WO2004049143A1 - Procede, systeme et dispositif d'enregistrement, d'approbation et de certification pour utilisateurs de reseaux extranet - Google Patents

Procede, systeme et dispositif d'enregistrement, d'approbation et de certification pour utilisateurs de reseaux extranet Download PDF

Info

Publication number
WO2004049143A1
WO2004049143A1 PCT/IB2003/005223 IB0305223W WO2004049143A1 WO 2004049143 A1 WO2004049143 A1 WO 2004049143A1 IB 0305223 W IB0305223 W IB 0305223W WO 2004049143 A1 WO2004049143 A1 WO 2004049143A1
Authority
WO
WIPO (PCT)
Prior art keywords
extranet
administrator
registration
information
approval
Prior art date
Application number
PCT/IB2003/005223
Other languages
English (en)
Inventor
Jim Sekinger
Myrna Gonzalez
Justin Kurt
Paul Gadbois
Original Assignee
Koninklijke Philips Electronics N.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics N.V. filed Critical Koninklijke Philips Electronics N.V.
Priority to AU2003276585A priority Critical patent/AU2003276585A1/en
Publication of WO2004049143A1 publication Critical patent/WO2004049143A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Definitions

  • Internet web site and, in particular, to a method and system for automated registration, approval and certification of extranet users.
  • An extranet is essentially an intranet that is partially accessible to certain, authorized outsiders, for example, to users such as customers or suppliers.
  • An extranet may provide various levels of accessibility to users, depending on their identity.
  • a number of management and administrative functions must be performed if an extranet is to be operated and maintained successfully.
  • One of these functions is processing requests for access and granting certain qualified users access to the extranet.
  • the process of granting access includes registration, approval and certification of applicants as users of the extranet.
  • Prospective users initially contact the extranet site and register by providing information about themselves and their companies, e.g. by filling out and submitting a registration form. The registration information is reviewed and access to the extranet is approved or denied. If access is approved, the user is certified so that he or she can be recognized as an authorized user on subsequent visits to the site.
  • Extranet user registration, approval and certification creates a need to integrate a number of business activities, including, among other things, customer service, data retrieval, internal workflow and external services.
  • Registration, approval and certification of users for secure extranets in a business to business environment are three separate actions, each of equal importance.
  • a potential user submits his or her request for access to the extranet site.
  • the approval and certification processes are then further, separate steps.
  • the success of any e-commerce extranet site can be determined by the number of absolute users registered, approved and certified for the site. An initial delay in the process of registration, approval and certification can create negative awareness and turn users away from use of the site.
  • the registration, approval and certification process generally includes a level of human interaction. There are incentives to reduce this level and also to focus attention on areas where it is needed. Users from the current customer base of an enterprise must be accommodated quickly and efficiently and this can be done, in some cases without an interface with administrative or managerial personnel. Users from customers or companies that are new to the enterprise must be identified, receive an appropriate level of personal attention and be also be accommodated expeditiously. Access by competitors to a company's extranet and proprietary and confidential information, which can be found there, must be prevented. The rare prospective extranet user who is expresses a general interest in products of an enterprise, even thought these products may be of an esoteric nature, should be identified so that an effort can be made to meet his or her requirements .
  • U.S. Patent no. 6,338,072 to Poindexter et al discloses an enterprise-wide work flow system in which a single computer network may maintain one global queue per service and provides for individual work flow systems to export services to one another in an enterprise.
  • Existing systems for registration include simple web site registration whereby a user enters data that then populates a database. This information is then either not verified (a user being simply issued a user ID and password) or must be sent to a responsible administrator who performs the identity verification.
  • a representative of a company which operates an extranet may be contacted by a prospective user. The representative arranges for approval and contacts the company's information technology department to make the necessary arrangements for access, without the use of any business process or system.
  • the present invention manages the workflow of granting access to an extranet to reduce the manual effort involved and reduce the overall time between the registration by the user and approval and certification of that user for the extranet site. This objective is accomplished through the use of workflow management, database, internet, and e-mail technology.
  • a feature of the present invention is the creation of an automated registration, approval and certification process allowing a potential user to self service register, an administrator to view the registrant information and act upon it, an approver to view and either approve or deny the applicant and a service provider to issue a digital certificate to an applicant, all within the same database-real-time.
  • an approver is automatically notified by e-mail that he or she has registrant information that needs to be acted upon and the registrant is sent an e-mail letting advising him or her of approval or denial, without the use of the common database.
  • Another aspect of the present invention is provision for the services of a third-party service contractor for public key infrastructure (PKI) management to authenticate users, protect the integrity of information and data transmitted and perform other functions relating to the operability and security of the extranet.
  • PKI public key infrastructure
  • PKI management services can include: issuing, renewing and revoking digital identity certifications, setting and controlling access privileges, administration of issue and monitoring of digital certificates, providing technical and customer support, address management services to enable access, addition, modification or deletion of information and otherwise managing extranet security.
