor 105 on the network 103 (A) and the server 113 on the network 103 (b). Requester 105 is applying the Chinese National Standard (CNS) A4 specification <210 X 297 mm at this paper scale. Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economy 4 6 4 8 12 A7 B7 V. Description of Invention (3) Request Data that can be provided by the server 113 is accessed. Attached to server i 13 is a mass storage device 115 which contains data 117 being requested by requester 105. Of course, for other materials, the server 113 may be the requester and the requester 105 may be the server. Moreover, in the current context, an access operation is considered to be any operation capable of reading or changing the data stored on the server 113 or changing the state of the server 113. In making requests, the requester 105 is using one of many standard TCP / IP (Transmission Control Communication Protocol / Internet Communication Protocol) protocols. As used herein, a communication protocol is a description of a message set that can be used to exchange information between computer systems. Some actual messages sent between computer systems that are communicating according to a communication protocol are collectively referred to as sessions. During the conversation ', the requester 105 sends a message to the Internet address of the server i 13 according to the communication protocol, and the server 113 sends the message to the Internet address of the requester 105 according to the communication protocol. Both the request and the response will run between the two intranets 103 (~ and 103) via the Internet 111. If the server 113 allows the requester 105 to access the data, then Some messages that flow from the server Π3 to the requester 105 during the conversation will include the requested data. 17. The many multi-component components of the server that responds to messages through the Internet when necessary 丨 3 are called : Service. If the owners of the two internal networks 103 (A and B) want to be sure: Only users of computer systems directly connected to network 103 (A and B) can access the data. 117 , And the contents of the request and response are not known outside those networks; then the owner must resolve two issues; be sure that the server-6-this paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 (Please read the precautions on the back before filling this page) ---- 丨 Order -------- Weaving 464812 Printed by the Consumers ’Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 B7 4) 113 does not respond to requests from computer systems other than those connected to the intranet And convinced that although it is in transit through the Internet 111, anyone who accesses the Internet i 丨 丨 information cannot access or modify the request and response. There are two possible ways to achieve these goals The technology is: firewalls and tunneling using encryption. 0 Conceptually, the 'fire step' is a barrier between the internal network and the rest of the Internet I. Prevent the wall from appearing at 10 9 (A) and (...) The firewall 109 (A) protects the internal network ι03 (Α) &gt; and the firewall ι09 (B) protects the internal network 103 (B). Gate way to build a firewall, the computer system is installed where the internal network is connected to the Internet. Included in the gate is an access filter. It is a type of computer system The software and hardware components check all requests from outside the intranet for information stored on the intranet; and if it comes from a source that has access to the information, it will only send the request to On the internet, in other aspects, The request is discarded. Two such access filters: access filter 107 (A) and access filter i07 (B) appear in Figure 1. If you can answer both questions positively, the source is The right to access the requested information: • Is the source actually the rightful person or thing? • Does the source have access to the data? The process of finding the answer to the first question is called: identification. By providing information to identification The user's firewall. The user personally authenticates the firewall. The paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) (Please read the precautions on the back before filling this page) ------ --Order --------. ^ 46 48 12 A7

V. Description of invention (s) Consumption cooperation by employees of the Intellectual Property Bureau of the Ministry of Economic Affairs is sufficient. There are several items in this information. • Information provided by an authentication token (sometimes called a smart card (s_eard)) owned by the user; • identification of the operating system of the user's machine; and the IP address and Internet domain name (domain name) ° aThe information used by the firewall for authentication may be in band, then it is part of the communication protocol; or it may be out of band (out 0f band), that is: it is provided by a separate communication protocol. As is obvious from the above list of identification information, the firewall can rely on the identification information to identify the extent to which the user has reached, depending on the type of identification information. For example, the p address in the sub-contracting information can be changed by anyone who can intercept the sub-contracting information; therefore, the firewall can give a little trust to it, so the p-address will be used to identify the To have a very low level of trust. On the other hand, when the identification information comes from a token, the firewall can give the identification information a higher level of trust, because: if the token is already owned by someone else, it should not identify the user. Generally 'for a discussion on authentication, see the book "Fire Steps and Internet Security", co-authored by S. Bellovin and W. Cheswick, which Printed by Addison Wesley, Massachusetts, 1994. In modern access filters, access operations are checked at two levels: the Internet subcontracting information or IP level, and the application level. Starting from the industrial level, the messages used in the Internet are carried by subcontracting, saying -8- This paper size is applicable to the Chinese National Standard (CNS) A4 (210 X 297 mm) --- -------- ♦ Install -------- Order --------- &quot; 3Γ &lt; Please read the notes on the back before filling this page) Intellectual Property Bureau of the Ministry of Economic Affairs Printed by employees' consumer cooperatives A7 B7 V. The invention description (6) is datagram. Each such subcontract has a header, which contains information indicating the source and destination of the subcontract. The source and destination are each represented by an IP address and a port number. i car number is a number from 1 to 65535 which is used to separate the multiple streams of traffic in the computer. A number of well-known Internet communication protocols (such as: HTTP (Super Text Transfer Protocol) or FTP (File Transfer Protocol)) services will be designated &quot; listening &quot; (listeri t0) The access filter has a set of rules that indicate which sources may receive IP subcontracting information from which sources; and if the source and destination specified in the title do not follow these rules, the Packet information discarding. For example, the rule may allow or disallow all access operations from one computer to another computer; or restrict access to a specific service (by port No.). However, in the title of the subcontracting information, there is no information about the individual pieces of information being accessed, and the only information about the user is the source information. Therefore, the access check is What cannot be done at the IP level, but must be done at the information protocol level. The access check involves either identifying users who are unlikely to use the source information, or determining Whether the user has the right to access a piece of information. The access check at the application level is usually done by proxies in the firewall. A proxy server is a software component of an access filter. The reason It is called a proxy server because it can be used as a stand-in of the communication protocol in the access filter, in order to achieve user authentication and / or access check on the pieces of information that the user has requested. Example-9-This paper size applies to China National Standard (CNS) A4 (210 X 297 mm) (Please read the precautions on the back before filling this page) Binding --------- Intellectual Property of the Ministry of Economic Affairs Printed by the Consumer Cooperative of the Bureau A7 B7 V. Description of the Invention (7) For example, a commonly used TCP / IP protocol is the Hypertext Transfer Protocol (or HTTP for short), which is used to connect the World Wide Web (World Wide Web) -Wide Web) pages are transferred from one computer system to another such computer system. If access control of individual web pages is required, the content of the agreement must be reviewed in order to determine which feature The webpage request was requested β For a detailed discussion of fire pedals, 'see earlier references by Belovan and Chasewick. Although properly implemented access filter operations can prevent unauthorized access via the Internet U 1 Access to data stored on the intranet, but it cannot prevent unauthorized access to the data in transit via the Internet11. This is prevented by using encrypted tunneling operations. The tunnel operation works as follows: When the access filter 〇〇7 (Α) receives a target address in the internal network 103 (B)-an I from one of the computer systems in the internal network 103 (A) When the P subcontracts information, it encrypts the J P subcontracting information, including its title, and adds a new title, which states that the I ρ address of the access filter 107 (Α) is used as the subaddress. The source address of the packet information, and the I ρ address of the access device 107 (B) as the destination address. The new title may also include: authentication information identifying access filter 〖07 (Α) as the source of encrypted subcontracting information; and access filter 107 (] 5) from which it can determine whether the encrypted subcontracting information has been Intervened information. Because the original IP subcontracting information has been encrypted; when it is passing through the Internet 111, both the title and the content of the original IP subcontracting information cannot be read ’and the title or original! The information of ρ subcontracting information cannot be modified without detection. When the access filter 107 (B) receives the IP subcontracting information, -10-This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) —J ^ * ------- 11 — 11 ---—- End Please read the notes on the back before filling out this page> 464812 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 B7 V. Invention Description (8) It uses any identifying information It is determined whether the subcontracting information does come from the access filter 107 (A). If it does, it removes the header of the subcontracting information added by the access filter 107 (a) and determines whether the subcontracting information is intervened; if not, it decrypts the subcontracting information. , And perform an IP-level access check on the original title. If the header passes, the access filter 107 (B) forwards the subcontracting information (f0rward) to the p address in the internal network specified in the original header; or forwards it to the communication protocol-level storage Take control of one of the proxy servers. The original Ϊp subcontracting information is called tunneling through the Internet 111. In Figure 1, one such trail 112 is shown between two access filters 107 (A) and 107 (B). An additional advantage of tunneling is that it hides the structure of the internal network from those who have access to the information only from the Internet 1 j 1 because only unencrypted IP addresses are stored. Take the IP address of the filter. The owners of the two intranets 103 (A) and 103 (B) can also use tunneling operations together with the Internet 1 11; thus making the two intranets 103 (A and B) a single virtual private Internet (VPN) 119. With the tunnel 12, computer systems in networks 103 (A) and 103 (B) can communicate with each other securely and are applicable to other computers; it seems that both networks 103 (A) and 103 (B) are Dedicated physical links are not connected by the Internet 111. Indeed, it is possible to extend the virtual private network 119 to include any user who has access to the Internet 111 information, thereby enabling the following: • A way to decrypt the subcontracted information in a way that allows access to the filter 107 , Which will be addressed to one of the computer systems in the internal network 103-11-This paper size applies to the Chinese National Standard (CNS) A4 specification (210 x 297 issued) --- 1 ------- A -------- Order ------- i * ^ (Please read the notes on the back before filling out this page) Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 Β7 V. Invention Description ( 9) Encrypt road subcontracting information; • add a header to the encrypted subcontracting information addressed to the access filter 107; and • personally authenticate the access filter 107. For example, an employee who has a portable computer connected to the Internet and has the necessary encryption and authentication capabilities can use a virtual private network to retrieve the information from many internal networks. Information about a computer system on a network. Once many intranets begin to use Internet addressing operations and Internet communication protocols, and are connected to virtual private networks; some browsers (browwsers) that have been developed for the Internet ... It can be used in the internal network 103; and from the user's point of view, there is no difference between accessing data in the Internet and accessing data in the internal network. Thus, the internal network 103 has become an enterprise intranet, that is, an internal network with the same user interface as the Internet 111. Of course, once all the intranets belonging to an entity have been combined into a single virtual private enterprise intranet, access control issues that are characteristic of the Internet will occur again-at this time, except for internal access to data outer. Although the Zhuxi firewalls where the internal network is connected to the Internet 111 are all beautifully enough to prevent outsiders from accessing data in the internal network, but they cannot prevent insiders from being stored. Take that information. For example, it may be as important as a company's protection of its personnel data from its employees and its protection from outsiders. At the same time 'the company may want to make anyone who has access to the Internet 111 information 1— — — —I. --- 1 t 1 ί 1 order

464812 V. Description of the invention (10) can be easily accessed: on one of the many intranet 103 computer systems, its World Wide Web site. -A solution to the many security issues caused by virtual private enterprise intranets is to use firewalls to subdivide many intranets and prevent the intranet from accessing information without unauthorized access via the Internet Impact. Modern access filters 107 are designed to protect the perimeter of the intranet from unauthorized access to information; and, generally speaking, 'each Internet connection has only one storage取 过 遽 器 107. It is planned to use many access filters in the internal network; more access filters will be available. Therefore, using a virtual private network with multiple modern access filters 10 7 is not easy to scale. , That is: in a virtual private network with small access filters, many access filters are not a serious burden; in a network with a large number of access filters, they are one Item burden. The access filter described in the section entitled "General Principles of Many Technologies Used in Access Filter 203" in this patent application section "actually addresses the scale of prior art access filters Scalability issues; thus, it becomes easier to build a network with a large number of access filters. In the further operation of the access filters described in the first part of this patent application It has become apparent that if the technology can be generalized, then the access in the access filter 203 should be more useful for many of the developed technologies: if they can be used at the p-level or Access filters operating at the Internet protocol level are in different contexts, and if they can be extended, decisions can be made. 13- This paper standard applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm> --I --- 111--ί · 11 ---- '11 Order 11— II i-green {Please read the note on the back? Matters before filling out this page} Staff Consumption of Intellectual Property Bureau of the Ministry of Economic Affairs Printed by a cooperative 4648 12 A7 B7 Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs V. Invention Description (11) It is sufficient not only for access to the information set, but also for any actions that may be performed against entities that can access information through the brain system ; Enable the user group to include any kind of entity that can perform the _ item actions through the computer, the system; and enable the information set to become a resource set (⑽Ca-'where—the resource can be controlled through a computer system It becomes obvious that if the decision is allowed to include a temporal component, for example, a component that allows certain user groups to access certain resources only during non-working hours , The decision should be more useful; and it should be useful to be able to associate many attributes with a decision that describes how to perform the decision. For example, a decision may not only provide access to a known One of the resources is a member of a known user group and specifies the class of web service intended for access Development work has continued on the standardized policy server of the parent application of this patent application, and has resulted in important improvements. One improvement is used between a component of the system that allows policy and the standardized policy server Agreement to pass messages. In the parent case, this kind of message is used to provide the standardized policy server with the information it needs to make access decisions and return the results of the access decisions to the components that allow East Strategy. Specific protocols for those information. Although any protocol that provides the information needed to transmit the general policy server for access determination and the results of the access determination between the components that allow the policy and the general policy server is acceptable, all What is needed is a protocol in a format familiar to most programmers, which can be easily incorporated into existing and new programs, and can easily handle the information required for an access decision. -14 paper sizes apply Order Country National Standard (CNS) A4 Specification (21 × 297 mm) ----------- f ^ -------- Order -------- End (Please Read the notes on the back before filling (This page) 4 6 4 8 12 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 B7 V. Description of the Invention (12) At least part of it is often unavailable until the request for access is made. '' Another improvement solves one of the problems of the access control system of the parent case of this application and the parent case of the parent case, which is that it can be used as an authentication and user group in the parent case of the parent case of this patent application The two types of information for membership determination and the source of the information are predefined; the access control system 'system administrator inserted in the parent case of this patent application can define the membership group used to determine the membership of the user group Information, but the source of the information is still predefined. Therefore, it is impossible to determine whether to allow access using information from sources such as a company's general database system. It is also not possible to use the access control system to return information other than the information necessary for the access check process to the allow policy to the client. It is therefore an object of the present invention disclosed herein to 'provide a protocol for communicating between elements that allow policies and a standardized policy server, and to provide access control systems that define Sources of information, methods of obtaining information, and technologies used to access information in inspection procedures. SUMMARY OF THE INVENTION The present invention achieves the foregoing objectives as follows: The improved standardized policy server provides an interface to the elements that allow the policy, which presents the access control system as a virtual list of relational databases, in which for each user information The source combination has a row. To determine whether a user has access to an information source, allow the component address of the policy to instruct the user and information source to query this list; the result indicates at least whether the user has access that power. Because a real table ____-15- This paper size is applicable to the Chinese National Standard (CNS) A4 specification (210 x 297 mm) f ^ -------- Order -------- * End {Please (Please read the notes on the back before filling this page) 464812 A7 B7 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs V. Invention Description (13) The list of small amounts will tend to be very large, and in many cases will only be undefinable ' So the relational database tables are virtual. In the improved standardized policy server, a virtual database service uses the data sources it can access, combining the information needed for query results. In the preferred embodiment, the query is written in the well-known SQL language, while the virtual kit service emulates a standard remote-accessible database system. • Improved standardized policy server allows administrators of access control systems to define methods for obtaining user information and associate these methods with user groups. These methods define how information is collected from users, how information is collected from external sources, and how the information collected is used to authenticate users to determine—the membership of users in a user group , And provide information about the user to the components that allow the policy. Other objects and advantages achieved by the present invention will be apparent to those skilled in the art when reading the following detailed description and drawings, in which: Brief Description of the Drawings Figure 1 is used to control information via the Internet An overview of the many technologies that are accessed; Figure 2 is: an overview of one of the many VPNs (virtual private networks) that uses the technologies disclosed herein; and Figure 3 is: Take the total cable of the access control database in the filter; -16- — — — — — — — — — — — ^ -------- 1T'll !! t ·· ^ (Please (Please read the notes on the back before filling this page.) This paper standard outlines the standard for remuneration (CNS) A4 _ &lt; 21β x 297 &gt; Printed by the Consumer Cooperative of Intellectual Property Bureau of the Ministry of Economic Affairs 4 6 4 8 1 2 A7 _______ B7 V. Description of the invention (14) Figure 4 shows: access check and tunneling operation in VPN using one of the many access filters included in the technology disclosed herein; 'Figure 5 shows: by ~ &quot; roamer (Roamer) access information in VPN; Figure 6 is used to define sensitivity and trust, etc. A table in the relationship with many authentication and encryption technologies; Figure 7 疋. An example of the application of SEND (Secure Encrypted Network Delivery) technology; Figure 8 is a flowchart of the decision-making process; Figure 9 shows: Used to define one display of user group; Figure 10 shows: used to define one display of information set; Figure 11 shows: used to define one display of access decision; Figure 12 shows: used to define storage Take one of the filters to display the diagram; Figure 3 A and B are: a part of the definition of the user group's access control database 30j diagram (schema); Figure 14 is: A diagram of a part of the access control database 3001 that defines the information set; Figure 1 5 疋: Sites defined in the VPN and the server 'services and resources at each site Take a diagram of a part of the control database 3001; Figures 16A and B are: a diagram of a part of the access control database that defines the decision; Figures 17A, B 'and C are: a definition temple A diagram of one part of the server's access control database; Figure 18 shows: used in IntraMap (in the image) The display in the figure: Figure 19 shows: how to make changes to the access control database 3 0 丨; -17- This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) --- -* ------ ΐ Install -------- Order --------- μ (Please read the unintentional matter on the back before filling this page) 464812

V. Description of the invention (printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs Figure 20 is a detailed block diagram of one of the structures of the access filter 203; Figure 21 is: _ kind of elbow 1 ^ 1; (memory mapping Figure 22 is a schematic diagram of the structure of file 23〇 Figure 22 is a schematic diagram of a message sent using the SKIP (Simple Key Management of Internet Protocol) protocol; Figure 23 A 'B' and c are both : A table used in a preferred embodiment of the MMF file; Figure 24 is a schematic diagram of one of the construction examples of the IniraMaj plane; Figure 25 (a) illustrates the delegation of delegation authority in vpN 201 A schematic diagram; Figure 2 is: a block diagram of an action control system that has separated decision checking and decision execution; Figure 27 is: one of an action control system with various decision enabling devices Block diagram; Figure 2 8 shows:-a syntax for defining generalized decisions (⑽㈣; Figure 2 9 shows: the total cable of the decision database 29 in a preferred embodiment; Figure 30 shows the decision Many attributes in database 29〇 丨An example of the construction of a time interval; Figure 31 shows: a window listing all defined schedules; Figure 32 shows: used in a preferred embodiment to define one of the schedule rules Windows; Figure 3 3 shows. Used in a preferred embodiment, the time interval should be -18- This paper size applies Chinese National Standard (CNS) A4 (210 X 297 public love) ----- ------ f Packing -------- Order -------- (Please read the notes on the back before filling out this page) Printed by A7 B7_ V. Description of the invention (16) A window for decision making is used: FIG. 34 shows: a window for displaying attributes in a preferred embodiment; FIG. 3 shows a window for use in a preferred embodiment , Used to assign attributes to a window of the subject; Figure 36 shows: a window used to display and modify an attribute definition in a preferred embodiment; Figure 37 shows: used to display and modify a window A window of a feature definition in the preferred embodiment; Figure 38 is a combination of improved message protocols, and A block diagram of one of the general strategy feeders that controls the technology for obtaining information from sources other than the database; Figure 39 shows the top layer of the interface of the application programmer to the improved messaging protocol; Figure 40 Table 7F — Implementing the improved Function of interest agreement Corric] aVep0] jqyA]] 〇 \ ved; Figure 41 shows an overview of a query interface to a standardized policy server; Figure 42 shows a first example of queries to VDB service 3813 and their Figure 43 shows a second example of queries to the VDB service 3813 and their results; Figure 44 is a breakdown of the contents of the policy database 4401 compiled by the policy DB 3825; Figure 45 is obtained from customer user information A flowchart; Figure 46 is a window showing the definition of a customer certification type; -19-This paper size applies Chinese National Standard (CNS) A4 Regulations (210 X 297) ^ --------- --f ^ -------- Order --------- line (Please read the precautions on the back before filling this page) 16 ^ 8 1 2 A7

Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs, Figure 47 is a window showing the meaning of information resources accessed using a client authentication type;-&amp; Figure 48 Table 7 Relevant access strategy 'and a window of information resources related to-client authentication type; Figure 49 shows the column in the database 44001 used to define the client authentication type; Figure 50 shows the definition of the client authentication type Additional listings in the type database 4401; 'Figure 51 shows the browser window resulting from an authentication format 3807 and locale information 3809; ° Figure 52 shows the information collected via the browser window of Figure 51, How to return to the virtual database service in a search structure; Figure 53 shows the response to the query of Figure 52; and Figure 54 is a conceptual outline of the list of virtual databases built in a standardized policy server. The reference numbers in the various figures have at least three digits. The two rightmost numbers are the reference numbers in the figure; the numbers to the left of those numbers are the figure numbers' In the figure: the item identified by the reference number appears first. For example, in FIG. 2, the item with the reference number 203 appears first. The following explanations will be provided first: some easy-to-scale scalability access filters' how they can be used to control access operations in an enterprise intranet, and how they can be used to build a virtual private network landscape . Therefore, the narrative will provide: the access control surplus used in the access transition device _ -20-1 1 paper standard outline China National Standard ^ NS) A4 specification (210 X 297 male S) —I ----- --- f ^ -------- Order --------- M (Please read the notes on the back before filling out this page] Printed by A8, Consumer Cooperatives, Intellectual Property Bureau, Ministry of Economic Affairs ^ 2 A7 ___B7___ V. Description of the invention (18) library; the method of changing it, and then distributing those changes among many access transitioners; and details of the method used by individual access filters to control access operations. Networks that can hinder scale scalability: Figure 2 Figure 2 shows a virtual private network (VPN) 201, in which access data is designed to avoid multiple access filters The access filter that caused the problem is controlled. VPN 201 is composed of four intranets i 03, which are connected to each other via Internet 121. VPN 201 is also connected via Internet 121: A roamer 217, that is a computer system, although the system is being accessed by the enterprise intranet 2〇 丨 the data of users, but only through the Internet 121 to connect to many intranets. Each intranet 103 has: many computer systems or terminal 209 belonging to the user, and many Server 211; The server contains data that may be accessed by users at many computer systems or terminals 209, or by a user at roamer 217. However, no computer system or The terminal 209, or the rover 2 17 is directly connected to the word server 211; instead, they are each connected through an access filter 203, so that: All queries (references) to the data items on the server will pass at least one access filter 203. Then the 'user system 209 (i) is connected to the network 21 (i), which is connected to the storage Take the filter 203 (a); and the server 211 (i) is connected to the network 215 (i), which is also connected to the access filter 203 (a). Access server -21 made by user at 209 (i)-This paper is suitable for Use Chinese National Standard (CNS) A4 specification (210 X 297 mm) ----------- J installed -----! 1 order * -------- M (please first Read the notes on the back and fill out this page) Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs A 6 4 B 1 2 A7 ~ &quot; ~ 'μ-| B7 V. Any attempt to the information of the invention description (19) 211⑴_h By adding access filters, users are denied access to the data there. ‘Since VPN 201 is of any size’, there will be a considerable number of access filters 203; due to &amp; scaling by scale (SCaHng) issues will occur immediately. The access controller 203 avoids these problems because they are designed based on the following principles: • Knife-type access control database. Each access filter 203 has its own copy of the access control database used to control access to data in VPN 201. Changes made in one copy of the repository are propagated to all other copies. • Distributed management. Any number of administrators may be entrusted with valuable responsibility for the collection of systems. All administrators may perform their work at the same time. • Distributed access control. The access control functions are performed at the near (end) access filter 203. That is, the first access filter 203 in the path between the client and server will determine; whether access is allowed; and many subsequent access filters in the path will not repeat. Access check performed by the first access filter. * ^ For end-to-end encryption. Encryption occurs between the near-end access filter and the farthest possible encryption endpoint (endpoint). This endpoint is either the information server itself 'or the far-end access filter 203-the last one in the route from the client to the server. Dynamic tunnels are established based on the current routing conditions. -22- The size of this paper applies to China National Standard (CNS) A4 (210 X 297 mm) ----------- {Packing -------- Order ------ --- To (please read the notes on the back before filling out this page) Du Ai ^ 2 A7 __B7__ printed by the Intellectual Property Bureau of the Ministry of Economic Affairs, Consumer Consumption V. Invention Description (20) • Applicable encryption and authentication. Depending on the sensitivity of the information being transmitted, variable encryption levels and authentication requirements are applied to the traffic through the VPN ° All of these design points are discussed in more detail below. It should be noted at this time that the access filter 203 may be constructed in any way that guarantees that all queries made by the many users who may access the data without authorization against the data in VPN 201 will Pass an access filter 203. In a preferred embodiment, the access filter 203 is constructed on a feeder and operates under a Windows NT® (new technology version of Windows software) operating system manufactured by Microsoft Corporation. In other embodiments, the access filter 203 may be constructed as a component of an operating system, and / or may be constructed in a router in VPN 201. Distributed Decision Database: Figure 3 Each access filter 203 has a copy of the access control database 301, which keeps all the data related to the access control in the VPN 201. An access filter as shown in the access filter 203 (a) in FIG. 2 has a master copy 205 of an access control database 301. Because of this, the access filter 203 is referred to as a master decision manager program (Master poUcy Manager). The master copy 205 is the one that is used to initialize some new access filters 203 or replace the damaged access control database 301. The backup device of the master decision management computer is an access filter 203 (b). A backup 207 is a mirror of one of the main copies 205. Finally, the report management program 209 includes software for generating reports; the reports are from Access-23- This paper size applies Chinese National Standard (CNS) A4 (210 X 297 mm) (please read the back first; (I will fill in this page again) I will install -------- order --------- side 46 48 〖2 A7 B7 V. Description of the invention (21 的 Information in the database 3G1 'and from Get _post gs from all its =). The access control database is changed == any user who must perform the access operation in this way; ^ ^, 佃 billion, any such changes are first propagated to the master decision management program ^ fly 205 then Then go to all other access filters 201 in the virtual private network 201. Figure 3 is a conceptual overview of the access control data block ^ 〇]-species rhino 301. The main function of the database is to respond to the access request from the access m2Q3-the access request marriage, and the access m uses 3U to indicate whether the request will be granted or denied 3U to identify users and information resources. The request will be granted if both of the following are true: user belongs to-user group, in which the database ^ indicates that it may access one of the information sets to which the information resource belongs; and the request has-at least A trust level as high as the sensitivity level of information resources. Each user belongs to one or more user groups, and each information resource belongs to one or more information sets; if none of the user groups to which the user belongs is denied access to the information An information set to which the resource belongs, and any user group to which the user belongs is allowed to access any information set to which the information resource belongs; the user may access the information resource if the request has the necessary level of trust. The sensitivity level of a resource is only one of the levels of trust required to access the resource. In general, the more information resources that need to be protected, the higher the sensitivity level. The requested level of trust has many components: -24- This paper size is in accordance with Chinese National Standard (CNS) A4 (210 X 297 mm) C Please read the notice on the back before writing this page) Pack- ------- Order --------- Therefore, printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs, printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs, printed A7 ___ Β7__ V. Description of the invention (22) The trust level of the identification technology of the user is for example; for example, subtracting the user by the token has a higher trust level than identifying the user by the IP address. • The trust level of the path taken by an access request via the network; for example, a 'path that includes the Internet has a lower level of trust than a path that includes only some internal networks. • If the access request is encrypted, the trust level of the encryption technology is used; the stronger the encryption technology, the higher the trust level. Consider the trust level of the identification technology and the trust level of the path separately. However, the level of reliance on the 'path may be affected by the level of #reliability of the encryption technology used to encrypt the access request. If the request is encrypted using an encryption technology whose trust level is higher than the trust level of a part of the path, the trust level of part of the path is increased to the trust level of the encryption technology. The -fs level in a part of the right path is less than the sensitivity level required for the resource; then, by using an encryption technology with the necessary trust level to encrypt the access request, the problem can be solved. It is possible to divide the information contained in the database 301 into six categories: • User identification information 3 13 which identifies the user; • User group 3 15 which defines the group to which the user belongs; • Information resources 320 'It will define protected individual information items and specify where to find them; • Information set 321, which defines the group of information resources; • Trust level information 323' It will indicate the sensitivity of information resources Level and user identification and trust level of network path; and -25- This paper size is applicable to Chinese National Standard (CNS) A4 specification (21〇x297). (Please read the precautions on the back before filling this page) Loading ---- Order --------- End

V. Description of the invention (23) Printed by the Consumer Cooperative of Intellectual Property Bureau of the Ministry of Economic Affairs • Decision information, which will define access rights based on user groups and various objects in VPN 201. The decision information 303 is further divided into: access decision 307, management decision 305 'and decision maker decision 306. • Access decision 307 defines the right of the user group to access the information set; • Management decision 305 defines the right of the user group to define / delete / modify many objects in vPN 201. Among the many objects are: access decision information sets, user groups, locations, servers, and services in VPN 201; and • decision maker decision 306 defines user groups Right to access decisions. The user groups specified in the two parts of the management decision and decision maker decision of the database 301 are user groups of administrators. In VPN 20i, the management authority (admjjnistratjve authority) is delegated by defining the administrator group and the objects under their jurisdiction in the database 301. Of course, a given user may be a member of both the general user group 317 and the management user group 319. User identification The user group uses the user identification information 313 to identify their members. Identification information identifies its users through a set of extensible identification technologies. Currently, these identification technologies include: X.509 certificates, Windows NT domain identification, authentication tokens, and IP addresses / domain names. 5 The type of identification technique used to identify users will determine the trust of identification. grade. -26- This paper size applies to China National Standard (CNS) A4 (210 X 297 mm) {Please read the notes on the back before filling this page) ---- Line 464812 A7 B7___ V. Description of the invention (24) Where it is necessary to strongly identify the user or other entities communicating with the access filter 203, VPN 201 will be used: by Yiyang Microsystems (Sun Microsystem, Inc.) developed the "Simple Key Management for Internet Protocols" (SKIP) software communication protocol. The communication protocol will manage: public key exchange 'key authentication, and session encryption. Session encryption is performed by a transport key generated from the public and private keys of the parties that are exchanging data. The public key is included in the X.509 certificate. 'The certificates are exchanged between the SKIP parties using a common protocol called Certificate Discovery Protocol (CDP), which is a separate communication protocol. . In addition to encrypted messages, one type of message encrypted using SKIP includes: an encrypted transmission key for one of the messages, and identiHers for the certificate of the source and destination of the data. The recipient of the message uses the identifier of the certificate of the source of the message to indicate the location of the public secret of the source; and uses its secret wheel and the public secret of the source to decrypt the transmitted secret; Decrypt it. SKIP messages are self-authenticating. ‘In a sense, it contains an authentication title that includes a cryptographic digest of the subcontracted information content, and any kind of modification will make the digest incorrect. For details on SKIP, please refer to "Simple Key Management of Internet Protocols (SKIP)" published by Ashar Aziz and Martin Patterson ; Monograph 'This monograph can be found online: February 28, 1998 EJ, the website is http: //www.skip.orgAnet-95.html. Regarding certificate χ · 509-27- This paper size is applicable to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) ------------ ^^ ------- -Order --------- End (please read the unintentional matter on the back before filling out this page) Printed by the Intellectual Property Bureau of the Ministry of Economic Affairs, Consumer Cooperatives, Printed by the Ministry of Economic Affairs, Intellectual Property Bureau, Consumer Consumption Du printed A7 B7________ 5 2. For the details of the description of the invention (25), 'Please refer to the description available on the Internet: September 2, 997, URL: http://www.rnbo.com/PR〇D/rmadill〇/p/pdoc2. htm_. In VPN 201, SKIP is also used by many access filters 203 to identify themselves and other access filters 203 in the VPN; and then to encrypt TCP / IP conversations where encryption is needed. While they are performing access checks, many access filters 203 can also use certificates against SKIP keys to identify users. In this way, an identification method is particularly trustworthy and therefore has a fairly high level of trust. One of the uses of this method of identification by ancestral books is: a trusted identification method for "roamers" 2 1 7. X.509 certificates can be used for user identification because they: The key information is related to the information about the user. The access filter 203 uses the following information fields from the certificate: • Expiry date: 'Certificate is invalid after this date. The right public half-pair key, as used in SKIP-based cryptography used by Conclave. • Certificate Authority signature: with the authority that issued the certificate There are related distinguished names. • Certificate serial number. • Subject name: The name of the entity to which the certificate was issued. The subject name includes the following sub-fields (the representative characters in the parentheses are the general abbreviations of the dark place): ): The established name of the subject, for example, John q. Public c -28- This paper size applies the Chinese National Standard (CNS) A4 specification (210 χ 297 male t) &lt; 1 ----- ------ i ^ -------- Order --------- ^ f Jing first read the notes on the back before filling in this page) d6 48 1 2 A7 B7 V. Description of the invention (26) • Country (c): The country where the subject is located. The country code is a two-letter code specified in the specification X.509. (Please read the precautions on the back before filling this page) ♦ Location (L): The location of the subject. This field is usually the city where the subject is located, but any location-related data may be used. • Organization (〇): The group to which the subject belongs. This field is usually The name of the organization. • Organizational unit (0U): The organizational unit of the subject. This field is usually the gateway to the subject. For example, 'Business Department'. X.509 certificate allows up to four columns in these fields The certificate authority used with many access filters 203 will issue certificates with all of these fields. And, four 0 U fields may be used to define additional classifications. Used in the certificate to describe The user information is available to the administrator of the database 301 to use it when defining user groups. The information in the book correctly reflects the organizational structure of the enterprise; the certificate will be indifferent to users, and will show that the user is suitable for the organization of the enterprise; to the extent that the users in the database 301 Groups will reflect: organizational structure, user groups to which users belong. Printed by the Intellectual Property Bureau of the Ministry of Economic Affairs, Consumer Cooperative, as will be explained in more detail later, which may define one of the members of many user groups The method is: by, "certificate matching criteria", which defines the number of fields that a certificate belonging to a member of a given user group must have. Certificate matching criteria may not be based on as many or as many of the above mentioned bits as required. For example, the certificate matching criteria for the engineering user group may be: the organizational field and the organizational unit field that specifies the engineering organization. Other information for identifying users is also available. -29- No ^ The paper size is applicable to China National Standard (CNS) A4 specification (21 × X 297 mm) A7 B7 5. Invention description (27) Can be used to define many uses A member of the group. Information Sets Information sets hold information about many individual information resources. A resource may be as small as a WWW (World Wide Web) page or newsgroup ', but it is most often made up of: the Web directory tree and its contents' FTP account' or main Usenet (news network) news category. In one of the many servers in Figure 2, two information sets are shown: 219 (j) and (k). Although the administrator of the access control database 3101 should decide exactly what information is included in an information set; however, the information in a given set is usually: both the subject and the intended audience (audience) Related information. Examples of information sets for companies might be: HR policies, HR Personnel Records, and Public Information. Access decision 307 Conceptually, access decision 307 consists of a simple statement in the following format: Engineers allowed access to engineers

