WO2008072250A1 - Method and system for reconciliation of information cycles in an enterprise information system - Google Patents

Method and system for reconciliation of information cycles in an enterprise information system Download PDF

Info

Publication number
WO2008072250A1
WO2008072250A1 PCT/IN2006/000492 IN2006000492W WO2008072250A1 WO 2008072250 A1 WO2008072250 A1 WO 2008072250A1 IN 2006000492 W IN2006000492 W IN 2006000492W WO 2008072250 A1 WO2008072250 A1 WO 2008072250A1
Authority
WO
WIPO (PCT)
Prior art keywords
resource
information system
enterprise information
reconciliation
system tool
Prior art date
Application number
PCT/IN2006/000492
Other languages
French (fr)
Inventor
Srivathsan V Canchi
Pankaj Kumar
Original Assignee
Hewlett-Packard Development Company L.P.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett-Packard Development Company L.P. filed Critical Hewlett-Packard Development Company L.P.
Priority to PCT/IN2006/000492 priority Critical patent/WO2008072250A1/en
Publication of WO2008072250A1 publication Critical patent/WO2008072250A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management, e.g. organising, planning, scheduling or allocating time, human or machine resources; Enterprise planning; Organisational models

Abstract

A computer-implemented method for reconciliation of an information cycle in an enterprise information system comprising an enterprise information system tool and at least one resource, the method comprising: creating for the enterprise information system tool at least one user for provisioning the at least one resource, wherein the at least one user has an identifier for inclusion in provisioning requests sent to the resource by the enterprise information system tool; checking reconciliation requests received from the resource for presence of the identifier; and sending the request to the enterprise information system tool for reconciliation according to the presence of the identifier in the reconciliation request.

Description

METHOD AND SYSTEM FOR RECONCILIATION OF INFORMATION CYCLES IN AN ENTERPRISE INFORMATION SYSTEM

BACKGROUND OF THE INVENTION

In present day businesses, the only constant is change. Aligning people, processes and technology have become key issues in the management of a successful business enterprise. Enterprise Information Systems (EIS) provide a platform that enable organizations to combine technology and business processes together in a holistic manner.

EIS can be considered akin to a central repository that provides business information to a wide and diverse audience spread across an enterprise. To provide a few examples, such information could include information on users, employee resources, real estate resources, business partners, technical collaborators and system resources. Third party management tools that manage the information in these systems typically enters information into the systems and also have mechanisms to receive notifications when the information changes. One such management tool is HP's OpenView Select Identity, for Identity Management (IdM). Identity management is a process that involves addition/modification/deletion of digital identities and associated information.

HP OpenView Select Identity enables efficient and centralized management of users, their passwords, and their entitlements across IT systems such as applications, databases and operating systems. In other words, it allows centralized management of a digital identity and its access rights over the entire lifecycle of a user's association with an enterprise.

One of the main steps in an identity's information life cycle is known as "provisioning". It is the process of adding identities, along with their credentials and entitlements, in an identity management system. For example, when an employee joins an organization, information that describes the person is provisioned into a human resource system, an email system, a payroll system, a finance system, application directories, and so on. It is from these resources that additional information that describes the identity's credentials and entitlements within the organization is created. For example, a person's job title may be used to provide membership of a particular group, such as payroll. The system may, for instance, enforce a policy so that a non- finance person may not be provisioned within the system for membership of this group. When provisioning information in this way, an information cycle can occur when data that was sent on a forward provisioning path triggers a reverse path notification mechanism. A reconciliation mechanism may be provided to handle such information cycles.

BRIEF DESCRIPTION OF THE DRAWINGS

An embodiment of the invention will now be described, by way of example only, with reference to the accompanying drawings in which:

Figure 1 depicts a schematic layout of a portion of an enterprise information system.

Figure 2 shows a block diagram illustrating forward and reverse provisioning of information between an identity management system and a resource.

Figure 3 provides a flowchart diagram showing various method steps in the reconciliation of an information cycle in an identity management system.

DETAILED DESCRIPTION OF THE PREFFERED EMBODIMENT

There will be described a method and system for reconciliation of information cycles in an Enterprise Information System.