  • the services provided by Verisign, Inc. under its Verisign trade and service mark are particularly suitable for PKI management services .
  • FIG. 1 is a block overview diagram for an embodiment of the present invention.
  • FIG. 2A-I illustrates the process of registration and approval in an embodiment of the present invention.
  • FIG. 3A-B is an example flow chart of the present invention.
  • FIG. 4 depicts a preferred embodiment of the basic hardware configuration for the system of the present invention.
  • the present invention provides a method, system and apparatus for enrolling users of a secure extranet. It administers and controls the process of registering, approving and certifying extranet users and reduces the time and amount of human interaction required to complete the process .
  • an applicant who is a prospective user of a company or other organization' s secure business to business extranet, operates software, for example a web browser such as Netscape or Microsoft Internet Explorer, on a computer or other device to send an HTTP, e-mail or other message requesting access to that extranet 101.
  • the applicant then provides 102 certain registration information such as name, job title, address, contact information, company he or she represents and the manner in which the applicant will be using information or using or reselling goods or services for which information is available from the business to business extranet.
  • the registration is entered in a common user information database 103.
  • the user database 103 maintains data on applicants for extranet access and on extranet users who are granted access.
  • the user database 103 has fields such as name, company represented, address, phone number, ID number, electronic mail address, system usage, public/private key information, etc.
  • the administrator 105 initiates the approval process.
  • a software program may be operative as data from applicants is entered to retrieve that data, compare it with a list of firms which are present customers or clients of the organization offering the extranet or which have already been approved for access, because they are known to be active in the industry served by the extranet, and advise the administrator that the applicant is in a category of prospective extranet users which is pre- approved.
  • Marketing databases that provide a high level of detail about prospective customers, such as the names, job titles, locations and e-mail addresses of individuals involved in purchasing and using certain, specialized goods and services, are available for purchase or license from a number of sources. Such marketing databases are suitable for use in the present invention as a "look-up list" of pre-approved applicants to further automate the approval process .
  • the administrator 105 Upon notification 104 that a registration is pending the administrator 105 assigns 106 the registration to an approver 107.
  • the approver is advised 108 of the pending registration by, for example, an e-mail or voicemail generated from the user database 103.
  • the approver decides 109 the status of the registration, either approving or denying it .
  • a certificate authority 110 is notified 111.
  • the certificate authority issues and installs a digital certificate and confirms 112 that the certificate has been issued and installed.
  • An e-mail is sent to the applicant 113 advising the status (approved or disapproved) of the registration.
  • FIG. 2A-I illustrates a process of registration and approval .
  • the process begins when a prospective intranet user visits the company's "Inside Advance" home page 201 at https://www.insideadvance.com and clicks on a "Register for Inside Advance” hyperlink 202. The prospective user then fills out the registration form 203 and clicks on the SUBMIT button 204.
  • the color of the status box indicates the action required of the administrator. For example, the "No ATT Rep" link may be red, indicating that the administrator must assign an approver.
  • the administrator selects a particular sales representative, depending on the location and the company, which is applying for access. The administrator then clicks the on an "Assign ATC Representative" button 214 to send an e-mail or voicemail submitting the information to this sales representative for approval.
  • FIG 2E shows the steps taken as the applicant continues the application process after access is approved.
  • the applicant visits the "Inside Advance" home page 201' https://www.insideadvance.com in FIG 2E. He or she then clicks on the "Register for Inside Advance” hyperlink 202' .
  • "Digital ID Information” link 215 appears on the "Inside Advance” home page 201' ' .
  • the applicant moves his or her mouse over the "Digital ID information” link 215.
  • a “Digital ID Download Instructions” link 216 and a “Download Digital ID” link 217 appear on the "Inside Advance” home page 201''.
  • the applicant clicks on "Digital ID Download Instructions” 216, has instructions printed out, returns to the "Inside Advance” home page 201' ' and clicks on "Download Digital ID” 217.
  • a message "PENDING REGISTRATIONS" 218 will appear on the sales person's computer screen once he or she logs into the intranet site welcome page "Inside Advance” screen 209" which is shown in FIG 2F.
  • the sales person clicks on the "PENDING REGISTRATIONS” link 218 to display, as shown on screen 209"', a list 219 of all of the people that have been assigned to the sales person.
  • the sales person can then click on the ⁇ ->> symbol 220 to the left of each name to see detailed information as presented, for example, on screen 221 shown in FIG 2G.
  • the sales person has two options: approving 222 or denying 223 the applicant entry to the system. If the sales person denies the applicant access, an e-mail will be sent directly to the applicant stating that he or she has been denied access. If the sales person approves the applicant, the system administrator receives the application and finishes the registration process.
  • the administrator logs into the welcome page "Inside Advance” screen 209" in FIG 2H and again sees the "PENDING REGISTRATIONS" 218' link. The administrator clicks on that link 218' to go to the pending registrations page 224' .
  • the administrator then clicks on the "Approved by" link 225 of the applicant that needs to be processed to move to the Security Profile Management screen 226 in FIG 21.