Internet allowed access to the Internet public web site Public network site The first column contains the user group: the last column contains the information set. The middle column is access decision-allow or deny. The database 301 allows a hierarchical definition of user groups and information sets. For example, the engineer user group may be defined as: hardware engineer user group, software engineer use -30- This paper is again applicable to China National Standard (CNS) A4 specification (21〇χ 297 mm) ( (Please read the notes on the back before filling out this page.) Packing -------- Order --------- ^ Printed by the Consumers' Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs Printing 4 6 4 8 1 2 A7 ___ B7 V. Inventor group (28), and sales engineer user group. Similarly, engineering data information sets may be defined to include: hardware engineering data information sets, two-body engineering data information sets, and sales engineering data information sets. Within the hierarchy of user groups, access is granted by inheritance. So & VI &lt; ‘马 ίAccess Check’ A user who belongs to one of the hardware engineer user groups will also automatically belong to the engineer user group. At the level of the information set, access is also obtained by inheritance. For access verification, it belongs to the hardware engineering data information set—the information resource also automatically belongs to the engineering data information set. Therefore, if there is an access decision that gives the engineer access to engineering data, any user who is a member of one of the three user groups that make up the engineer may access: belonging to the constituent engineering data Any of the three resources in any of the information resources. The use of inheritance in the definition of user groups and information sets will greatly reduce the number of access decisions 307 required in the access control database 301. For example, in the above example, a single access decision gives all engineers access to all engineering data. Inheritance rights also make it possible to define all access decisions in terms of allowed access operations. Continuing the above example, if there is a user group of Salespeople 11 (Salespeople) that does not belong to Engineers, but there is an access decision that gives the user group access to sales engineering data, then it becomes a "Salesman" Users of one of the members will be able to access sales engineering data, but not software engineering data or hardware engineering data. Of course, a user may belong to more than one user group, and an information resource may belong to more than one information set. There may also be information for the various user groups to which the user belongs and the information to which the information resource belongs. -31-This paper size applies to the China National Standard (CNS) A4 specification (210 X 297). ----- Λ -------- Order --------- Sheng (Please read the notes on the back before filling this page) A7 B7____ V. Description of the invention (29) (Please first Read the notes on the back and fill out this page) for different access decisions. When faced with multiple access decisions that apply to both the user and the information resource that the user is trying to access, access filters lack the ability to apply decisions in a restrictive rather than permissive way: • If multiple decisions allow or deny a user group access to an information set, then the decision to deny access operations has the advantage. • If a particular user is a member of a multi-user group and multiple decisions allow or deny access to the information set; the decision to deny access operations prevails. The user group to which a user belongs may change depending on the recognition pattern used to identify the user. Therefore, if according to the recognition pattern that the user has provided access to benefits 203 until then, no access decision is applicable to the user groups to which the user belongs; then the access device 203 May try to get additional identifying information 'and decide whether the additional identifying information places the user in one of the user groups for which there is a decision about the resource. The access filter 203 may obtain additional identification information if: • The user has installed the User Identification Client 'UIC' (a type that will be executed on the user's machine and will identify the user) Software provided for access to the furnace 203 "Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs • UIC is currently running on the user's machine. • The user has caused his UIC to pop up (p0p-up), For further definition (the user has a check box that enables this feature ° If all these requirements are true, then the access filter 203 will force the -32- Applicable to China National Standards (CNSM4 specification (210 X 297 mm) A7 B7 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs V. Invention Description (30) The UIC of the user pops up and requests additional identification information. The user Any identification information for the public is stored. After each new piece of user identification information, the access filter 203 performs the same evaluation process: The user places the identification information in one of the user groups for which the operation decision is allowed or denied; or, until the user abandons his request, the UIC window pops up. Management Decision 305 Management Decision 3 05 will be implemented (Implement) Management of many objects in the access control system of VPN 201. Included in the objects are: user groups, information sets, access decisions, and available resources (available resourCes); That is: services, servers, access filters, and the network hardware that makes up VPN 201. Objects are managed by one or more administrative user groups. A member of the administrative user group that manages a given object The object and its relationship with other objects may be modified, and management decisions may be made for the object. As will be explained in more detail later, a member of the administrative user group who manages objects may develop The fact that the management decision of the object makes it possible for the member to delegate the authority of the object. For example, the management "hardware engineer" ; Management of user groups One of the members of a user group may formulate: _ item gives "hardware engineer management rights" to &quot; hardware manager &quot; Engineers are entrusted with management rights, and hardware engineering administrators. It should be noted that the right to manage information sets is separate from the right to make access decisions to information sets. A user group has the right to make The fact that the access decision of the information set is not granted to the user group system (Jing first read the notes on the back before filling this page) -------- Order * ------ 1_ ' &quot; Wood paper standards are applicable to Chinese National Standards-33- Printed by A7 of the Intellectual Property Bureau of the Ministry of Economic Affairs' Consumer Cooperatives. A7. V. Invention Description (31 的 Right to make management decisions on asset collection; vice versa. When the accessor 203 is first established, a single built-in security officer (the old office). The user group has: the jurisdiction of all objects in VpN 2 01 and the decision maker decision 3 〇6 management rights. With the inheritance rights of management decisions, inheritance rights operate with audio decisions, the same method &: inheritance rights with access decisions. Many user groups, information sets, and management decisions The available resources are organized hierarchically. Within a user group, there is a user group that is a subset of a given user group: all of the user groups are from among the many user groups from the given user group The next level down in the hierarchy. The same is true for the information set. The inheritance is applied to the hierarchy in the same way as for access decisions. Therefore, within the user group level, jurisdiction (contr) 〇1) An administrative user of a user group will also govern all subsidiary, including some user groups. Similarly, regarding the level of the information set, the management of the information set Administrative users also govern all subordinates, including an information set; and one of the management decisions for an information set. Administrative users also govern access decisions for all included information sets. The natural level of available resources. For example, one level in the level is: location. Within a given location, many servers at that location form the next level down; while in a server, the server Many services provided by the server form the next level. Groups of administrative users with jurisdiction at any level of the available resource tree will also govern the lower levels used. For example, management decisions will access filter 203. Jurisdiction (many &) -34 t paper size applies Chinese National Standard (CNS) A4 specification (210 X 297 mm) --------------------------------- -Order --------- line (please read the notes on the back before filling this page) Λ64B 1 2 A7 B7 V. Description of the invention (32) The official manager has the aim to: all servos under the website Server, all services running on those servers, and those services Management rights for all resources supported. Delegation authority: Figure 2 5 In VPN 201, delegation authority is very easy, because: members of the management user group of the management object may modify the object and develop management for it Decisions. For example, if an administrative user group manages an information set, it can divide the information set into two sub-sets and make some new management decisions, which are given to two other user groups. Each user group governs the management rights of one of the two sub-sets. Figure 25 shows an extended example of one of the delegated rights. In Figure 25, user groups and other objects are represented by circles; decisions The decision-maker's decision is represented by a square; the decision relationship is represented by different types of arrows: solid arrows represent official decisions, dotted lines indicate head decisions, and dashed arrows represent access decisions. Part of the drawing labeled 2501 shows what happens when the access filter 203 is being built: built-in, 'security officer, user group 2503 has jurisdiction over all built-in objects 2505 and jurisdiction decision maker decisions 2507 management rights. "The members of the security officer" user group 2503 will use their administrative rights to: form a sub-collection of objects 2505, rearrange object hierarchies, and establish decision makers' decisions 2507. Figure 2 5 at 2508 In the section, it can be seen: "Security officer, a result of the activity of user group 2503." Security officer, one of the members of user group 2503 has been established:-"Project manager · ι Management user group 2509, an "engineer" user group 25 11, and — "engineering data, -35- ^ paper size applies to Chinese national standards &lt; CNS) A4 specifications &lt; 210 X 297 mm) &lt; Please read the notes on the back before filling out this page) I ------ Order --------- Specialized Consumer Consumption Cooperative of Intellectual Property Bureau of the Ministry of Economic Affairs Printed Employee Consumption of Intellectual Property Bureau of Ministry of Economic Affairs Cooperatives printed A7 B7 ---- one, five, invention description (33) information set 2513; and has been given "project manager", "engineer," "engineer" management authority for engineering data. The members of the "security officer" have also established a decision maker decision 2507, giving: "The project manager" has the right to make access decisions for the project data, as shown by the dotted line arrow 25 10. "Project management One of the members has used this right to formulate: the decision to allow members of the engineer 25 丨 to access the information in &quot; engineering data &quot; 2513, as shown by the dashed arrow 25 12. Therefore, • The members of the security officer &quot; have delegated the management engineer 25 11, engineering data 25 1 3, and the management authority to access the engineering data to the project manager 2509. Of course, the 'security officer 2503 still has the project manager 2509' Management authority; therefore, this authority can be used for further delegation of authority. An instance is shown at 25 to 17. One of the members of "Security Officer" 2503 has divided the "Project Manager" into two Sub-collections: "Engineering Personnel Administrators" (Engineering Personnel Administrators, EPA) 2519 and "Engineering Data Administrators" Acronym ED A) 2 521. The members of these sub-collections are inherited from the project manager 2509 and have the management rights of "engineers" 2511 and "engineering materials" 25 13. Members of EPA 2519 and EDA 2521 use these management rights to transfer management " The management authority of the engineer "25 11 was entrusted to the" engineer manager "wig, and will have jurisdiction over" engineering materials, and the management authority of 2513 was entrusted to the 11 engineering data police officers "252 members of EPA 2519 and EDA 2521 have been Further use their rights to make access decisions for "engineering data" 25 丨 3 to change access decisions "so that: access decisions for" engineering data "are made by" engineering engineers "2521 , As shown by the dotted line arrow 2523, rather than by "工 -36-" This paper size applies the Chinese National Standard (CNS) A4 specification (210x 297 mm) ----------- f Μ- ------- Order --------- Like &lt; Please read the notes on the back before filling this page)

、 Invention note (34 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs = Administrator, which is formulated by the agency to delegate this function to the administrator ”2521.-Poor: in-process personnel administrator and engineering data management Cheng Zhibei can make "the governor of the King of Tooth, engineering data, and access to engineering data: the official management to fine-tune (refine) access to engineering data. For example, ' One of the members of the "Engineer Manager" may score the "Engineer" as "Software Engineer" and "Hardware Engineer," and one member of the "Engineering Data Manager" It is possible to subdivide the engineering data into: "hardware engineering resources" and "software engineering data" ^ In doing so, the "engineering data manager", a member may give access to "software engineers" &quot; Software engineering data &quot; and grant, hardware engineers &quot; access hardware engineering data &quot; access decision to replace the access decision which gives the engineer &quot; access &quot; engineering data &quot; briefly and &amp;, Can say Yes: Many administrators who have jurisdiction over a user group are responsible for the membership that is correctly defined in the user group; they may delegate any part of this responsibility to other administrators Similarly, many administrators who have jurisdiction over an information set have a responsibility for properly including information resources in the information set; they may delegate any part of this responsibility to other administrators. The latter's administrator Of course, it must be for the administrator of an available resource from which the information may be obtained: the information being added to the information set. The administrator of the available resource is responsible for the overall network and security operations. Similarly, They may delegate their responsibilities. In the end, the decision maker administrators will have the final jurisdiction to govern access to the information. They may independently make access decisions related to a particular set of information. In a sense, the decision maker decides釺 To the enterprise as a whole-37- This paper size applies to China National Standard (CNS) A4 (210 X 297 mm) ----------- ί ^ -------- Order- ------ -| Level (please read the notes on the back before filling this page) 48 fly c. A7 B7 negative Λ set, and available resources V. Description of invention (35) Information sharing decision. The administrator for the user group will then Decide on the construction details. Use a number of access controllers 203 and database 301 access control: Figure * As shown in Figure 2, the access filter 203 has a position in VPN 201, and b is placed in Between the client from which the user is requesting access to the information resource and the server on which the information resource resides. Therefore, by a user and a user who can provide the user with access to the information resource, The service on the service is interceding, and the access controller can control the access to resources by the user. To enable users to access information resources, a dialogue must be established between users and services. In the current context, the term "dialogue" is broadly defined so as to include some decent (beamed) connectionless communication protocols (connectionoless pr0toe). When the access filter 203 detects that the user is attempting to initiate a session with a service, it determines whether the access operation should be allowed. This is done based on: the user's known identity; the information resource on which the information is being accessed; the sensitivity level of the information; and the user identification method, the path between the user and the service 'and the level of trust in any encryption technology used . Figure 4 shows how a conversation can involve more than one access filter 203. The dialog 402 shown in FIG. 4 relates to five access filters 203, numbered 403 (1,. '. 5) in the figure. The access filter 203 is designed so that: only one of the access filters 203 needs to make a decision whether to allow users to access information resources. The key to this feature of many access filters 203 is their ability to authenticate themselves to each other. SKIP is used to do this. Each access deducer 203 -38- This paper size is applicable to China National Standard (CNS) A4 (210 X 297 mm) ----------- ^ -------- . Order --------- German (Please read the notes on the back before filling out this page) Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs Α7 Β7 V. Invention Description (36) Both: make access The key of the filter 203 is combined with the name of the access filter 'and is a type χ.509 certificate signed by the certificate authority of the VPN. In database 301 'Each access filter has: the names and IP addresses of all other access filters in vPN 201; and, once a conversation encrypted using Skip arrives' each access The filter is used to determine the "Subject Name" from the certificate as described in the SKIP discussion: whether to use SKIP-encrypted network traffic from the VPN 20 I Another access filter 203. If the conversation in the access filter reception is not the target of the conversation (that is, the 'access filter just performs a function like one of the routers along the path)' then The access filter will only be verified from the database 3o; the target IP address is the IP address of some other access filter 203 in VpN 201. If this is the case, Allow the conversation to pass without additional check. When the request comes to the last access filter 203, the last access filter 203 uses SKIP to decrypt the request in order to confirm that the request is indeed filtered by the first access Check by device 02 It is confirmed that the request has not been modified during the transfer. Therefore, in FIG. 4, the 'access filter 403 (丨) uses a copy of its own access control database 301 to determine: the user who initiated the conversation Whether the information resources specified for the conversation have been accessed. If the access filter (s) ㈠) so decides, it will identify some of the conversation's output messages and encrypt them if necessary in order to achieve an appropriate level of trust . Then, such as access to the furnace 403 (2, ···, 5) will allow the conversation to continue, because the conversation comes from the access filter 403 (1) and has been encrypted with SKIp; -39- This paper size is in accordance with Chinese National Standard (CNS) A4 (210 X 297 mm) &lt; Please read the notes on the back before filling this page) 丄 ^ -------- Order --- ------ 嫜 Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs 464812 A7

V. Explanation of the invention (37) They will not use their own access control system to perform M- Λ ^ to take a copy of the linked Bekoku 301 for interrogation, | 3 (5) will decrypt the message, and then filter the ebibi and make it clear: they are all encrypted, so white is checked by the access filter 403 (1). ΑΛ, 1 pole pair, and The right messages are left intact ^ then they are forwarded to the server containing the required resources * between the word service benefit 407 and the user system 40I, there is a lack of trembling "u +« pass many The message is encrypted by the Mm data processor through the server 403 (5), and the second one is encrypted; the accessors 3 (2, .. ,, 4) are filtered based on the access filter 403 (5 ) To pass them through; and the accessor 403 to pass the message to the system based on the feed, and if necessary, decrypt the message. The Intellectual Property Bureau of the Ministry of Economic Affairs and the Industrial Cooperatives Co., Ltd. printed this technology and effectively implemented it: for the dialogue between the access killer 403⑴ and the access filter 403 (5) Because it follows, only the access filter 403 closest to the client is used for 'access checking' and re-encryption. And, among many: two ;; in Internet 121, tunnels are all equally secure. In this large vpN, the access filter 403 (1) is in the best position to check the access operation because it has access to the most detailed information about the user who initiated the conversation. The technology of access check performed at the first access filter 401 will further distribute access control throughout the VPN, thus allowing vpN to scale to any size. End-to-end encryption: Figures 5 and 4 are only extended from the access filter 403 (1) to the access filter 403 (5); the information of the dialogue is used in the system 401 and access used by the user. -40-This paper size is in accordance with China National Standard (CNS) A4 (210 * 297 gM) 46 48 12 Printed by the Consumers ’Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 B7 V. Description of the invention (38) Filter 403 (1) There is no encryption between them, and there is no encryption between the access filter 403 (5) and the server 407. In the case of extremely sensitive information, authentication and encryption may be required from the near-end access filter to the end of the path through the network, ie between the system 403 (1) and the server 407. Figure 5 shows how to use some access filters 203 to achieve this. Within the VPN, with the exception of some access filters 203, authentication and encryption technology may be used with any client system 401 or 503, or any server system 407. When a client computer utilizes encryption technology, it uses SKIP to authenticate the conversation and uses a shared secret shared between the client computer and a selected access filter 203 to encrypt the conversation. Encrypt, and then send the encrypted message to the selected access filter 203; thereby effectively establishing a tunnel between the client and the selected access filter 203, so that the selected access filter 203 and the first storage The fetch filter 203 can be used for access checking. At the first access filter 203, the message is decrypted and an access check is performed. Since SKIP makes the user's certificate and encrypted information available, the user's authenticated identity can be used for access verification. If the access operation is allowed: the message is encrypted again and sent to the access filter 403 (5) closest to the server 407, which decrypts the message. If the database 301 contains a SKIP name and algorithm for the server 407; if necessary, the access server 403 (5) retrieves the certificate for the server 407, and uses SKIP, if necessary, for The server 407 re-encrypts the conversation. In other cases, the access filter 403 (5) simply sends the message to the server 407 in the clear. If the message is re-encrypted for server 407, then server-41-This paper size applies Chinese National Standard (CNS) A4 specification (210 X 297 mm) ----------- '* ** -------- Order --------- itch. (Read the note on the back first and then fill out this note. B7 V. Invention Description (39) 407 Finally, the encrypted message will be received and Decrypt it. Some access filters 203 between the first access filter 203 and the last access filter 203 just notice that the message came from another access filter and was encrypted with SKIP, and Only pass the message, as described above. When the server 407 retrieves the information resource, it either sends it to the access filter 403 (5) in clear or uses the secret to the access filter 403 (5). Key to encrypt the message containing the resource. Then, in the reverse order, perform the above decryption and encryption processes in pairs: from the server 407 to the access server 403 (5); from the access filter 403 (5) to the access filter 403 (1); and finally from the access filter 403 (1) to the original client system 401, it adds the message Dense Economic Affairs Intellectual Property Office employees consumer cooperatives printed

The effect of this technique is to build a tunnel on the path between the client and the server, the tunnel extending from the access filter 203 on the path closest to the client to the storage on the path closest to the server Take the filter 203. If the client can encrypt and decrypt, the tunnel can extend from the access filter closest to the client to the client; and if the server can encrypt and decrypt, the tunnel can similarly access from the access filter closest to the server Extend to the server. Once the first access filter 203 in the path has been reached and the conversation has been authenticated, no further encryption or decryption is required until the access filter 203 closest to the feeder has been reached. Moreover, the access control database 301 in each access filter 203 will contain all the necessary identification and certification for: the client's server, and the many access filters 203 in the routing (certificati 〇n) Information. One of the advantages of the end-to-end funding technology just described is that instead of focusing on connecting to a VPN -42- This paper size applies Chinese National Standard (CNS) A4 specifications ⑽χ 297 public love) 464812 A7 _- _ B7 5 (4) Many access filters to the Internet, it is better to distribute the encryption burden throughout the network to enhance scalability. Figure 5 shows how this technology works with the conversation 50o, which is initiated with the user, that is, the client 503 connects to the vpN via the Internet 121. The rover 503 is equipped with SKIP, just like the target server 407 on an intranet. When SKIP is configured in the roamer, the certificate for the access filter 403 (3) is given to the roamer, and the certificate for the roamer is given to the access filter 403 (3). When the roamer 503 sends a message belonging to a conversation ', it will address the message to the server 407 and use it to share one of the transmission keys with the access filter 403 (3) to encrypt the message. Then, the message is tunneled to the access filter 403 (3) via the tunnel 505. There, the access filter 403 (3) decrypts the dialog, performs an access check, and then re-encrypts the dialog using a transmission key for the access filter 403 (5). Many subsequent access filters 403 in the path allow the conversation to pass because the conversation is authenticated by the access filter 403 (3); therefore, at least a tunnel 507 is provided to the access filter 403 (5) »If the target server 407 is equipped with SKIP, the access filter 403 (5) will extend the tunnel to the target server 407, as described above. Appropriate encryption and authentication based on data sensitivity: Figures 6 and 7 Employee Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs printed in the VPN. An important task in access control is to determine the minimum amount of security required . This is important, first because: at least the minimum amount must be guaranteed; second because: more security than needed wastes resources. Many technologies used in determining the minimum and used in the access filter 203 are collectively referred to as Secure Encrypted Network Delivery (Secure -43- This paper standard applies to the Chinese National Standard (CNS) A4 specification (210 X 297 public) (Centi) 464812 A7 B7 V. Description of the invention (41)

Encrypted Net Medicine kDelivery ’is abbreviated to coffee. At the time of access, the access control database 301 contains a sensitivity level for each information resource. The data sensitivity level will indicate the security level (the Ieve 丨 of secrecy) that is not associated with the source of Corinth, and will be assigned to the information resource by the security administrator responsible for the resource &quot; An exemplary collection is: Top Secret, Secret, pdvate, and Public 〇 The level of data used to indicate the sensitivity of data by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs is also used to indicate Indicates the level of trust required for an access request. As described above, access operations are allowed only if the trust level determined from the following trust levels is at least as large as the data sensitivity level of the information; the trust levels are: the trust of the technology used to identify the user Level 'Trust level of access request path through VPN 2 0' or the level of trust of any encryption technology used to encrypt messages sent over the path. Target: User identification methods, paths, and trust levels of encryption algorithms are included in the access control database. Regarding the trust level of the path, the VPN is divided into some network components, and each network component is a collection of IP networks-connection set, which is separated from other components by the access controller 203. Every network component has a name and a level of trust. For example, an Internet component will have a public "trust level" and an internal network component may have a "dedicated" trust level. The trust level of a given component may be based on its physical security or the use of cryptographic hardware in the component. Since each access filter 203 is added to the VPN, a description of its connection to the components of the VPN is added to the database 301. Included in this description are: Many -44- This paper size uses the Chinese National Standard (CNS) A4 specification (210x 297 mm) G Printed by the Intellectual Property Bureau Staff Consumer Cooperatives of the Ministry of Economy d 1 2 A7- ----------- V. Invention Description (42) Network trust level. Therefore, any access filter 203 can use a copy of its database 301 to determine the trust level of each component of the path; between a client and a server, the path will be used to determine Convey a conversation. The user's priority level is determined from the way in which the access request identifies the user. In the access control database 301, each user group has one or more identification technologies associated with it, and each identification technology has a minimum level of trust. Many basic technologies are: • Certificates via SKIP. Users are identified by their names in their X.509 certificate, which is used with the SKIP protocol to authenticate and encrypt traffic. • Certificates that identify customer software by the user. The user is identified by his name in his X, 509 certificate, which is passed to a number of affiliate access filters via a special Conclave client software module called user identification client software 203. This transmission is done securely using a challenge / response mechanism. • Windows Domain ID of the customer software identified by the user. Users who log in to Microsoft Windows Domain and have installed user identification client software automatically have their Windows identity, including group memberships, and pass to some auxiliary access filters 203. Within the mechanism of the NetBIOS (Network Basic Input / Output System) protocol, network registration (1 ogon) is done securely. -45- This paper size is applicable to the national standard (CNS) A4 specification (210 X 297 mm) η j.- U η if f 9 --iL: ί Λ ί- η; i .: ί 464812 Α7 Β7 5 Description of the Invention (43) • Authentication token. Authentication tokens (such as those manufactured by Security Dynamics Inc. and Axent Corp.) may be used in two ways: by identifying the customer software by the user, In an out-of-band manner; or, in a Telnet (long-range communication network) and FTP (File Transfer Protocol) communication protocol, in-band. • IP address and / or domain name. The IP address or fully qualified domain name of the user's computer. Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs In one of the preferred construction examples of SEND, many identification technologies have a predetermined order from highest security to lowest security. Many of the technologies just listed should be ordered, just as they are in the list above: the most secure technologies are at the top of the list. Although the ordering of identification technology is somewhat subjective, it reflects: the general security of identification technology 'and the rigor of the distribution and confirmation of user identities. The administrator in VPN 201 then associates the ordered trust level with the ordered identification technology. For example, if the administrator associates the "private" trust level with the identification technology using an authentication token; users who want to access a resource with one of the "private" sensitivity levels must identify themselves, By: an authentication token, or another identification technology in a sequence higher than the identification technology, the administrator of the beta access filter will likewise: the many cryptographic algorithms that will be available in the VPN, Sort the order from highest security to lowest security; make the order trust level related to the order password algorithm: order the many network paths used in VPN 201; and make the order trust level and order network About the path -46- This paper size is around China National Standard (CNS) A4 (210 X 297 mm) ^ B d8 1 2 A7

V. Description of the Invention (44) Department. These relationships between the level of security and the order of security are included in the access control database 301, and then a SEND table is constructed that has a relationship between the level of trust and sensitivity and the identification and encryption technology.囷 6 is: A conceptual representation of such a SEND table. Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs? The SEND table 601 has three branches: one is 603 indicating the trust / sensitivity level, one is 605 indicating the minimum encryption method, and one column is 607 indicating the minimum identification method. For more details on the encryption methods of Block 605, please refer to the book by Bruce Schneier: "Applied Cryptography", a book by John Wiley and his descendants (J 〇hn Wiley &amp; Sons), New York, USA: 1994 edition. Each column 609 in the table relates the trust / sensitivity level to the minimum encryption level of the path connected to the access filter, client, and server and the minimum identification level of the user. So 'Column 609 (1) makes the "Top Secret_' trust / sensitivity level related to the 3DES encryption algorithm and the user certificate obtained through SKIP. I want to obtain access to a resource with a sensitivity level of" Top Secret " The user must therefore have a recognition level certified by SKIP; and if the path does not have a "top secret" trust level, the conversation must be encrypted using a 3DES encryption algorithm. On the other hand, as listed The user who wants to gain access to a resource with a sensitivity level of 6〇9 (4) is, and a user of a public resource may be identified by any method, so it is not necessary to encrypt the conversation. When starting a new conversation At this time, the first access filter 203 in the path used for the dialog will continue as follows: 1. The access filter 203 determines the information resource being accessed; and, -47- This paper standard applies China National Standard (CNS) A4 specification (210 X 297 mm) 46481k A7 B7 V. Description of the invention (45 It is found in database 301 (i〇〇ks up) its sensitivity level. Root SEND table 601. The minimum authentication method for this sensitivity level will specify which identification mechanisms may be used by the access filter to identify and authenticate the user performing the access operation. The first access filter 203 then consults (Consuits) database 301, in order to determine whether the user can access the resource according to the user group to which the user belongs and the information set to which the resource belongs. The first step is to determine according to the access control database: Among the many identification methods to identify the user, which method has a trust level that is sufficiently high for the sensitivity level of the resource. Then, the first access filter 203 is based on each identification method with a sufficiently high trust level, The user's identification information is used to consult the database 3 (H to determine: the user group to which the user belongs. The first access filter 203 also consults the database 301 to determine: which information set the resource belongs to. Having determined the relevant user groups and information sets, the first access filter 203 consults the database 301 to indicate the location of some access decisions The decision determines whether the conversation information is intended to be allowed or denied. If at least one decision to allow the access operation is found and no decision to deny the access operation is found, the user is allowed to access the operation; otherwise, then Is the access denied operation. The details of steps b, c and d are described below. 4 · If the access operation is not denied, the first access filter 203 will then consult the database 3 0 1 'to determine the composition Some network groups for routing • 48 This paper size is applicable to China National Standard (CNS) A4 (210 X 297 mm)