In the following, the term Enterprise Information System (EIS) will be used to refer to a computer system(s) that typically deals with large volumes of data and is/are capable of supporting a large enterprise.

It should be noted that the present embodiment is described with reference to a specific EIS tool i.e. an identity management system. However, it is to be understood that other EIS tools, such as, but not limited to, an accounting management system, a production scheduling system, customer information tracking system, a bank account maintenance system, an HR management system, a- payroll system, an infrastructure management system etc. can be also employed, for implementing the below described method and system for reconciliation of information cycles. Referring to Figure 1, there is shown a schematic layout of a portion of an enterprise information system 100 including an identity management system 190, a connector bus 160 and various back-end data stores or other resources 172, 174, 176, 178 and 180.

The identity management system 190 may be implemented on a standalone computer system or a network computer connected to a computer network and is accessible to a user via a graphical user interface (GUI) 150. The identity management system 190 includes the following components:

1. Data repository components 102

Directory services 112 and meta-directories 114 deal with the representation, storage and management of identity and profiling information and provide standard APIs and protocols for their access. Data repositories are often implemented as an LDAP accessible directory, meta- directory or virtual directory 116, or a database 118. Policy information governing access to and use of information in the repository is stored here as well.

2. Security components 104

a) Authentication Providers 120: The authentication provider, sometimes referred to as the identity provider, is responsible for performing primary authentication of an individual, linking them , to a given identity. The authentication provider produces an authenticator — a token which allows other components to recognize that primary authentication has been performed. Primary authentication techniques include mechanisms such as password verification, proximity token verification, smartcard verification, biometric scans, or even X.509 PKI certificate verification. Each identity may be associated with more than one authentication provider. The mechanisms employed by each provider may be of different strengths and some application contexts may require a minimum strength to accept the claim to a given identity.

b) Authorization Providers 122: An authorization provider enforces access control when an entity accesses an IT resource. Authorization providers allow applications to make authorization and other policy decisions based on privilege and policy information stored in the repository.

c) Auditing Providers 124: Secure auditing provides the mechanism to track how information in the repository is created, modified and used. This is an enabler for forensic analysis, which is used to determine how and by whom policy controls were circumvented. 3. Lifecycle components 106

a) Provisioning 126: Provisioning tools allow creation of identities, along with their credentials and entitlements, to an identity management system.

b) Longevity 128: Longevity tools create the historical record of an identity. These tools allow the examination of the evolution of an identity over time.

4. Consumable value components 108

a) Single Sign-On (SSO) 130: Single sign-on allows a user to perform primary authentication once and then access the set of applications and systems that are part of the identity management environment.

b) Personalization 132: Personalization and preference management tools allow application- specific, as well as generic information, to be associated with an identity. These tools allow applications to tailor the user experience for a given individual, leading to a streamlined interface for the user and the ability to target information dissemination for a business.

c) Self Service 134: Enables users to self-register for access to business services and manage profile information without administrator intervention. It also allows users to perform authentication credential management: assigning and resetting passwords, requesting X.509 certificates, etc. Self service reduces IT operation costs, improves customer service, and improves information consistency and accuracy.

5. Management components 110

a) User Management 136: Provides IT administrators with a centralized infrastructure for managing user profile and preference information. User management enables organizations to decrease overall IT costs by providing user self-service capabilities and also enhance the value of their existing IT investments through directory optimization and profile synchronization capabilities.

b) Access Control Management 138: Provides IT administrators with a centralized infrastructure for managing user authentication and authorization. The access control management service increases security, reduces complexity and overall IT costs by automating access policies for employees, customers, and partners. c) Privacy Management 140: Assures privacy and data protection policies (as defined in company, industry or governmental regulations) are respected in identity management solutions.

d) Federation Management 142: Enables the establishment of trusted relationships between distributed identity providers.

Such as identity management system is a tool for managing identities in an organization. Since the initial information that is collected and distributed about a person in an organization may undergo modification during the course of their association, maintaining and managing identity information of a person becomes a process that requires carrying out appropriate changes within an identity management system as when there is a change in the relationship. Accordingly, it will be appreciated that the components described above are for the purpose of illustration only and the actual components may vary depending on the needs and policies of an organization. It will be further appreciated that any suitable identity management system (such as HP OpenView Select Identity) may be deployed in the enterprise information system 190.