  • the administrator fills in information to create an account for the new extranet site user. After the administrator fills in the information, he or she clicks on the submit button 227 at the bottom of the screen to create the account.
  • Creating the account authorizes the certificate authority to issue and digital certificate and makes the necessary information available to the certificate authority.
  • FIG. 3 illustrates one embodiment of the present invention. Enrollment of a user begins when an applicant who is a prospective user of a company's extranet visits a company's web site and clicks on "register” 301. The applicant fills in information on the form provided and clicks "submit" 302. An e-mail message that a user request is pending is sent to the administrator of the company's extranet 303. The administrator logs onto the webfront and sees which applicant is awaiting approval 304. The administrator identifies the appropriate sales representative by looking in the company's client-server business applications 305. An example of these applications is the suite of software licensed to businesses by Systeme, füren, Kunststoff in der kar (SAP) of Walldorf, Germany.
  • SAP Systeme, füren, Kunststoff in der kar
  • the administrator assigns the pending request for approval to the sales representative using a computerized workflow application by, for example, clicking on a dropdown box and clicking a "submit" button 306.
  • the sales representative must log into the webfront 307 and either approve or disapprove the applicant 308. If the applicant is not approved, an e-mail message is automatically sent to applicant stating the request for access has been denied 309.
  • Steps 309, 310 and 311 are, for example, done in SAP using transactions vdOl and SU05, respectively.
  • the administrator then fills in 312 information on an administration screen on the webfront to allow the new user to access the extranet.
  • This information may include, for example, an ITS User ID (number generated by SAP during User Creation) , ITS User Password (a password assigned by administrator during user creation), ITS Language (e.g., English), ITS Sales Organization (status) , ITS Distribution Channel (01 or 02) and ITS Division (99) .
  • the administrator then chooses an IAC access group and a security group 313 and causes the registration information to be transmitted to a certificate authority 314.
  • the certificate authority verifies the identity of the new user and issues a digital certificate attesting to that identity 315.
  • FIG. 4 depicts a preferred embodiment of the basic hardware configuration of the extranet user registration, approval and certification system, which comprises a data communications system 400, database server 408, and central database 409.
  • the data communications system preferably comprises several subsystems such as a router 402, a hub 403, gauntlet firewall 404, switch 405, second gauntlet firewall 414, second switch 415, second router 412, second hub 413, third firewall 419 and fourth firewall 420.
  • the extranet user registration, approval and certification system includes one or more client computers, for example an extranet web server 406, web server 407, certification server 411, second server 416, QA WGate server 417, and product data catalog (PDC) server 418.
  • Each subsystem is, preferably, configured to have present or allow for the connection, as needed, of additional computer hardware to distribute the processing, memory and volume of network bandwidth used.
  • An applicant 401 attempts to access the E-commerce site.
  • a router 402 such as a Cisco 2500, directs this request the company's computer network through a hub 403, gauntlet firewall 404 and switch 405, to the extranet web server 406.
  • the extranet web server 406 redirects the applicant to the web server 407 for enrollment.
  • the applicant inputs his or her enrollment information.
  • the enrollment information is transferred to a database server 408 using a File Transfer Protocol (FTP) and to a central relational database 409 controlled by a relational database management system (RDMS) .
  • the RDMS includes one or more programs in an industry-standard language, such as Structured Query Language (SQL) , for creating, updating and, querying RDMS's.
  • the extranet web server 406 then receives the enrollment information from the RDMS by way of the database server 408.
  • SQL Structured Query Language
  • the enrollment information is reviewed and the approval process is performed from the database server 408.
  • the applicant 401 may be identified as having already been approved or being pre-approved.
  • a commercial software application processes the enrollment information and determine the approval status of the enrollment request, in particular, whether the request has already been approved or is from a applicant which is in a category of applicants which are pre-approved, and whether the enrollment request is to be sent for review or merely reported to the administrator or the appropriate approver or to both.
  • the interface between the administrator and approvers and the commercial software application is by e-mail.
  • the administrator performs final processing. Completion of final processing sends an approval e-mail to the enrollment server 407 for transmission to the approved applicant 401.
  • the web server 407 transmits the e-mail to the approved applicant 401 with a link that the approved applicant 401 uses to open the registration page (not shown) of the company's web site.
  • the registration page verifies the information from the approved applicant 401 by transmitting it to an authentication server 410 which then, by way of the database server 408, looks at the corresponding information in the central database 409, determines whether or not it is the same as the newly received information from the approved applicant 401, before access is permitted.
  • the authentication server 410 sends final verification to a certification server 411, which is maintained by a third-party service contractor, providing PKI management service.
  • the service contractor issues a digital certificate and installs it on the approved applicant's 401 computer in real time.
  • the service contractor may also send confirmation of this step to the database server 408 to be entered in the central database 409.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Information Transfer Between Computers (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