ίί · 5 ί of i- -i; 装 Packed 1 III book printed by the Consumer Property Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs printed A7 B7 V. Description of the invention (46) Piece 'The route is: from the client to the containing information via VPN The server of the resource. ’Consider routing into logical segments with up to three: segment (a), from client to first access filter 203. This segment may or may not have been encrypted 'depending on whether the client is using SKIP. 2. Segment (b) 'Access filter 203 from the first access filter 203 to the closest server and in the path and 3. Segment (〇' access filtering from the closest server Server 203 to the server; this segment may or may not be encrypted. If segment ⑷ and segment ⑷ exist, each segment will consist of a single-network component. If the client If the server is on the access filter closest to the server, then segment (c) will not exist. If the segment is present, it will consist of one or More network components. If there is only one access filter between the client and server, then segment (b) will not exist. For each segment: As far as segment (a) is concerned , The client must enforce any cryptographic party ’s consumer co-operative printing method of the Intellectual Property Bureau of the Ministry of Economic Affairs. If the trust level of the segment is at least not as strong as the pure production of resources, or if the trust performed by the client is The level is at least not as powerful as the resource's data sensitivity; access is denied. 5. As for paragraph (b), if the cup in the path means the most -49- 1 of any network component; five, rhyme 'Ming statement (47 6. A7 B7 members of the Intellectual Property Bureau of the Ministry of Economic Affairs, consumer cooperatives print weak trust, etc. If the level is greater than or equal to the data sensitivity of the resource, then the traffic is sent without encryption. 4 Corresponds to the situation where the network is inherently secure for transmitting data. In the example in the table above, it may be transmitted on any network with " Information resources with "public" data sensitivity level, as shown in column 609 (4). However, many access filters 203 will use SKIP to define the conversation, thus allowing many subsequent access filters to pass the conversation without Incurred: larger overhead of decryption, access check, and re-addition (0verhea (js). If the weakest trust level for the path is less than the data sensitivity of the resource, it is the minimum encryption algorithm required for the sensitivity level Consult the SENI) table 'and then use the algorithm' to encrypt the conversation. Encryption upgrades the security of the k-links, making it suitable for carrying data of that given sensitivity, and therefore Allows users to access resources. As far as segment (c) is concerned, the path from the access filter closest to the server to the server, the first access filter is based on the database 301 The information in the segment (c) and the trust level of any encryption method used in the segment ((;). If the trust level of this segment of the path is less than the sensitivity level of the information resource, and In the case, if the trust level of the encryption method used in segment (c) is at least not as strong as the required level, the required level is like the minimum level in the SEND table considering the sensitivity level of the information resources ; Then the first access filter 203 will deny the access operation. This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) binding I order d6 d8 ^ 2 A7 B7 V. Description of the invention (48 ) The above method of determining sensitivity and trust level guarantees that the corpse and 胄 will only use the encryption method 203 when they need to reach the necessary trust level. Β keeps the description of the network configuration in the database 301 both simple and simple. Can When managing ’this method will reduce the number of conversations that will be encrypted. Results 关于. Regarding the management and efficiency aspects φ in VPN, there will be better scalability. The consumer cooperation of the Intellectual Property Bureau of the Ministry of Economic Affairs, Du printed Figure 7 provides: the sensitivity level of information resources, the trust level of the user identification method, and how the trust level associated with the path between the client and the server affects the use of An instance of access to information resources. In FIG. 7, a user equipped with SKIP at client 703 initiates a conversation 701 in order to obtain an information resource 723 stored at server 705 equipped with SKIP. The segment ⑷ discussed above appears at 707 in Figure 7; segment (b) appears at 709 (1, ..., 4): segment (c) appears at 7 丨 1. The information resource 723 has a sensitivity level of "confidential". The first access filter 203 encountered in this conversation is the access filter 203 (1). The access filter 203 (1) uses its access control database The copy determines the sensitivity level of the resource 723. Here, the user has used the SKIP certificate, and the SEND table 601 in the viewing database 301 shows to the access filter 203 (1): Because this user identification method meets the & quot Confidential &quot; the level of information required by the sensitivity level, so segment (a) at 707 has the required level of trust. Therefore, the first access filter continues to determine: In VPN, access filter 203 ( 1) Trust level between segment (b) at 709 (1, ..., 4) and server (705) and segment (c) at 711. Segment 709 has some sub-segments · 709 (1) '709 (2), 709 (3), 709 (4), and 709 (5); and the first access filter -51-this paper size applies the Chinese National Standard (CNS) A4 specification ( 210 x 297 mm) A648 1 2 A7 B7 V. Description of the invention (49) 203 (1) Each of these molecular segments in the database 301 will be checked The sub-segment's trust level. Segment 709 (2) is the Internet 121, so its trust level is: "Public", which is the lowest level in segment 709. Then, the access filter 203 (1) uses the access control database 301 to check the segment 71 it trust level. Its trust level is: &quot; Confidential &quot;. Thus, subparagraph (b) at 709 only has a level of trust that is too low for a path that is accessing a &quot; confidential &quot; information resource 703 conversation. To deal with this problem, the access filter 203 (1) must encrypt the sentence in order to raise it to the necessary level of trust. The first access filter 203 (1) consults the SEND table 601 in order to decide what encryption method is needed; and column 609 (2) indicates that: the DES encryption method is sufficient. The first access filter 203 (1) then uses the algorithm to encrypt the conversation and sends it to the access filter 203 (5). Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs

In FIG. 7, the segment 707 connecting the client 703 to the access filter 203 (1) has a trust level that is sufficiently high for the sensitivity level of the resource ', so the client 703 does not have to encryption. When this is not the case, the access filter 203 (1) will give the client 703 access only if the client 703 has used an encryption method sufficient for the sensitivity level of its trust level resource to encrypt the request. operating. For this reason, the rover 503 in FIG. 5 must be equipped with SKIP. Since the roamer 503 accesses via the Internet m: access to the information of the filter 403 (3); many requests of the roamer 503 may never have a higher trust level than &quot; public, &quot; unless they are added Encryption; and in order to fully access the resources in VPN 201, the roamer 503 must use an encryption method, such as: SKIP -52- This paper standard applies the Chinese National Standard (CNS) A4 specification (210 X 297 public) Love) 4 6 4 8 1 2 A7 _____-____ B7 Five __ Printed by the Intellectual Property Bureau of the Ministry of Economic Affairs, the Industrial Cooperative Co-operative Society printed the description of the invention (50). The method provided is' the trust level is sufficient for the highest sensitivity. In some embodiments of the access server 203, the island; may negotiate with the client in a manner similar to the way it is used in the preferred embodiment 'to identify the two parties. An overview of the encryption technology used in the bundle for the administrator interface of the access control database 301: Figures 8 to 12 Access decisions define access operations based on user groups and information sets; It may be possible to define 'rules before access decisions' for user groups and information sets; how this is done is shown in Figure 8. ^ Λ _ 1 Defining a user group involves steps 803 to 807: first define the user ', then define the user group, and then assign the user to the appropriate user group. Defining the information set involves steps 809 to 813: first define the resource, then define the ^ information set, and then assign the resource to the information set. "When the When this is done, access decisions can be established, as shown at 8-15. As noted earlier, although the right to make access decisions for many user groups and information sets is determined by the decision maker's decision; it is used to define and determine user group membership and information sets' And the right to make management decisions for them is determined by management decisions. As can be seen from the foregoing, user interfaces are often used to define the relationship between two entities or collections about them. The general form of the graphical user interface (GUI) for the access control database 301 corresponds to this task. The display includes two windows. 'Each window contains a representation of some entities intended to be related to each other. -53- This paper size applies to China National Standard (CNS) A4 (210 X 297 mm) € 4 丨 2 A7 _ B7__ 5. Explanation of the invention (51) method, and the relationship is defined by selecting the entity and the need, and thus defining the relationship. ^ Defining user groups: Figure 9 Figure 9 shows a display 901 for popuiating and defining user groups. The window 903 in the display circle contains a hierarchical display of one of the currently defined user groups; the window 903 and the file hierarchy in the operating system used to display the Windows 95 trademark manufactured by Microsoft Corporation Windows are similar. In the window 903, many user groups to which the management user of the display figure 901 has management rights are displayed in black; other user groups are displayed in gray. Above the two windows printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs are two button bars: 911 and 915. Button 911 lists: some of the available displays used to modify the access control database 3001, while button strap 9 15 lists: some of the operations that may be performed on those displays. Thus, the button labeled "User Group" in the button strip 9 11 is highlighted, thereby indicating that the display figure 901 is a display diagram for colonizing and defining the user group. Regarding the button strip 9 丨 5, when window 903 is currently in use, it has the right to manage a user group—managing users may modify the user group. The method is: choose to use in window 903 User group and 'and use the &quot; delete &quot; (delete) in button 91 5 to delete the user group; or' use 'the "New" button to add and name the A new user group p under the selected user group in the hierarchy When the management user clicks the (clicks): &quot; Apply _, (apply) button 921, the access filter 203 will modify it Copy of the access control database 3〇 丨 in order to confirm what is shown in Figure 9101; and will modify the information dissemination-54- This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 public PCT) A7 B7 V. Description of the invention (52) To: a copy of all access control databases 30i in the VPN. Windows 909 displays users. By identifying the users in the collection, the method will be One set of users is indicated in the display. In this case, the users are all | All are identified by IP address, and they will all appear in the display with the range of IP address. Button with 9 丨 3 indication: other types of identification methods that can be displayed in window 909. It is like using a window You can use the "Add" and "Delete" buttons to add and delete users when the viewport is in the active state like 903. To assign the (many) users specified by the user identification information to a user group, the use of the GUI will choose: a user group 'as shown at 917, and a set of identification information, As shown at 919; then use the a (jd to group) button in the button band 913 to add the collection of identifying information to the user group, as shown by the following facts As shown. The range of selected IP addresses at 919 will now appear in the hierarchy below the selected user group at μ ?. The effect of this operation is: make many users &quot; A member of the R & D user group, the user's dialogue has the source IP address listed at 917; and when the user clicks: 11 Apply "button, all access control databases The copy of 301 has been modified. Figure 10 printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs: Figure 1001 is used to define the display of the information set.丨 〇〇5 A hierarchical list containing one available resource6 is formulated in the same way as the list of user groups: a hierarchical list of information sets and a hierarchical list of available user groups. Furthermore, the use of Figure 100 1 is shown -55- This paper size applies to the Chinese National Standard (CNS) A4 (210 X 297 mm) 46 48 12 A7 B7 V. Description of the invention (53) The information set and available resources are black; The other items on the list are grayed out. In Windows 2000, the available resources are: the Internet and the two locations that make up VPN 201. In a more developed VPN 201, the list of available resources should be Instructions: the server at the location, the service in the server, and the items of information provided by the service. For example, if the service provides a directory tree, it should indicate the inclusion of the directory by a pathname Information items in the tree; the path name will indicate the root of the directory tree and will use wildcard characters to indicate some files above the root of the tree When adding a resource to the server, 'the resource may be defined via window 1005. Thus, the resource has been defined, and a resource may be assigned in the same manner as a user identification information is assigned to a user group. Assigned to an information set. Furthermore, clicking the "Apply" button will cause the changes in the display diagram 1001 to be propagated to all copies of the access control database 301. Figure 1 1 shows: a display used to define decisions Figure 11 〇 1. What-type decisions are being defined in the slave band 1113; as shown there, a 'display diagram 1101 is defining access decisions. All decision display diagrams have the same general format: a window 11 03, which contains a hierarchical display of one of the user groups; a window 1105, which may define a display of one of the object hierarchies for which the decision is targeted; And a decision definition window 1007, which contains some access decision definitions 1108. At the object level, the user of the display map has the right to define the objects for which the decision is made; all other objects are gray. In the display figure 1101, the access decision is being defined, so the objects are all information sets. -56-This paper size applies to China National Standard (CNS) A4 (210 χ 297 mm) ------------ &lt; .install— &lt; Please read the notes on the back before filling in this page). _ά Printed by the Intellectual Property Bureau of the Ministry of Economic Affairs, Consumer Cooperatives, Λ6 dB ^ A7 --- B7 V. Description of Invention (54) Each access decision definition is There are four parts:-Active checkbox 1117 'It indicates whether the access decision defined by the decision is active, ie: is being used to control the storage = action • The access decision is being defined for The user group n 19; the access decision is being defined for the set of information 1123; and the access operation bit Hu, which indicates whether the access operation is allowed or denied to define the access decision. Menu bar 1109 and button bar 丨 丨 15 allows decision makers to make decisions for those administrators who are allowed to do so to edit, add, delete, and activate or remove consumer cooperatives from the Intellectual Property Bureau of the Ministry of Economic Affairs (Deactivate)-A selected decision definition 1108. The active selection box m7 of each decision definition 1108 allows the administrator to activate or remove the selection decision definition 1108; the access operation field 1121 allows the administrator to choose whether to allow or deny the decision. The "Delete" button in the button strip allows the administrator to delete a selected decision; and the "Add" button allows the administrator to make a new decision definition. 1108; To do this, the administrator Will choose: a user group in window 1103 and an information set in window 丨 105; then press the MAdd •, button. The new access decision definition 1108 appears in display figure II07; and, The administrator can edit the new access decision definition, as just described. To apply the change to the access control database 301 and propagate it to all access filters 203; the administrator will click on the "Apply" On button 1125. The display figure 1101 also contains a policy evaluator tool, which allows the administrator to see: the current set of access decision definitions -57- This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 (Public cage) 1 b 4 3 i A7 ___B7___ 5. Description of the invention (55) How to decide the access operation for a given user group or resource set. When Guan Libei clicks: press the "decision evaluation" (py evaluation) button in short band 1113, and select a user group from the display in Figure 1103; the tool program will display: selected User groups are shown in blue. The decision definition allows user groups to access and all information sets in the display diagram 丨 105 are shown in green 丨 and the rest are shown in red; and which information sets can be used by the user group All decision definitions related to group access decisions are highlighted ^ in the same color set. If the administrator selects an information set, the same thing happens. Then the 'Estimator Tool' will show: The selected information set is blue. All user groups who can access the information set are green, and the rest are Red, which also highlights some relevant decision definitions. Users can also choose a decision. In that case, the selected decision is blue, and the user groups and information sets affected by the decision are blue or red, as determined by the decision. Users can choose more than one: user groups, information sets, or decisions. In that case, the evaluator's tool shows for each decision: the effects applied to all choices, and those decisions. The evaluator tool can be turned off by clicking the "Decision Evaluation" button in the button strip 1113, and the color and highlights can be clicked in the button strip 1115 "Reset evaluation" button to turn off to prepare for a new decision evaluation. Figure 12 shows: Figure 1201 is used to enter information about an access filter 203 Go to the access control database 30.1. The window 1203 displays: a hierarchical list of one of the access filters 203; when the window is currently in use, it may be _ -58- This paper standard applies the China National Standard (CNS) A4 specification (210 = &lt; 297 public love) A7 B7 V. Description of the invention (56) ------------ ^-equipment --- f Qing Mao 57 凊 6 6 of the ^ intention to fill in this page) use In the button strip 1209, "Add" and "Delete," the two buttons add or delete access filters. Window 1205 is used to enter or display information about the access controller 203. In window 1207, The display map is determined by clicking one of the buttons in the tape 1207; as shown by the button, the display map in the window 1207 can be used to: enter and view the web about the access filters 203 Information about the connection, enter and view the information about the trust level of that connection, scan the network for available servers and services, and create alerts for the problems detected in the access filter 203. Optional parameters for the software, and the order in which the access control database 301 is changed. The alert function creation instructions (alen setup) are highlighted: The display 1205 shown in Figure 12 is used to display And create a display of warning information. Member of the Intellectual Property Bureau of the Ministry of Economic Affairs Industrial and consumer cooperatives print user interfaces to invent resources: Figures 18 and 24 4 VPN 201 users have an interface to see what resources are available to them in VpN 001. Here An interface called ImraMap (intra-image) interface (IntraMap is a trademark of wing company (111, such as _ Qiaojiao "Incorporated)), at least will be displayed to each user: belonging to the user may be based on The collection decision of the user collection to access the resources of the collection. In other embodiments, IntraMap may also consider the sensitivity level of the resource and the trust level of the user's identification method. The IntraMap5 surface is constructed by a Java ™ applet, which is executed on any World Wide Web (www) browser equipped with Java. Using a web browser, the user can scan the graphic display -59 "This paper size is applicable to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) A7 B7 V. Description of the invention (57) Figures: to find coexistence Take resources that are available to users; or, request access to resources that were not previously available to users. Access to resources by users is determined by many access decisions that apply to users and resources. Figure 18 Display: The display map 1801 produced by the IntraMap interface. The left side of the IntraMap display map 1801 shows: the resource list 1803; and the right side of the display map shows: Find block 1807, Sort section 1809, Services ) Section 1811 'and Description block 1813. Click the "Help" button 18 15 to enable the use of IntraMap's on-line help (available on-line help). Ministry of Economic Affairs wisdom Property Bureau employee consumer cooperative prints a resource list 1803 showing: for users who are using the intraMap interface, s' available resources and resources in VPN 201. This list is hierarchical . By the user can tap on a branch ,, + "_ and &quot; standard έ hexyl extend (the expand) or reduced (Collapse) &quot; tree &quot; branch. Each entry U04 in the list includes the resource name. The color used to display the registered items indicates what access operations the user has. If the posted item 1804 is displayed in blue: the user has an active hyperlink for the resource and may double-tap the resource to display it. If the resource is displayed in black, although it is also available for the user ’s use, there is no hypercommunication link available, so a separate application must be used to retrieve the resource. Although the resources displayed in gray are not directly available for users to use, if the user selects a resource, the IrmaMap interface will open a dialog box (dial0gbx): allowing the user to request access The e-mail is sent to the administrator, who is responsible for the access decision of the information set to which the resource belongs. Ran-60- This paper size is in accordance with China National Standard (CNS) A4 (210 X 297 mm)? 6 A Dagger 12 A7 _ B7 V. Description of the invention (58), the administrator may modify the access and And / or manage decisions to give users access. The administrator may further assign the resource / hidden property. When the resource has this characteristic, the resource will only appear in the IntraMap interface 1801 if the user belongs to a user group which is an information set of an information set to which the resource belongs. If the resource does not have the hidden feature ’, it will always appear in the lntraMap interface 1801. In other love mud ’it will not appear. A resource may have a more detailed description than the description contained in its listing 1804. When the user selects the resource, the description is displayed in the description field 丨 8 丨 3. In addition to the resource list 1803, the lntraMap display 1801 will also show two specialized resource lists at 1805. • "What's New" 1806 shows: Recent information postings from other evil doors in the enterprise. If the administrator has given the user access to the "Which is the latest ,," the webpage, the user may— The URL of the new resource (Common Resource Index) is announced there. • "What's Hot" (What's Hot) 1808 is based on how long it takes for a resource to be accessed, showing the company's most popular information resource. Printed by the Employees' Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs The service type control table at 1811 allows users to filter some resources that are intended to be displayed in the resource list 1803 according to the type of service provided. In the service type control table 1 811, each service type has a circle check box. If the box is checked, resources that include the service type and are associated with the service will appear in the resource list. In other cases, resources associated with this service will not appear in the resource list. The lntraMap interface allows users to follow: information set, location, or service. -61-This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) A7 B7 V. Instruction (59) a first tj ί 之 之 a. I t 4 Sort resource list 1803. To do this, the user will choose the way he wants to sort the resource list in the sorting field. The user may also specify the order in which resource categories are used in the sort field. The level interface also has a search function. To perform a search function, the user enters a search string into the "Find" field 1807. Then, in the order specified in the sort field 18009, a search is performed for the relevant string The resource list and resource description of the various resources. The search function is only to find all word matches or partial word matches. The situation is not very sensitive. When the first match is displayed, some function keys may be used. In order to navigate to other matches. Of course, if the user has not checked one of the service types in the service type field 181, many resources of this service type are not involved in the sorting or search operation. Ministry of Economic Affairs The Intellectual Property Bureau employee consumer cooperative prints the picture 24: IntraMaP interface is a construction example 2401. For users of VPN 201, the intraMap interface appears as a web page, which is accessed by the access filter 203 (c) in Figure 2. One of the many resources provided by the report management program 209 running on the Internet. One of the users in VPN 001; or even the general public (that is: Cheng Someone who is a member of the Internet user group may be given access to the IntraMap interface in the same way as he may be given access to any other resource, as will be apparent from the description below, The webpage for IntraMap may be on any server in VPN 201. The construction example 2401 has. In the workstation (WorkStation) 2403, it is used by the user to review (10) called IntraMap Components; components in the access filter 203 (1) that are local to the workstation 2403; and components in the access filter 203 (c), National Standard (CNS) A4 Specification (210 X 297 mm) d 6 d 8 1 2 A7 B7 V. Description of Invention (6Q) The access filter is an access filter that the report management program 209 will run on. Of course, the access filter 203 (c) may also perform a function like a local access filter. The local access filter 203 (I) is connected to the report access filter 203 (c) through VPN 201, The workstation 2403 is connected to the local storage via a LAN 2 13 Take filter 203 (1). Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs, as will be explained in more detail later, all accessors 203 have a layered architecture. The lowest level Level is a kind of Internet subcontracting information (IP) adapter 2419, it only deals with the header of Internet subcontracting information. The subcontracting information has been read; Source and destination addresses, and apply a set of rules to the subcontracting information. Just as determined by the rules, the IP transitioner either accepts them, discards them, or further routes them in VPN 201 to guide them. This rule will also determine how the route in the access filter 203 is intended to direct much of the accepted subcontracting information. The next-level in the architecture is service proxies 2427. The service representative server intercepts traffic for services such as the World Wide Web (www) and performs access checks on the traffic. If the access filter 203 provides the service itself or performs an access check for one of the servers providing the service, the ϊρ filter 2419 sends the subcontracting information for the service to one of the service proxy servers 2427 for the service. The service proxy server uses the access control database 301 to perform protocol-level access check for services. For example, a service proxy server for a web service may check whether the user who is making a request for a given web page has access to the web page. The next higher level is the service level 2425; if the relevant service agent servo-63- this paper size applies to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) V. Description of the invention (61) One item allowed by the device The request and access filter is also a server for that service, and it is intended to process requests to the service at service level 2425. In the case of a web page, the service should indicate the location of the web page and return it to the requester. IntraMap involves two services: Web (network) service and IntraMap service. In Figure 2401, the Web service appears as WebS 2423. The proxy server for WebS 2423 is WebP 2421; for many reasons that will become apparent in the description below, the IntraMap service has only one proxy server: IntraMap 2417. In addition, the access control database 301 includes IntraMap information 2422, which is an optimized version (0ptimi2ed version) of the information in the access control database 301 and can be used as the basis for the IntraMap display map. The main difference regarding the construction example of IntraMap between access filter 203 (c) and access filter 203 (I) is that access filter 203 (c) includes a copy of the IntraMap Java program 2411 World Wide Web Page 2410. When downloaded from the access subtractor 203 (I) to the web browser 2429 in the workstation 2403, the Java program 2411 will generate a request to the IntraMap server 2425, and then use the The result to generate the IntraMap is shown in Figure 1801. Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economics. The operation is as follows: For users of Workstation 2403, IntraMap may appear as a communication link for one of the web pages. Therefore, to use IntraMap, the use will start one of the communication links for IntraMap webpage 2410. The web browser 2429 in the workstation 2403 will respond to the initiation of the communication link, just like: 应该 should respond to initiation of any other communication link to the web page. I make a request for the web page and Request to be sent to communication_-64-This paper is printed on the financial and economic standard (CNS) A4 miscellaneous G x 297n b Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economy The indicated server. In the case of the communication route for IntraMap, because the communication link specifies the web server 2423 'in the access filter 203 (c), the request will pass through the local access filter 203 (I) and VPN 201 Instead, go to the access filter 203 (c). Just like any other access operation to one of the resources in VPN 201, the local access filter 203 performs an access check for IntraMap webpage requests. Since the request is for a web page, the web proxy server 2421 performs full access check. In most VPN 201, for any user in VPN 201, 111 &amp; ^^ 0 webpage 2410 will be accessible; therefore, the access control database 3 01 indicates that: Any user with a valid IP source address may access the IntraMap webpage 2410. When a request is received in the storage access filter 203 (c), the IP filter 2419 forwards it to the network representative server 2421, which in turn forwards the request to the network server 2423. It responds to this request by downloading the IntraMap Java program 2411 to the web browser 2429 in the workstation 2403, where the IntraMap Java program 2411 starts to execute in the web browser 2429. During execution, it sends a request to IntraMap proxy server 2427 for IntraMap information 2422. Like all Java programs, the IntraMap Java program 2411 sends the request to the server where it is located. In this case, it is the access filter 203 (c). However, as for any other access operation from the workstation 2403, the request will be advanced by the cache 203 (I). Voila, the IntraMap proxy server 2427 will detect that the request is addressed to the IntraMap proxy server 2427 in the access filter 203 (c), instead of sending the request to the access-65- Standard (CNS) A4 specification (210 X 297 mm) tj. 5 S1 Jj; and ·% Ben printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs d6 ΑΒ A7 ______ B7 Description of the invention (63) Filter 203 (c ); IntraMap information 2422 is obtained from a local copy of the access control database 301 in the local access filter 203 (1); the information is filtered so that it specifies that only those belonging to the user The list of 243 1 is generated by the resources of the information set targeted by many user groups; and then it is transferred back to the IntraMap Java program 24π via LAN 213, which then uses the list 2431 to generate the intraMap display 1801. In generating the display graph, the Java program 2411 will apply any access filters specified in the request, and will also sort the list as specified in the request. List 243 丨 not only has a π available resources, but also contains the information needed to fetch the resources. Yu Xun, if the resource has a hyper communication link, the hyper communication link is included in the list; if it is a type that although the user currently does not access, but the user may request access to the resource targeted, then The list includes: the name and email address of the administrator for the resource. Details of the access control database 3 01: Figure! 3 to j 7 In a preferred embodiment of the access controller 203, an access control database 3 is constructed at two levels: one level is used by a graphical user interface to facilitate access Control database 3; the other level is used in actual access check. The first level is constructed using the Microsoft Jet trademark database system developed by Microsoft Corporation. The second level is constructed using memory mapped files (MMFs) compiled from the first level database. The following discussion will describe first-level construction examples and explain how the information contained in them is used in access checks. In studying this discussion, 'you should remember: the actual access check is done using MMF, as will be later -66 This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) Read first Note on the back then fill in this page to bind A7 464812 __B7 V. Description of Invention (64) As described in detail. Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs As is the case with most database systems, the database system of the Micr0sft Jet # target has a diagram, which is: a description of the logical structure of the database. Figures 13 to 17 are: displays generated by the Microsoft Jet trademark database system for the diagram of the access control database 301. Figure 13 shows: Figure 13 01 for a part of a database that defines many user groups. The display diagram consists of two elements: the notation of "classes of tables" 1303 in the database, and the relationship between the two tables belonging to certain categories of the table, 'communication link &quot; 丨 3〇5 notation. The notation of the category of the table shows: the name of the category at 13 1 0; and at 1308 'the data will be included in every type of table belonging to that category. Each An instance of a table has an identifier (ID) assigned by the database system. The other information in the table varies with the type of the table. By using the ID of the second table in the first table to Establish a communication link between a first table that belongs to the first category of the table and a second table that belongs to the second category of the table 'and vice versa'. Therefore, the communication link 13 05 shows: Some tables in the "user group tree" category table 13 07 are linked to some tables in the "user group" category table 1309. Some communication links have numbers at both ends of them. The number indicates the number of communication links the table may have at the end of the number. Thus, the communication link connecting the category table 3309 and the category table 1307 has: the number 1 at the end of the category table 1309, and the number 0 at the end of the category table 1307; thus indicating: category Any number of IDs in the examples of Table 1309 may appear in one of the examples of Category Table 1307; however, -67- in this example of one of Category Table 1307 applies to the Chinese National Standard (CNS) A4 (210 X 297 mm) This §48 1 2 A7 B7 V. Description of the invention (65 Only one 1D may appear in the _ table 1309-examples. User group table: Figure 1 3-, user group Table 13 () 1 contains a table of user groups for each user group in the database. Table 1309. In "user groups", printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs? Interested data includes: group name, which is the name of the group's string (cha⑽er_string); group description, which is the group = string description; and pre-defined information, which indicates that it becomes a group : Is the user of the non-commissioned officer: an administrator, ie Make management decisions; a security officer, that is, able to make decisions for decision makers; or-pure information users. The user group table 1301 will further organize many user groups into- Hierarchical list __ not only for inheritance rights, but also for the hierarchical display of user groups shown in window 903 in FIG. 9 so that the user identification method is associated with the user group and the alert information is associated with the user Groups are related. Organizing into a hierarchical list is done by some tables in the "User Group Tree" category table 307 order. Each type of table in the user group tree &quot; category table will be &quot;; One of the user group &quot; category tables is linked to a parent user group (also a type of &quot; user group). For a particular "user group" table, Multiple "user group tree" tables may exist, depending on the number of places in which a particular user group appears. As already mentioned, there are five different ways to identify to one Access filtering User 202: by IP address range, by a fully qualified Internet domain name, by user identity in the Microsoft Windows trademarked operating system, by an authentication token, and by -68- This paper size applies to China National Standard (CNS) A4 (210 X 297 mm) A7 464812 ___B7______ V. Description of the invention (66) Certificate. Table classes for the tables that identify users by certificate ) Is displayed at 1321. Category tables for tables that identify users by IP address range are shown at 13 17; category tables for tables that identify users by IP domain are shown at 13 1 9; The category tables that identify the user ’s table by the operating system ID (identifier) of the Microsoft Windows trademark are shown at 13 15; and for identifying users by an authentication token (in the figure, labeled as a smart card) Those category tables are shown at 1323. Finally, the category table 1325 defines some tables for alerting information related to user groups. One of the "user group" category tables 13 0 9 may associate it with any number of tables for any way to identify users. Just as this means that, there may be many different ways to identify an intended user at the same time. In order to perform an access check, the access filter 203 must decide which user groups the user who is making the request belongs to. The request includes a user identification method, so the identification method is the starting point for the decision. Some tables in the user group table 1301 will allow access to the filter 203: according to the identification method to determine which user groups the user belongs to, and according to those user groups, determine some other uses that determine which user the user belongs to Hierarchical relationship of the group. Assuming that the user is identified by the IP address, the access register 203 starts to work by looking for one or more of the "IP address range definition" category tables (in 13 17). The category table defines: the range of IP addresses including the user's IP address. Each of these tables has a communication link to the &quot; IP address range &quot; category table (in 13-17), which makes the range defined in the "IP Address Range Definition" category table and One use -69-