Connectors are architectural elements that represent or implement interactions among components and rules that govern those interactions. These interactions can be simple interaction mechanisms such as a procedure call and also complex interactions such as client- server protocols, security protocols and database access protocols. In the present embodiment, connector bus 160 acts as an intermediary between the identity management system and various resources 172, 174, 176, 178 and 180. The connectors 160 could be one-way connectors or two- way connectors, and the connector architecture may, for instance, be based on the technologies defined by Java 2 Platform, Enterprise Edition (J2EE). Further, the connector 160 is a logical entity, and may consist of a combination of physical components situated on multiple systems. For instance, a part of the connector may be resident on a J2EE server, and another part of the connector may be an agent component residing on an EIS system, such as, the enterprise information system 100. Furthermore, the connector 160 may use different protocols for forward and reverse provisioning of information, depending on the support provided by the enterprise information system 100.

Resources 172, 174, 176, 178 and 180 are information repositories that typically include applications 172, directory 176, and databases 174 that store identity information. For example, the applications may include an email application 178, business applications 172, HR applications 180, functional applications, and so on. The databases could be, for instance, an LDAP based directory, Active Directory, RDBMS, file system, ACE Server database or certificate store. It would be appreciated that the examples mentioned here are for the purpose of illustration only, and the actual resources employed may vary depending on the requirements of an enterprise.

From Figure 1 , it can be seen that the identity management system 190 communicates with the resources 172, 174, 176, 178 and 180, through the connector bus 160. All requests between the identity management system 190 and the resources 172, 174, 176, 178 and 180 use a suitable protocol such as, but not limited to, the Hypertext Transfer Protocol (HTTP), for communication. It should be noted that the identity management system 190 may or may not be in close proximity with the resources 172, 174, 176, 178 and 180. For instance, both the identity management system 190 and the resources 172, 174, 176, 178, 180 may be present on a single computer system or distributed over multiple computer systems. Further, the identity management system 190 may be located at one geographical location (say, London), and the resources 172, 174, 176, 178, 180, may be located at other geographical locations (such as, Alabama, Paris, Amsterdam, Istanbul etc.).

The components (identity management system 190, resources 172, 174, 176, 178, 180, and connector bus 160) of the enterprise information system 100 may be connected together, for instance, through a suitable network environment such as, but not limited to, a local area network (LAN), a wide area network (WAN), a metropolitan area network (MAN), a wireless local area network (WLAN) and the Internet.

Figure 2 depicts a block diagram illustrating forward and reverse provisioning of information between an identity management system 202 and a resource 206 through a connector 204.

The identity management system 202 provisions user transaction information onto the target resource 206 through the connector 204. To provide an example, if the target resource 206 is an email messaging system then, say for a new employee, the identity management system 202 would provision new employee information onto the email system, i.e. target resource 206, to set up an email account for the new employee. The connector 204 has a mechanism for reconciling local changes made on the resource 206 back to the identity management system 202. By way of elaboration, reconciliation is a process by which an identity management system polices the resources under its management. For instance, if the identity management system detects any accounts or changes to user access privileges affected outside of the management's control, it can, for instance, immediately take corrective action, such as undo the change or notify an administrator. The reconciliation mechanism also may help in detection and mapping of existing accounts in target resources.

Any user information that is provisioned to the resource 206 from the identity management system 202 (forward provisioning) may also be picked up by the reconciliation mechanism and sent back to the identity management system 202 (reverse provisioning) for reconciliation.

Further, sending provisioning requests from the identity management system 202 to the resource 206 and receiving reconciliation requests from the resource 206 may take place on separate data paths. That is, provisioning requests from an enterprise information system tool to a resource may be send on a first data path and reconciliation requests from the resource may be received on a second data path.

The method steps 300 in the reconciliation of an information cycle in an enterprise information system will now be described with reference to Figure 3.