L'invention concerne un système, un procédé et un dispositif d'enregistrement, d'approbation et de certification pour des utilisateurs de réseaux extranet sécurisés dans un environnement interentreprises. Un système de flux de travaux permet d'enregistrer et de contrôler l'accès d'utilisateurs extérieurs à un réseau extranet, la décision à l'enregistrement étant prise en deux étapes, notamment par un administrateur et un approbateur. Un certificat numérique permettant d'identifier l'utilisateur est émis par une instance de certification et stocké dans l'ordinateur de l'utilisateur.
PCT/IB2003/005223 2002-11-26 2003-11-18 Procede, systeme et dispositif d'enregistrement, d'approbation et de certification pour utilisateurs de reseaux extranet WO2004049143A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2003276585A AU2003276585A1 (en) 2002-11-26 2003-11-18 Method, system and apparatus for registration, approval and certification of extranet users

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US42933802P 2002-11-26 2002-11-26
US60/429,338 2002-11-26

Publications (1)

Publication Number Publication Date
WO2004049143A1 true WO2004049143A1 (fr) 2004-06-10

Family

ID=32393546

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2003/005223 WO2004049143A1 (fr) 2002-11-26 2003-11-18 Procede, systeme et dispositif d'enregistrement, d'approbation et de certification pour utilisateurs de reseaux extranet

Country Status (2)

Country Link
AU (1) AU2003276585A1 (fr)
WO (1) WO2004049143A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101341492B (zh) * 2005-12-23 2011-10-26 国际商业机器公司 提供和接收身份相关的信息的方法和系统
US10268757B2 (en) 2016-02-19 2019-04-23 Samadhi Co., Ltd. Portfolio creation system

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6182142B1 (en) * 1998-07-10 2001-01-30 Encommerce, Inc. Distributed access management of information resources

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6182142B1 (en) * 1998-07-10 2001-01-30 Encommerce, Inc. Distributed access management of information resources