This paper size is subject to Chinese National Standard (CNS) A4 regulations [210 X 297 H {Please read the back; please fill in this page before you fill out this page)-One-binding ---------. Ministry of Economic Affairs wisdom Printed by the Consumer Affairs Cooperative of the Property Bureau 46 48 12 Α7 Β7 V. Description of the Invention (67) The Consumers Cooperative Producer Group of the Intellectual Property Bureau of the Ministry of Economic Affairs has a relationship with D, which corresponds to the use test group corresponding to the jp address range. s, Έ: sequentially can be used as a pointing, user group ", the general link of the category table 3309." user group ", each table in the category table 1309 has A communication link pointing to the “user group tree μ category table” 307, so flb is enough to follow some communication links to point to some user groups, the user group &quot; category table, so Some user groups specified by the p address &gt; 'will inherit access rights. Therefore, at the end of the processing process, the filtering benefit 203 has pointed out the location of all user groups, which are all related to determining whether the user is likely to access the resource. Furthermore, the filter 203 understands how to identify the user based on the request, and can decide, based on the request, what level should be assigned to the user identification method used in the request. The information in the user group table 1301 is compiled into mmf (memory mapping file). When a user initiates a conversation, the user will provide a user identification method to the first access filter 203 on the conversation path; the access filter 203 uses the user identification method with MMF in order to make A decision equivalent to the one described above—decision. Thus, the access filter 203 can determine: for a given user identification method, whether it recognizes a user who has access to the information; what user identification method it is; and therefore what level of trust it has; And which user groups the user belongs to. Thus, the user group table 1301 contains all the information needed for the user part of an access decision 110 8. Infoset Tables: Figures 1 4 and Figure 14 show: Charts 1401 for some tables that define infosets. These tables make many information sets (resource groups in Figure 14) and the resources that make up them -70- This paper size applies to China National Standard (CNS) A4 Specification (2K) × 297 Kung Chu) '~~' ^ 648 12 A7 ____B7 V. Description of the invention (68) The source has a relationship and is related to the network location of the resource; and it also organizes many information sets into: the information set shown in Fig. 10 at 103 A hierarchical list. Each information set in the access control database 301 is represented by a &quot; resource group &quot; category list purchase. Table 1419 is used to organize some of the resource group category tables into a hierarchy for inheritance and display purposes. The relationship between the information set and some of the resources that make up it, as well as some of the locations in the VPN where they are stored, are some of the resource group elements category table 1407 , Built by each other. It is possible to link the &quot; resource group &quot; category table to any number of tables in the "resource group unit" category table. Link the tables in the "resource group unit" category table to many category tables: &quot; Web site unit, ((Services 1411 '' 'Services "14 丨 3, and any number of tables in" Resources "14〇9". For each resource listed in the database 301 will be There are "resource" category tables. Included in the M table are: resource resource D; its name; 1D for the service that provides the resource; ID for defining the sensitivity level of the resource: resource description; email of the resource administrator Address; and a hidden flag, which indicates whether IntraMap should display resources to users who do not belong to some user groups who have access to the resources. The IntraMap interface will get the information it needs , The information is about a resource from the "Beijing source" table for resources. There are two types of tables in the "Website Unit" and "Services" tables, and two types of tables: "Website, ' ⑷5 和 "word These tables in the device "14Π belong to the category table 1421 describing the location of information in the VPN. There will be a" site "category table for each physical location in the: for the VPN ____- 71-I Paper Ruler Chinese National Standard (CNS) k4 size x 297 public love) 阅读 Read the precautions for S before filling in the pages I. Order printed by the Intellectual Property Bureau of the Ministry of Economic Affairs, Consumer Cooperatives 4048 12 A7 B7 V. Description of the invention (69) Each server will have a "server," and a category table; and for each service in the VPN, there will be a "service" category table. The communication links in some tables in the "Website Unit" category table will make many websites related to many feeders; the communication links in some tables in the "Server" category table will make many servers Servers are related to the many services they provide; and the communication links in some tables in the Service &quot; Category table will make many services related to many resources of their host. Installed by I I I I I I I Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs. In determining what information set the requested resource belongs to, the accessor 203 starts with the information in the request. The request is included in the p-subcontracting information, so it has: a title and a body (body). In the title, there are: an IP address, which indicates a location in the virtual private network 201, and a server at the location; a port number, which indicates an item about the server service. In the ontology, there are: resource descriptions in the form prescribed by the communication protocol. For example, if the request is for a web page, the resource description will be the URL of the resource. The access filter 203 uses the p address to indicate the location of the "website" category table, and the communication link in the table to indicate the location of the "website unit" category table 411. This table enables the website and The server IDs (identifiers) for the servers at the website are related; and, the access filter 203 uses the server 10 to indicate some of the "servers" category table 1417 for the servers at the website The position of the table. Then, it can use the IP address to indicate the position of the &quot; server, &quot; corresponding to the server specified in the request; and it can follow the "server" table to the service-specific table, · Many of the communication links of some tables in the service &quot; category table; in turn, the port number from the request can be used to find the appropriate &quot; service &quot; table. Once it has found out that -72- this paper size is applicable to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) 464812 Invention description (70 Appropriate _'service_, table, it will be able to follow the direction ,, resources -Many communication links in some tables II. ".1409 in η lost η in the back of the 1409, write 4 in the a-t entry on the back of the" Resources "table, there will be resources in the table: the communication chain of Table II 7 This table associates many resources with some resource group organization identifiers for the set of resources to which they belong. The identifiers sequentially specify the &quot; resource group, and one of the category tables 1403 = = = economy Printed by the Ministry of Intellectual Property Bureau's Consumer Cooperatives 2: Many points to some tables in the "Resource Group Tree" category table: The link 'can therefore determine: the resources that the resource in the request belongs to The level has been completed, and access to the device 2.3 has already been aware of. There are resource groups related to the decision whether the request should be granted or not. The resource-specific &quot; resource &quot; table also contains Sensitivity level, and the information in the information set table 1401 The editor enters MMF. When the request comes to the first access filter 203 in the path between the user and the server providing resources, the first access filter 203 will use 1 ^ 1 ^ 1? File in order to make a decision that is logically equivalent to one of the decisions just described. Then, after reviewing the MMF file containing information from the user group table 1301 and the information set table 1401, the agent The server has already decided: the trust level of the user identification method, the sensitivity level of the information resource, the user groups to which the user belongs, and the information sets to which the information resource belongs. Decision table: Figure 1 6 Figure 16 shows: use In the access control database 301, tables used to define access decisions; included in these decisions are: access decisions, management decisions, and decision maker decisions: • Access decisions enable user groups The group has a relationship with the resource group; 73- This paper size applies to the Chinese National Standard (CNS) A4 specification (2 丨 0 X 297 mm) A7 B7 Five 'Description of the invention (71) e management decided that all its members are management User group with One of the following is related: '1. Another user group 2. —Information set 3 — —Resources 4. Location (website) in the VPN 5 —Accessed; Cache 203 or other server 6 .—Services • Decision makers make decisions related to the user group of the administrator and the information set. Each decision printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs will make "the left side, and the" right side, "there are Relationship, the left is always "quote, group of people" category table 1309, while the right side depends on the type of decision, it may be: "resource category table 1409," resource group, category table 14〇3 (Indicating information set), &quot; Website &quot; Category Table 415, &quot; Services &quot;, Category Table 1413, &quot; Servo Benefits &quot; Category Table 1417, or 1 User Group &quot; Category Table 1309. Therefore, the decision tables 1601 are divided into three large groups: the left table i606, the decision tables 1605, and the right table 609. The right to change decisions is hierarchical: members of a user group can change access decisions, as determined by management decisions for that group, the "user group" table for that group Indicating: It is one of many types of administrators—a group. In turn, those administrators may specify other management decisions related to their subdomain (sub_d0main). 'Corresponds to three decisions There are three category tables in the decision tables 1605: belong to the Access Decisions &quot; (Policies Access) category table 1611, &quot; Administrative Decisions &quot; -74- CNS A4 wire (21G X 297 (Public Love) '464812 A7 B7 V. The invention description (72) (Policies Administer) category table 1613, and some tables of the "Policies Policy Maker" category table 1691. All of these category tables share many characteristics; they all include: the ID of the user group table on the left side of the decision, the ID of the table representing the items that are listed on the right side of the decision 'decision (access operation is allowed or restricted An indication of rejection), an indication of whether a decision is predefined and cannot be deleted, and an indication of whether the decision is currently in use. The difference between the category tables is: which may be on the right side of the decision, and therefore is a communication link to many entities on the right side; in the case of access decisions and decision makers' decisions, the right entities are just information sets. Therefore, the two categories of "access decision" and "decision maker decision" —these tables contain only the right communication links to the tables in the "resource group" category table. ; And, some tables in the administrator's decision category table may contain alternatives pointing to the following: &quot; user group &quot; category table resource group &quot; category table, "site &quot; category table," server Benefits of the "Category Table", "Services", "Category Table," and "Resources" Category Tables—these tables have many right-hand communication links. The use specified by the user groups on the right-hand side of management decisions is given The right of the group to govern the collection of many entities listed on the right will vary depending on the type of penetrating body, as shown in the following table:

tf --tj ϋ of &gt; 1 I Η I This booklet is printed by the Consumers' Cooperative of the Intellectual Property Bureau of the Ministry of Economics-75- This paper size applies to China National Standard (CNS) A4 (210 X 297 public cage 464812 A7 B7 5 Description of the invention (73) Printed on the left and right by the Consumers' Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs. The meaning of allowed access operations on the left side of the user group. Members of any user group can establish management for targets or included items. Decision-making. This will allow delegation of responsibility. User group User group Members of the user group can manage the target user group, including some nested user groups. Allowed management , Including: deleting, moving, and copying the target user group; nesting it in another user group; adding members to it; and nesting some other user groups in the user group The members of the group information set user group can manage the information set, including some nested information sets. Permitted management, including: deleting the target information set 'Move and copy; nest it in another-information set; add members to it; and nest some other information sets in its Φ. User Group Website {User group members can manage the website, including : Come to available resources, list (all access filters, word service 'services, and resources), the list under the website = allowed management, including: delete the website and =, will * ε is added to the information set; and added-this bit takes 3 devices to it: for definition-some new; fetched = e professional jurisdiction over the location of the intranet is required (please read ii on the back first) Reprint this page) Order ----- -76- Wood paper size applies to China's national H (CNS) A4 specification (210 X 297 public love) 4648 1 2 A7 _ _B7 V. Description of the invention (74) Users Group Access Filters Members of the user group can manage access filters, including: from "available resources," lists (all servers, services, and resources), some of them below the access filter Module. Permitted management, including: adding access filters To delete and move; add it to the information set; and add some feeders or services to it. User group server Members of the user group can manage the server, including: From the "Available Resources" list (All services and resources), some units under the server "Allowed management, including: deleting and moving servers; adding it to the information set; and adding some servers or services to it. Use User group service Members of the user group are able to manage services, including: from the 'Available Resources' list (all resources), some resources under the service. Permissible management includes: deleting a service, moving it, and copying it; adding it to an information set; and adding some resources to it. User Group Resources Members of a user group can manage resources. Allowed management, including: deleting, moving, and copying resources; and adding it to information sets. -77- Printed by the Consumers' Cooperative of the Intellectual Property Bureau of the Ministry of Economy The paper size is applicable to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) 464812 A7 ---------- V. Description of the invention (75) The following table describes: 'Administrative user groups' rights when they appear on the left side of a decision maker's decision. "Left and right" meaning of allowed access user information set members of the user group can manage: used to control any group and user group including some nested information sets Many access decisions. They may also include information sets and any information sets in their descendants (decisions) in the decision _ decision maker decision = 1. The Intellectual Property Bureau of the Ministry of Economic Affairs employee consumer cooperatives printed the information set table above It was pointed out in the discussion that the proxy server that is performing the access check can use the "user group" table and "information set" to find: the user group to which the user who is making the access request belongs Group, and the information set to which the information resource being accessed belongs; and these tables can also be used to determine: the trust level of the user identification method, and the information resource sensitivity level. The proxy server can then use the "access decision" table to find out whether any user group to which the user belongs may access any information set to which the information resource belongs. If any such user group is found, the user may access the information set if the requested level of trust is as high as the sensitivity level of the information resource. To determine the level of trust requested, the proxy server must determine: the level of trust of any encryption technology being used, and / or the level of trust of the path in VPN 20j being used for access operations. This information is available in the access filter tables 1701 shown in Figure 17 and described below. If the sensitivity level of the access decision or access request does not allow the access operation; the message is ignored ’and any dialogue to which it belongs is discarded. When the request is made -78- This paper size applies the Chinese National Standard (CNS) A4 grid (210 X 297 mm)

A7 ^ 64812 V. Description of the invention (When accessing a request made by a user who is a member of the management user group of one of the database 301, the access verification process is essentially the same. Unfortunately, when the When the fetch operation is allowed, it may result in modification of the database according to the rules announced above. This modification will then be propagated to all other access filters 203 in 201. Server table: Figure 1 7 Figure 17 Display: A chart of some tables that are particularly important for the operation of many servers in a VPN. In a VPN, there are three types of servers: • Plain servers. These are: There are resources stored in A server on which resources are accessed by executing services. • Access filter 203. • Decision manager servlet. These are: coordinate and allocation database 3101, and / Or an access filter 203 that generates some reports on the operation and status of the vpN. The access filter 203 may additionally perform functions like a Yangchun server. The Ministry of Economic Affairs, Intellectual Property Bureau, employee consumption cooperation For each server in the VPN, there will be a "server", category table 1417. The information in the table for each server includes: server ID, name, trademark in Wind〇ws Ντ Domain in the operating system, its Internet name, whether it is an access filter 203 and incidentally a decision server, whether access information is available only through access filter 203, and Is it within a VPN. If the server is an access filter 203, it will have an access filter 203 attached to the identity of other entities in vpN 201 for Authentication and Encryption -79- This paper size applies to China National Standard (CNS) A4 (210 X 297 mm) A7 V. Description of invention (77). In a preferred embodiment, 'the identity is: SKIP's X.509 certificate for access filter β x.509 certificate also includes the public key for access filter 203. The public key may belong to many name spaces One of; name space identifier ID (abbreviated as NSID) is an identifier for the public key's name space; and mester key ID (MKID) is a public key that identifies the name Ai. Also included in the table What it is: A communication link to the "Certificate Authority" category table 1711, which will indicate the certificate authority that issued the X.509 certificate for the access filter. Of course, some are different from the access filter The servers also have χ.509 certificates: and, in that case, their "server" tables will have the server's NSID and MKID. Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs Each Yangchun server in the VPN will have one or more services running on it. For example, an FTP (right case transmission protocol) service will access the case (resource) on the feeder according to the tanta case transmission agreement in the tcp / i: package agreement (_.⑽suite). In the ten pairs of Yangchun Serving Servers, Feeders,. Each category table in Table 1417 has: many communication links to the group tables that define the services and resources available on the Serving Server. . As shown on i7i9, 'these tables include:', service I, category table 1413, which indicates services; &quot; resource 'category table 1409, which indicates that resources are provided through services; and &quot; service definition &quot; The category table n Μ, which defines the service. For the rest of the graphs, the table shows: This chart contains the information used by the access filter 203-this chart. Distinguish this category u. T ^ from its category table All the tables shown at the mouth 0-5 will contain: all are used to allocate the asset library 3101 and / or _ -80- The paper size of the dagger is applicable to the Ningguan Family Standard (CNS) A4 specification ( 210 X 297 Public Love) Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 8 4812. A7 ________B7____ V. Description of the Invention (78) Information used by the access filter 203 to generate a decision management program for reports; Some of the tables shown at 1717 will contain: information about many selectable parameters for the software being executed by a given access filter 203; those tables whose category tables are shown at 1709 will include: About proxy servers and Software module information, many access filters 203 will use this module to perform protocol-level access check in access filter 203; and some tables at 1707 will contain: Information on the definition of the trust and sensitivity of the identification method and the type of encryption. Some tables indicated by the reference number 1708 will include: information about the VPN to which the access filter 203 belongs. The access filter 203 uses this information to route the guidance dialog; It will also be used to determine: the trust level of the path being used for a given conversation. "The routing table" (Routing table) category table 1721 will define: list points to information accessible from access filter 203 Some tables for the many current routes of all networks. When those routes change, the table is automatically updated. The "Attached Network" category table 17:23 defines tables that indicate: for each access filter 203, the networks to which the access filter 203 is currently attached; the category table Some tables in the table will contain many communication links to some of the tables in the &quot; Network Definitions &quot;, the category table, which in turn contains pointers to the "trust definitions" category table, 7 〇7 defines a communication link, and this category table indicates the trust level of the network. The last category table in this group is the "Point to Point Connection" category table Π13, It will define: Description of two storages that can access information via VPN -81-This paper size applies the Chinese National Standard (CNS) A4 specification (210x 297 cm) (read the transcript on the back of ttl) ) • Shang -------- Order ------- ^! 464812 A7 B7 V. Description of the invention (79) K ΐί% 5 &gt; i Nettle 4% Take the connection between the filters 203 Tables. There is a table for each combination of source and destination access filters 203 And a communication link that points to a definition of a trust level that specifies the trust level of the path between the source and destination access filters 203. The trust level in this table is based on the messages used to traverse the path Encryption technology. Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs, as explained above, the user group &quot; table 1301 and information set &quot; table 1401 will provide the required access filter 203 Information in order to determine: whether the access decision in the access list 1601 allows access; and, it also provides: information on the sensitivity level of the resource being accessed. Access filter 1701 will additionally provide access The information required by the filter 203 in order to determine the minimum level of the path in the VPN being taken by the conversation, and the trust level of some available encryption algorithms. Therefore, if the access filter 203 determines: positive A given user who wants to access a given resource belongs to a user group that has access to the information set to which the given resource belongs, and JL decides: for user identification The authentication level of the method is not lower than the required authentication level for the sensitivity level of the resource; then the access filter 203 can further determine: whether the path's trust level is high enough; and if the trust level is not high enough, the access filter 2 〇3 By selecting an encryption algorithm with the required trust level and encrypting the conversation, the trust level can be increased to the required amount. Available information table: Figure 15 Figure 15 shows a chart of the available information tables 1501 The table is used by the access filter 203 in order to generate the available resource display FIG. 105 as shown in FIG. 10. The category table shown at 1502 will make each servo-82- this paper size applies the Chinese National Standard (CNS) A4 specification (21〇x 297 mm) 464812 A7 ------... ... Fifth, the invention description () device has a relationship with its services, and with the resources provided by the service. The category tables shown at 1504 organize many available resources into a hierarchy for inheritance purposes; they are also used to generate the hierarchical list shown at 1005; further by following the "Website Unit" ; Many communication links from table to "server" table, access filter 203 can determine: website, server, service, and resource level. At some categories table at 1503, a distribution tree of access filter 203 is finally created. As will be explained in more detail later, when the access control database 301 is modified, the tree defined by those tables determines the order in which the changes are assigned to some access filters. Modify the access control database 301: Figure 19 As mentioned earlier, each access filter 203 will have a master decision management program 2 in the access filter 203 (a) of FIG. 2 An exact copy of the 05 copy of the access control database 301. Fig. 19 shows how to modify that copy of the access control database 301, and how to assign the modification data & K * from the access filter 203 (a) to other access tearers 203. Figure 19 shows: an access filter 203 (a) with a master decision manager 205; and another access filter 203 (i), where an administrator using one of the workstations is modifying the access control data Library 3 01. Messages 1909 that are needed to distribute and synchronize modification information are encrypted using SKIP and sent via VPN 201 using a communication protocol called "private communications service" (PCS). Each The access filter will have many copies of the access control database 30. There are at least two copies of any access filter 203: living capital -83- This paper size applies to the Chinese National Standard (CNS) A4 specification (210 x 297 mm) Please read the precautions for fir first, and then on this page printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs * 1 ^ 464812 A7 -------- B7____ V. Description of the invention (81) Material library (live database (LDB) 1907, which is the database currently being used to perform access check; and mirror database (niirn) r (MDB) 1905, which can be switched into, intended to replace live data A copy of one of the databases of the library 1907. Thus, the access subtractor 203⑷ has: an MDB 1905⑷ and an LDB 1907⑷; and the access filter 2003 (ι) has: MDB 1905⑴ and LDB 1907 (i). If an access filter 203 is being used by an administrator to modify the access control database 301, it will additionally have at least one working database (WDB) 1903. Working database Yes: it is not a copy of a database that is being used to control access operations and can be modified by the administrator. The administrator uses a workstation or pc (personal computer) connected to the access filter via the network In doing so, the workstation or PC displays the management graphical user interface described above, and the administrator uses the GUI (graphical user interface) to make many changes as enabled by some management decisions. These changes may affect storage Information in any aspect of the access control database 301. As indicated above, many of these changes are changes in access or management decisions, so administrators can use decision evaluation features to see the effects of the changes. When the administrator is satisfied with the change, he will click: "Apply," button; therefore, many changes will be made to the Intellectual Property Bureau of the Ministry of Economic Affairs The consumer cooperative prints and distributes to all access filters and includes them in the live database of each access filter. The process of updating all live databases is called: database synchronization and allocation. There are three processes in this process. Phase: • First, 'modify information from the access device where they were generated *-84-This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) 464812 A7 A ..._ —__ B7______ 5. Description of the invention (82) 203 (here 'is the access filter 203 (⑴ is sent to the access filter to which the main database belongs 203 (here, it is the access filter 203 (a )). • In that case, incorporate many changes into the master database. The way to do this is to incorporate many changes into the mirror database 1905 (a) and then swap the live database 1907⑷ and the mirror database 1905⑷ 'and then change the new mirror database 1905 (a ). • Then, assign many changes from the master decision manager to other access filters. At each access filter 203, synchronization is redundant in the same way as using access filter 203 (magic). Changes are made in access filter 203 of vpN 20 The order in which it is determined is determined by the distribution tree, which is created sequentially using the access filter graph 1201. The access filter 203 with the master decision management program 205 is always the root of the tree. By default, the first access filter 203 installed in γρΝ 2〇1 has a master decision management program 205. When other access filters 203 are installed, they will be added to Children in the tree as the main decision management program. The main decision management program sequentially assigns many changes to its children. When each child access filter 203 receives its allocation Information, it then redistributes it to its children. This means that: a shallow allocation tree that forks many branches from the top level (shall 00w) to complete an allocation cycle will The top-level deep allocation tree with very few branches is faster. Proper The administrator who accesses the information can reconfigure the allocation tree to make the allocation more effective. -85- This paper size applies the Chinese National Standard (CNS) A4 (210 X 297 mm) A 2 A7 B7 V. Description of the invention ( 83 If two administrators have modified the same information section (for example, access filter definitions) in different job databases 丨 903, a synchronization conflict will occur. When this happens, the master decision management program 205 will decide: which modification information is to be included in the access control database 301. To optimize the access control database 301: Figures 21 and 23 Although it is managed by the graphical user interface (GUI) 丨 9 1 5 is suitable For continuous storage and use; but for use in real-time access check, database 301 is not optimized. As will be explained in more detail below, access filter 203 will make database 301 The data optimization in that is required for run-time access check, which is then used to generate a display map for IntraMap. Each time the database 301 is received in the access filter 203 When a new copy is made, it all Perform optimization (optimizati〇n). According to their optimization form, the database 30 is a collection of many memory-mapped building plans (MMF), in which access is stored in a form that allows fast access Decision information. The reason why it is called MMF is that although they are all generated as normal files, they are subsequently attached to the memory S of a program and are operated by some memory instead of File operations are accessed. Further optimization is achieved through the use of MMF files in order to generate some rules: use IP rules for source and destination addresses, and ports that are allowed or denied for access operations. Low-level filtering of messages. Figure 21 shows an example of MMF file 2303. The MF building case being discussed is: DBCertificatesbyUserGroup (database &quot; certificate &quot;) file 2101, which will be used to identify belonging to many specific -86- This paper standard applies Chinese national standards (CNS) A4 specification (210 X 297 mm) Backward meaning item η Item nesting I Order Printed by the Consumers ’Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 B7 46 V. Description of the invention (84) Certificate of the user group The certificate matching criteria are mapped to: some identifiers in the database 301 for the records of many user groups specified by the production book matching criteria. Thus, file 2101 allows an agent feeder with a certificate that can identify the source of a message that has been encrypted using SKIP to quickly determine the user groups to which the user identified by the certificate belongs. In the preferred embodiment, the 'certificate matching criteria are: 0 (organization)' OU (organization unit) in the χ.509 certificate, and the CA (certificate authority) field. All MMF files 2303 have the same general form and have two main parts: the header part 2103, which contains the information on which it is being mapped: and the data file 2105, which contains the information to which it is being mapped. Header 2103 contains a list of many entries 2107. Each entry will contain one of the numbers on which it is being mapped (in this case, the Certificate Matching Criterion (CMC) 2109); and an indicator pointing to one of the greens in the data section 2105 ( p〇inter) 2111 'It contains the information that is being pointed to by the mapping (in this case, it is: in the database 301 for the many user groups to which the user identified by CMC 2109 plus belongs) 2115). Many of the entries in Title 2103 are ordered according to the information being mapped (here, CMC 2109), making it possible to use a number of standard fast search algorithms to indicate a set of matching criteria for a given certificate One of them is listed in Item 2 107. Figures 23A, B and C provide a complete list of one of the many MMF files 2301 used in one construction example of the access filter 203. From the description of the contents of the files provided in the tables, the relationship between these files and some tables in the database 301 will be obvious. Each MMF file 2303 is composed of 87- this paper size applies Chinese National Standard (CNS) A4 specification (210 X 297 mm) Read first K Read the note on the back for filling out the page for binding Consumption by the Intellectual Property Bureau of the Ministry of Economic Affairs Printed by the cooperative A7 B7 V. Description of the invention (85) Misreading S &gt; ϊ %% Only one of the entries listed in the table indicates the name of the file and its contents. Subdivide the files into the following groups: 2311, 2313, 2319, 2321, 2323, and 2422. Some files of particular interest are: DBUsers (database &quot; user ") file 2307 and DBResources (database &quot; resource &quot;) file 2309, both of which describe decisions; DBCertificatesByUserGroup (identified by user group "Database" certificate "file 2101, which is an MMF file shown in detail in Figure 21; DBResourcelDbyServicelD (database identified by IP name &quot; resource identifier &quot;) file 23 15, which makes resources URL (common resource indicator) is related to resource ID (identifier); 〇81 ^ 8 011] ^ 635 &gt; ^^ 011] ^ 610 (database identified by resource 10 &quot; resource &quot;) file 23 17, it will make the resource and resource group related; and DBTrustTable (database "trust level table") file 2325, it will build the SEND table 601 ◊ Moreover, the following files are used to compile the rules: DBServerlDByNameFile (borrowed Database identified by IP name &quot; Server ID &quot; File) DBIPAndTypeByServerlDFile (Database identified by server 1D &quot; IP address and type ...) Wisdom Property Bureau employee consumer cooperative prints DBServicePortToProxyPortFiIe (database &quot; service port to proxy server port "file) DBAttachedNetworksByServerlDFile (database" affiliated network "file identified by server ID) DBRoutingTableFile (database" routing "Selection table" file) DBRoutingTablebyServerlDFile (data identified by the server ID -88- This paper size applies to the National Standard for Chinese Painting (CNS) A4 specification (210 X 297 mm) 48 12 Α7 Β7 V. Description of the invention (86) "Database" routing table, I file) Many files in the IntraMap information 2422 were finally filtered to generate the list 243 1 and then downloaded to the client for use by using the IntraMap claw program 2411. Details of the access filter 203: FIG. 20 FIG. 20 is a block diagram of an architecture of the access filter 203 in 2001. In the construction example shown in FIG. 20, all the access filter 203 components different from some NIc (Network Interface Card) cards 2013 are constructed in software. The software in the construction example will be executed under the operating system of Windows NT trademark manufactured by Microsoft Corporation. Software components fall into two broad categories: those that are executed as applications at the user level 2003 of the operating system; and those that are executed at the kernel level 2005 of the operating system. By and large, programs executed at the core level perform: IP-level access checks, as well as encryption and authentication; those executed at the user level perform application-level access checks. Also included in the user-level component are software for managing the access control database 301, and software for generating MMF and rules for IP-level access checking based on the access control database 301. The following discussion will begin with core-level components &apos; continuing discussion of user-level buttons related to the access control database 301 &apos; and then will discuss components for protocol-level access check. Core-level components Network Interface Card (NIC) 2013: These are the Ethernet and token ring cards installed in the access filter 203. Generally speaking, there are three types of configuration (-89-) (please read the notes on the back before filling this page). It is printed by the member of the Intellectual Property Bureau of the Ministry of Economic Affairs and the Consumer Cooperative. 210 X 297 public love) d 6 4- 8 I / A7 B7 V. Description of the invention (87) Network card. One is configured for the Internet, for a wide area network (WAN) 2011, or for an interface connected to one of the other access filter 203 networks. The other is configured for the interface 2007 for all client computers; the third is configured for the interface 209 for servers providing TCP / IP services. If it is not necessary to place an access filter 203 between many clients and servers, there may be only two types of NIC 2013: one for WAN 2011 and the other for LAN (Local Area Network). If no server exists at the position of the access filter 203, or if all local clients have the right to access all local information resources, it is acceptable; Put in between. When the gap filler software is installed, a kind of shim software module is inserted between two levels of the operating system of the Windows NT trademark (NDIS * TDIS level). This will cause all communications h τ for a particular communication protocol to pass SHIM 2017. In the construction example, all the traffic for the TCP / IP communication protocol will pass SHIM 2017, and the traffic for the non-TCP / IP communication protocol will go directly from the NIC to some appropriate other core modules. SHIH 2017 will call the (inv〇ke) skip module when necessary to handle the TCP / IP communication protocol traffic.

SKIP module 2021: Send all network traffic via SKIP 2 021. To enter the subcontracting information is not skip type, that is, SKIP does not need to perform authentication and decryption services; then SKlp module 202 will pass it to the IP filter module 2019. Similarly, if you do not plan to encrypt the round-off subcontracting information, the SKIP module 2021 will send it directly to the appropriate NIC. 90-This paper size applies the Chinese National Standard (CNS) A4 specification (210 x 297 mm). ) Read the back of the matter &gt; 1 and reprint this page on the page of the Intellectual Property Bureau of the Ministry of Economic Affairs's Consumer Cooperatives to print 464812 A7 __B7 V. Description of Invention (88) 2013 for transmission. Although there is SKIP type of subcontracting information, the authenticator 2024 in the SKIP module 202 1 can be used as a dream-item dialogue; the encryptor / decryptor 2022 can be used as a pair at the dialogue level. Information for encryption and decryption. Possible use: other access filters 203 for any number of purposes, some feeders using SKIP, and some clients using SKIP for authentication and encryption / decryption. The authentication and encryption algorithms are based on the SEND parameter, and the output subcontracting information is set by the IP filter module 2019; or both are specified in the input subcontracting information. The SKIP module 202 1 will maintain sufficient status information for every other website that it talks with, making it huge for most SKIP type subcontracting information, and it can maintain rapid operation. Subcontracting information is sometimes &quot; parked &quot; and additional processing (shared secret and temporary key calculations) is performed. The "skipd" module 2037 in user space 2003 performs this additional processing. IP Filter 2019: IP filters operate according to a set of rules, which are: a component of database service 2029 The rule compiler is made according to the access decision in the access control database 301. 〖Some of the basic functions of the p filter are: Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs1. Pass the traffic to TCP / IP stack. 2. Block traffic-Explicitly discard traffic for specific IP addresses, and based on many special rules for emergency situations. 3. Discard traffic-will neither match any rules nor It is not explicitly discarded by the traffic allowed by any decision. -91-This paper size applies the Chinese National Standard (CNS) A4 specification (21 × 297 mm) 464812 A7 B7 V. Description of the invention (89) 4 Handling traffic_ Instead of delivering traffic to the indicated target, I will: route to a proxy server program on the current machine. ~ 5 · Perform network address translation-it may be illegal The internal lp address is changed to a legal IP address. 6. The 1-arch method strictly determines the new dialogue for the access control operation by the rules, and then passes the decision to Prjpf (discussed below). _ General Longlai, this is aimed at dialogues that may be allowed by decision-making or by the operating characteristics of the previous VPN Tunnel. IP Filter 2019 performs these functions based on the following information: • rules generated by the rule compiler; • source And target IP address and port number; • Encryption or non-encryption of the input subcontracting information; and • Encryption and authentication of the required output subcontracting information. Components related to database 301 Intellectual Property Bureau employee consumption Cooperative prints Shared Directory 2028: What access and debuffs 203 VPN 201 uses will keep a single access control database 301 in it. All of the databases 301 in a given access filter 203 Versions are maintained in a shared directory 2028. The shared directory 2028 also contains log files for each access filter 203. Private Connect Service Referred to as PCS) module · 2025: PCS module 2025 is provided in the VPN 201, 'access through the filter to the stored Save-taken "on communication. All such communication goes through the PCS. The PCS has its own IP port number, and its messages must be encrypted. By PCS message-92- This paper size is in accordance with Chinese National Standard (CNS) A4 (210 x 297 meals) 4 6 4 8 I 2 A7 B7 V. Description of the invention (90) Printed by the Consumer Cooperative of Intellectual Property Bureau of the Ministry of Economic Affairs Some specific functions implemented by the system are: distribution tree management; distribution and synchronization of database 301; retrieval and distribution of routing table 1721; retrieval of Windows domain and user information; network scanning; retrieval of registered content; and Transfer of files used by reports and other subsystems. ISDB management program 2027: ISDB management program 207 manages database 301. It and PCS are the only interfaces for the copies of the database 301 in each access filter 203. It contains software for reading and writing all the tables in the copies of the database. ; DB material service and rule compiling program 2 009: Database service module 2029 will generate many MMF files 230 丨. It does this every time it receives a new copy of one of the databases 301 in the access filter 203. It uses the functions provided by the ISDB management program 2027 to read the live database 1907⑴ for a given access filter 203 (I) and generate a number of MMFs 2301. One of the components of the database service module 2029 is a rule compiler, which will generate some rules used in the ιρ filter module 2019 according to some of the MMF 2301 related to MMF. The rule will specify what the rejection is for: time source, destination, and shun number = existence, no DLL, and an application that just calls the routines in the DLL. In normal operation, whenever the access transition ^ 203 (1), the modified database is received from the main decision management program 205-93- This paper size applies to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) Please read the precautions on the back before filling in this page to bind 'Bu 46 48 12 A7 B7 V. Description of the invention (91)' All routines in the DLL are provided by the database service module 2029 Call it. During the process of installing and launching the program (b0tstrapping), the application is used in some special modes. Memory Map File (MMF) 2301: As already explained, MMF 2301 is a data file generated by the database service module 2029, and is used by many other modules in the access filter 203. Design proposals to make the following operations as effective as possible: • Mapping from user identification methods to (many) user groups; • Mapping from information resources to (many) information sets; • Finding relationships with many user groups Related decisions; and • Find decisions that are relevant to many sets of information. Evaluation-related components Evaluator 2036: The evaluation program 2036 is a collection of DLLt_s used by each proxy server in the proxy server 2031. The evaluation program 2036 will provide the following functions to many proxy servers: • Prompting users for another 11 in the band, or “out of band” identification information; • Services from the authentication tool program (Authentication D). (1 Sefviee, M called ATS) to obtain "out-of-band" identification information; • Obtain certificates associated with the current user from SKIPd; • Read many MMF 2301 and decide whether the access decision allows the user Access resources; and • if access operations are allowed under other circumstances, construct a path-based trust / sensitivity level calculation, including determining whether access operations are possible at -94- This paper standard applies Chinese national standards (CNS &gt; A4 specifications (21〇x 297 public love) f Qing first read the "I" on the back of the page and then write this page) -------- Order · --- Printed by the Intellectual Property Bureau of the Ministry of Economic Affairs and Consumer Cooperatives System V. Description of the Invention (92 A7 B7 Printing by the Intellectual Property Bureau Employee Consumer Cooperatives of the Ministry of Economic Affairs is permitted by path, if so; what encryption and authentication methods are required, and which access filter is closest These functions are performed by a component of an evaluation program 2036 called a VPN management program. Authentication tool program service / user identification client software (ATS / UIC) 2039 and 2041: ATS 2039 A client-server application t and a server that authenticates user information. ATS 2039 runs on the computer, and other components on which access filter 203 is running. The client part is UIC 2041 It will run on a Windows-based client. ATS 2039 and UIC 2041 are mechanisms, and the access filter 203 will use this mechanism to obtain "out-of-band" authentication information. ATS 2039 and UIC 2041 will borrow Communicating from a conversation that is separate from the conversation being authenticated. ATS 2039 collects and quickly caches the authentication information it obtains from a number of UIC clients, and then provides that information to the evaluation program 2046. From customers Quick access information of the machine includes: • Windows ID; • Identity certificate; and • Authentication token ID. SKIPd 2037: Most SKIP and d functions support SKIP modules. 2021. Those functions include: • Exchanging certificate information with other communication partners. This is done by using the Certificate Discovery Protocol (CDP). • Calculating Diffie-Hellman's shared ancient methods. This Species-95 This paper size applies Chinese National Standard (CNS) A4 specifications (210 X 297 mm) ίί · β β tj ί ij. I tn Pei III order A7 B7 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs Description of the invention (93) The secret sharing method is the key to SKIP operation. This calculation can take a considerable amount of time and store it to disk in an encrypted form. • Calculate the transmission secret used to encrypt the conversation. These keys can last for a period of time or amount of data. • In addition, SKIPd will provide certificate matching criteria to (among many) evaluation procedures for use in user identification methods. Proxy server 2031 As described above, the proxy server is software in the access filter 203 that intercepts traffic for a specific communication protocol. The proxy server understands the "protocol": it is carrying information so it can obtain the information it needs to identify the resource being accessed and / or authenticate the user from the messages being exchanged during the conversation As the p-filter redirects some messages that use a given protocol from its standard port to its non-standard port, all proxy servers except SMTP will receive: For their protocol, they differ from the standard port Messages on some ports. The proxy server provides the information it has obtained from the conversation to the evaluation program 206 in order to determine whether the user has access to the information resources. The fetch filter 203 forwards the input messages to the server to which they are addressed, and further processes the messages in the server with a service for the communication protocol. In the following description, a preferred implementation is used Each communication protocol in the example will be discussed; of course, other embodiments may include proxy feeders for other communication protocols.

Pr_ipf (IP router proxy server) ·· Most network traffic will be '96-This paper size applies to China National Standard (CNS) A4 specification (21〇 x 297 mm)

tr t 1 of, '· ΐ · τ; and · $;. J A7 V. Invention Description (94) Occurs on a few communication protocols, and in access filter 203 there will be many for this protocol Proxy server. However, even where no proxy server is available, an access decision must be made. In some cases, the decision may be made by the IP filter 2019 at the heart-grabbing level; when it does not cause inflammation or 'IP too good 2019 provides traffic to pr jpf, it will get In any case, it can obtain information related to user identification methods and information resources from the traffic, and then pass this information to the evaluation program 2036, so as to determine whether the access operation should be permitted. : Pr_ipf is not actually a proxy server, because it just makes an access decision for the p filter 20, 9 and does not pass any traffic to the standard communication protocol software. Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs FTP (File Transfer Protocol): FTp proxy server will process TCP / IP subcontracting information for file transfer agreement. In one of the current embodiments of VPN 201, the access control is only applied to the account (green) level; in other embodiments, it is possible to control the access operation to the file access level. During the FTP login part of the communication protocol, the proxy server will determine the server and account (acc〇unt) being accessed, and provide this information to the evaluation program 2036 in order to determine whether the user belongs to a use Group, many members of the group may have access to the information set corresponding to the account. The proxy server uses tokens specified in the TP communication protocol to interact with the user to further process the "in-band" fixed information. FTP is actually a very complex communication protocol involving both active and passive modes (used in web browsers and some automated FTP client software). In addition, FTP data transmission uses a second dynamic decision. -97- This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) 46 A7 B7 V. Description of the invention (95 Definitive TCP (Transmission Control Communication Protocol) dialogue. This requires a special interface between the FTp proxy server and the IP filter 2019, so that the FTP proxy server can indicate to the IP filter 2019 that it should allow a second dialog. Transmission protocol): For the public domain institute of public domain particle physics (Ηττρ) construction example, the HTTP proxy server is constructed based on source code and contains all its fast access logic (caching logic). The proxy server uses an evaluation program 2036 to check each access operation pointing to a URL. No, in the frequency band, authentication information is performed using HTTP.

Telnet (Remote Communication Network): Telnet resources are non-standardized registered by sTeinet and are controlled only to the server level. The Telnet proxy server is used only to provide additional in-band authentication information. It is the easiest of many real proxy servers. NNTP: Network News protocol (NNTP) is used to control two operations of news feed and news reading. During the news feed operation, the NNTp proxy server looks at the unencoded message. These messages are binary messages that have been converted into ASCII text for transmission. Such messages are often disbanded into multi-part messages in order to keep them to a reasonable size. The NNTP proxy server will quickly access parts of the binary message. For each such message, if the message is to be completed—the last part of a multi-part message, then the entire multi-part message is combined, and the anti-vinis module 2033 will Virus verification check -98-This paper size applies Chinese National Standard (cns) a4 specifications (210 x 297)

% 'β | Words, λ of 1 * I; I- and: ΐ. This book is bound to print 464812 A7 B7__________ printed by the Intellectual Property Bureau of the Intellectual Property Bureau of the Ministry of Economic Affairs. Described below. Protect access operations to the newsgroup level during news reading operations. As in other proxy servers, the evaluation program 2036 is used to determine whether the current user is likely to access the newsgroup. RealReal Audio: 眞 Real Audio Communication Agent Server allows clients to access the 伺服 Real Audio Communication Server which is only protected at the server level. Although the real audio communication protocol uses a standard TCP socket connection to establish a conversation, it then uses a switch back to the UP channel. Just like for FTP, the Real Audio Communication Agent Server has an interface for IP Filter 2019, which allows it to indicate to IP Filter 2019 that switching back to the UP channel is allowed. SMTP: Simple Mail Transfer Protocol (SMTP) proxy server differs from other proxy servers in that: (Many rules of the p-filter's proxy server are not used to redirect traffic to the SMTP proxy Server. In fact, other proxy servers will "listen" on a non-standard port, while the SMTP proxy server will listen on the standard bee (25), and will then execute its own communication with the standard 5μτP server software. Access. Access decisions in database 301 must explicitly allow this access. Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs

IntraMap: When the user specifies the URL for lntraMapt, the report management program 209 will download the IntraMap Java program, and the downloaded Java program will try to execute a return to the access / rejector 203 with the report management program. A set of interface (socket) communication connections. The IP filter 2019 of the local access teardropper 203 (I) will intercept the information of the attempt to perform communication connection ^ -99- The paper size is applicable to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) 46 ^ 8 12 A7 B7 V. Description of the invention (97 and then provide it to the IntraMap proxy server on the local access filter 103 (I). By looking for the answers in the local copy of the database 301 (answers) and Return the answer to the Java program, and the proxy server will respond to the query from the Java program. As all the answers are being filtered to reflect the user's access rights. Intra] V [ap proxy server The server is not a real proxy server because the entire communication connection is always fully serviced by the instance of the IntraMap proxy server that intercepts the communication connection. Anti-virus module 2033 Anti-virus module 2 in a preferred embodiment 33 is a collection of many DLLs provided by Trend Micro Devices (inc_) located in Cupertino, CA. In other embodiments, antibodies from other sources may be used for this purpose. disease Module. The anti-virus module 2033 will check all the assets that have entered 001 for viruses. In order to provide users with feedback functions on data transfer, such as calling and preventing users from suspending private time for customers ’stylistic private time ( This ㈣_), copy the machine into the human-species for virus detection ^ 0 'file at the same time. However,' the last part of the data is not; the household = until after the virus check is completed. The last part Copy-office: In the second case, many viruses will be checked. "· The Intellectual Property Bureau of the Ministry of Economic Affairs' employee consumer cooperatives will print the virus, and send the rest of the data to the customer. If the illness occurs, the data transfer will be suspended. In Taiyin w After the dead body is exhausted, if the administrator has stated that the user has been notified that the transmission is invalid. The administrator. Ι. ··, it is possible to send a kind of alert information to the manager. aUnCk) 'Login, Alert and Reporting Module 2 0 2 7: 100-

4648 12 Printed by A7 B7, Consumer Cooperative of Intellectual Property Bureau of the Ministry of Economic Affairs 5. Description of the Invention (98) Some components of this module will perform the following functions This initial sequence occurs on an access filter 203. • Login-A DLL that provides a standardized green login interface. • Alert-a stand-alone process that looks at all NT logins

Formula, so look for the alert conditions listed in the database 301. Use the GUI to specify the methods used to deliver alert information for defining alert information. • Reports • Transfers a subset of many logins to a special report login, condenses it into a database, and later forwards it to the report management program 209 »Management Graphical User Interface 1 915: GUI (Graphical User Interface) It may run on the access filter 203, or on any computer attached to the access filter 203 and having a 32-bit Windows trademark operating system. Whether the GUI is executed on the access controller 203 or on the accessory system, it will use the IS DB management program 2 07 to read or write one of the working data in the access control database 301. Library 1903. Via GUI 1915, all necessary modifications are made to the access control database 301. One of the "application" operations in the GUI is sent to PCS 2025 as a signal, which responds to the signal by initiating the aforementioned allocation and synchronization operations. Detailed example of the operation of the access filter 203: Figure 5 and 2 2 In the following description, the end-to-end encryption example of Figure 5 will be explained in detail. In this example, its PC is equipped with one of the SKIP roamers 503 is accessing: -101-This paper standard applies Chinese national standards (CNS) A4 specifications (210 X 297 public) --------- ~ Outfit -------- Order --------- Λ (Please read the precautions on the back first (Fill in this page again)-464812 A7 B7 V. Description of Invention (99) An employee consumer cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs printed on one of the sites on VPN 201, a server equipped with SKIP 407. As a roamer 503 When it is set up to access VPN 201, it is set up by using a special encryption type of access filter 403 (3). Here, it will be assumed that the encryption being used by the roamer 503 Type has a "confidential" level of trust: and assumes that the user wants to access the web on server 407 The webpage has a "confidential level of sensitivity. Because the webpage being accessed is, the roamer 503 is using the HTTP communication protocol for its dialogue with the HTTP service on the server 407. As the roamer 503, in the VPN 201 Many of the access filters 203 and 407 in the server are all equipped with SKIP; therefore they are all equipped with their own public and private keys. At a minimum, the roamer 503 also has access filters 403 (3) Certificate and public key, it will direct messages for servers inside VPN 201 to access filter 403 (3); access filter 403 (3) has certificate and public key for roamer 503 (Or use certificate discovery communication protocols to obtain them); all access filters 203 in VPN 201 have or can get: each other's public keys, and public secrets for many servers equipped with SKIP in VPN 201 In addition, each access filter 203 in VPN 201 will know: the IP addresses of all other access filters 203 and many servers in VPN 201. As a roamer 503 All messages sent and received as part of the HTTP conversation with server 407 are encrypted and authenticated by SKIP. Figure 22 shows the format used by such a SKIP message 2201. SKIP messages are by SKIP The software is produced on the basis of -102, which is the skip message. The paper size is applicable to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) Λα 14812 A7 B7 5. The system of the source of the invention description (100). The SKIP message 2201 shown here is from the roamer 503. Its main components are: Outer IP header 2203: Outer IP header 2203 is used to deliver SKIP messages to the access filter 403 (3). Included in the IP title 2203 are: the source IP address 2209 for the roamer 503, and the destination IP address 2206 for the access filter 403 (3). When the roamer 503 is established to access the VPN 201, the target address 2206 used by the roamer 503 is set up to specify the access filter 403 (3). The source IP address 2209 may be dynamically assigned to the roamer 503 by an Internet service provider; the roamer 503 uses it to connect to the Internet 12 1. The outer IP header 2203 also includes a message type (MT) block 2208, which will state that the message is a SKIP message. SKIP header 2205 ... The SKIP header 2205 contains information required to decrypt the SKIP message 2201 when the SKIP message is received. The SKIP header 2205 contains at least: a certificate for the target, that is, a target NSID (name space identifier) 2215 and a target MKID (master key identifier) 2213 for the certificate that accessed the server 403 (3); and The certificate of the source is the source NSID2219 and the source MKID2217 of the certificate of the roamer 503. In addition, the SKIP header 2205 contains: an identifier for the algorithm used to authenticate the message (MAC ALG 2226) and the algorithm used to encrypt the message (CRYPT ALG 2225); and an encrypted transmission key used to decrypt the message ( Kp 2223) and identifier 2224 for the algorithm used to decrypt the transport key. Appraisal title 2211: Appraisal title 2211 contains a message authentication code (MAC) 2221, which is based on -103- this paper size applies Chinese National Standard (CNS) A4 specifications (210 X 297 public love) w I βί language-r ίι i; #-^ jy: * i book 1 printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 4 b A7 B7 V. Identification of the invention (1〇1) in column 2226 ] Calculated by the MAC algorithm; and it is used by the access filter 403 (3) to verify that the message arrived without intervention. Encrypted payload 2227: Encrypted payload 2227 contains a known encrypted message that the roamer 503 is sending to the server 407. It includes an IP header 233 1 for the message, and an encrypted message 2229. The IP header 233 1 has an IP address for the server 407 and a port number for the HTTP protocol service. By using the transfer key Kp 2223 having the decryption algorithm specified in CRYPT ALG (Cryptographic Algorithm Identifier) 2225, the encrypted payload 2227 can be decrypted. Processing SKIP message 2201 SKIP message 2201 arrives on the Internet interface 2011 of the access filter 403 (3). Message processing starts at the SHIM level in the core level 2005. SHIM 2017 will send all incoming traffic to SKIP 2021, and it will sequentially perceive according to MT field 2208 that the message is a SKIP message. To decrypt and authenticate the message, SKIP needs to decrypt the transmission key κρ 2223, and what it has to do is: it will provide SNSID 2219, SMKID 2217, DNSID 2215, and DMKID 22 13 to SKIPd 2037, and SKIPd will use these IDs in order to retrieve The certificate quick access cache (SKIPd 2037) retrieves the certificate for the roamer 503 and the access filter 403 (3). If the certificate is not there, then SKIPd 2037 uses the CDP communication protocol to extract the certificate. Then 'use the information in the certificate with the private key of the access filter 403 (3); in order to generate a shared secret number, and then use this number to decrypt the transmission key Kp 2223' to generate two internal secrets Losing: Akp and Ekp. -104 This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) ttt ύί i. Λ zhen Ι · ij. F f f III III Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs 46 dB 1 A7 B7 V. Description of the invention (102) U ί β] Contains 1 r 夂 i: L ί; ΰή ί; ί: SKIP will safely store the shared secret number 値 for use with future messages' This is because The calculation of this number takes a considerable amount of time. Secondly, the MAC is calculated for the entire received message, and Akp and mac 2221 and MAC ALG 2226 are used together 'to verify that the entire SKIp message 2201 is not intervened. If this is the case, the internal key £ kp is used to resolve the encrypted payload 2227 in order to recover the original message from the roamer 503. The decrypted payload 2227 is then provided to the IP filter 2019, which will apply some of its rules to the source j p address, the destination j p address, and the port number of the 1 P header 223 1. If there is no rule to deny the access operation, IP Server 2019 follows another rule and redirects the unencrypted message along with snsid 2219 and SMKID 2217 to the port for the http proxy server. IP Adapter 2019 uses the DBServicePortToProxyPort file in MMF 2301 to find the port in question. Message processing continues at the application level in the user level 2003 of the operating system. The HTTP proxy server can grasp: the server's p address, the service port number, the URL for the web page, the user's certificate belonging to the roamer 503, and the encryption method used to encrypt the message. It uses evaluation program 2036 to determine the following according to MMF 2301: • Many user groups to which the users indicated by the certificate belong; Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs • Many information sets to which the web pages belong ; • Is there an access decision that will allow at least one of the many user groups to access at least one of the information sets in the many information sets; and * Whether the k-level of the message is at least equal to the sensitivity level of the web page. -105 This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) 464812 A7 B7 V. Description of the invention (103) Starting from the first of these tasks, the evaluation program 2036 will receive For the NSID and MKID of the certificate, and using the certificate matching criteria of the certificate with the DBCertificatesByUserGroup file to obtain: the identifiers of the various user groups to which the user who is sending the message * The evaluation program 2036 is obtained by: jp address, port number of the service 'and the URL of the webpage to determine the information set; and use: DBServerlDByIP (the database identified by the IP address &quot; server I 〇' ') IP address of the file To determine the server that contains the web page, the port number of the DBServicelDByPort (database identified by the port number "Service ID &quot;) file to determine the service on the server providing the service, and the DBResourcelDbyName (by IP name to Identify the database &quot; resource ID) URL of the case to get the identifier for the information set to which the web page belongs. Employees, Intellectual Property Bureau, Ministry of Economic Affairs Printed by the consumer cooperative: As soon as it can be grasped: For user groups and information sets, the identifier in the database 30i: The evaluation program 2036 uses the DBRes〇urces file to determine: 疋 Is there an access decision that will allow use Any user group that the user belongs to accesses any information set that the page belongs to. In doing so, it may only consider some user groups whose membership is determined using a recognition pattern, and the trust level of the recognition pattern is The sensitivity level of the resource is sufficient. The DBReSOurces file maps each information set identifier to: There will be a list of one of the many user groups for which access decisions concerning the resource set are targeted. For each use For the group of users, the DBResources file will further indicate: decide whether to allow or deny the access operation. The evaluation program 2036 uses the DBResources file to sequentially for each information set to which the webpage belongs -106- This paper standard applies to China National Standard (CNS) A4 Specification (210 X 297 Public Love) 4648 1 A7 B7 V. Description of Invention (104) Decision: There will be some information about the information set Whether the list of many user groups for which the decision is made includes one of the user groups to which the user belongs. If there is an access decision for any user group that denies access, The evaluator instructs the HTTP proxy server: The access operation is denied; if no access decision is denied for the access decision of any user group and at least one decision allows the access operation, the evaluator makes the HTTP proxy The server indicates that the access operation is allowed; if there is no access decision of any kind for any user group, the evaluator will determine whether at least one certificate or token-based user group has one Allowable decisions for resources. If so, and the requesting client has UIC (User Identification Client Software) running: contact uIC to request additional identification information from the user. If additional identification information comes back, the above process is repeated. In other cases, the evaluator instructed the HTTP proxy server that the access operation was denied. Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs Of course, if the access request does not have a trust level equal to the sensitivity level of the webpage, then the evaluation program 2036 will also deny the access operation. The evaluation program 2036 obtains the webpage from the DBResourcesByResourcelD file Convergence level 'obtains the trust level of the user identification method from the DBTrustAuthentications (database &quot; trust level authentication file) and the trust level of the encryption method from the DBTrustEncryptions (database's trust level encryption &quot;) file. Since SKIP has used a method with a ", confidential" trust level to encrypt the message, the trust level of the path through the network has nothing to do with this example. To determine: whether the trust level for user identification and encryption methods is Sensitivity level is sufficient; Evaluation -107- This paper size applies Chinese National Standard (CNS) A4 specification (210 X 297 mm) A7 B7 V. Description of invention (105) Formula 20 6 will be used effectively Construct a case of 1) 81'〇18 Ting 31 ^ building of 3 £ 1 ^ 0 Table 601. If the trust level is sufficient If yes, the evaluation program 2036 instructs the proxy server that the access operation is allowed. V %% ί I (1 1: · ί · I copy) — Once the proxy server has confirmed that it intends to allow the access specified in the message Information resources in the Internet; the proxy server will initiate a new dialogue for the actual service: HTTP service on server 407. The proxy server 201 will send a special message to the IP filter 2019, so tell It: Allows a specific conversation to pass; this is because: In other cases, the conversation may be blocked by some rules or sent to a proxy server again. The message for the overpass 2 019 also includes information about new conversations The information needed for the encryption method 'in this example' is that the dialog should be encrypted for the final access filter 4 03 (5); and an encryption method suitable for the sensitivity level of the data which is confidential should be used When the IP filter 2019 encounters a new conversation, 'it will find: because the conversation matches the criteria stated by the proxy server 2031', it will pass the conversation to the SKIP module Since encryption is necessary for this conversation, the message will be re-encrypted. Except for the following, the SKIP module 2021 will generate a SKIP message 2201 in the same way as described above: Employees of the Intellectual Property Office of the Ministry of Economic Affairs Printed by Consumer Cooperatives • Outer IP header 2203 for messages states: Use access filter 403 (3) as the source of the message and access filter 403 (5) as the destination of the message; • SKIP header 2205 Has: SNSID 2219 and SMKID 2217 for access filter 403 (3); and 1 ^ 810 2215 and 0 (0 2213) for access filter 403 (5); and, other numbers in heading 2205 It ’s also the source and target of the information. Now it has been accessed. -108 This paper size is applicable to the Chinese solid standard (CNS) A4 specification (210 X 297 mm). 4 6 4 8 A7 B7 V. Description of the invention (106) Those required for the fact of filter 403 (3) and access filter 403 (5); two • The encrypted payload 2227 is the same as before (except that it has been encrypted using a different key: And generate MAC 2 for the whole new ^ _2201 if necessary 221. When the proxy server is relaying messages, it is also watching the type of file transfers that may contain viruses. When it encounters a virus, it applies anti-virus software 2033 to these files. If the file contains a virus, the proxy server fails to deliver the complete case so that the virus will not cause harm. If the access control database 301 instructs this, when the anti-virus software 2033 detects a virus, the proxy server will send an alert message. Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs. When the SKIP message 2201 is received at the access filter 403 (5), it is passed to the SKIP module 202 1 'where' as described previously, the It authenticates and decrypts. Regarding the access filter 403 (3), through the same mechanism as described above, the IP filter 2019 on the access filter 403 (5) notices that the message is specified to the HTTP application protocol, so It directs the message to the HTTP proxy server 2031. The proxy server accepts the message; it then sends information from the outer IP header 2203 and SKIP header 2205, which can obtain information about the originator of the message (access filter 403 (3)), to the evaluation program 2036 'in order to determine: Whether the dialogue inspired by this message should be allowed to continue. The evaluation program 2036 will check the source IP address of the message and other identifying information; and determine it by finding the source IP address in the DBServerlDByIP file of the MMF file: For the access filter 403 (3), Identifier in database 301; use this identifier to -109- This paper size applies to the Chinese National Standard &lt; CNS) A4 specification (210 X 297 mm) Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs

4 8 I A7 ___B7_____ 5. The description of the invention (107) indicates the location of the certificate of the access filter 403 (3): and it is found that $: The certificate information matches the retrieved certificate, and the retrieved certificate matches the certificate being processed. The message from filter 403 (3) is related. The access filter 4403 (3) of the source of the message is therefore considered to be one of the access filters 403 in VPN 201, so the evaluator 2036 responds that the conversation should be allowed because it is a Messages that have been allowed by another access filter 403 within the same VPN 201. This decision to allow the message is passed back to the HTTP proxy server 2031. The evaluation program 2036 instructs the HTTP proxy server 203 1 on the access filter 403 (5) to allow any request from the same conversation for the same reasoning. When the HTTP request is processed, the proxy server establishes an outgoing communication connection with the HTTP service on the server 407 in the same manner as the output session is established on the access filter 403 (3). When the communication connection with the server 407 is started, the evaluation program 2036 will find the IP address of the server 407 in the DBServerlDByIP file of the MMF file in order to determine: the identification in the database 301 for the server 407 Use this identifier to indicate the location of the server table; then use the certificate identification and DBCertificates from the table to find the certificate for server 407. It then constructs a SKIP session using the key for the access server 403 (3) and the public key (obtained from the certificate) for the server 407, as described earlier. Encrypt and authenticate the actual message, add the SKIP header 2205, and add the outer title 2203 'so that the message is directed to the server 407 »When the message reaches the server 407, SKIP in the server 407 will: Check the message Identification information, decrypt it, and then decrypt the decrypted message _ -110- This paper size is suitable for China National Standard CCNS) A4 specification (210 X 297 mm) -------------- --III Order--I--! 1-^. C I would like to read the notice ^ # _ ίΛί ^ 1} 46 48 1 A7 B7 V. Description of the invention (108) Forwarded to the HTTP service. This service Access will be performed: the webpage requested by the message contained in the payload. Having obtained a web page, the HTTP service will generate a return message with an IP header that specifies the rover 503 as the target. This switchback message is then encapsulated in a SKIP message 2201, as previously described. This SKIP message is directed to the access filter 403 (5), and the information contained in the outer header 2203 and the SKIP header 2205 is necessary for the information between those entities. When the reply message hits the access filter 403 (5), the SKIP module 2021 there will authenticate and decrypt it, and send it to the p filter 2019. The message was found to match an existing conversation, so no evaluation is necessary; it is therefore forwarded directly to the HTTP proxy server 2031. There, it is checked for validity as an HTTP protocol response message, and it is retransmitted back to the originator of the HTTP conversation which is the access filter 403 (3). Since it is understood that the initiator of this conversation may be another access filter 403 in vpN 2〇 丨, the check operation of the anti-virus module 2033 will not be performed, just like the access filter will perform when necessary Check operation like that. Uses many SKIP parameters necessary for information exchange between the access filter 403 (3) and the access filter 403 (5), printed by the SKIp module, the Intellectual Property Bureau of the Ministry of Economic Affairs, Employee Consumption Cooperative, 2021 , Re-processing the retransmission of the reply message, and encrypting it as described above. When this answer message came to the access filter 4 03 (3), exactly the same thing happened ', that is, the message came to the HTTP proxy server 2031 through the SKIP module 2021 and the IP filter 2019'. There, regard it as a -111-This paper size is applicable to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) dB 48 A7 B7 V. Description of the invention (1109) HTTP communication protocol response message to check Validity; possibly through anti-virus module 2033 (if the message content type guarantees it); and then retransmit it back to the originator of the HTTP conversation that was the roamer 503. For a message being sent from the access filter 403 (3) to the roamer 503, 'using the SKIP parameters as announced above, the SKIP module 2021 is used to process the transmission of the reply message again, and then to it as above Encrypted. Then 'receive the answer message at the roamer 503; where: use SKIP to authenticate and decrypt the message, provide the message to the user's browser, and display it for the user. General principles of many technologies used in access filter 203 Many technologies used in access filter 203 have been generalized in two ways: • Separate decision evaluation and decision execution. Filter different entities to implement decisions; and • the decision database now allows not only definitions: users, user groups' resources, and resource groups; but also definitions; many new types of user identification that may define the decisions for Many new action types' and many new resource types. The following discussion will first describe how the decision evaluation and decision implementation may be separated from the print by the Intellectual Property Bureau of the Ministry of Economic Affairs' employee consumer cooperatives, and then describe how the many types used to define decisions may be expanded. 20, 26, and 27 Figure 26 is a block diagram of a decision execution system 2601, in which the decision evaluation and decision execution have been separated. In the system 2601, the concept of decision-making

V. Description of the invention (110 (rion) has been generalized, which not only includes access decisions, management decisions, and decision-making decisions; it also includes: any actions that users may perform on an information resource. For example, — A decision may state: — A specific user group may print some documents belonging to a specific information set. The system 2601 has five main components: • The requesting entity then requests an action to be performed on the information resource, and : May be any entity that can belong to a user group; • Decision executor 2609, which can control the effectiveness of the requested action; 'Many resources 2611 (0,., N), it may be: 彳 by the decision executor Any information accessed or controlled by 2609; • Decision server 2617 'which determines: whether the action is allowed; and • Decision database 26 丨 9, which contains many decisions, and decision server 2617 decides based on the decision: Whether the action is allowed. The Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs printed a request body 2603, a decision executor 2609, and a decision server 2617. Located anywhere. The only requirement is that there will be a message transmission medium between the requesting entity 2603 and the decision implementer 2609, and between the decision implementer 2609 and the decision server 2617. The requesting entity 2603 and The decision allows the media between requesters 2609 to request the entity 2603: to send a message 2605 requesting an action to be performed on a resource R2611 (1) to the decision executor 2619; and to receive a message from the decision executor 26 〇 9 action response message 2607 'It indicates whether action is to be taken and if so, the result. The media between the decision executor 2609 and the decision server 2617 allows the decision executor 2609 to request a decision% 13 , Sent to the decision server 2617 'so request the decision server 261 7 instructions: In the decision server 113- This paper size applies the Chinese National Standard (CNS) A4 specification &lt; 210 X 297 Gong) 4648 1 2 A7 _ B7 V. Description of the invention (111) whether many decisions in the server database 2 6 19 are allowed-a given requesting entity takes a given action relative to a given resource; and requests the decision server 2617 to use 2615 kinds of decision-making to respond to the request of the 2613 decision to respond, the back should indicate: whether the decision would allow many states to request action decision. It should be further noted that the actions controlled by the decision executor 2609 need not even be performed by one of the components of the publishing system. For example, many decisions in the decision database may be controlled by library patrons, and the actions specified in the decision may be library pages that have a book extracted from the bookshelf. The format of the decision request message 26 13 and the decision response message 26 15 are defined by a decision communication protocol. Examples of some standard decision communication protocols that are currently being developed are: the Common Open Decision System (COP0) Open Policy System (COPS), which can be accessed online: as described on June 21, 1999 , The URL is: http: &quot; www htf ... / internet-drafts / draft-ietf-rap-cops-06.txt: and Remote Authentication Dial In User Service (referred to as RADIUS; Reference: Internet Standard RFC2138). The decision server 2617 obtains the information needed to generate a decision response 2615, and then provides the response to the decision executor 2609. The decision server 2617 includes a decision server database 2619 containing a number of decisions, the decision including: one or more decisions regarding the requesting entity 2603 having requested the decision executor 2609 to perform an action on a resource R2611 (i). The decision server 2617 will query the decision server database 2619 in order to indicate some bits related to decision 114- This paper size applies the Chinese National Standard &lt; CNS) A4 specification (210 X 297 mm) a Off βί% 5 a Rabbit η

I Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs 46 48 12 A7 Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs __B7_____ V. Invention Description (112), and then apply them to decision request 2613. Doing this may require the decision server 2617 to obtain other decision-related information 2623 from any location accessible by the decision server 2617. An example of such a process is the technique described in the discussion of the access filter 203; by this technique, the access filter 203 obtains additional identification information about the user. If the information obtained by the decision server 2617 from the decision server database 2619 and other resources indicates that the action is allowed, the decision server 2617 sends a decision response 2615 instructed in this way, and the decision executor 2609 executes such as 26 10 indicates the action, and the result is returned to the requesting body 2603 through the action response 2607 ': if the decision response 2615 indicates that the action is not allowed', the decision executor 2 6 0 9 sends a message indicating that the action is not allowed Action response 2607. An important advantage of separating the decision implementer 2609 from the decision server 2617 is that it is possible to construct the decision implementer 2609 at many different levels in the system. It is understood that the system includes some systems composed of many devices connected to the network . The decision server 26 may contain decisions for any decision executor &apos; Therefore, actions that may be governed by that decision are no longer limited to actions taken at one or more levels of the system. Figure 27 shows a system 27o with many components, which are connected by a network including a public network 2702 and an internal network 103. At the highest level, the system 2701 has: one or more policy decision points 2723 that determine whether a decision allows page actions; and one or more decision execution points 2 7 2 1, many of which Decisions are made. Decision-making decision points will include decision-making service η loss η back a writing 1 binding III binding -115- This paper size applies Chinese National Standard (CNS) A4 (210 X 297 mm) Λ 6 A 8 1 2 Α7 --------- Β7 ______ 5. Description of the invention (113), device 2617; and the decision execution point will include a decision enabling device, that is: a type of device that can perform the function of the decision implement 2609 Device. The communication between the decision decision point and the decision execution point is through a decision message 2725, which includes: a decision request 2613 and a decision response 2615. When an entity 2603 requests to use resource rule 2611 to perform an action, the action will be performed by a device controlled by decision execution point 2721. Decision execution point 2721 will exchange decision information 2725 with decision decision point 2723. In order to decide: whether the action is allowed; if so, a decision such as line point 2 7 2 1 will cause the action to be executed. Among the many decision-enabling devices included in the system 27001 are: • Decision-enabling router 2713, which executes decisions at the level of routing guidance traffic in the physical network; • Decision-enabling subsidiary device 2719, It executes decisions at the level of the device attached to the system's 2701 network. An example is a printer, which can consult the decision server 2617. to determine: 疋 Whether to accept a print request from a certain entity 2603. • Decision-enabled application 2717, which executes decisions at the application level. The Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs prints out each decision enabling device "will process the decision in the same way as described in Needs Policy Application Note 9: When the decision enabling device receives it, it must decide the action request Whether to comply with the many access decisions established in the decision server database "^ for an action request 2703, it will send a decision message 2725 to the decision server 2617; and when it receives the decision Will respond to the message, allowing or denying it as indicated in the decision message -116-

This paper scale applies the Chinese National Standard (CNS) A4 specification (210 X A7 B7. V. Action of the invention description (114). Continue to discuss in more detail the level of operation of the decision enabling devices in Figure 2 7 Capable router 27 丨 3 may maintain some tables for the permitted sources and destinations of the many subcontracting information it routes; when router 2 713 is initialized 'these tables are provided by the decision server% 丨 7 Information is created; since then, when router 27 丨 3 receives—a type of subcontracting information with a source or destination not in its list, it sends a decision message 2725 to a decision server indicating the source or destination Server 2617 'and the decision server 2617 responds to this message by indicating whether it intends to include the source or destination in some tables. Of course, when the decision server database 2619 changes, some tables of the router 2713 may It will also be updated by the message sent by the decision server 26 17 to the router 2713. As can be seen from the foregoing, the router 27 丨 3 will be accessed before In the construction example of the device 203, the IP filter 2019 performs decision check at the level of the 2001. The Intellectual Property Bureau of the Ministry of Economic Affairs employee consumer cooperative prints the decision-enabling auxiliary device 2719, such as a printer attached to a network. The device is capable of responding to a request made by an entity 'so as to use it with a decision message sent by the decision server 2617 and based on the information it receives from the decision server 2617 Continue. This decision enabling accessory 2719 would allow the granularity of control over these devices to be more fine-grained than the access check at the level of the access filter 203 might allow. Finally, the decision enabling The applicable application 2717 will allow: decision-making to be performed at a higher level than the access filter 203 may allow. As long as the decision -117- this paper size applies the Chinese National Standard (CNS) A4 (210 X 297) (Mm) A7 164812 _______B7 V. Description of the invention (115) The installation of the IIIIII subscription server database 2619 contains many information that is being accessed by applications. Source decision information, the decision enabling application 2717 can exchange decision information 2725 with the decision feeder 2617, and thus can decide whether to allow or deny the action being requested by the user of the decision enabling application 2717. Decision An example of an enabled application 2717 is: an application that builds an Internet service such as FTP, HTTP, or SMTP. This is the level handled by many proxy servers 2031 in Figure 20 because of the service It may now be decision-enabled, so a proxy server is no longer necessary; instead, it can only pass the Internet communication protocol to the system where the service exists, and the service will provide the storage requested by the communication protocol. Take operation. As shown in Figure 27 ', the service can then personally exchange decision message 2725 with decision server 2617 to decide whether the requested access operation should be allowed. Printed by the Consumer Property Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs, another example of a decision enabling application 2717 is a document processing program. In this case, the decision server database 2619 may contain some decisions' which states: a collection of users who have the right to modify a collection of files. When the user uses the program to select a document for editing, the document processing program can exchange decision information 2725 with the decision server 2617; and if the decision response instruction from the decision server 2617 indicates that the user may not modify Document; the document handler may instruct the user and refuses to allow the user to modify the document. As can be seen from the foregoing, the separation of decision evaluation and decision execution and the extensible nature of decision definition actually collectively allow: any operation that a program can perform on an item resource becomes the subject of a decision; therefore, make -118- This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) Α7 ______ Β7 V. Description of the invention (116) The access control system is like those shown in Figure 27: not only the scale scalability but also Easy to manage and easily adapt to any current or future device or program. It should be noted here that in the access filter 203, the decision evaluation and decision execution are logically separated, even if both are contained in the same device. When reviewing view 20 according to FIG. 26, it is obvious that: GUI 1915; startup, log-in, alert, and report module 2027; database total pregnancy green 2028; ISDB management program 2027; PCS 2025; and MMF 23〇1 will build a decision server 26 丨 7; the remaining components will build a decision implementer 2609 that operates at the IP filter and Internet communication protocol level. General rules for decision making: Figure 2 8 In the access filter 203, the administrator who appropriately accesses information: can define new users and user groups, can define new resources and information sets, and can add services and servers. Administrators cannot define actions that are different from accessing information. And ‘the methods anyone can use to define new user groups are fixed’ and resources are limited by the source of the information. In the generalized decision server of the preferred embodiment, these restrictions have been removed. Now the admin is going to define: new actions, new ways to define user groups, and resources that are not information sets are possible. Of course, the right to make these definitions is itself determined by the decisions in the decision server database Mb, as explained in relation to the management decision in the access filter 203 and the decision maker decision. In most systems, the definition: many types of entities' resource types, and types of actions should be limited to ____ -119- This paper size ¥ Hour_ house standard A7 B7 V. Description of the invention (117) belongs to the use of "security officials" Group of people. These new possibilities are illustrated in a generalized decision syntax 280 for the decision statement shown in Figure 28. The generalized decision grammar 281 describes how to present the decision to the administrator in the window to which the decision can be manipulated. In Figure 28, the items in italics are part of many decision statements that may be defined by the administrator of the decision server 26, which has the right to access the decision server data. Library 2619. Items in square brackets are words that make the items in italics relate to defining a decision. For example,

Employees are allowed to Access the HR Web Site (Employees is a user group, Access is an action, and HR Web Site (HR Website) is an information set; this decision statement allows: any user belonging to the "employees" user group to access any resource belonging to the "HR website" information set. Intellectual Property Bureau, Ministry of Economic Affairs, Consumer Consumption Cooperative Printing continues to discuss the generalized decision syntax 28 in more detail. Entity represents a group of users whose members are: one of many technologies used in the access filter 203; Or it is defined by a technology defined by the administrator of the decision server 2617. The only requirement for the entity is that it must be recognizable by the decision implementer 2609. The action represents; it may be just like access filtering An action such as an access operation in the server 203, or an action defined by the administrator of the decision server 2617. The only requirement for the action is Decision-making purposes 2609 can perform actions on a resource ^ Resource (resource) -120- This paper represents a scale suitable for China National Standard (CNS) A4 size (210 X 297 mm) S d B ^ 2 A7

Information set. However, in a universal decision feeder, a collection of information, such as a printer or a file server, is one of many devices. The only requirement is to make the decision executor 2_ able to perform actions on resources. Timelntervals (Time Interval) 2809 allows administrators to define—the types of decisions that are being specified using a common decision syntax Time: (temporal restriction). When a decision is being evaluated to determine whether a given user has access to the existing resource, a time-interval decision will be considered only if the evaluation time is within the time interval. For example: 3 Employees are allowed to Access the HR Web Site from 9:00 am-5: 00 pm weekdays. Our access to the HR website is limited to normal business hours. In a preferred embodiment, the time interval may be defined as follows: • The range of the beginning and end of the working day each day; • The range of the beginning and end of the working day; • Restrictions on weekly working days and holidays: You can choose to change the weekly Specific working days, and / or dates listed as vacation days are included or excluded; printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs • Restrictions on the working week of each month: weekly, from reference Every X weeks from the date (where X is a number from 2 to 12), or a table of weeks in each applicable month is specified; • The applicable monthly table for each year.

ActionAUribute (s) 2811 are all possible to be decided Chen-121-This paper size applies Chinese National Standard (CNS) A4 specification (210 X 297 mm) 464812 A7 --------- -B7 V. Invention Description (119) Some of the methods defined by the administrator are defined by the administrator. Furthermore, the only requirement is that the decision implementer 2609 is able to perform the action as stated in the attribute of the action. For example:

Marketing is allowed to print to the Marketing Printer with type = color (marketers are allowed to print with a marketer with a print type of color). The reach decision includes the action attribute type = c〇1〇r ( Print type = color), this decision allows users belonging to the &quot; Marketer &quot; (Marketing) user group to use the resources of the marketer's printer to perform color printing. Many additional examples of mobile attributes are: * The type of service required for network communication connections; • The type of routing or media that is intended to be used; • The billing rate that is intended to apply; • The maximum number of this transaction; • Wucheng transaction The maximum time allowed. As indicated by the grammar [with | when] (with | every), energy can be printed by the consumer co-operatives of the Intellectual Property Bureau of the Ministry of Economic Affairs with the time interval and action attributes, and with the entire decision statement. For example, a decision that sets a time limit on a service category looks like this: (Everyone is allowed to access the World Wide Web with bandwidth = 90 ° / 〇when weekends (Everyone is allowed to access Bandwidth = 90% of the World Wide Web Information) -122- This paper size applies to China National Standard (CNS) A4 (210 X 297 mm) 464812 A7 B7 V. Description of Invention (12) Everyone "user Entities in the group every weekend == World Wide Web Information. When the time interval = mobile attribute has been used, it will not be clear if the time interval applied to the mobile attribute = the request to execute the fairy. The actions set out in decision-making are performed as in attributes. Examples of the construction of generalized decision-making: Figures 2 9 and 30/29 show the decision-making database 2901. The decision-making database 290! Is a kind of modification of the decision-making database; Adapt to the generalized decision defined by grammar 2801 and operate in an environment where decision evaluation and decision execution have been separated. So 'in Figure 29' decision query 2939 comes from decision feeder 2617 instead of access Filter 203, thus includes:-a specifier printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs: a specifier of the action, and a source of information or a specification of other resources for which the action is intended ). The result of the decision query 294! Is transferred back to the decision server 2617. In addition to the decision whether the action is allowed-the type is not specified, the result now also includes the number of attributes related to the action. Many of the units in Figure 3 whose functions remain unchanged have the reference numbers that the artists have in Figure 3. Starting from the access decision 3007, the first additional item of information is the access type definition 2929, which Will define: There are many additional action categories, and decisions may be defined in access decision 307 for it. Second, there will be attribute information 2927, which will define: attributes that may be attached to many entities involved in the implementation of a decision. Included in The attribute information 2937 contains the following various types of information: • Attribute designation 2937, which will indicate what is intended to be used with the attribute: user group, information set, website, Service; 123- This paper size applies to China National Standard (CNS) A4 specifications (21〇X 297 public love d6 48 1 2 A7 B7 V. Description of the invention (121) • Attribute mark 2941, it will be defined; in the user interface , Many well-known attribute names; and • attribute characteristics M39 'It will actually define: how the attribute affects many user groups specified by it, etc. Schedule information 29M will define: May be attached The time interval that belongs to a decision or attribute. In the schedule information 2925, the schedule rule 293 1 actually defines the time interval; and the vacation table 2933 is a vacation table used in the schedule rule. Resource type 2935 defines: the type of resource for which a decision may be defined, and user ID type 2937 defines: the type of identification method required for the entity that may define a decision. In a preferred embodiment, what is known from Microsoft Corporation is used:

Microsoft® accesses database software to build the database 2901. Access software is a relational database, that is, the information in the database is stored in some tables. A utility in access software provides: images of some tables and their relationship to each other. Figures 13 to 17 and Figure 30 of this application are derived from those images. In Figure 3, some of the tables appearing in Figures 13 to 17 have the reference numbers they have in those figures; while some new tables have the Ministry of Economic Affairs beginning with "quote 3". The Intellectual Property Bureau employee consumer cooperatives printed test figures. Tables 3001 in Fig. 30 show how some tables used to define time intervals and attributes can be integrated into the decision database 2901. More generally, they show how a decision can be modified by adding additional units, and how many new unit types can be defined for a decision. -124. This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 meals) 4 6 4 8 ^ 2 A7! --- B7 _ V. Description of the invention (122) Detailed construction examples of time intervals Time interval start 'defines these time intervals in the time interval table 3025. This table includes: a schedule definition table 3203, which will define the Dingerongerji 2809 that may appear in the reading of the generalized decision grammar The name in the table; and-schedule rule table 3025, which will define schedule rules that may be associated with the names defined in the "scheduling definition," table help. More than one schedule rule May be associated with an established name. ScheduIeDefICK schedule definition ID) makes each schedule rule defined in Table 3025 related to the schedule using the rules in Table 3203; from Omachi] ^ _ (Work day masking) to £ 11 £ 10 y (end date) define the timing rules. &quot; DescripU〇n ,, (Description) The shelf contains a description of the rules and their purpose. Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs As mentioned below, time intervals may be defined for the entire decision and for the attributes in the decision. Thus, each decision defined in the &quot; access decision, table now includes a ScheduleDefID field. Each such stop will contain a Schedu eDefID identifier defined in one of Tables 3023 for the time interval intended to be applied to the decision. Therefore, when the decision server 2617 is deciding whether a decision is applicable to an action request, via: the SchediileDefID field for the time interval in the entries in the decision table 161 丨; it can indicate the application To — The location of the time interval for the decision. Similarly, the "attribute designation," Table 3007, will associate attributes with: user groups, resource sets, websites, or services; the table includes: for any time that is applicable to that particular attribute designation A ScheduleDeflD field for the interval. Finally, it is used to define the interval _ -125- This paper size applies the Chinese National Standard (CNS) A4 specification (2J0x 297 public love) 464812 A7 B7 V. Description of the invention (123) The mechanism is also used in a preferred embodiment for scheduling alert information; therefore, many of the entries in Table 3023 can also be taken from the "AlertSchedules" Table 3202 Indicate the location. Detailed construction examples of attributes will be used to define a number of attributes and make them relevant to what may be applied: user groups, resource groups, websites, and services. Some tables are shown in the attribute table in Figure 30 3003. A given attribute is composed of three types of tables: &quot; attribute tag &quot; table 3005 '&quot; attribute &quot; table 3011' and &quot; attribute specific &quot; table entry in table 3009 Defined. & Quo t; attribute tags &quot; Table 3005 will define: tags for attributes in ActionAttribute () within the decision definition syntax 2801. Each such tag will have a posting item that includes; the tag itself , The description of the attribute, the precedence of the tag, and the type of the attribute. The precedence of the tag defines what attributes will be applied when more than one attribute is connected to the decision evaluation. When one designation has one attribute over another When an item is assigned a higher priority, the item with the lower priority will be ignored. Each attribute tag posting item is identified by an "AttributeLabellD" (attribute tag. Ministry of Economic Affairs) Each posting printed by the Intellectual Property Bureau employee consumer cooperative in the "attributes" table 3011 will contain the current definition of the attribute. The definition may have one or more of the entries in the &quot; attribute tag "table 3005 Multiple "attribute tag ID &quot; stop. The tag defined by the entry in the attribute tag table 3005 indicates that the attribute • The attributes defined by the entries in Table 3011. The current meaning of attributes is defined by some of the stops in Table 3011. Including: description of the attribute, its type, the ID of the server to which it applies, and About the device type of the server. Three -126- Home Standard (CNS) A4 specifications (210 κ 297 mm) 46 48 12 A7 B7 5. Printed by the Consumers ’Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs, Invention Description (124) a ft Μ ΐ ί i and% i 1 fields: &quot; AttributeFeaturelD &quot; (attribute feature ID), "valuel" (number 1), and "Value2" (number 2) are fields of particular interest. There must be at least one "AttributeFeatureID" field. This field will identify one of the attributes listed in table 3009, and the table will define the types and ranges of many numbers in the two properties. "Va] uel &quot; and" value2 &quot; will define: the current range of a single number (Valuel), or the current range of two numbers (both Valuel and Value2); this number is selected from the "attribute characteristics" table The types and ranges of many numbers defined by the attributes in 3009. As will be apparent from the foregoing, the attribute characteristics &quot; Table 3009 can be used to define many new attribute types. In Table 3 Each entry in 〇09 will include the "attribute characteristic ID" identifier and some stops to indicate the location of the entry: • Category: the name of the category to which the attribute belongs (for example: service quality, final Account rate, or maximum number of transactions) ° ° Feature ID: a number that uniquely defines a feature within its category; • Name: the name by which the user understands the feature; • Description: a type of feature Description; • Number type: A definition that defines one of the many types of attributes (for example, whether a single-number or a pair number is required, and data type information); • Feature priority: an indication of order, according to the The sequence applies many characteristics to the evaluation attributes; • Number priority: an indication of whether to choose the highest or lowest number in the range; and 127. This paper size applies the Chinese National Standard (CNS) A4 specification (210x297). Love) 464812 A7 B7 V. Description of the Invention (125) • Restriction: An indication of the limitation of data. To define new attribute categories, the administrator who is allowed to do so by the decision of the decision server 26, 7 simply defines the features for the new category in the &quot; attribute feature &quot; table 3009, and then begins to define the attributes that use those features. The continuation feature may be anything that makes sense for the decision implementer 2609 where the decision is to be made. It should be noted here that some of the above-mentioned general techniques that may be used to define many new types of attributes may be used elsewhere in the decision database 2901 in order to define many: new actions, new methods to identify users, and new Resource Type. -Once the attribute has been defined by the information in three tables: 305, 301, and 2009, it will be related to the entity to which an attribute may be applied. This entity is called: the subject of the attribute. &quot; Attribute Assignment &quot; (AttHbuteAssignment) A printed form 3007 from the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs will state these relationships. Each entry in Table 3007 associates the attribute stated in its "AttributeLabellD" with a single subject; moreover, it may cause the attribute to be associated with a user group Relationship, and members of the user group may perform an action involving the subject. If the posted item does not specify a user group, the attribute applies to any use of the subject. It states that the 'attribute' will only be applied when the user group uses a subject. The subject may be: a user group, a resource set, a website 'or a service; it is like having many fields. "User group ID &quot;," The resource group ID &quot;, &quot; website id &quot;, and the &quot; server ID &quot; Additional fields in Table 3007 indicate whether the attribute is active (ie: intended to be currently applied), when the application should start, when it expires, and whether the attribute involves a time interval, for time-128 -This paper size is in accordance with China National Standard (CNS) A4 (210 X 297 mm) 464812 A7 V. Description of the invention (126 interval &quot; ScheduleDefiD "number. Given to-Many genus of the given entity: Medium ==: Instructions: In * When deciding which attributes to apply in formulating a policy, the server 2617 continues as follows: Apricot '万 面 中' decision # Decision evaluation related users ^ ^ Decision evaluation is targeted at the pointing chain And search for the "user group" in the table _ followed by from Table 3 :, the value will go to the second in Table 3005, the attribute of the many communication words that belong to the last The characteristics of the attributes in Table Satoshi ... have =: Γ = (: outside of Table 3011) will contain priority information, use: 2 to determine: for those attributes found along all communication links, 'in the table rule What properties will actually be applied to The Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs, which evaluates policy evaluation, prints these priorities individually for each category of attributes, as defined by attribute characteristics in table employment. Within each category ' : Consider first: Priority in attribute assignments in table 3007. Although all assignments that share the same priority order will be considered, only those assignments with the highest priority number will be taken into account-next step is considered. For the remaining linked attributes, the tag precedence in the attribute tags in Table 3005. Although all tags that share the same tag precedence will be considered, only those tags with the highest priority number will be Further steps are considered. Secondly, consider: For the remaining stitched attributes, the feature priorities in the "Entry features" table entry in Table 3009. Only those attributes that share the highest feature priority order Will be retained. -129- This paper size applies to China National Standard (CNS) A4 Vision (210 X 297 mm). Bureau employee consumption cooperation printed A7 B7 V. Description of the invention (127) Finally, for each attribute in Table 3 011, the attribute is linked to the same entry in the "Attribute Characteristics" table 3009; In the "attribute feature", the priority of the numbers in table 3009 is used to decide which attribute from table 3011 to use by indicating whether the highest or lowest number is to be selected. At this time, for There are many related attributes and attributes listed in Table 3 009, and Ji 'is defined in Table 3, at most one attribute will remain the same, and the numbers and characteristics in these published items will be transferred back for evaluation decision making. In some cases, the request may indicate what attribute numbers are needed; and 'if they do not match those specified in the decision, the request may be rejected; in other cases, many attributes are counted Provided to Decision Enforcement 2609 for use in performing actions. The attribute table 3003 and the time interval table 3025 are optimized. Τ is particularly preferred as described in the discussion of the accessor 203 above and illustrated in FIGS. 21 and 23. The decision server 2617 in the embodiment optimizes the decision database 2901 by generating a large number of MMF files 23 03 therefrom. In the preferred embodiment, two new MMF files have been added to optimize the information in tables 3003 and 3025. The two new MMF files are as follows: • DBProperperS file: contains all &quot; characteristics, attributes, and schedules that can be applied to other objects. This index (mdex) is used on those other objects &Quot; Feature j D ,, 0 indexed in the DBPropertiesMetaDataC database &quot; file: all properties have a name. This file is added by the property type name -130- this paper The ruler uses the Chinese National Standard (CNS) A4 specification (210 X 297 public love) ----------- ί * installation -------- order * A7 B7 V. Description of the invention ( 128) Indexed (for each property name included in the DBPmp㈣es file 'has a entry in the index); and map some names to a list of many properties 10 so that they are in the DBProperties file Quickly detected. User interface for time intervals: Figures 3 1 to 3 3 Figure 3 1 to 3 3 shows: &lt; Used in-preferred embodiment, the window used in the graphical user interface ; Used to: see what time interval (or schedule) ) Has been defined, defining a rule for a time interval, and using a time interval to be associated with a decision. Beginning with Figure 31, the figure shows: a window to display a defined schedule 31 〇 2. Sub ^ window (SUbwindow) 3103 will list all the defined schedules according to the name, and the window 3 〖〇6 will list all the defined rules by the name. The displayed information is from ... &quot; Schedule definition, Table 3203 and &quot; Schedule rules &quot; Table 3025. Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs, the user must choose which rules the schedule name indicates. The name in the sub-window 3 103, as shown at 3, where the "non-working time" has been selected. This schedule has two composition rules: one indicates that the workday of each week is displayed at 3107; the other indicates that Saturday, weekdays, and sports holidays are displayed at 3109. When selecting a schedule name, the rule (s) that belong to it will be highlighted in window 3 丨 06. Conversely, when a rule is selected, the schedule name of many schedules that use the rule will be highlighted. Β is displayed at 3 丨 丨 丨 in the window 3 丨 〇6: Rules for business hours: And in the sub-window 3 丨 〇3: Other schedule names. 131 · This paper size is subject to China National Standard (CNS) A4 regulations. (210 X 297 male cage) A7 ----------- B7 __ V. Description of the invention 〇 29 New schedule, when the sub-window 3 ι〇3 is in the active state • Press the add button and enter the name of the new schedule; then select the new private schedule and highlight some of the rules that belong to it Sub-window 3 丨 〇2. To change some of the rules assigned to a schedule, first select the schedule name and then select a different rule for that name in subwindow 3106. To generate a new rule for an existing schedule, first select the private name of the schedule and click the "Add" button. A new rule may be generated at that time, as described below in the sub-window 3106 At middle time, you can also click the Add button to generate a new rule, and then make the new rule related to a schedule name, as described above. It is also possible to associate a rule with a schedule name by dragging the rule to the schedule name and discarding it on the schedule name. Printed by the Consumers' Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs The window used to generate a new rule is shown at 3201 in Figure 32. This is the window used to modify an existing rule or generate a new rule. To modify an existing rule, double-click it. Entering information in the window will allow the user to: define the time interval being applied to decisions or attributes based on the validity of the scheduled time (3203), define the weekly working day (3205) where the selected time is valid ), Define the work week in which the schedule is valid (3207) 'and define the annual part of the schedule in which it is valid (3207). As shown in the figure, the window 3 2 01 defines the schedule shown in FIG. 31 at 3 111. The schedule is indicated by the opening hours • '. The information displayed in window 3201 comes from the "Scheduling Rules" table 3025, and many modifications made using window 3201 are applied to the table. Figure 3 3 shows: used to increase the time interval to an item Vision of the definition of decision-132- This paper size is applicable to China Standards (CNS) A4 (210 X 297 mm) 4648 1 2 A7 -------- Printed by the Intellectual Property of the Ministry of Economic Affairs and the Consumer Cooperative Fifth, the description of the invention (130) window. Windows 3301 will be accessed by many users belonging to the "community" (croparate) user group "community," the information set is limited to: as indicated at 3303, "Business hours" schedule. When the user taps the box 3303, the entire list of many defined schedules will be displayed, so the user may choose one of them or add a new name. When When the user clicks the "definition" button 3305, a window 32 for the selected decision will be displayed. If a new name is being added, the user will write a window 3201 for the new schedule if necessary Based on Figure 30, select in Figure η — The schedule will cause the access decision "ScheduleDeflD" in Table 16II to be filled in: for, the schedule definition "identifier of the entry in Table 3023; and Table 3 23 will include the name of the scheduler in its "name". If the name of the scheduler is new, a new entry will be added to the table for the new name. Table 302. If it is added or modified A rule, the "Scheduling Rules" table 3025 will also be modified. User interface for attributes: Figures 3 to 3 7 The user interfaces for attribute definitions and assignments are similar. Figure 34 shows: A window 3 4 01 listing a number of currently defined attributes of the type of quality of service (QOS). These attributes determine how much bandwidth is available for an access operation being performed based on a given decision. At 3401, some attribute tags or names are listed. Here, four QoS attributes are defined: three types indicate the amount of bandwidth (&quot; high, &apos;, &quot; medium &quot;, &quot; low., And one Γ highest priority &quot; indicates the priority when there is a conflict (Priority). All of these properties have one. Priority, as shown at 3405. Many bandwidth attributes are all defined by "bandwidth" characteristics, as shown at 3407. The "number" for each attribute is defined in 3409 -133- Use Chinese National Standard (CNS) A4 specification (210 X 297 mm) η Clip κ Labor & &gt; ϊ I Item Write this page

X Binding A7 B7 464812 Fifth, the description of the invention (131). Only "highest priority" will have "Number 2". As stated in Windows 3401, the QoS bandwidth attribute: "High" will receive a maximum bandwidth of 512,000, ', Medium, will receive a maximum bandwidth of 64000' and "Low" will receive a maximum bandwidth of 32000. Regarding the "highest priority", the priority stated in the attribute must be in the "quotation number 1" and "quotation number 2" Between two numbers. The information in window 3401 is of course from three tables: 3005, 3011, and 3009. Figure 35 shows a window 3501 used to assign a QoS attribute to a user group, information set, website, or service. In the sub-window 3503, it is shown that ... For all user groups (3507), how have the three types of QoS bandwidth attributes (3,509), "medium", "high" and "low" been assigned to the World Wide Web Service, file transfer service, and remote access service (3511); and how the "High" Q〇s priority attribute has been assigned to the "Finance" user group subject. Many different The designation of will reflect the fact that bandwidth is an attribute of a communication service, and priority is an attribute of one of the users of the communication service. Therefore, within the bandwidth available for network services, the 'financial' user group Many members of the group have high priority. As shown by this example, more than one action attribute may be applied to a decision. If you can choose the intellectual property of the Ministry of Economic Affairs from two pre-view windows 3513 and 3515, respectively Bureau employee consumer cooperatives print and select some user groups and themes to generate theme-specific attributes, which will promote attribute designation. Of course, the choices made in this window will be applied to, "Attribute Assignment" Table 3007. Windows 3503 can be further used in the same general way as Windows 3, which touches many of the windows used to define attribute marks and features. -134- This paper rule __ (〇Ν3) Α4Ί ^^ Ι ^ 297 464812 ^ _____ Printed by A7 B7, Employees' Cooperative of Intellectual Property Bureau of the Ministry of Economic Affairs, A description of the invention (132) Figure 36 shows: used to read, Modify, or generate, the attribute tag "window 3601 of one of the entries listed in Table 30i. Here, the entry being read is for the" Quo "QoS bandwidth attribute. At 36〇3, the following items are displayed: "Remarks,", M description ", and" Mark priority ", and the number of stops. An administrator with appropriate access rights can of course change the number of bits through the window 36. At 3605, 'display: for the attributes associated with the tag, from ,, attributes' information in the entry in the table 3011. There is displayed: &quot; numerical number 1 &quot; the current number in the posted item' And the name of the feature. Of course, the feature name comes from the 'Attribute Feature' table 3009 for this attribute. Furthermore, these data may be edited via Windows 3601. The button 3607 is used to view a window that displays: the complete contents of the feature entries in the "Attributes" table 3009. Figure 37 shows the window. Window 3701 is used to define A window with many new attributes for a given attribute category and many new attribute categories. Of course, the window will operate according to the number of entries in one of the "Attributes" table 3009. Box 3703 is one of many attribute categories A new category may be defined by adding to the list. Box 3705 is the name of the current feature; a listing is uniquely identified between them (category and name), and the category and name correspond to those in table 3009 Among the many entries, _ category, | and I, name, • two fields. In this case, the entry is for q〇S "Priority attribute". &Quot; Description " Box 3707 will contain the number of "descriptions" in the item being viewed. 3709 indicates: what kind of data type the feature has ′ here is a pair of numerical values, as indicated in FIG. 34. At 3 7 11 there are currently displayed two barriers of "characteristic priority" and "number priority" -135- This paper size applies to China National Standard (CNS) A4 (210 X 297 mm)

η first η% 5 of 'Δ η Write I 464812 A7 B7 V. Description of the invention (133) Setting 値; and at 3713, any restriction information will appear. Improvements to the standardized policy server_ The following discussion will begin with the use in a preferred embodiment of a protocol that allows information to be transmitted between the elements of the policy and the standardized policy server, and then will be used in access In a preferred embodiment of the control system, the administrators of the access control system define their own methods to collect information about a user, and simply provide the information to the το pieces of the permission policy 'or use this Information to authenticate users, or determine users' membership in a user group. The access request is treated as a database query: Figure 3 8 _ 4 0, 5 4 Figure 38 is a block diagram of a system incorporating improvements to the standardized policy server disclosed herein. In FIG. 38, the components of the access control system disclosed in the parent case of the present application or the parent case of the parent case, there are drawings of the parent case or the parent case of the parent case in which they use the reference number β modified agreement 381 丨 Transmits information between an element 2609 that allows policy and a standardized policy server 26 [7]. In most cases, this agreement will be performed on a network that connects component 2609 and server 2617. Printed by the Employees' Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs In this improved agreement, access requests from elements 2609 that allow policy are in the standard SQL query format. The response to the query from the standardized policy server 2617 depends of course on the content of this query; the minimum 'query result indicates whether the access request is allowed or denied. In the standardization strategy server 2617, those queries are interpreted by a new agent in the agent 2031, namely the virtual database (VDB) service 3813. VDB service 3813 simulates a SQL database server; in a preferred embodiment, it is not a simulation -136- This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) 464812 A7 B7 V. Invention Explanation (134) A SQL server using the well-known TDS protocol is a simulation of an Oracle® database server using the well-known TNS protocol. Of course, in other specific embodiments, the VDB service 3813 can simulate any mechanism that receives an input and selects a list set after this input. As explained previously, an agent is software that intercepts traffic of a particular protocol in a general policy server 26,7. The Agent understands that it is intercepting the agreement and can obtain the information needed to identify the resource being accessed and / or authenticate the user from the messages exchanged during the transaction. The agent provides the information it has obtained from the transaction to the evaluator 2036 to determine whether the user has access to the information resource. The evaluator 2036 makes a decision using the mmf version 2301 compiled by the strategy db. In the case of the VDB service 38 13, the vdb service 38 Π does not intercept the traffic, but only receives the information in the agreement used by the database system simulated by the VDB service 3813, explaining a query contained in the message to obtain the necessary results And then return a message containing at least this result to the element 2609 that allows the policy. Virtual database-Figure 54 Because VDB service 3813 simulates a relational database agreement, the query information appears as a table organized for each potential user of the resource controlled by element 2609 of the allowed policy / The potential resource combination has a row and the rows that define those columns printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs. Each field in a row contains the number of rows in the row to which the field belongs. Queries on relational databases are often written in SQL. Which query of the relational database table has a common format: SELECT &lt; List of stop names &gt; from &lt; Relationship database table name &gt; -137- This paper standard applies Chinese National Standard (CNS) A4 specifications (210 X 297 mm) 4648 1 2 A7 _________ ^^ B7 V. Description of the invention (135) WHERE &lt; «field name, number pair &gt;, operator &gt; list &gt; give a simple example If each column of a AccountBaiances table has three fields' DepositorName, AccountID, and Balance, each field contains its name as indicated, the depositor &quot; R. Date &quot; and account identification &quot; 549362 &quot; The query for the account balance is like: SELECT Balance from AccountBalances WHERE DepositorName = 'R.Date, AND AccountID =' 549362 'The WHERE clause indicates the fields it will use to select those records that are of interest in the table column, and How those numbers will be combined; the SELECT clause indicates which fields of the selected i record will be returned by the query. Therefore, in the above example, 'If there is a record in the table AccountBa! Ances, its DepositorName field has the number "R Date_, and its AccOuntID field has the number" &quot; 549362 &quot;' This query will return The number of the field ACC0untBalances. The member of the Intellectual Property Bureau of the Ministry of Economic Affairs and the Consumer Cooperative printed VDB service 3813 called a virtual database service because those queries are performed on a virtual relational list rather than a solid list. The reason for this is that those queries processed by the VDB service 3813 are to find out whether the access policy in the policy database 3825 will allow users who are requesting access to an information resource to have the information resource stored. Take power. A solid relational database listing of this kind of query For each potential user, the information resource> pairing will have to be in the listing because any potential user may request access. In most applications The list of real-world relational databases will not only be too large to be acceptable, it will be undefinable because ____ -138- ^ The paper scale is applicable to Zhonggu Guo 豕Standard (CNSXA4 specification (21〇X 297 public love) &quot;-46 48 1 2 A7 B7 V. Description of the invention (136) will not know who all potential users are. Figure 54 shows the VDB service 3813 and virtual The relational database table 5411 is a virtual relational database system 5401. The virtual relational database table 5411 does not exist, but it appears to the application that queries it. From the application point of view, the virtual The relational database table 5411 behaves like a solid relational database table 5411. The virtual relational database table column 5 411 presents a number of virtual columns 5413 (0. .q), each column There are many fields 5415 (0. _P). When a user performs a query on the virtual table column 541 1, the WHERE clause of this query determines which column is selected 5413 'and the SELECT clause returns the selected column Which of the columns is 5415. Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs Of course, the columns described by the investigation and the stops returned are as virtual as table 5411. Even if table 54 11 VDB service 3813 does not exist Enough to respond to query 5403 'Because it can use the information in the WHERE clause of the query to find and retrieve the results from one or more information sources 5409 described in the SELECT clause. After retrieving the results, Vdb service 3 813 Create a column 5417 corresponding to the combination of the virtual column 541 3 (i) selected by this query. The combined column 5417 at least includes a solid stop 5419 that will return the results returned by the query. The combined column 5417 is created for each query, and for each query, only those columns required by the virtual table columns described by the query are required-as many columns. Information source 5409 may include information sources that are regional to VDB service 3813, or non-regional sources, and may even include other databases. Virtual relational data used in the standardized policy server 2 617 -139- This paper size applies to China National Standard (CNS) A4 (210 X 297 mm) 48 1 2

V. Description of the Invention (137) In the specific embodiment of the library system 5401, the 'allowed policy element 2609' responds to a user's access to a resource by making a query on the virtual relational database list p0liCyEvai. The request.select clause describes at least one bit that indicates whether the user has access to the resource. The where clause describes the information that allows the standardized policy server 2617 to determine whether the user does have access rights. The policy server In a presently preferred embodiment of the orchestrator 26, the information described in the WHERE clause may come from the element 2609 that allows the policy, from the evaluator 2036, and / or the authentication coordinator 3829. The authentication coordinator 3829 will be later Explain in more detail. Depending on the query, the various fields of the user's concept column 5417 are returned to the element 2609 that allows the policy. Other specific embodiments of vDB service 38 13 can of course be used to obtain and return the necessary Information in order to answer this query. The information in the WHERE clause printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs is applied in the virtual relational database system 5401 Source 5409, rather than the number of columns in a relational database table. The interesting result is that 'a number in a WHERE clause is comparable to the number obtained from a source 5409'. Comparison of methods not available in the relational database system. For example, if the user's 15) address is in a range of IP addresses, a user may belong to a group that has access to an information resource. User group; the source of information may directly define the range of IP addresses, and when evaluating the WHERE clause, the VDBifi server 5407 just determines whether the IP address in the WHERE clause is included in the range. The same technique can be used with style matching. For example, if a user's email address is a company email address, a user might belong to a user group. If all the company's e-mail addresses are -140- This paper size is applicable to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) A7 f648 1 2 B7 ~ — 1 — V. Description of the invention (138) &lt; 311 丫_511 * 丨 1 ^ &gt; @ (： 011 ^ 3117. £; 0111 format, then when the \ ^ 3 server evaluates the WHERE clause, it only needs to decide whether the user ’s email address is consistent with the * * company, com style. The query succession in the element 2609 that allows the strategy is more detailed, and in a better specific example there are two ways to include the ability to query VD B services 3 8 13 in A component that allows a policy. One way is to add those necessary queries to the VDB service 38 13 to encode a component that allows the policy to execute such as a web application or server 3803. This works with any application that allows a policy And permit access control by any entity manipulated by the elements of the allow policy, as described in the parent case of this patent application. For example, the entity that controls access may be a field in a document. Another method is to use a policy The plug-in module performs those queries. A policy plug-in module is an addition to an application that allows the application to perform policy evaluation. For example, many web applications have the use of a policy plug-in module 3805 provided. If a policy plug-in module has been provided for the web application, 'When the server receives the URL of the next web page to be fetched from the browser, it provides those web pages to the browser and activates the plug-in module. When the plug-in module When executed, it determines whether the browser can access the web page, and the server only provides the web page to the browser when the policy insertion module so instructs it. When the access control is done by the standardized policy server 2617, the insertion module pair The VDB service 38 13 performs the necessary sentences to determine whether the browser has access rights. As indicated by FIG. 38, the policy insertion module 3805 in a preferred embodiment of the system 3 8 01 may be a load. Balanced, that is, they can be -141-This paper size applies the Chinese Gardener's Standard (CNS) A4 specification ⑽ x 297 public love) (Please read the precautions on the back before filling this page)- Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs 4648 1 2 A7 B7 Printed by the Consumer Cooperatives of the Intellectual Property of the Ministry of Economy Employees ’Cooperatives V. Invention Description (139) Can access to many different standardized tactics server 2617, and will Addressing-a specific query 3811 to the one with the least current load. This is of course possible in the standardized policy server 2617, because each standardized policy server in the access control system has-the exact same policy database 3825, and because of those standardized policies in the access control system The servers authenticate each other, making it possible for a standardized policy server to trust the information obtained from another standardized server. A component that allows the strategy does not require special software to make a query to the VDB service 3S13. What is necessary is to convert a query into a message that points to the VDB service 3813 'and belongs to-a database system that can be simulated by the VDB service 38 An interpreted access to a protocol utility. Such public programs are widely available. Figures 39 and 40 provide examples of queries to the VDB service 3813 that appear in programs executed by elements that allow policies, such as a web server or application 3803 or a policy insertion module 3805. Figure 39 shows the commercial interface 3901. ConclavePolicyAllowed 03903 is a function that constructs a SQL query that performs an access check 'to send a query to the VDB service 3813, and to receive and return results. If the result is "Yes", it indicates that access is allowed to the 'high-level interface 3901 execution branch 3905; otherwise, it executes branch 3907. Of course, the contents of these branches are of course inserted into the module 3 805 according to the application 3803 or the policy. How to respond to grant or deny access. Figure 40 shows a preferred embodiment of ConcIavePolicyAllowed () 3903. At 4003, the variables are set to give the policy-allowing entity 2609 access to a standardized policy server 2617. . At 4005, the access is set to the default number "No", so if the VDB service 3813 fails to respond, it will not be checked -142 This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) Please First read the note on the back and then fill in the page binding A7 B7 4648 1 2 V. Description of the invention (140 access rights. At 4007, the source and destination address of the access request, the destination port, and the resources accessed The URL is assigned as a variable. At 409, a SQL query is constructed. It uses the standard SQL format. This query selects the number of the column IsA11〇wed in a column of the relational table column PolicyEval. P〇licy Eva ^ now has a column for each of the resources controlled by the element 2609 of the allow policy—a potential user, a column selected with those numbers described in the WHERE clause, and an IsAllowed field for the selected column, Indicates whether or not that user is allowed to access. However, 'in fact, as indicated above, it is virtual to use' that is, 'the user's &quot; column__ is combined after the access request. Therefore, the WHERE clause is completed using those variables set in 4007, and thus the user is described by a source IP address, and the resource is described by a destination IP address, a destination port, and a resource name. As in this application As explained in the parent case of the parent case, the evaluator 2036 can use this information to decide which user group the user belongs to and which information set the resource belongs to. With this information, the evaluator 2036 is further applied to those uses The access policy of the user group and the sfL set determines whether the user described by the source address will be allowed to access the resource described by the destination IP address, destination port, and resource name. The user identification information is not enough to describe a user group that gives users access to resources. The AskClientForldentities WHERE clause instructs the evaluator 2036 to use ATS 2039 to obtain more user identification information from the user ’s UIC, such as Described in the parent case of this application. At 4011, the objects required to establish a connection to the VDB service 3 8 13 and the objects required to save the query results, and the connection to the VDB service 38 13 is made -143- this paper Standards are applicable to China National Standard (CNS) A4 specifications (210 X 297 mm) n husband ua £; · The matter of intent is to fill in this page and print it out of the Intellectual Property Bureau Staff Consumer Cooperatives of the Ministry of Economy 4648 12 A7 _________ B7 V. Invention Explanation (141) is created with those variables set in 4003. The query described at 4013 'at 409 is performed by the vdb service 3 813 in the policy server described at 4003. At 40-15, if no error occurred during the query and the query has a non-empty result, then the result of this query (that is, the number of IsAU〇wed) is in the first element of the green set. This number is returned by ConclavePolicyllowed. If the query fails, the number returned is the number assigned at 4005. At 4017, those connections to the recordset and policy server are closed, and those related to those connections are set to invalid numbers. Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs

Details of PolicyEval Virtual relational database table: Figure 4 丨 _ 43 Figure 41 shows the outline of PoiicyEval table. Summary of solid database tables 疋 Definitions of tables used in database systems. For PolicyEval, it is used in the policy allowing element 2609 and VDB service 3813 to indicate how to arrange the definitions of those data required for policy evaluation in the query 3S j i. Figure 4 丨 shows the fields that can be used in a preferred embodiment to be used in the SELECT and WHERE clauses of the query provided to the VDB server 3813. Some of those fields are mainly used in customer certification and will be explained in more detail there. When a field is used in a select clause, 'VDB service 3813 either uses the information received from evaluator 2036' or sets the number of stops using the information received in the query. When a block is used in a WHERE clause, the allowed element 2609 sets the number of blocks. As can be seen from the list below, some of the stops are only SELECT, while others are WHERE or SELECT. The query must provide numbers for some WHERE fields for a strategy evaluation to occur; for other fields, use the default number when the WHERE field is not provided. -144- This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) 46 48 12 A7 B7 V. Description of the invention (142) Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs. Type Description Is Allowed 4103 VARCHAR (l) contains Ύ 'or' N1 to show whether the user can access the requested resource, where Y: Yes and N: No. PolicySet 4105 INTEGER The identifier of the current version of the policy used by the policy server to perform the evaluation. "Apply Changes" is executed one at a time and recompilation of those MMF files will increase. This may be useful if the application that allows the policy is caching decisions and needs to refresh / reset the cache when the database changes. HasExpireTime 4107 VARCHAR (1) contains Ύ1 or 1N ', where Y: Yes and N: No, depending on whether ExpireTime has a valid number. If this column contains W, the ExpireTime number is always ignored. ExpireTime4109 DATE The date and time are still allowed to access the requested resource after another evaluation should be performed to confirm access. ExpireSeconds 4111 LONG INTEGER The number of seconds until the policy decision expires (per timetable limit). Can be used instead of ExpireTime for more efficient implementation. ReasonCode 4113 INTEGER Code for evaluating decision reasons Reason 4115 VARCHAR (254) Explanation of the reason for evaluating decisions (For maximum efficiency, use ReasonCode only for debugging). -145- This paper size is in accordance with Chinese National Standard (CNS) A4 (210 X 297 public reply) 464812 V. Description of invention (143) A7 B7 Only the SELECT line data type description printed by the Intellectual Property Bureau Staff Consumer Cooperatives EvalTimeStamp 4133 DATE The date and time when the policy evaluator made the decision. AuthCode 4149 VARCHAR (254) uses the digital signature provided by a trusted policy server in confirming the response. MaybeList4151 VARCHAR (254) Comma-separated list of authentication types that can be used to access the requested resource. PPIs or applications usually indicate what information needs to be collected from the user for authentication. AttributeName 4153 VARCHAR () can be used instead of a web user identifier to get any number of attribute name / number pairs (one for each row). AttributeV alue 415 7 VARCHAR () can be used instead of a web user identifier to get any number of attribute name / number pairs (one for each row). IdentityNumber 4159 INTEGER When multiple identities are present, this is—sequence number 0 IdentityType 4161 VARCHAR () The identity capital used to authorize access. IdentitylsValid 4163 VARCHAR (1) Simple Ύ1 or ‘Ν1 to determine whether the authentication was successful (note that you may be denied access even if the authentication is successful). Identity AuthStatus 4165 INTEGER The response code returned by the authentication module. Identity AuthStatusDesc 4167 VARCHAR (254) Description related to the code above. -146- Guan M η Labors &gt; ί Matters transcribed on this page Binding paper size Applicable to Chinese National Standard (CNS) A4 specifications (210 X 297 mm) 4648 1 2 A7 B7 V. Description of the invention (W) WHERE or SELECT row data type description printed by the Employees' Cooperative of Intellectual Property Bureau of the Ministry of Economic Affairs Application name 4137 VARCHAR (254) The name of the application for query. Note that multiple servlets / services can identify themselves as the same application. SourcelP 4119 VARCHAR (25) IP address in dotted notation. Used if the policy is an IP address (network or application query). DestinationIP 4121 VARCHAR (25) IP address in dotted notation. Used only for web resource queries (not for applications). Cookie VARCHAR (254) HTTP standard web user identification program including identification and attribute information. PS will confirm the signature and expiration date. In SELECT, this is a request for a new network user identification procedure to be issued by the PS. In WHERE, this is passed by the application to use the previously identified network user identification program in the evaluation. SourcePort4123 INTEGER If no port number is provided in the WHERE clause, it defaults to zero. Used only for web queries. DestinationPort 4125 INTEGER is used in web queries where the application does not exist. If no port number is provided in the WHERE clause, it is set to 80 (HTTP). ------- ----- {* 装 '-(Please read the precautions on the back before filling this page)

.5J -147- This paper size is applicable to China National Standard (CNS) A4 (210 X 297 mm) 464812 A7 B7 V. Description of the invention (145) WHERE or SELECT printed by the Consumer Cooperative of Intellectual Property Bureau of the Ministry of Economic Affairs State Description EncryptionAlg 4127 INTEGER is used in virtual private network (VPN) queries. If no algorithm is provided in the WHERE clause, it is set to 64 (3DES). AuthenticationAlg 4129 INTEGER is used in virtual private network (VPN) queries. If no algorithm is provided in the WHERE clause, the default value is 2 (DSS signature IPProtocol 4131 INTEGER is used in the virtual private network (VPN) query. If no agreement is provided in the WHERE clause, the default value is 6 (TCP). Resource 4135 VARCHAR (254) A string identifying which resource was requested. Identity 4117 VARCHAR (255) The number of identified real string encodings (Select) or identification information (WHERE) collected from the user. 〇IncludeQoS 4139 VARCHAR (1 ) Used by the network / VPN device. Does the evaluation include a QoS decision? Y'es or 'N'o »defaults to _N_ (improves efficiency). IncludeSchedules 4141 VARCHAR (1) Timetable is not included in the evaluation ? 'Y'es or W. The default is _N · (improves efficiency). IncludeldentityStore 4143 VARCHAR (l) The identification of the cache in the user's identification store (usually provided by UIC) will be used in the evaluation? Ύ 'or _Ν ·. The default is Ύ'. AskClientF orldentities 4145 VARCHAR (1) Does the identification client (UIC) require identification? Ves or 1Nb. The default is _N_. -148- This paper standard applies Chinese national standard ( CNS) A4 Regulation (210 X 297 public love) 4648 1 2 A7 B7 V. Description of the invention (146) Figures 42-44 show some examples of queries and their results. In Figure 42, at 4201, query 4203 by using the SELECT statement Describe the PolicySet, HasExpireTime, ExpireTime, and Reason fields other than IsAllowed, and return detailed information about the results of the policy evaluation. The result, at 4205, indicates that the policy is allowed, and the policy that allows it belongs to the policy set 56 'and that policy has no period The full time makes the numbers in ExpireTime meaningless. Because access is allowed, there are no numbers in Reason. At 4207 you see a query 4209 that only returns the results and reasons for the policy evaluation, as shown in 4211. It shows a Query for all fields in the selected row 'and the data returned therefore contains all the data for those fields, and at the same time when the block has a default number, and no number is supplied in the WHERE clause, the default number is provided. Therefore, the field IncludeQoS will have the default value 値 &quot; N ,,. Finally, at 4215, a minimal query is displayed. The WHERE clause contains only a description of a user group and a resource set The minimum information you need. All other bad numbers (take their defaults). For example, the encryption algorithm used will be the default 3DES algorithm. Figure 43 shows how queries can be used to obtain identifying information about users who are allowed access. In 4301, a minimal group of WHERE clauses is used in query 4303 ’but the SELECT clause includes IdentType 'identGroup, and printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs

IdentValue. As shown at 4305, access is permitted to the user by three different identification numbers. At 4307, query 4309 provides the numbers of the IdentType and IdentValue blocks in its WHERE clause, and the strategy evaluation uses those numbers as shown in result 43 11. In 43 13, query 43 15 will be used to identify those data, which will be stored in the strategy database. • 149-This paper size applies the Chinese National Standard (CNS) A4 specification &lt; 210 X 297 mm) 464812 Printed by the Consumer Property Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 B7 V. Invention Description 047) One of the user identifications in 3825 is obtained by cache. To see what the identification store contains for IdentType and IdentValue, the query includes those fields in the SELECT clause. Results 43 17 represent the numbers of those fields contained in the identification store. Finally, 43 19, shows how a query 4321 can be used to state that certain information is excluded from the identification store when the user's identification is determined during the strategy evaluation. Overview of customer user information review: Figures 38 and 44 Before implementing the access control system of the present invention to approve a user's access to an information resource, it must do two things: • Authenticate the user, that is, , Determine that the user is the entity it claims to be; and • perform—user group membership determination, that is, determine whether the user ’s user group membership allows the user ’s access to information resources to allow the user to save Access to information resources. Both actions require information about the user. In the access control system described in the parent case of this patent application, both types of information can be used for authentication and user group membership determination, and the source of the information is predefined; in this patent In the access control system described in the parent case of the application, the system administrator can define the information to be used to determine the membership of the user group, but the source of the information is still predefined. In the access control system of this patent application, these limitations have been overcome by the technology of custom user information review. These technologies allow the administrator implementing the access control system of the present invention to define how and from which source information about the user is collected when making an access request, and how this information is related to storage. National Standard (CNS) A4 Specification (210 X 297 Public Love) ----------- ^ I---- I --- Order --------- t Please first 33 ^ ¾¾ of the note of the month writer} ^ 1648 1 2 A7 ____ ___B7___ V. Description of the invention (148) Fetch request associated use. In a preferred embodiment, the standardized policy server 26Π may use the collected information in any of three ways: • authenticate a user; • perform user group membership determination; * Shao Fen, when the access request is approved, the standardized policy server 2617 provides a list of information about the allowed policy element 2609 from which the access request came. A specific item of information obtained from a self-check of user information may be used for one or more of the above purposes. Some examples of how fT user information review can be used are as follows: In many cases, users who make requests to access information resources have a username and password on a system that can access the standardized policy server 2617. 'The standardized policy server 2617 can authenticate a user by requesting the user's username and password from the user, apply this username and password to the system, and see if the system is the same as the username and password for the system When you know, you should respond the same way. Printed by the Intellectual Property Bureau of the Ministry of Economic Affairs, Consumer Cooperatives • Users requesting access may have a standardized policy server that can be accessed by the access control system 26 Π External but accessible information in a database; standardized policies Server 2617 can retrieve this information from this database and use it to determine user group membership. The standardized policy server 2617 can provide any data retrieved from such a database system to the components that allow policy 2609 as part of the dossier. How the custom user information review is accomplished in a preferred embodiment is shown in the summary of Figures 38 and 44. Starting from Figure 44, Figure 44 shows the application of the National Capital Standard (CNS) A4 specification (210 X 297 mm) of the strategic capital paper standard (464 X 297 mm) 464812 A7 ___B7___ V. Description of the invention (149) The MMFs of the library 3825 are compiled from it Strategy Database 44〇1. The components of the strategy database 4401 contained in the strategy database used in the parent case and the parent case of this application have their reference numbers used in those applications. The new component of the Strategy Database 4401 is a definition 4403 of a custom user information retrieval method. Each custom user information review method describes a method used when a user requests access to an information resource that retrieves user information, and uses this information to authenticate users and determine a user group. Membership in the user, or one of the user's files. The methods described may include queries from databases or other sources external to the strategic server 2617. Hereinafter, a definition of a custom user information checking method is called a custom authentication type. This term is historical 'and should not be regarded as suggesting that the funds recovered by a method defined by a custom certification scheme 5¾ should only be used as evidence. A user group whose members are wholly or partly determined by using a method defined in a custom authentication type will be referred to as a user group of custom authentication in the following. The Intellectual Property Bureau, the Ministry of Economic Affairs ’Employee Consumption Cooperative printed a policy server 2617 'In a way like the description of the parent case of the parent case of this application to collect user authentication information through the user identification client, collect and determine whether a user is The number of attributes required to belong to a user group for custom authentication. When a policy-allowed element 2609 makes a user and resource access request to the server 2617, the server 2617 performs the following concept: It determines from the access policy 307 in the database 4401 what access policy is applicable to this Resources, and which groups of users are given or return absolute resource access by these policies. If the period information provided by component 2609 is not sufficient to authenticate the user and determine whether the strategy is applicable to information resources and users

6 Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs 4 5. Invention Description (15) The user group membership grants or returns absolute user access, and the server 26 17 returns one of those results to the allow policy Element 2609 β if the user group has policies regarding the resources of the user group including custom authentication, and apply-custom authentication method to authenticate the user, or determine whether the user seeking access is one or more A member of the multi-customer authentication user group is required. The server 2617 returns a possible result to the element 2609 of the permission policy. The possible result indicates that the server 26 17 needs more information about the user to determine whether the user has access to the resource. Along with the possible results, the server 26127 returns an indication of what information is needed from the user in order to apply the self-lamp authentication method. The policy allowing component 2609 obtains this information from the user and provides it to the policy server component 2617, which then uses this information to perform the authentication method. This method may include authenticating users, querying an external database to obtain those attribute numbers necessary to determine whether a user belongs to a user group of custom authentication, or querying an external database to obtain a user's file Information. The policy server 26 then uses the result of the custom authentication as described in the parent case of the parent case of this application 'to determine whether the user has access to the resource. If access is allowed and there is a dossier, the policy server 2617 returns the dossier to the element 2609 that allows the policy The definition of the query determines whether a user belongs to a user group of a custom certification with at least one copy. The type of custom certification is usually defined in the database 4401 in the same way as the user identification type, that is, by belonging to a policy maker strategy 306 -153- This paper standard applies to Chinese national standards (CNS &gt; A4 specifications ( 210 X 297 mm) t)-i ft 'tj t s_ of a. Tn ψ $, 4 binding 464812

V. Description of the invention (151) Any user who is a member of the user group 319 indicating that the managed user group can be shy. -Custom authentication in a preferred embodiment: Figs. 38 and 45 Fig. 38 Table π A preferred implementation of an access control system in which a user group for custom authentication can be defined and used to control access example. Figure 38 The elements of the query interface implementing the policy server 2617 have been discussed; the following elements implement a custom authentication user group: • In the element 2609 of the allowed policy:-authentication format 3807 and-zone configuration information 3809; These are used to get attribute numbers from the user. • In a standardized policy server 2617:-a policy database 3825, which includes a compiled definition 4403 of the type of custom authentication;-an authentication coordinator 3829, which receives from the VDB service 3813 the user-provided Instructions and information for one of the custom authentication types. Use this information to authenticate the user as described in the custom authentication type, and return the result of the authentication to the VDB service 3813. Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs-Certification Module 3839 (a .. η), at least one for each external source of certification information. An authentication module 3839 (i) receives an inquiry specification from the authentication coordinator 3 829, puts the inquiry specification into an appropriate format for the inquiry of the authorized information source, and returns the result of the inquiry to the authentication coordinator 3829. • Authorization server 3 843 (a.. Η): These are the sources of authentication information. -154- This paper size is applicable to Chinese National Standard (CNS) A4 (210 x 297 mm) A7

4 6 4 8 1 2 V. Description of the invention (152) • Network user identification program manager 3 8 Π and signatories, parties 3819: These make the network user identification program from the f news-authentication coordination Device 3829 returns and attaches a digital signature to it. The network user identification program returns to the allowed policy element 2609, and is used by the allowed policy element 2609 to instruct the policy server 26Π that a user / resource combination has been subjected to an access check. In FIG. 45, flowchart 4501 provides a summary of how policy element 2609 and its elements interact with standardized policy server 2617 and its elements to collect authenticated users or determine a user's membership Information about users in a user group of a custom authentication, or provide a dossier to the policy-allowing component 2609. Flowchart 4501 assumes that the user is requesting a web page; however, the techniques described below can be used with any resource whose access is controlled by a standardized policy server 2617. At 4503, the user requests access to resources from a web server 3803, in this case, the web page, using his or her web browser to do so. Of course, any other method of sending the access request to the element 2609 of the permission policy can be used as well. The flowchart 4501 assumes that the access check is performed by a policy insertion module 3805 ', but the access check can be performed by any program executed on the element 2609 that allows the policy. Therefore, at 4505, the word server 3803 passes the information from the period together with the user, and requests the policy insertion module 3805. The policy plug-in module 3805 establishes a connection with an available standardized policy server (4507). When the connection is established, the plug-in module 3805 will query 3811 -155- This paper size applies to the Chinese National Standard (CNS) A4 specification (21 × 297 mm) f Please read the precautions on the back before filling this page)- Equipment 155 · Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 4648 12 A7 B7 V. Description of the invention (153) Send to VDB service 3 813. The query will include information indicating the access sought by the user and the information resource sought to access. If the user has requested it before, the search term can also be accompanied by a web user identification program. The network user identification procedure is an indication of the results of a previous access request that has been authenticated by a standardized policy server 2617, or another standardized policy server 26π trusted by the first standardized policy server 2617. If there is a network user identification program, the VDB service 3813 reads it and compares the period information of i with the current period; if they are the same, the VDb service 3813 provides the information in the network user identification program to the evaluator 2036. If there is no internet user identification program, the VDB service 3813 processes this query as described previously. If the evaluator 2036 judges that the information identifying the user is sufficient to make an access decision and allow access (4509), branch 4511 is adopted; if the evaluator 2036 judges that access should be denied (4515) ', take branch 4517. Otherwise, the VDB service 3813 returns a list of possible results and a type of custom authentication related to the access decision to the element 2609 of the allowed policy (4520). The code in the policy insertion module 4507 is equivalent to selecting one of the custom authentication type list, and then selecting the authentication format 3807 (i) corresponding to the selected custom authentication type. Configure it as described in the configuration information 3809 and output it to the user's browser (4521). Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs The authentication format uses the method described in the selected custom authentication type to request the user to authenticate the user with the information he or she needs. The user fills in the format (4521), and the plug-in module uses the information provided by the user and adds it to query 381 丨. The additional information is referred to herein as certification information, and includes an identification of the selected custom certification type, and from the 156-paper standard that complies with China National Standards (CNS) A4 (210 X 297) (Mm) 6 4812 V. Description of the invention (彳 54) A list of those numbers received by the user in the &lt; attribute name, attribute number &gt; pair format. Then query back to VDB service 3813 (4523 &gt;. Printed on 4525 by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economy, VDB service 3813 provides authentication information to the authentication coordinator 3829, which retrieves the selected custom authentication from the policy DB 3805 Type definition and provide it to the authentication module 3839 (i) used to perform those queries required for authentication. Module 3839 (i) places the query in the server 3943 (i) where it is to be executed Within the appropriate format and send it to the server 3843 (i). When the server 3843 (i) returns the result, the module 3839 (i) causes the result 'including whether the query was successful' into the &lt; attribute name, Attribute number &gt; within the list of pairs' and pass this list back to the authentication coordinator 3829. The authentication coordinator 3829 uses a custom authentication type definition to determine whether the authentication was successful, and returns the result of the authentication to the VDB service 3 813. A list of &lt; attribute name'attribute number &gt; pairs containing the information retrieved by the query, which may accompany the authentication result and can be used to make a dossier 3804. If the authentication result indicates success, vdB service 3813 adds custom authentication Type The information returned by the module 3839 (丨) to other information and information resources related to the user and re-submitted it to the evaluator 2036 for evaluation at 4509, as previously branched on the results of the evaluation. It is possible to substitute As a result, the VDB service 3813 returns that result to the plug-in module 3805; of course, the list of custom authentication types does not include the one being used. The procedure indicated by the loop 4526 above continues until the evaluator 2036 rejects or approves Access unless the evaluator 2036 does not find an access policy that returns access to absolute resources for a user group whose user is a member, and at least one user group for which the user is a member grants permission to The access strategy of resource access, access is denied. -157- This paper size applies Chinese National Standard (CNS) A4 specification (210 X 297 public love) d648 1 2 A7 B7 V. Description of invention (155) If rejected Access (branch 4517) 'The plug-in module 3805 provides an access rejection screen to the web server 38 (4541), which then provides this screen to the user's browser (4545). If access is allowed (branch 4511), VDB service 3813 determines whether there is a dossier (4537); if so, VDB service 3813 adds the dossier to the query result (4539) and passes the result and any dossier to the insert module 3805 (4540) 'The delivery period, including the dossier, returns to the network Servor 3 803 (4543), which then allows the user to view the requested web page. A detailed example of custom authentication The next detailed example will first show the interface and management of a manager that defines a custom authentication type The generated custom certification type definition, then it will indicate how the custom certification type definition is used to define a user group of a custom certification, and finally will show the use of a user group that may belong to this custom certification How the user authenticates, and how to obtain the number of attributes necessary to determine the membership of the user in the user group of the custom authentication. Defining a Custom Authentication Type: Figure 46-48 Figure 46 shows a window 4601 for defining a custom authentication type in a preferred embodiment. At 4603 is a block for receiving the name of the custom authentication type ', here is LDAP Bind. LDAP is a well-known protocol implemented on TCP / IP to access directories of people or other entities. LDAP Bind defines a custom authentication method 'which authenticates a user based on an entry in a directory accessible to the user via LDAP. At 4605 is a description of the custom authentication type. Cooke life span 4607 decides how long an online user identification program should be authenticated as instructed by a custom agreement, in this case 2 hours. After this period has passed, the authentication using LDAP Bind must be re-158. This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm). Diagnosis it N. Language j% i a. Body t η% This binding Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs 464812 A7

5. Description of the invention (说明 56). In a preferred embodiment, the authentication method is implemented as a function or functions. The first function in this method is started by the authentication coordinator 3829. The other functions in this method are started during the execution of that function. The implementation of those function codes, that is, the authentication module 3839 of the function, includes modules that can be loaded during execution, such as the dl [file used in conjunction with the operating system produced by Microsoft Corporation. At 4609, the administrator defines the authentication method to which function he or she is operating; at 46, the administrator instructs the name of the .du building to include those functions. The settings and query parameters 4615 at 4613 are for the functions currently described at 4609. At 4613, the administrator indicates whether the result of the function is required for authentication, and whether the VDR service 3813 will include this result in its network user identification program to represent the policy evaluation. The list of parameters 4615 describes if the user is to be authenticated and to find out whether the user is one of the goals accessible through the LDAP protocol—the information necessary to customize the user group membership must be provided to the function Information. Each parameter on the list has a name (4617), a number (4619), a data type (4621) 'and a description (4623). The parameter number can be saved in three ways: Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs • As a constant, for example, the port number "389" $ {&Lt; variable name &gt;} description, for example {PWD}, which is a password provided by the user; • As a pattern to be compared, wildcard characters are indicated by *. Therefore, the parameter -159- This paper size applies to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) 4648 1 2 V. Description of the invention (157)

AtributeSearch can match any attribute returned by a directory entry accessed via LDAP. Figure 47 shows how at 4701-a custom authentication type is associated with a set of information, and how an authentication format 3807 is associated with a custom authentication type. A screen 4703 indicates a type of hierarchical structure called Authenticated Information Set that requires special authentication; one of the types of a service that is Neptune is LDAP Bind ′ at 4705. Item 4705 represents the authentication module 3839 for Neptune and LDAP Bind. At the next level down (4707) is a set of information hosted by WS // BindNeptune.html. The information set that WS can access and the BindNeptune.html information set itself indicates the application. Users who want to access this information set must be authenticated, and they must be members of a user group determined by LDAP Bind's custom authentication method to have access to this information set. Of course, if this is to work, the plug-in module 3805 of the application 3803 used by users who are trying to access BindNeptune.html must have the authentication format 3807 for the information necessary to authenticate users, in this case ' Determine if the user ’s user ID and password allow the user to access BindNeptune. Html. Narrated at 4709. Finally, curtain 4711 describes the way in which information can be retrieved from the application WS; once again, using style comparisons; such as those printed by the Ministry of Economic Affairs ’Intellectual Property Bureau employees’ consumer cooperatives in all fields except URL blocks The asterisk indicates that the only requirement of the application WS is that the user accesses the webpage BindNeptune.html. 〇 Another feature of the access control system seen in Figure 47 is that WS // BindNepUme.html defines a virtual network servlet , That is, any number of such applications giving access to the information set may be the same -160- This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) / 16 4 8 1 2 A7 B7 5. Invention description (158) is executed on a physical machine as long as those applications have different IP addresses, port numbers, and / or Internet names. In addition, as can be seen from the Action field on screen 011-a resource definition may include-HTTP verbs, and access to resources may be limited to what is provided by this verb. Finally, the length of the keys used can be stated in the SSL protocol. Printed by the Intellectual Property Bureau Employee Consumer Cooperative of the Ministry of Economic Affairs Figure 4 8 shows how a user group can be associated with a custom authentication type access method, and how an access policy can be related to a custom authentication type Associated user groups access the collection of information associated with the custom authentication type. The windows representing those user groups are defined in 4805; user groups are hierarchically defined, and there are authenticated user groups, that is, user groups that use special authentication methods. Under that user group is a user group that has access to BindNeptune, and under that user group is a member whose use is judged by the information retrieved by the LDAP Bind custom authentication type Group 4807. The parameter stating that the user who has access to the directory queried by LDAP Bind must have is indicated in this entry; here, those asterisks indicate that a person with a name and a phone number in the directory is the user A member of the group LDAP Bind. Window 4809 represents the information set; at 4709 is the BindNeptune. Html information set item, which requires LDAP Bind for access. The window representing the access policy is at 4801; the access policy 4803 indicates that the information set belonging to the LDAP Bind (which includes the information set provided by the application WS) can be accessed by the user group LDAP Bind, which uses a custom authentication type LDAP Bind. Implementation of Custom Authentication Type Definition 4403: Figure 49- 50 In order to ensure the existence of the existing access control system with custom authentication implemented in it -161-This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 public) (Centi) 4648 1 2 A7 B7_______ 5. Compatibility of the Version of the Invention (159) The definition of the custom authentication type in a preferred embodiment uses a list that previously exists in the policy database. Those lists are smart card type and smart card definition lists, shown in 1323 in FIG. 13A, and those agent definition and agent parameter lists are shown in 1709 in FIGS. 17B and 17C. Each custom certification type has a column in the SmartCard type table, as shown in 4 9 01. This column describes the type of custom authentication—type recognition 4 903, its name 4905, and a note 4907 indicating its purpose. The authentication method uses a column defined in the proxy definition list, as shown in 4909, and the column in the proxy parameter definition list, as shown in 501. The relationship between the column and type method definitions in the SmartCard type table is established by the use of LDAPBind in column 4913 of column 4909 and LDAPBind in paste 4805 of column 4901. The other fields of column 4909 include field 4911 'which is an identification number for the method, field 4915, which is the method-description', and block 4917 'which describes the proxy parameter definition table used in column 5001. The number of columns that define the authentication method. Printed by the Employees' Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs. Continue with the proxy parameter definition table column 5001. The columns shown define the LDAPBind self-authenticated method. Column 5OO describes a set of parameters 5002 used in the authentication coordinator 3829 and those related authentication modules 3839 and / or side socket extraction interface 3841. Each column has its own identification number in field 5003. The identification number of column 4909 is in field 5005, which correlates this column with its proxy definition. A name is field 5000, which Indicate the use of parameters in the method, a description field describing the parameters, and-the number of bits containing the number of parameters. It should be noted here that the importance of the parameters in parameter 50002 depends entirely on those modules that use them. -162- This paper size applies the Chinese National Standard (CNS) A4 regulations (210 χ &quot; ^ 97 mm) 5 4 8 1 2 A7 ____B7__ 5. Description of the invention (16〇)-The group parameters may include many subsets of the parameters . In most cases, a subset of the parameters describes a query to an external data source, which is proposed by an authentication module 3830 or a write-on-write interface 3841. The number 値 ′ returned in the parameters of a parameter subset may be used as the parameters of the following parameter subset. Parameter set 5002 has two such subsets, called, shown in training 7, and Step2, shown in 5 {) 25. Only the coffee will be explained in detail. Starting from the top of the parameter set 5002, the column 5013 indicates the network user identification program that provides the access request for the parameter set 502 to an authentication module or side socket extraction module, which will be valid for 2580 seconds. Column 5015 indicates that there are two parameter subsets, called Stepl and SteP2. All the columns in Stepl are listed in the field 5007. Step 1 / &lt; Step name &gt; The name of the format. The Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs printed the details in Stepl. The parameter definition of stepi is a check of the [] [^ 1 &gt; Return the employee's room number, working circuit, and email address. The user provides userID and password ’via the LDAP Bind authentication format 3S07 and if user [D] and password give the user access to the directory, the user has been authenticated. Beginning with the columns at 5016, these columns describe the names of the functions that will perform this step and its dlls. The column 5〇 丨 9 indicates that the results of the query performed by Stepl should be included in the network user identification program representing the access request. The next column indicates the maximum time the query should take to execute before the subroutine returns—results indicate no failure. The columns with the names Stepl \ port, Server, UserDN, and UserPWD contain the number of parameters needed to find and access the LDAP directory. It should be noted that those numbers in the last two columns are those provided by the user via the authentication format 3807. -163- This paper size is applicable to the Chinese National Standard (CNS) A4 specification &lt; 210 X 297 public ") G Intellectual Property Bureau, Ministry of Economic Affairs Printed by employee consumer cooperatives 4 ιε Α7 Β7 5. Some explanations of the invention. The columns at 5021 indicate the number of parameters that will be returned by the LDAP query; these numbers will be used to determine whether the requesting user is a user group with access rights Part of the group. Finally, in the Smartcard definition list, column 5025 defines the user belonging to a user group whose membership is at least partially determined by the LDAP Bind custom authentication type. The column's identification number is seen at 5027; the user's name is found at 5029; block 5031 contains the identification of column 4091 and thus indicates that the user is authenticated by LDAP Bind. At 5033, if a user is to be authenticated as the user Tony M, a list of &lt; attributes, numbers &gt; indicating a pattern that must match the number of attributes obtained from the directory by the LDAP Bind method. Custom user information review and query interface for standardized policy server: Figure 4 1 Virtual? 〇21 € Aug ¥¥ B The columns 4101 and 4151 to 4167 in column 4101 provide one of the preferred embodiments for customizing user information review and query interface. The contents of these stops are explained in detail in the discussion of Figure 41 above. All fields except Identity 4117 and Cookie 4157 are only selectable: Cookie paste is either Where or Select. Here, only the following relevant barriers will be indicated: • Identity 4117, when used in a SELECT clause, returns the user's identity from the real number to the allowed policy element 2609; when used in a WHERE sub In the sentence, it together with a descriptor of its own type provides the user identification information collected by the allowable policy element 2609 to a specific custom authentication type to the VDB service 3 8 13 which then passes it Go to Authentication Coordinator 3829. Please read the notes on the back first and then fill in%. Binding on this page -164- This paper is again applicable to the Chinese National Standard (CNS) A4 (210 x 297 mm). 5. Inventory Statements printed by the Consumers ’Cooperative of Intellectual Property Bureau of the Ministry of Economy 162) • MaybeList 4151 is the self-evaluation returned by the evaluator 2036 when it finds that the membership of a user in a group that requires one or more custom authentications to determine whether a user has access to a resource Order a list of certification types. • AttributeName 4153 and AttributeValue 4155 are implemented by

The &lt; attribute name, number &gt; pair returned by the method that specifies the authentication type is a single one. If those methods return more than one such pair, there will be a row of 4101 for each such pair. If the method is described as such, the pair will be included in the dossier. D • Cookie 4157 is made by VDB service 3813 and is returned to the element of permission policy 2609 when a user first accesses a resource. User identification program, and provided to the VDB service 3813 by subsequent policy access elements 2609;-a method of customizing the authentication type may describe the information to be included in the network user identification program . • IdentityNumber4159 is a sequential number that allows authentication coordinator 3829 to trace the identity of a user when the identity of more than one user requires authentication. • IdentitylsValid 4163 indicates whether user authentication is required for the success of a particular custom authentication type. If it is, describe those data that are included in the network user identification program and / or file in the method of custom authentication type, and will enter the user's network user identification program and / or file . Example of custom user information review: Figure 5b53 In the following example, a user requests information resources WS: -165- This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm> ----------- ί Install -------- Order --------- (Please read the notes on the back before filling this page) 46 4 b A7 __ B7 V. Description of the invention (163) // Access to BindNeptune.html. Allow members of the Bind Neptune user group to access this information resource, as shown in policy 4803. The qualification of Bind Neptune through LDAP Bind defines the method defined by the custom authentication type. As shown in the proxy parameter definition table 501 in Figure 50, that method executes a query that uses the user of the user who wants to access Identification and password. If the user identification and password give access to the LDAp green database, the query returns the user's room number, work code, and email address. Any or all of these data can be used to define Membership in a user group; as shown in 4807, only work phone is used to define Bind Neptune Membership in the LDAP directory database for any user who has a phone number becomes 10% of this user group. A user who has access to WS ·· &quot; BindNeptune. Html can be defined accordingly As follows: UG: Bind Neptune UG Membership: telephoneNumber = * (any telephoneNumber attribute defined in one of the queried databases / directories) enables users of a member of the Bind Neptune user group to access ws: // BindNeptune.html includes the following steps: Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs 1. The user enters the URL of the resource in the user's web browser (http * // pluto. Interdyn. Com / BindNeptune. Html); 2 The web server 3803 receives the request and calls ppi 3805: 3. PPI 3805 queries the PS 2617, provides resource descriptions, etc. 4. VDB service 3813 receives the query and calls the evaluator 2036. The evaluator 2036 may allow the user to save Take the requested resource MAYBE back to -166- This paper size applies Chinese National Standard (CNS) A4 (210 X 297 male shovel) d6 4b A7 B7 V. Description of the invention (164) And custom authentication type response; 5. VDB service 3813 returns MAYBE and auth types to ρρι 3805; 6. PPI 3805 loads the HTML configured for this custom authentication type from 3807 (i), and This format is displayed in the browser; 7. The user talks in the requested information and sends the format; 8. The server 3 803 receives the assignment with the requested information, and calls ρρι 3805 for processing; Install 9. PPI 3805 Query the VDB service 38 1 3 with the requested information; 10. The VDB service 3813 provides a custom authentication type and information to the authentication coordinator 3 829, which calls the LDAP Bind authentication module 3 839 with a custom authentication type (a) , And provide the module configuration / delivery information; order 11 _authentication module 3839 (a) to restrict the LDAP target green 3843 (a) with the supplied username / password, and query the user's attributes for the target green . The list of authentication success codes and attributes is sent back to the authentication coordinator 2839 'which then passes them back to the VDB service 3813; 12. The VDB service 3813 calls the evaluator 2036 with the username and attributes. Khan estimate device 〇36 is returned to ALLOW according to 『〇16011〇1161 ^ 11111 匕 61: Attributes and browser settings &quot; settings &quot; Internet user identification program; Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs 13. VDB service 3 8 13 returns permission to PPI 3 805, which displays the originally requested page. In the above example, the method defined by the custom authentication type uses only the information returned by querying the LDAP database Those attributes to determine user group membership; those methods described in other custom authentication types can return some or all of these attributes returned by other queries ___ -167- this Paper size applies Chinese National Standard (CNS) A4 specification ⑽χ 297 male cage) 4848 1 2 A7 B7 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 5. Description of the invention (165) In a file 3803 to be returned to the application 3803. It should be further pointed out here that a preferred embodiment of the present invention is implemented on an NT server priced at $ 3,000, and one second can perform the above-mentioned operation for 50-100 users Those steps. The main reason that these steps can be performed at this speed is the use of the compiled MMFs 2301 in the Strategy Database 3 825, as described in the parent case of the parent case of this patent application. Continue more details when PPI 3805 receives URL and the query in step 3 above, the query looks like: select Cookie, IdentitylsValid, IsAllowed, reasoncode, maybelist, cookie modified from policyeval where sourceip = '192. 168, 36.215' and application = 'WS' and resource = 1 BindNeptune. html &amp; GET &amp; 192.168.36. 217 &amp; pluto. interdyn.com &amp; 80 &amp; 0 'and includeeval = 1Y1 and includeidentitystore =' Y 'and askclientforidentities =' N ' And the information that can be judged by his or her user group membership is only the IP address of the user in S0UrCeip. The resource that the user requested to access is the application that requested the access, WS The 'defined URL' is provided by the user, and the description from the WS is hosted by the URL. The operation requested by the webpage is an HTTP GET operation. 168- This paper size is in accordance with Chinese National Standard (CNS) A4 (210 X 297 public love) n Missing the back note and fill in the page binding weaving A7 464812 __B7____ 5. Description of the invention (166) Strategy inserting module 3805 uses it List configuration of one of the queryable standardized policy servers 2617; the policy insertion module 3805 selects a standardized policy server 2617 by balancing the load of those policy servers on the list, and sends the query to that policy server . If access is allowed, the response to the query will include a web user identification program that will indicate whether the user's identity is valid, give a reason for a valid identity, and if access is changed to include a custom authentication type, Includes a possible list. In fact a custom authentication type is included, so the response looks like:

Cookie =; IdentitylsValid =;

IsAllowed = N: ReasonCode = 118;

MaybeList = LDAP Bind; CookieModified = N. The invalid number of IdentitylsValid indicates that the user's authentication was unsuccessful; as a result, no network user identifier was returned and no access permission was granted. The reason for the unsuccessful authentication is to include a custom authentication type, LDAP Bind, and the name of this custom authentication type is returned in the maybe list. Printed by the Intellectual Property Bureau of the Ministry of Economic Affairs, Consumer Cooperatives, and inserts a policy inserting module 3 805 by sending an authentication format 3 807 (1) of type LDAP Bind to the user ’in response to the result of the first query. The format 3807 (i) is formatted as described in the area configuration information 3809. The resulting screen 5101 used in a preferred embodiment is shown in FIG. Request information about a user from a directory that complies with the LDAP protocol, which must include the user's username and password; collect information in the format 5 丨 03 and 5 丨 05; when the user presses the login button 5 1 At 0700, this information was sent to PPI 3 805. To deal with the case where there may be more than one custom certification type name on the list ____ -169- This paper size applies the Chinese National Standard (CNS) A4 specification (210 χ 297 mm) 46 ^ 812 A7 B7 V. Description of the invention (167) Please read the notes on the back before filling in this page Λ 'PPI 38〇5 is a list configuration sorted by custom certification type; custom certification types from the list may be sorted by PPI 3805 according to their appearance Processed lists are processed one at a time. PPI 3805 uses the information from the user to make a new query 5201 for VDB service 3813; that query is shown in Figure 52, and its results are shown in Figure 53. Query 5201 differs from the first query to VDB service 3813 in that a new stop, the identity stop 5203, was added. The content of this field contains the information that the VDB service needs to cause the authentication coordinator 3829 to cause an authentication module 3839 to collect the user information required by the authentication user, and to allow the evaluator 2036 to determine whether the user belongs to a member whose information is accessible. Information for the user group of the property. In particular, the identity block 5203 contains the URL of the access resource found in 5204. The name of the custom authentication type using its method is 5205, and the user name provided by the user is 5207 in the authentication window. 5103 in 5101, password 5209 is provided in 5105 in window 5101, and the instruction for the action to be sent by the user name and password is 5 211, that is, the user presses the button 5107 on the screen. The VDB service 3813 responds to the query 5201 by processing the WHERE clause field sourceip to askclientforidenties, and then passes the inner valley of the identity field 5203 to the certificate coordinator 3829, which then goes from the strategy database 3825 to the Intellectual Property Bureau employee consumption cooperative Print the proxy parameter definition 501 from the LDAP Bind custom authentication type, and use the user identification and password described in niches 5207 and 5209 to activate the authentication module 3839 (i) described therein. As described in the parameter definition 500, the authentication module 3839 (i) performs a query to the LDAP server, which returns the user's room number, work phone number, and email address. For example, in the 5023-170- this paper size applies the Chinese National Standard (CNS) A4 specification (2W X 297 mm) A7 4648 1 2 B7 5. The description of the invention (168) is described in the parameter set 5002. User, check must be successful. The authentication module 3839 (i) indicates to the authentication coordinator 3829 that the query has been successful, and returns the data returned by the query to the authentication coordinator 3829. The authentication module 3 839 transmits the results and the returned data to the vdB service 38 13, which provides the returned data to the evaluator 2 306 for determining whether the user belongs to the Bind Neptune user group. Here, the information returned includes the user's phone number, which is all the information needed to establish membership in Bind Neptune '. So the evaluator 2036 instructs VDB service 381 3 to allow access = the Intellectual Property Bureau of the Ministry of Economic Affairs employee consumption The cooperative prints that the VDB service 3813 now has all the information needed to perform a query 5201 and return a result. Results 5 301 are shown in FIG. 53. Most of the results consist of Cookie 53 03 'which is only returned when the access request is successful. 〇〇kie 5303 contains a description of the access request ‘contains user information’ and user information retrieved by a custom authentication method. Cookie 5303 further contains a digest and digital signature of standardized policy server 2617 at 5305. These components make changes to the content of Cookie 5303 discoverable and make it possible for a policy server 2617 to accept a web user identification program from one of the other policy servers that it acknowledges its signature. At 5309, the result indicates that the user has been authenticated, access has been allowed at 53 11, and MaybeList is empty because access is allowed, as indicated at 53 13. When the policy insertion module 3805 receives the above result, it allows the application 3803 to display the page http: // pluto. Interdyn.com/BindNeptune.html. The dossiers will be immediately obvious from the detailed example above. The custom authentication method can be defined to collect a user that can be provided via an input device, or can be from -171-1 This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 public love Γ A7 V. Description of the invention (169) Standardization strategy feeder 2617 can access—information information. In this example, the information collected from the user is used to make it from the LDAP directory. The information obtained is used to judge the membership of a user group ^ messenger, but it is not necessary-this must be the case. _ Since ^ $ method-this can only be used when a user requests access to a resource: set About-user information 'and provide the information to the allowed component 2_. This information can come from-authentication module or _ profile extension module 3 841 any information source that can be queried. VDB service 38 13 borrow Its mechanism for providing the information retrieved by a custom authentication module to the allowed policy element 2609 is dossier 3804.—The dossier is only the attribute _ 数 値 ^ returned in the fields 4153 and 4157 of the query ^ Single. When recognized by a custom When the data returned by the method are to be included in the dossier of the element 2609 that is returned to the allowed policy, the fact is indicated in the proxy parameter definition of this method with a content similar to that indicated in 5019. The data returned by the query as defined in Stepl 5017 will become part of the network user identification program returned by the query. Active Access Control Printed by the Consumers ’Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs Access control so far usually has a negative purpose-to make sure that the user of the system only accesses those sources of information that he or she is allowed to see. However, when custom user information review is combined with a standardized policy server, The result is an extension of the definition of access control to include access control with a positive purpose. That is, not only to make sure that the user only accesses those sources of information that he or she is allowed to see, but also that the user has access to him Or those sources of information that she is most likely to use or like. -172- This paper size applies to China National Standard (CNS) A4 (210x297 mm) ^ 64812 A7 B7 V. Invention (170) Some examples will suffice to illustrate this principle: • In a multinational company-the staff database may include the most comfortable language for each employee, τ; it can be retrieved when the employee requests access to a source of information This information is passed back as part of the staff's dossier 3804 to the 7L 2609 that allows the policy, and then it can use that information to provide it in the appropriate language and where possible—browser interface to provide the source of the information A version in a better language. • Internet merchants can use the techniques described here to make loitering synonymous with the Internet and improve routes offered to people who fly frequently. When a client accesses a merchant On the website, the merchant can check the merchant's database to determine how much business the customer has completed in the last six months, and return the total to the merchant's web server. Web servers can use this total to determine the look of the webpage, determine price discounts and other special offers, and move events to a server that will ensure a fast response from the user even during times of congestion. Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs A final example will show the complete extension of the concepts of custom user information review and standardized policy server extended authentication and access control. With — standardized policy server and custom user information review, people can implement a lottery ticket like this: An access policy is defined in the standardized policy server, which is given to users who belong to the lottery winner user group. 1〇Uery wirniing ^ # The access right of the source, which is a bank account that contains lottery bonuses. If the won lottery attribute associated with this user has a number ,, γπ, a user is a member of the lottery Winner user group. member. Yes—the number of this attribute for a specific user is a customized certification type of 〇ttery winner type -173- This paper size applies + National Garden Standard (CNS) A4 specification (210 X 297 mm) 4 6 4 8 12 A7 B7 5. It is determined by the method defined in the invention description (171) state. A user plays a lottery game by entering the URL of the lottery winnings resource into his or her web browser; the lottery application receiving the URL performs a query as described above on the VDB service 3813; the evaluator 2036 determines that it is a lottery winner Someone who is a member of the user group may have access and return the lottery winner type name to the lottery application 'It outputs a window to the user' and asks the user to enter a number. The lottery application then performs a second query as described above, which includes the 10ttery winner type name and the number received from the user. vdb service 3813 passes lottery winner type name and this number to authentication coordinator 3829,

It provides this number to this type of authentication module 3839. The authentication module uses a random number generator to generate a number; if it is the same as that entered by the user, the authentication module 3839 returns the number "Yes" to the won lottery attribute; otherwise it returns _, No " The VDB service 3813 provides the number of this WON 1〇ttery attribute to the evaluator 2036, which uses it to determine whether this user is a member of the lottery Winner user group. If the user is, The vdB service 3813 returns a result indicating that the user has access to 10Uery winnings' and that the user can transfer the total amount of 10ttery winnings to his or her personal bank account. Bureau of Intellectual Property, Ministry of Economic Affairs Employee Consumer Cooperatives printed conclusions. The previous detailed description revealed to those who are familiar with the technology in detail. How to build an access control system, where access is through a SQL lookup.] On a virtual relational data Library list check, this list contains-columns for each potential user / information resource combination, and how to provide access control -174- This paper size applies to China National Standard (CNS) A4 specification (210 X 297 Mm) 4648 1 2 A7 B7 V. Description of the invention (172: Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs = used by people in the LT to define how and where the access control system is collected from users seeking access. And collecting from internal or external sources: to validate the user ’s identity 'determine the user's membership in a user group, or provide any additional information about the user to the allowance strategy, who has further disclosed that they currently have Know the best modalities for constructing an access control system. = Then the techniques disclosed in this article for filing—please,… —virtual database listing are particularly advantageous in access control. The set of user &quot; information source combinations can be very large and often undefinable. They can use a simple and easy-to-understand interface for the reader θ. In particular, daggers can be used to The access control system benefits, with user groups and information sets defining access in the same way. However, it does not matter how and where the access control system is collected and used. The information technology and the sql query interface used in the preferred embodiment work well. This technology can also be applied to other types of access control systems. All that is necessary is to associate the user with the method definition method. Here The actual embodiments of the present invention disclosed herein, further to the implementation of the present invention, are affected by the fact that the modification of the existing system which must be compatible with the older version of this system is scrupulously affected. Other implementations of the present invention will be equally for those Restrictions or lack of influence hinder those designers. Moreover, Sql is advantageous as a choice for querying 因为 δ, because it is widely distributed, but not necessary. Other embodiments may use other query languages, and may simulate other protocols to access remote databases. H Λ U a 4% of this binding -175- This paper size is applicable to Chinese National Standard (CNS) A4 (210 X 297 mm) 464812 A7 B7 V. Description of the invention (173) Therefore, it is disclosed here Countless other specific embodiments of the principle are possible, and for that reason, the detailed description should be regarded as all possible directions rather than limitations 'and the breadth of the invention disclosed herein should not be determined from the detailed description' but from the application The scope of patents is interpreted in the full breadth permitted by patent law. k u 之 3 of the back side Filling and binding Binding Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economy

Claims (1)

88008 ABaD patent application scope 1. A device for providing information after a query, wherein the query and response have a defined format, the query is addressed to a database table with at least one column 'each column has at least-and named The query includes at least one field name to describe the information to be provided in the returning temple * tq response, and the only-row-to-row instructions from the database table that contain this information. This device contains : — Virtual database service; and — the source of the information to be provided, which you do not use. H # + use a field with a name to identify the information to be provided, the virtual database service receives the query, uses in war, _ difficult Optional—listing instructions to obtain the resources and wind to be provided from the information source, and provide information in the response, the device is used to propose the designation of the address specified by the query &gt; ^ —the virtual database is listed to the query source. 2. For the device in the scope of patent application, item 1, where: the instructions for selecting a row include a selection number; and the information source provides the information to be provided in the response—the component, which matches multiple numbers, and One of the choices 値 and ^ for accessing information sources. Printed by a member of the Intellectual Property Bureau of the Ministry of Economic Affairs and a Consumer Cooperative. 3. If the device of the scope of patent application is the first, where: a SQL query that looks up the database table of the full address database; a SELECT clause that contains the bit name in the query ; And the way of selecting a column of instructions included in the query — where clause 0 -177- this paper rule @ （(CNS) A4 秘 Coffee χ 00 8825 ABCD 4648 1 2 6. scope of patent application 4. such as patent application The device of scope item 1, wherein: the information source is an access evaluator that determines whether a user can access an information resource; the method of selecting a row includes from which row the user and the information resource can be determined; and The information provided includes whether the user, who is determined from the information, has access to one of the information resources determined from the indication Q 5. As for the device under the scope of patent application item 4, wherein: The access evaluator considers one or more Access policies determine whether users can access information resources. Each access policy indicates whether a group of users can access a set of information resources. Strategy, and the information resource collection to which the information resource belongs indicates that the user is allowed to access the information resource; and the method of selecting a row includes the user's membership in a user group from which the user can decide about the user Membership information for. 6. The device as claimed in claim 5 wherein: The access evaluator uses the membership information to determine the user's membership in a user group. 7. If the device of the scope of patent application is No. 6, among them: The printed access evaluator of the consumer cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs judges that there may be a user group, so that membership in this user group will be used And access to information resources; and the information provided provides instructions on how to provide further information about the user in a further inquiry. From further inquiry, it can be determined that the use of this paper standard applies to the China National Standard (CNS). ) A4 size (2 buckles x 297 mm) 4648 1 2 B8 C8 D8 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs. 6. Membership of users in the patent application group. 8. For a device in the scope of patent application item 7, where:-further information includes authentication information that can be used to validate the identity of the user. 9. The device of claim 8 further includes: It is an additional source of information for an authenticator, and the authenticator uses the authentication information to validate the identity of the user. 10. If the device in the scope of patent application is applied for item 9, which: In response to further inquiry, provides an indication of whether the identity of the user is valid. 11. If the device in the scope of patent application is applied, it further includes: It is a user side A source of additional information that provides additional information about the user; information about the user includes a description of the user information review method that describes how the source of the user profile provides additional information; and an access evaluator Use at least some additional information to determine a user's membership in a user group. 12. The device in the scope of patent application, further comprising: it is an additional source of information for the authenticator, which validates the identity of the user; the authenticator uses membership information to validate the identity of the user; and only if After the authenticator has validated the user's identity, the access evaluator determines the user's membership in a user group. 13 · If the device in the scope of the patent application, the item 4 further includes: -179- This paper size applies to China National Standard (CNS) A4 (210 X 297 mm) ------------! Install -------- order --------- line (please read the precautions on the back before filling this page) A8 B8 C8 D8 VI. The scope of patent application is an extra of an authenticator Source of information that enables the user ’s identity to be valid;-the method of selecting rows includes the authentication information used by the authenticator to validate the identity of the user; and &gt; the information provided is obtained at least in part from the authenticator and includes the user's An indication of whether the identity is valid. 14. The device according to item 4 of the scope of patent application, further comprising: it is an additional information source of a user profile information source, which provides additional information about the user; the method of selecting a row includes indicating how the profile information source is Aggregate profile information that aggregates profile information; and the information provided is obtained at least in part from the profile information source and includes profile information. (Please read the precautions on the back before filling this page) Binding-Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs -180 This paper size applies to China National Standard (CNS) A4 (210 X 297 mm)