In the following it is assumed that the users of the identity management system 202 create one o c r more specific user accounts with a fixed set of privileges within each resource and use this or these particular user accounts for all the forward provisioning operations performed by the identity management system.

As will be described below, the forward provisioning of information on any resource will therefore involve at least one unique identifier identifying the user who sourced the request. The unique identifier could be, for instance, but not limited to, the usemame of the user as whom the provisioning was done, employee ID of the user, social security number of the user etc. General identifiers, for instance, process IDs or machine GUIDs (Global Unique Identifiers) may also be used as unique identifiers. It is assumed that all resources log the activity of forward provisioning, along with the identifiers. As a result, these identifiers can be used to act as differentiators between a forward provisioning request and a reverse provisioning request, and may serve to reconcile an information cycle.

At step 302, an enterprise information system tool (such as an identity management system) creates at least one user for a resource. In other words, at least one user is created for at least one resource. In case there are multiple users for a resource, a local (i.e. within the enterprise information system tool and/or the resource) list of users is created for that resource. In case there are multiple users for multiple resources, separate lists of users are created for each of the resources.

Each user created for a resource is provided with a unique user identifier.

At step 304, the enterprise information system tool sends a provisioning request to a resource with the request carrying with it a unique user identifier of the user who sourced the request. The provisioning request is thereby tagged with the unique identifier.

At step 306, the resource receives the provisioning request and logs it with the unique user identifier.

At step 308, the resource sends a reconciliation request to the connector.

At step 310, upon receiving the reconciliation request, the connector checks the request for presence of the unique identifier of the user who sourced the request. A reconciliation request that does not include an identifier is blocked by the connector.

At step 312, the unique identifier of the user who sourced the request is compared with the unique identifier of the at least one user for the resource. In other words, the connector compares the request with the local list of users created for the resource.

At step 314, if the unique identifier of the user who sourced the request is found to be the unique user identifier of the at least one user for the resource (i.e. if the user who sourced the request is found to be present in the local list of users for the resource), the reconciliation request is ignored 316. If the unique identifier of the user who sourced the request is not found to be the unique user identifier of the at least one user for the resource (i.e. the user who sourced the request is not found in the local list), the request is assumed to have been generated by another user on the resource, and the request is sent to the enterprise information system tool for reconciliation 318.

It would be appreciated that the above described approach to reconciling information in an enterprise information system can provide the following advantages: a) Design simplicity: The mechanism described can remove the complexity of having both the forward and reverse provisioning go through a single agent or component, thereby simplifying the design of the overall enterprise information system. The overheads and design considerations used in the forward provisioning component do not affect the design of the reverse provisioning component, as they can function independently. Also, costly synchronization operations between the forward and reverse provisioning requests may be avoided due to a non-coupled design.

b) Decoupling of the forward and reverse functionality: The mechanism allows information flow in the forward and reverse direction to take different paths. This may be desirable in many instances, where the resource behavior does not warrant the use of the same information path in both directions.

c) Processing Time and memory requirements: The mechanism allows quicker differentiation between a cyclic reconciliation request and a normal request, as the comparison is between a single credential (unique identifier) against a locally held list, which may be relatively static. If details of each forward request were to be stored for the purposes of reconciliation with each reverse request, there would necessarily be a large local cache in the component that handles the forward provisioning and reverse provisioning traffic and a cache lookup needed. The mechanism described may eliminate the need to cache snapshots of all forward requests until the corresponding reverse requests arrive.

It will be appreciated that the embodiments within the scope of the present invention may be implemented in the form of a computer program product including computer-executable instructions, such as program code, which may be run on any suitable computing environment in conjunction with a suitable operating system, such as, Microsoft Windows, Linux or UNIX operating system. Embodiments within the scope of the present invention may also include program products comprising computer-readable media for carrying or having computer- executable instructions or data structures stored thereon. Such computer-readable media can be any available media that can be accessed by a general purpose or special purpose computer. By way of example, such computer-readable media can comprise RAM, ROM, EPROM, EEPROM, CD-ROM, magnetic disk storage or other storage devices, or any other medium which can be used to carry or store desired program code in the form of computer-executable instructions and which can be accessed by a general purpose or special purpose computer.

The present invention in some embodiments may be operated in a networked environment such as, but not limited to, a local area network (LAN), a wide area network (WAN) etc. Further, an exemplary system for implementing the overall system or portions of the invention might include a general purpose computing device in the form of a conventional computer, including a processing unit, a system memory, and a system bus that couples various system components including the system memory (RAM and ROM) to the processing unit. The computer may also include a removable magnetic disk and an optical disk drive.

It should be noted that the above-described embodiment of the present invention is for the purpose of illustration only. Although the invention has been described in conjunction with a specific embodiment thereof, those skilled in the art will appreciate that numerous modifications are possible without materially departing from the teachings and advantages of the subject matter described herein. Other substitutions, modifications and changes may be made without departing from the spirit of the present invention.

Claims

Claims:
1. A computer-implemented method for reconciliation of an information cycle in an enterprise information system comprising an enterprise information system tool and at least one resource, the method comprising:
creating for the enterprise information system tool at least one user for provisioning the at least one resource, wherein the at least one user has an identifier for inclusion in provisioning requests sent to the resource by the enterprise information system tool;
checking reconciliation requests received from the resource for presence of the identifier; and
sending the request to the enterprise information system tool for reconciliation according to the presence of the identifier in the reconciliation request.
2. The method of claim 1 , wherein the enterprise information system tool is an identity management system.
3. The method of claim 1 , wherein the identifier of the at least one user created for the at least one resource is from the set comprising of username, employee ID, social security number, process ID or machine GUID .
4. The method of claim 1 , wherein the checking step is carried out in a connector.
5. The method of claim 4 wherein the reconciliation requests not including the identifier are blocked by the connector.
6. The method of claim 4 wherein the checking step comprises the connector consulting a list of user identifiers.
7. The method of claim 1 further comprising sending provisioning requests from the enterprise information system tool to the resource on a first data path and receiving reconciliation requests from the resource on a second data path.
8. The method of claim 4 wherein the provisioning requests sent from the enterprise information system tool to the resource are not processed by the connector.
9. The method of claim 1 wherein the at least one user is reserved for use by the enterprise information system tool.
10. The method of claim 1, wherein the at least one resource is from the set comprising of application, directory or database.
11. A computer program product for reconciliation of an information cycle in an enterprise information system comprising an enterprise information system tool and at least one resource, the product comprising:
code for creating for the enterprise information system tool at least one user for provisioning the at least one resource, wherein the at least one user has an identifier for inclusion in provisioning requests sent to the resource by the enterprise information system tool;
code for checking reconciliation requests received from the resource for presence of the identifier; and
code for sending the request to the enterprise information system tool for reconciliation according to the presence of the identifier in the reconciliation request.
12. The computer program product of claim 11 , further comprising code for sending provisioning requests from the enterprise information system tool to the resource on a first data path and receiving reconciliation requests from the resource on a second data path.
13. The computer program product of claim 11 , wherein the enterprise information system tool is an identity management system.
14. A computer system for reconciliation of an information cycle in an enterprise information system comprising an enterprise information system tool, and at least one resource, the system comprising:
means for creating for the enterprise information system tool at least one user for provisioning the at least one resource, wherein the at least one user has an identifier for inclusion in provisioning requests sent to the resource by the enterprise information system tool; means for checking reconciliation requests received from the resource for presence of the identifier; and
means for sending the request to the enterprise information system tool for reconciliation according to the presence of the identifier in the reconciliation request.
15. The computer system of claim 14, further comprising means for sending provisioning requests from the enterprise information system tool to the resource on a first data path and receiving reconciliation requests from the resource on a second data path.
PCT/IN2006/000492 2006-12-13 2006-12-13 Method and system for reconciliation of information cycles in an enterprise information system WO2008072250A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/IN2006/000492 WO2008072250A1 (en) 2006-12-13 2006-12-13 Method and system for reconciliation of information cycles in an enterprise information system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IN2006/000492 WO2008072250A1 (en) 2006-12-13 2006-12-13 Method and system for reconciliation of information cycles in an enterprise information system

Publications (1)

Publication Number Publication Date
WO2008072250A1 true WO2008072250A1 (en) 2008-06-19

Family

ID=38222593

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IN2006/000492 WO2008072250A1 (en) 2006-12-13 2006-12-13 Method and system for reconciliation of information cycles in an enterprise information system

Country Status (1)

Country Link
WO (1) WO2008072250A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8627405B2 (en) * 2012-02-06 2014-01-07 International Business Machines Corporation Policy and compliance management for user provisioning systems

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004017591A2 (en) * 2002-08-16 2004-02-26 Research In Motion Limited System and method for triggering a provisioning event
US20050289356A1 (en) * 2004-06-29 2005-12-29 Idan Shoham Process for automated and self-service reconciliation of different loging IDs between networked computer systems

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004017591A2 (en) * 2002-08-16 2004-02-26 Research In Motion Limited System and method for triggering a provisioning event
US20050289356A1 (en) * 2004-06-29 2005-12-29 Idan Shoham Process for automated and self-service reconciliation of different loging IDs between networked computer systems

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
DERICK CASSIDY: "Oracle - Identity As A Service - Reconciliation", INTERNET ARTICLE, 8 November 2006 (2006-11-08), pages 1 - 2, XP002442498, Retrieved from the Internet <URL:http://blogs.oracle.com/IdentityAsaService/newsItems/viewFullItem$33> [retrieved on 20070712] *
IBM CORPORATION: "Tivoli Identity Manager Express documentation (revised June 2006)", INTERNET ARTICLE, June 2006 (2006-06-01), Internet, pages 1 - 4, XP002442497, Retrieved from the Internet <URL:http://publib.boulder.ibm.com/infocenter/tivihelp/v5r1/index.jsp?topic=/com.ibm.itim.infocenter.doc/imx460_ins_ws_express02.htm> [retrieved on 20070713] *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8627405B2 (en) * 2012-02-06 2014-01-07 International Business Machines Corporation Policy and compliance management for user provisioning systems
US8631459B2 (en) * 2012-02-06 2014-01-14 International Business Machines Corporation Policy and compliance management for user provisioning systems

Similar Documents

Publication Publication Date Title
US10038726B2 (en) Data sensitivity based authentication and authorization
US20180039770A1 (en) Multi-Factor Profile and Security Fingerprint Analysis
US20150334127A1 (en) Providing security services within a cloud computing environment
USRE46916E1 (en) System and method for secure management of mobile user access to enterprise network resources
US9477832B2 (en) Digital identity management
US9049195B2 (en) Cross-domain security for data vault
US8590052B2 (en) Enabling granular discretionary access control for data stored in a cloud computing environment
US10104053B2 (en) System and method for providing annotated service blueprints in an intelligent workload management system
US9529993B2 (en) Policy-driven approach to managing privileged/shared identity in an enterprise
US9130920B2 (en) Monitoring of authorization-exceeding activity in distributed networks
US20170019408A1 (en) Authorization policy objects sharable across applications, persistence model, and application-level decision-combining algorithm
US8458230B2 (en) System and method for flexible security access management in an enterprise
US8798579B2 (en) System and method for secure management of mobile user access to network resources
JP2014132462A (en) Extensible and programmable multi-tenant service architecture
US9838429B1 (en) Dynamic access policies
CA2803839C (en) Online service access controls using scale out directory features
RU2691211C2 (en) Technologies for providing network security through dynamically allocated accounts
US9571479B1 (en) Role-based access control using dynamically shared cloud accounts
US8904549B2 (en) Server system, control method, and storage medium for securely executing access to data of a tenant
US8726342B1 (en) Keystore access control system
US7844625B2 (en) Managing secured resources in web resources that are accessed by multiple portals
US7318237B2 (en) System and method for maintaining security in a distributed computer network
US7210037B2 (en) Method and apparatus for delegating digital signatures to a signature server
US5534855A (en) Method and system for certificate based alias detection
US7941829B2 (en) Near real-time multi-party task authorization access control

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 06842770

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06842770

Country of ref document: EP

Kind code of ref document: A1