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
AU R ET AL: "Automated cross-organisational trust establishment on extranets", INFORMATION TECHNOLOGY FOR VIRTUAL ENTERPRISES, 2001. ITVE 2001. PROCEEDINGS. WORKSHOP ON GOLD COAST, QLD., AUSTRALIA 29-30 JAN. 2001, LOS ALAMITOS, CA, USA,IEEE COMPUT. SOC, US, 29 January 2001 (2001-01-29), pages 3 - 11, XP010532276, ISBN: 0-7695-0960-6 *
BROWNSTEIN M: "EXTRANETS AT YOUR SERVICE", BYTE, MCGRAW-HILL INC. ST PETERBOROUGH, US, vol. 22, no. 12, 1 December 1997 (1997-12-01), pages 75 - 77, XP000728712, ISSN: 0360-5280 *
FISCHER L.: "Workflow Handbook 2001", 2000, WFMC, WORKFLOW MANAGEMENT COALITION, USA, XP002269607 *
LOPEZ J ET AL: "An user authentication infrastructure for extranet applications", SECURITY TECHNOLOGY, 1999. PROCEEDINGS. IEEE 33RD ANNUAL 1999 INTERNATIONAL CARNAHAN CONFERENCE ON MADRID, SPAIN 5-7 OCT. 1999, PISCATAWAY, NJ, USA,IEEE, US, 5 October 1999 (1999-10-05), pages 354 - 362, XP010355710, ISBN: 0-7803-5247-5 *
PAKSTAS A: "Towards electronic commerce via science park multi-Extranets", COMPUTER COMMUNICATIONS, ELSEVIER SCIENCE PUBLISHERS BV, AMSTERDAM, NL, vol. 22, no. 14, 15 September 1999 (1999-09-15), pages 1351 - 1363, XP004179336, ISSN: 0140-3664 *
RUSSELL D., GANGEMI SR. G. T.: "Computer Security Basics", 1991, O'REILLY AND ASSOCIATES, USA, XP002269606 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101341492B (zh) * 2005-12-23 2011-10-26 国际商业机器公司 提供和接收身份相关的信息的方法和系统
US10268757B2 (en) 2016-02-19 2019-04-23 Samadhi Co., Ltd. Portfolio creation system

Also Published As

Publication number Publication date
AU2003276585A1 (en) 2004-06-18

Similar Documents

Publication Publication Date Title
US6182227B1 (en) Lightweight authentication system and method for validating a server access request
KR100744213B1 (ko) 자동 접속시스템
US6269349B1 (en) Systems and methods for protecting private information
US7571473B1 (en) Identity management system and method
US7496751B2 (en) Privacy and identification in a data communications network
EP1436938B1 (fr) Procede d'identification automatique, de traitement automatique et de delivrance automatique de certificats numeriques
US7085840B2 (en) Enhanced quality of identification in a data communications network
US7275260B2 (en) Enhanced privacy protection in identification in a data communications network
US6496855B1 (en) Web site registration proxy system
US7467298B2 (en) Methods and arrangements for selectively maintaining parental access consent in a network environment
US9900305B2 (en) Internet server access control and monitoring systems
US20020019828A1 (en) Computer-implemented method and apparatus for obtaining permission based data
US20020112083A1 (en) Cache flushing
WO2001031543A1 (fr) Technique d'etablissement de profil de donnees anonymes et dispositif correspondant
CN107005582A (zh) 使用存储在不同目录中的凭证来访问公共端点
JP2005158066A (ja) ベンダサービス用の自動化された顧客資格付与システム
AU2002335062A1 (en) Methods and systems for automated authentication, processing and issuance of digital certificates
KR20020022650A (ko) 도메인 네임 관련 어플리케이션을 등록하기 위한 공유등록 시스템
CA2397740A1 (fr) Procede et systeme securises d'enregistrement, de stockage, de gestion et de couplage de donnees d'authentification personnelle dans un reseau
WO2000052900A1 (fr) Systeme d'interface internet
CN100350342C (zh) 有选择性地允许和禁止网络上访问软件应用的系统及方法
JP2009258820A (ja) アカウント管理システム、アカウント管理装置、アカウント管理方法
US20040078312A1 (en) Method and apparatus for providing comprehensive educational and financial services
US20040128171A1 (en) Systems and methods for processing insurance information
US7007091B2 (en) Method and apparatus for processing subject name included in personal certificate

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP