Nothing Special   »   [go: up one dir, main page]

TW464812B - Query interface to policy server - Google Patents

Query interface to policy server Download PDF

Info

Publication number
TW464812B
TW464812B TW89112284A TW89112284A TW464812B TW 464812 B TW464812 B TW 464812B TW 89112284 A TW89112284 A TW 89112284A TW 89112284 A TW89112284 A TW 89112284A TW 464812 B TW464812 B TW 464812B
Authority
TW
Taiwan
Prior art keywords
access
information
user
decision
server
Prior art date
Application number
TW89112284A
Other languages
Chinese (zh)
Inventor
Clifford Lee Hannel
Anthony Allan May
Original Assignee
Internet Dynamics Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Internet Dynamics Inc filed Critical Internet Dynamics Inc
Application granted granted Critical
Publication of TW464812B publication Critical patent/TW464812B/en

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

A scalable access filter that is used together with others like it in a virtual private network to control access by users at clients in the network to information resources provided by servers in the network. Each access filter use a local copy of an access control data base to determine whether an access request made by a user. Changes made by administrators in the local copies are propagated to all of the other local copies. Each user belongs to one or more user groups and each information resource belongs to one or more information sets. Access is permitted or denied according to of access policies which define access in terms of the user groups and information sets. The rights of administrators are similarly determined by administrative policies. Access is further permitted only if the trust levels of a mode of identification of the user and of the path in the network by which the access is made are sufficient for the sensitivity level of the information resource. If necessary, the access filter automatically encrypts the request with an encryption method whose trust level is sufficient. The first access filter in the path performs the access check and encrypts and authenticates the request; the other access filters in the path do not repeat the access check. A policy server component of the access filter has been separated from the access filter and the policies have been generalized to permit administrators of the policy server to define new types of actions and new types of entities for which policies can be made as well as time intervals during which the policies are in force and entity attributes that specify how the entity is to be used when access is granted to it. The interface used by applications to determine whether a user has access to an entity is now an SQL query. There is no table in the policy server to which the query applies; instead, the policy server assembles the information needed for the response to the query from various information sources, including sources external to the policy server. Policy server administrators can define methods of acquiring and using the information. The policy server uses the acquired information to authenticate a user or to determine a user's membership in a user group or can simply pass the information on to the application program.

Description

464812 A7464812 A7

五、發明說明(1 ) 經濟部智慧財產局員工消費合作社印製 對相關專利申請案的對照參考 本專利申請案請求1999年6月22曰提出的美國暫時中請案 第60/140,417號’漢尼爾等人的使用一標準資料庫系統介 面檢查對一資源的存取之優先權。本專利申請案還是 年6月28曰提出、且具有一 1998年6月29曰的優先權日之μ PCT/US99/1485號漢尼爾等人的標準化策略词服器之—、 繼部份,並包含那個專利申請案的整個詳細說明和圖气 在本專利申請案中的新資料,由題爲標準化的策略词L器 中的改良開始,並包括新的圖式38- 54。 發明背景 1.發明領域 本發明大體上與用來回應查詢的系統有關,且特別是與 作爲控制對資料的存取之系統的元件之此種系統有關。 2 ·有關技藝之描述 網際網路(Internet)已革新了資料通信。已經藉由提供諸 多通信協定(protocols)和定址方案來達成,不論:電腦系 統的實體硬體(physical hardware),被連接到的實體網路種 類’或者被用來將資訊從一個電腦系統發送到另一個電腦 系統的諸多實體網路種類如何,該方案使得世界上任何地 方的任何電腦系統和世界上任何地方的任何其它電腦手统 交換資eil成爲可此。使得兩個電腦系統交換資訊的一切要 求是:每個電腦系統都要有一個網際網路位址及針對通信 協定所需的軟體;並且’藉由許多實體網路的某種組合, 兩個機器之間會有一條路由(route),它可能用來載送根據 -4 - 本紙張尺度適用中關家標準(CNS)A4規格(210 X 297公楚) (請先閱讀背面之注意事項再填寫本頁) 裝--------訂i U ^^1 ^^1 n J I. 464812 A7 -- ~—___B7___ 五、發明說明(2 ) 通信協定而構築的訊息。 {請先閲讀背面之注意事項再填寫本頁) 然而’電腦系統可能經由網際網路來交換訊息之如此容 易已經造成諸多問題。在一方面,它已經使存取資訊變得 則所未有之容易和低廉:在另一方面,它已經使它更難保 遵資sil。網際網路在兩方面已經使它較難保護資訊: •較難限制存取操作。假如可能經由網際網路來存取資 訊’就有可能隨著存取網際網路資訊而存取任何人的 資訊。—旦有經由網際網路而存取資訊,阻擋熟練入 侵者就會變成一種困難的技術問題。 •經由網際網路’在途中(en route)較難維護安全性。將 網際網路建構作爲一種分包資訊交換網路(packet switching network)。不可能預測訊息由網路將會採取 什麼路由。更不可能保證所有資訊交換(switches)的安 全性,或保證包括那些載明其來源或目標的訊息部 份:在途中都未曾被讀取或改變。 經濟部智慧財產局員工消費合作社印製 圖1顯示:目前用來增加可經由網際網路存取資訊之網 路安全性的技術。圖1顯示:網路1〇1,它由兩個分離内部 網路103(A)和103(B)組成,該内部網路皆由網際網路1丨j所 連接。雖然兩個網路103(A)和103(B)—般説來都不可存取 資訊,但是從某種意義説來,它們都是網際網路的一部 份;在這些網路中的電腦系統都有網際網路位址,並且都 會使用網際網路通信協定來交換資訊。兩個這樣的電腦系 統出現在圖1中,就像在網路103(A)中的請求者(requestor) 105以及在網路103(b)中的伺服器11 3那樣。請求者1 〇5正在 本紙張尺度適用中國國家標準(CNS)A4規格〈210 X 297公釐) 經濟部智慧財產局員工消費合作社印製 4 6 4 8 12 A7 B7 五、發明說明(3 ) 請求存取能夠由伺服器113提供的資料。附接到伺服器i 13 的是一種大量儲存裝置115,該裝置包含正由請求者1〇5請 求的資料117。當然,對於其它資料而言,伺服器113可能 是請求者,而請求者105則可能是伺服器。而且,在目前 上下文中,存取操作被認爲是:能夠讀取或改變儲存在伺 服器113上之資料或者能夠改變伺服器113之狀態的任何操 作。在提出請求方面,請求者105正在使用諸多標準 TCP/IP(傳輸控制通信協定/網際網路通信協定)協定中的— 種協定。如此處所使用的,通信協定是能夠被用來交換諸 多電腦系統之間的資訊之一訊息集的一種描述。 將根據一種通信協定而正在通信的諸多電腦系統之間所 發送的一些實際訊息集體稱爲:對話(session)。在對話期 間’請求者105根據通信協定將訊息發送到伺服器i 13的網 際網路位址,而伺服器113則根據通信協定將訊息發送到 請求者105的網際網路位址。請求及回應兩者將會藉由網 際網路111而在兩個内部網路1〇3(~和1〇3(”之間運行。若 伺服器113允許請求者1〇5存取資料,則在對話中從伺服器 Π3流到請求者1〇5的一些訊息將包括被請求資料〗17。將 必要時藉由網際網路而回應訊息之伺服器丨丨3的諸多多敕 體组件稱爲:服務(service)。 若兩個内部網路103( A和B)之擁有者想要確信:只有直 接連接到網路103(A和B)之諸電腦系統的使用者才能夠存 取資料117,以及請求及回應之内容在那些網路之外皆不 爲人所知;則該擁有者必須解決兩項問題;確信伺服器 -6 - 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公 (請先閱讀背面之注意事項再填寫本頁) ---- 丨訂---------織 464812 經濟部智慧財產局員工消費合作社印製 A7 B7 五、發明說明(4 ) 113並不會回應來自與連接到内部網路之那些電腦系統不 同的電腦系統之請求;以及確信:雖然都是經由網際網路 111轉接中(in transit),可是存取網際網路i丨丨資訊的人都 無法存取或修改請求及回應。有可能達成這些目標的兩種 技術爲:防火牆(firewalls)及使用加密的鑿隧道操作 (tunneling) 0 概念上’防火踏是内邵網路與其餘的網際網路I之間的 一道障壁(barrier)。防止牆出現在1〇9(A)和(…處。防火牆 109(A)保護内部網路ι〇3(Α) &gt;而防火牆ι〇9(Β)則保護内部 網路103(B)。藉由一種在電腦系統中運作的通路(gate way) 來建構防火牆,該電腦系統被安裝在内部網路被連接到網 際網路的地方。包括在通路中的是一種存取過濾器·•它是 電腦系統中的一套軟體和硬體组件,會針對儲存在内部網 路之内的資訊而核對來自内部網路之外的所有請求;並 且,若它來自有權存取資訊的來源,則只會將請求發送在 内邵網路上。在其它方面,它會捨棄該請求。兩個這樣的 存取過濾器:存取過濾器107(A)存取過濾器i〇7(B)則出現 在圖1中。 若能夠肯定答覆兩個問題,則來源有權存取被請求資 訊: • 來源實際上就是亨有權利人或物嗎? • 來源有權存取資料嗎? 將找到第一問題之答案的過程稱爲:鑑定。藉著將資訊 提供到識別使用者的防火牆,使用者親自對防火牆加以鑑 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) (請先閱讀背面之注意事項再填寫本頁) --------訂--------.^ 46 48 12 A7V. Description of the invention (1) Cross reference to related patent applications printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs. Neil et al. Use a standard database system interface to check the priority of access to a resource. This patent application is also a standardized tactical server of the PCT / US99 / 1485 Hanil et al., Which was filed on June 28, 1998, and has a priority date on June 29, 1998. , And contains the entire detailed description of that patent application and the new information of the figure in this patent application, starting with the improvement in the standardization of the strategic word L, and including new schemes 38-54. BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates generally to systems used to respond to queries, and more particularly to such systems as components of a system that controls access to data. 2 · Description of technology The Internet has revolutionized data communications. This has been achieved by providing many protocols and addressing schemes, regardless of the physical hardware of the computer system, the type of physical network to which it is connected, or used to send information from a computer system to What is the type of many physical networks of another computer system? This solution makes it possible for any computer system anywhere in the world and any other computer system to exchange funds. All requirements for two computer systems to exchange information are: each computer system must have an Internet address and software required for the communication protocol; and 'through some combination of many physical networks, two machines There will be a route between them, which may be used to carry -4-This paper size applies the Zhongguanjia Standard (CNS) A4 specification (210 X 297). (Please read the notes on the back before filling (This page) Install -------- order i U ^^ 1 ^^ 1 n J I. 464812 A7-~ ——___ B7___ V. Description of the invention (2) Message constructed by communication protocol. {Please read the notes on the back before filling out this page.) However, the ease with which computer systems may exchange information via the Internet has caused many problems. On the one hand, it has made accessing information easier and cheaper than ever: on the other hand, it has made it more difficult to guarantee compliance sil. The Internet has made it more difficult to protect information in two ways: • It is more difficult to restrict access. If it is possible to access the information via the Internet ', it is possible to access anyone's information as the Internet information is accessed. -Once information is accessed via the Internet, blocking skilled intruders becomes a difficult technical problem. • It is difficult to maintain security en route via the Internet. The Internet is constructed as a packet switching network. It is impossible to predict what route the message will take through the network. It is even more impossible to guarantee the security of all information exchanges, or to include those parts of the message that specify their source or destination: they have not been read or changed along the way. Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs Figure 1 shows the current technology used to increase the security of networks that can access information via the Internet. Figure 1 shows: Network 101, which consists of two separate internal networks 103 (A) and 103 (B), both of which are connected by Internet 1j. Although the two networks 103 (A) and 103 (B) are generally inaccessible, in a sense, they are both part of the Internet; computers on these networks Systems have Internet addresses, and they all use Internet protocols to exchange information. Two such computer systems appear in Figure 1, like the requestor 105 on the network 103 (A) and the server 113 on the network 103 (b). Requester 105 is applying the Chinese National Standard (CNS) A4 specification <210 X 297 mm at this paper scale. Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economy 4 6 4 8 12 A7 B7 V. Description of Invention (3) Request Data that can be provided by the server 113 is accessed. Attached to server i 13 is a mass storage device 115 which contains data 117 being requested by requester 105. Of course, for other materials, the server 113 may be the requester and the requester 105 may be the server. Moreover, in the current context, an access operation is considered to be any operation capable of reading or changing the data stored on the server 113 or changing the state of the server 113. In making requests, the requester 105 is using one of many standard TCP / IP (Transmission Control Communication Protocol / Internet Communication Protocol) protocols. As used herein, a communication protocol is a description of a message set that can be used to exchange information between computer systems. Some actual messages sent between computer systems that are communicating according to a communication protocol are collectively referred to as sessions. During the conversation ', the requester 105 sends a message to the Internet address of the server i 13 according to the communication protocol, and the server 113 sends the message to the Internet address of the requester 105 according to the communication protocol. Both the request and the response will run between the two intranets 103 (~ and 103) via the Internet 111. If the server 113 allows the requester 105 to access the data, then Some messages that flow from the server Π3 to the requester 105 during the conversation will include the requested data. 17. The many multi-component components of the server that responds to messages through the Internet when necessary 丨 3 are called : Service. If the owners of the two internal networks 103 (A and B) want to be sure: Only users of computer systems directly connected to network 103 (A and B) can access the data. 117 , And the contents of the request and response are not known outside those networks; then the owner must resolve two issues; be sure that the server-6-this paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 (Please read the precautions on the back before filling this page) ---- 丨 Order -------- Weaving 464812 Printed by the Consumers ’Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 B7 4) 113 does not respond to requests from computer systems other than those connected to the intranet And convinced that although it is in transit through the Internet 111, anyone who accesses the Internet i 丨 丨 information cannot access or modify the request and response. There are two possible ways to achieve these goals The technology is: firewalls and tunneling using encryption. 0 Conceptually, the 'fire step' is a barrier between the internal network and the rest of the Internet I. Prevent the wall from appearing at 10 9 (A) and (...) The firewall 109 (A) protects the internal network ι03 (Α) &gt; and the firewall ι09 (B) protects the internal network 103 (B). Gate way to build a firewall, the computer system is installed where the internal network is connected to the Internet. Included in the gate is an access filter. It is a type of computer system The software and hardware components check all requests from outside the intranet for information stored on the intranet; and if it comes from a source that has access to the information, it will only send the request to On the internet, in other aspects, The request is discarded. Two such access filters: access filter 107 (A) and access filter i07 (B) appear in Figure 1. If you can answer both questions positively, the source is The right to access the requested information: • Is the source actually the rightful person or thing? • Does the source have access to the data? The process of finding the answer to the first question is called: identification. By providing information to identification The user's firewall. The user personally authenticates the firewall. The paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) (Please read the precautions on the back before filling this page) ------ --Order --------. ^ 46 48 12 A7

五、發明說明(s ) 經濟部智慧財產局員工消費合作杜印製 足。在這種資訊中有下列幾項。 •由—種爲使用者所有的鑑定令牌(authentication token) (有時候稱爲智慧卡(s_eard))所提供的資訊; •使用者機器的作業系统識別;以及 使用者機器的I P位址和網際網路網域名稱(d〇main name) ° a防火牆用於鑑定的資訊可能是在頻帶内(in band),那就 疋它是通信協定的一部份;或者,它可能是在頻帶外 (out 〇f band),那就是:它是由一分離通信協定所提供。 像從上述識別資訊列表中顯而易見的那樣,防火牆能夠 k賴識別資訊以鑑定使用者達到的程度,端梘識別資訊的 種類而定。譬如説,在—分包資訊中的丨p位址就能夠由能 夠截取分包資訊的任何人所改變;因此,防火牆能夠對它 賦予少許的信賴’故而將藉由丨p位址來鑑定稱爲具有一種 很低的信賴等級。在另一方面,當識別資訊來自一種令牌 時,防火牆就能夠給予該識別資訊一種更高的信賴等級, 此乃因爲:唯若令牌已經爲別人所有,則它應該不會識別 使用者。通常’就一項關於鑑定的討論而言,請參看由貝 遙((S. Bellovin)和柴斯維克(W. Cheswick)合著:”防火踏 與網際網路安全性”一書,該書由阿狄生•韋斯理 Wesley)圖書公司印行,美國麻州,1994年版。 在現代存取過濾器中,在兩個層級處來核對存取操作: 網際網路分包資訊或簡稱I P層級,以及應用層級。就從工p 層級開始,用於網際網路中的訊息都以分包方式載送,稱 -8- 本紙張尺度適用中國國家標準(CNS)A4現格(210 X 297公釐) -----------♦裝--------訂---------&quot;3Γ &lt;請先閱讀背面之注意事項再填寫本頁) 經濟部智慧財產局員工消費合作社印製 A7 B7 五、發明說明(6 ) 之爲資料級(datagram)。每一個這樣的分包都有一個標題 (header),它包含指示著分包之來源和目標的資訊。來源 和目標各自依據IP位址和痒號(port number)來表示。i車號 是用來將電腦内多重業務流(streams of traffic)各個加以分 別的一個從1到65535的數字。將針對一些爲人所熟知的網 際網路通信協定(諸如:HTTP(超本文傳送協定)或FTP (檔 案傳送協定))的服務加以指定它們&quot;傾聽”(listeri t0)的諸多 爲人所熟知的埠號。存取過濾器具有指示著哪些g標可能 會接收來自哪些來源之IP分包資訊的一套規則;且若載明 於標題中的來源和目標並未遵從這些規則,則將分包資訊 捨棄°譬如説,該規則可能容許或不容許所有從一部電腦 到另一部電腦的存取操作;或者,根據丨P分包資訊之來源 而限制存取一項特定服務(由埠號所載明)。然而,在〗p分 包資訊之標題中,並沒有關於正在被存取之個別資訊片段 的資訊,而關於使用者的唯一資訊則是來源資訊。於是, 存取核對是無法在I P層級處完成的,而必須換成是在資訊 協定層級處完成的,該存取核對涉及:不是鑑定不可能使 用來源資訊之使用者,就是決定使用者是否有權存取一個 別資訊片段。 在應用層級處的存取核對通常是在防火牆中由代理伺服 器(proxies)來完成◊代理伺服器是一種存取過濾器的軟體 組件。之所以稱爲代理伺服器,是因爲:它可作爲存取過 濾器中的通信協定之替身(stand-in)用,爲了實現關於使用 者已經請求之資訊片段的使用者鑑定及/或存取核對。譬 -9 - 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) (請先閱讀背面之注意事項再填寫本頁) 裝 訂--------- 經濟部智慧財產局員工消費合作社印製 A7 B7 五、發明說明(7 ) 如説,一種常用的TCP/IP協定就是超本文傳送協定(hypertext transfer protocol , 或簡稱 HTTP) , 它被用 來將全 球資訊 網(World-Wide Web)網頁(pages)從一個電腦系統傳送到另 一個這樣的電腦系統。若需要個別網頁的存取控制,則必 須檢視協定内容,以便決定哪個特定網頁要求被請求β就 防火踏的詳細討論而言’請參看貝洛文和柴斯維克之前面 參考文獻。 雖然正確執行之存取過濾器操作能夠預防經由網際網路 U 1而未經授權就存取儲存在内部網路中的資料,可是它 無法預防經由網際網路11丨而未經授權就存取轉接中的資 料。此事藉由使用加密的鑿隧道操作加以預防。這種鑿隧 道操作運作如下:當存取過濾器丨〇7(Α)接收具有内部網路 103(B)中之目標位址的—種來自内部網路1〇3(Α)中之一電 腦系統的I Ρ分包資訊時,它會對J Ρ分包資訊,包括其標題 加以加密;進而增加一項新標題,該標題載明:將存取過 慮器107(Α)的I ρ位址當作分包資訊的來源位址,而將存取 過遽器107(B)的I ρ位址當作目標位址。新標題也可能包 含:將存取過濾器〗07(Α)識別爲已加密分包資訊之來源的 鑑定資訊;以及存取過濾器107(]5)能夠從其中決定已加密 分包資訊是否已經被干預的資訊。 因爲原始I Ρ分包資訊已經被加密;所以,當它正在通過 網際網路111時,標題和原始〗Ρ分包資訊的内容兩者都無 法被讀取’而標題或原始! ρ分包資訊的資料則也無法沒有 檢測下被修改。當存取過濾器107(B)接收IP分包資訊時, -10 - 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) —J^*-------11— 11---—-竣 ί請先閱讀背面之注意事瑣再填寫本頁&gt; 464812 經濟部智慧財產局員工消費合作社印製 A7 B7 五、發明說明(8 ) 它就使用任何識別資訊來決定分包資訊是否的確來自存取 過濾器107(A)。如果是的話,它會將由存取過濾器1〇7(a) 增加到分包資訊的標題加以去除’並決定分包資訊是否被 干預;如果不是的話,就對分包資訊加以解密(decrypt), 並執行關於原始標題的I P層級存取核對。如果標題通過的 話’存取過濾器107(B)就將分包資訊轉遞(f0rward)到載明 於原始標題中之内部網路中的〗p位址;或者轉遞到針對通 信協定層級存取控制之一代理伺服器。原始Ϊ p分包資訊被 稱爲鑿隧道通過網際網路111。在圖1中,一個這樣的隨道 112被顯示在兩個存取過濾器107(A)和107(B)之間。鑿隧道 操作之一附加優點是:它會隱藏來自只有從網際網路1 j 1 中有權存取資訊的那些人的内部網路之結構,此乃因爲只 有未加密I Ρ位址才是存取過濾器的I Ρ位址。 兩個内部網路103(A)和103(B)的擁有者也能夠使用鑿隧道 操作,連同網際網路1 11 ;因而使兩個内部網路1〇3(Α和Β) 成爲單一虛擬專用網路(VPN)119。藉由隧道〗12,在網路 103(A)和103(B)中的電腦系統能夠彼此安全地通信,並且 適用於其它電腦;好像網路103(A)和103(B)都是由一種專 用實體鏈路(physical link)而不是由網際網路111加以連接 的。的確,可能將虛擬專用網路119加以擴充,以便包括 存取網際網路111資訊的任何使用者,進而能夠執行下列 各項: • 以一種允許存取過濾器107對分包資訊加以解密的方 式,將被定址到内部網路103中之一電腦系統的網際網 -11 - 本紙張尺度適用中國國家標準(CNS)A4規格(210 x 297公髮) ---1-------A --------訂-------i*^ (請先閱讀背面之注意事項再填寫本頁) 經濟部智慧財產局員工消費合作社印製 A7 Β7 五、發明說明(9 ) 路分包資訊加以加密; •將一標題増加到被定址到存取過濾器1〇7的已加密分包 資訊;以及 • 親自對存取過濾器1〇7加以鑑定。 譬如説,一位具有連接到網際網路u丨之一可攜式電腦並 具有必要的加密和鑑定能力的雇員能夠使用虛擬專用網 路,以便士全地檢索(retrieve)來自諸多内部網路其中之一 網路中之一電腦系統的資料。 一旦諸多内部網路開始使用網際網路定址操作和網際網 路通信協定,並且被連接進入虚擬專用網路中;針對網際 ...罔路已氬發展出的一些瀏覽器(br〇wsers)也能夠使用在内部 網路103中;並且從使用者的觀點看來,在網際網路丨u中 存取資料與在内部網路丨〇3中存取資料之間並沒有差別。 於是,内部網路103已經變成—種企業内部網路(intranet), 那就是:—種具有和網際網路111相同的使用者界面的内 4 同路。當然’ 一旦屬於一實體的所有内部網路都已經被 組合成爲單一虛擬專用企業内部網路,會再度發生屬於網 際網路之特性的存取控制問題--此時,除了有關内部存取 資料之外。雖然在内部網路被連接到網際網路111的地方 的諸夕防火牆都元美地足以使局外人(outsiders)無法在内 部網路中存取資料’可是它們不能使局中人(insiders)無法 存取該資料。譬如説,可能就像公司防備其人事資料不受 其雇員影響與防備該資料不受局外人影響一樣重要。同 時’公司可能想要使有權存取網際網路111資訊的任何人 12- 本.A張K度過用中國國家標準(CNS)A4規格⑵〇 χ挪公爱) — — — — —丨1— — — —I. ---1 t 1 ί 1訂*丨丨丨丨丨丨--场 (請先閱讀背面之注意事項再填寫本頁&gt; A7 B7V. Description of invention (s) Consumption cooperation by employees of the Intellectual Property Bureau of the Ministry of Economic Affairs is sufficient. There are several items in this information. • Information provided by an authentication token (sometimes called a smart card (s_eard)) owned by the user; • identification of the operating system of the user's machine; and the IP address and Internet domain name (domain name) ° aThe information used by the firewall for authentication may be in band, then it is part of the communication protocol; or it may be out of band (out 0f band), that is: it is provided by a separate communication protocol. As is obvious from the above list of identification information, the firewall can rely on the identification information to identify the extent to which the user has reached, depending on the type of identification information. For example, the p address in the sub-contracting information can be changed by anyone who can intercept the sub-contracting information; therefore, the firewall can give a little trust to it, so the p-address will be used to identify the To have a very low level of trust. On the other hand, when the identification information comes from a token, the firewall can give the identification information a higher level of trust, because: if the token is already owned by someone else, it should not identify the user. Generally 'for a discussion on authentication, see the book "Fire Steps and Internet Security", co-authored by S. Bellovin and W. Cheswick, which Printed by Addison Wesley, Massachusetts, 1994. In modern access filters, access operations are checked at two levels: the Internet subcontracting information or IP level, and the application level. Starting from the industrial level, the messages used in the Internet are carried by subcontracting, saying -8- This paper size is applicable to the Chinese National Standard (CNS) A4 (210 X 297 mm) --- -------- ♦ Install -------- Order --------- &quot; 3Γ &lt; Please read the notes on the back before filling this page) Intellectual Property Bureau of the Ministry of Economic Affairs Printed by employees' consumer cooperatives A7 B7 V. The invention description (6) is datagram. Each such subcontract has a header, which contains information indicating the source and destination of the subcontract. The source and destination are each represented by an IP address and a port number. i car number is a number from 1 to 65535 which is used to separate the multiple streams of traffic in the computer. A number of well-known Internet communication protocols (such as: HTTP (Super Text Transfer Protocol) or FTP (File Transfer Protocol)) services will be designated &quot; listening &quot; (listeri t0) The access filter has a set of rules that indicate which sources may receive IP subcontracting information from which sources; and if the source and destination specified in the title do not follow these rules, the Packet information discarding. For example, the rule may allow or disallow all access operations from one computer to another computer; or restrict access to a specific service (by port No.). However, in the title of the subcontracting information, there is no information about the individual pieces of information being accessed, and the only information about the user is the source information. Therefore, the access check is What cannot be done at the IP level, but must be done at the information protocol level. The access check involves either identifying users who are unlikely to use the source information, or determining Whether the user has the right to access a piece of information. The access check at the application level is usually done by proxies in the firewall. A proxy server is a software component of an access filter. The reason It is called a proxy server because it can be used as a stand-in of the communication protocol in the access filter, in order to achieve user authentication and / or access check on the pieces of information that the user has requested. Example-9-This paper size applies to China National Standard (CNS) A4 (210 X 297 mm) (Please read the precautions on the back before filling this page) Binding --------- Intellectual Property of the Ministry of Economic Affairs Printed by the Consumer Cooperative of the Bureau A7 B7 V. Description of the Invention (7) For example, a commonly used TCP / IP protocol is the Hypertext Transfer Protocol (or HTTP for short), which is used to connect the World Wide Web (World Wide Web) -Wide Web) pages are transferred from one computer system to another such computer system. If access control of individual web pages is required, the content of the agreement must be reviewed in order to determine which feature The webpage request was requested β For a detailed discussion of fire pedals, 'see earlier references by Belovan and Chasewick. Although properly implemented access filter operations can prevent unauthorized access via the Internet U 1 Access to data stored on the intranet, but it cannot prevent unauthorized access to the data in transit via the Internet11. This is prevented by using encrypted tunneling operations. The tunnel operation works as follows: When the access filter 〇〇7 (Α) receives a target address in the internal network 103 (B)-an I from one of the computer systems in the internal network 103 (A) When the P subcontracts information, it encrypts the J P subcontracting information, including its title, and adds a new title, which states that the I ρ address of the access filter 107 (Α) is used as the subaddress. The source address of the packet information, and the I ρ address of the access device 107 (B) as the destination address. The new title may also include: authentication information identifying access filter 〖07 (Α) as the source of encrypted subcontracting information; and access filter 107 (] 5) from which it can determine whether the encrypted subcontracting information has been Intervened information. Because the original IP subcontracting information has been encrypted; when it is passing through the Internet 111, both the title and the content of the original IP subcontracting information cannot be read ’and the title or original! The information of ρ subcontracting information cannot be modified without detection. When the access filter 107 (B) receives the IP subcontracting information, -10-This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) —J ^ * ------- 11 — 11 ---—- End Please read the notes on the back before filling out this page> 464812 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 B7 V. Invention Description (8) It uses any identifying information It is determined whether the subcontracting information does come from the access filter 107 (A). If it does, it removes the header of the subcontracting information added by the access filter 107 (a) and determines whether the subcontracting information is intervened; if not, it decrypts the subcontracting information. , And perform an IP-level access check on the original title. If the header passes, the access filter 107 (B) forwards the subcontracting information (f0rward) to the p address in the internal network specified in the original header; or forwards it to the communication protocol-level storage Take control of one of the proxy servers. The original Ϊp subcontracting information is called tunneling through the Internet 111. In Figure 1, one such trail 112 is shown between two access filters 107 (A) and 107 (B). An additional advantage of tunneling is that it hides the structure of the internal network from those who have access to the information only from the Internet 1 j 1 because only unencrypted IP addresses are stored. Take the IP address of the filter. The owners of the two intranets 103 (A) and 103 (B) can also use tunneling operations together with the Internet 1 11; thus making the two intranets 103 (A and B) a single virtual private Internet (VPN) 119. With the tunnel 12, computer systems in networks 103 (A) and 103 (B) can communicate with each other securely and are applicable to other computers; it seems that both networks 103 (A) and 103 (B) are Dedicated physical links are not connected by the Internet 111. Indeed, it is possible to extend the virtual private network 119 to include any user who has access to the Internet 111 information, thereby enabling the following: • A way to decrypt the subcontracted information in a way that allows access to the filter 107 , Which will be addressed to one of the computer systems in the internal network 103-11-This paper size applies to the Chinese National Standard (CNS) A4 specification (210 x 297 issued) --- 1 ------- A -------- Order ------- i * ^ (Please read the notes on the back before filling out this page) Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 Β7 V. Invention Description ( 9) Encrypt road subcontracting information; • add a header to the encrypted subcontracting information addressed to the access filter 107; and • personally authenticate the access filter 107. For example, an employee who has a portable computer connected to the Internet and has the necessary encryption and authentication capabilities can use a virtual private network to retrieve the information from many internal networks. Information about a computer system on a network. Once many intranets begin to use Internet addressing operations and Internet communication protocols, and are connected to virtual private networks; some browsers (browwsers) that have been developed for the Internet ... It can be used in the internal network 103; and from the user's point of view, there is no difference between accessing data in the Internet and accessing data in the internal network. Thus, the internal network 103 has become an enterprise intranet, that is, an internal network with the same user interface as the Internet 111. Of course, once all the intranets belonging to an entity have been combined into a single virtual private enterprise intranet, access control issues that are characteristic of the Internet will occur again-at this time, except for internal access to data outer. Although the Zhuxi firewalls where the internal network is connected to the Internet 111 are all beautifully enough to prevent outsiders from accessing data in the internal network, but they cannot prevent insiders from being stored. Take that information. For example, it may be as important as a company's protection of its personnel data from its employees and its protection from outsiders. At the same time 'the company may want to make anyone who has access to the Internet 111 information 1— — — —I. --- 1 t 1 ί 1 order

464812 五、發明說明(1〇 ) 可以很容易地存取:在諸多内部網路103其中之_網路中 之一電腦系統上,它的全球資訊網網站。 —種針對由虚擬專用企業内部網路所引起諸多安全性問 題的解決方法是:使用防火牆將諸多内部網路加以細分, 以及防備内部網路不受經由網際網路而未經授權就存取資 訊的影響。現代存取過濾器107皆被設計用來防備内部網 路之周界(perimeter)不受未經授權就存取資訊的影響;並 且,一般説來’每個網際網路連接才只有—個存取過遽器 107。务打算將諸多存取過滤器使用内部網路内;則將备 有b們更多的存取過滤器’因而使用多重現代存取過滤器 10 7的虛擬專用網路並不容易規模可伸縮性,那就是:在 具有小里存取過遽器的虚擬專用網路中,諸多存取過滤器 並不是一項嚴重的負擔;而在具有大量存取過濾器的網路 中,它們則是一項負擔。在標題爲”使用在存取過濾器203 中的諸多技術之通則章節之前的本專利申請案之一部份 中所描述的存取過滤器’實際上解決了先前技藝存取過遽 器的規模可伸縮性(scalability)問題;於是,建構具有大量 存取過濾器的網路就變得更爲容易。 在關於本專利申請案之第一部份中所描述的存取過濾器 之進一步運作中,已經變得顯而易見的是,若能將技術通 用化’則執行存取過滤器203中之存取枋對所發展出的諸 多技術應該更爲有用:若它們能夠使用在與正在〗p層級或 網際網路通信協定層級處操作之存取過濾器不同的上下文 中,且若使它們能夠加以擴充;則使得決策能夠加以制 -13- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐〉 --I---111--ί · 11--—' 11 訂 11— II i-綠 {請先閱讀背面之注专?事項再填寫本頁} 經濟部智慧財產局員工消費合作社印製 4648 12 A7 B7 經濟部智慧財產局員工消費合作社印製 五、發明說明(11 ) 足,不但針對存取資訊集,並且針對可能針對可經由 腦系統存取資訊的-種實體而執行的任何行動;使得使用 者群組能夠包括可經由—電腦,系統而執行_项行動的任何 種類《實體;並且使得資訊集能夠變成資源集(⑽咖 ―’其中—項資源是能夠經由一電腦系統而控制的任何 實體。進-步變得顯而易見的是:若允許決策包括一種時 間组件(temporal component),譬如説,一種只有在非工作 時間期間才允許某-使用者群組存取某些資源的組件,則 決策應該更爲有用;並且,對能夠使諸多屬性與一項描述 打怎樣執行決策之行動的決策有關聯也應該是有益的。例 如,一項決策可能不但載明能夠存取一已知資源之一已知 使用者群组的成員,並且載明打算用於存取操作之網路服 務的類別(class)。 發展工作已繼續在本專利申請案的母案之標準化的策略 伺服器上進行,且已結果重要的改良。一種改良是在系統 的一允許策略之元件和標準化的策略伺服器之間用來傳遞 訊息的協定。在母案中,此種訊息用來提供標準化的策略 伺服器它作存取判定所需要的資訊,並傳回存取判定的結 果給允許東略之元件。沒有钦述對那些資訊的特定協定。 雖然提供用來傳輸一般策略伺服器作存取判定所需要的資 訊、和在允許策略之元件與一般策略伺服器之間的存取判 定之結果的任何協定都可以,所需要的是有大多數程式設 計者所熟悉的格式之協定,能夠容易地結合到現有的和新 的程式之内,且能夠容易地處理作一存取判定所需資訊的 -14 本紙張尺度適用令國國家標準(CNS)A4規格(21〇 x 297公釐) -----------f ^--------訂 --------竣 (請先閲讀背面之注意事項再填寫本頁) 4 6 4 8 12 經濟部智慧財產局員工消費合作社印製 A7 B7 五、發明說明(12 ) 至少一部份在對存取的請求進行之前時常是不可得之 實。 ’ 另一種改良解決本申請案的母案及母案之母案的存取控 制系統之一問題,即是在本專利申請案的母案之母案中, 能夠用作認證和使用者群組會員資格判定之兩種資訊、和 資訊的來源是預先定義的;在本專利申請案的母案中所插 述的存取控制系統’系統管理人能夠定義用來判定使用者 群组會員資格的資訊,但資訊的來源仍是預先定義的。因 此使用來自例如公司的—般資料庫系統之來源的資訊,作 疋否允許存取的判定是不可能的。使用存取控制系統傳回 除了對存取檢查程序所必需的資訊以外之資訊到允許策略 足用户端也是不可能的。因此在此處所揭露之本發明的目 的在於’提供一種用以在允許策略之元件和標準化的策略 伺服器之間溝通的協定,和提供允許存取控制系統定義在 存取檢查程序中所存取的資訊之來源、獲得資訊的方法、 和存取檢查程序當中的資訊之使用的技術。 發明概要 本發明如下達成前述目的: •改良的標準化策略伺服器提供一介面給允許策略之元 件,其呈現存取控制系统爲一虛擬的關聯式資料庫表 列,其中對每一使用者·資訊來源組合有—列;要決定 一使用者對一資訊來源是否有存取權力,允許策略之 元件足址一指示使用者和資訊來源的查詢到此表列; 結果至少指示使用者是否有存取權力。因爲一眞實表 ____ - 15- 本紙張尺度適用中國國家標準(CNS)A4規格(210 χ297公釐) f ^--------訂--------*结 {請先閱讀背面之注意事項再填寫本頁) 464812 A7 B7 經濟部智慧財產局員工消費合作社印製 五、發明說明(13 ) 列❹少量將傾向於非常大,且在許多情況將只是不 可定義的’所以關聯式資料庫表列是虛擬的。在改良 的標準化策略伺服器中,一虛擬的資料庫服務使用它 可存取的資料來源,結合查詢結果所需要的資訊。在 -較佳具體實施例中,查詢以眾所週知的SQL語言寫 成,而虛擬的鸢料庫服務模擬標準遠端-可存取資料庫 系統。 •改良的標準化策略伺服器允許存取控制系統的管理人 定義關於使用者資訊的取得方法,並使這些方法與使 用者群组相關聯。這些方法可定義從使用者收集資訊 的方式、從外部來源收集關於使用者的資訊之方式、 和使用所收集的資訊來認證使用者的方式,以決定— 使用者群組中使用者的會員資格,和提供關於使用者 的資訊給允許策略之元件。 對熟知該項技藝人士來説本發明所達成的其他目的和優 點’在閲讀下列詳細説明和圖式時將是顯而易見的,其 中: 附圖概述 圖1是:經由網際網路,用來控制資訊之存取的諸多技 術之總覽(overview); 圖2是:使用納入此處所披露之技術的諸多存取過滅'器 之一 VPN(虛擬專用網路)之總覽; 圖3是:使用在存取過濾器中的—種存取控制資料庫之 總纜; -16- — — — — — — — — — — —^ --------1T'll!!t··^ (請先閱讀背面之注意事項再填寫本頁) 本紙張尺度綱巾酬家標準(CNS)A4 _ &lt;21β x 297 &gt; 經濟部智慧財產局員工消費合作社印製 4 6 4 8 1 2 A7 _______ B7 五、發明說明(14 ) 圖4顯不:在使用納入此處所披露之技術的諸多存取過 濾器之一 VPN中的存取核對和鑿隧道操作; ' 圖5顯示:由~ &quot;漫遊者( roamer)存取在VPN中的資訊; 圖6是·使用在定義靈敏度和信賴等級與諸多鑑定和加 密技術之間的關係中的一種表; 圖7疋.應用SEND(安全加密網路遞送)技術之一實例; 圖8是:決策建立過程之一流程圖; 圖9顯不:用來定義使用者群組之一顯示圖; 圖10顯示:用來定義資訊集之一顯示圖; 圖11顯示:用來定義存取決策之一顯示圖; 圖1 2顯示:用來定義存取過濾器2〇3之一顯示圖; 圖〗3 A和B都是:定義使用者群组之存取控制資料庫3〇 j 的一部份之一圖表(schema); 圖1 4是:定義資訊集之存取控制資料庫3〇1的—部份之 一圖表; 圖1 5疋:定義在VPN中的網站(sites)以及在每個網站處 的伺服器’服務,及資源之存取控制資料庫3〇1的一部份 之一圖表; 圖16A和B都是:定義決策之存取控制資料庫的一部 份之一圖表; 圖17A,B ’及C都是:定義祠服器之存取控制資料庫 的一部份之一圖表; 圖1 8顯示:使用在IntraMap(映像内)界面中的顯示圖: 圖1 9顯示:怎樣針對存取控制資料庫3 0丨做出改變; -17- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) -----*------ΐ 裝--------訂---------μ (請先閱讀背面之沒意事項再填寫本頁) 464812464812 V. Description of the invention (10) can be easily accessed: on one of the many intranet 103 computer systems, its World Wide Web site. -A solution to the many security issues caused by virtual private enterprise intranets is to use firewalls to subdivide many intranets and prevent the intranet from accessing information without unauthorized access via the Internet Impact. Modern access filters 107 are designed to protect the perimeter of the intranet from unauthorized access to information; and, generally speaking, 'each Internet connection has only one storage取 过 遽 器 107. It is planned to use many access filters in the internal network; more access filters will be available. Therefore, using a virtual private network with multiple modern access filters 10 7 is not easy to scale. , That is: in a virtual private network with small access filters, many access filters are not a serious burden; in a network with a large number of access filters, they are one Item burden. The access filter described in the section entitled "General Principles of Many Technologies Used in Access Filter 203" in this patent application section "actually addresses the scale of prior art access filters Scalability issues; thus, it becomes easier to build a network with a large number of access filters. In the further operation of the access filters described in the first part of this patent application It has become apparent that if the technology can be generalized, then the access in the access filter 203 should be more useful for many of the developed technologies: if they can be used at the p-level or Access filters operating at the Internet protocol level are in different contexts, and if they can be extended, decisions can be made. 13- This paper standard applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm> --I --- 111--ί · 11 ---- '11 Order 11— II i-green {Please read the note on the back? Matters before filling out this page} Staff Consumption of Intellectual Property Bureau of the Ministry of Economic Affairs Printed by a cooperative 4648 12 A7 B7 Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs V. Invention Description (11) It is sufficient not only for access to the information set, but also for any actions that may be performed against entities that can access information through the brain system ; Enable the user group to include any kind of entity that can perform the _ item actions through the computer, the system; and enable the information set to become a resource set (⑽Ca-'where—the resource can be controlled through a computer system It becomes obvious that if the decision is allowed to include a temporal component, for example, a component that allows certain user groups to access certain resources only during non-working hours , The decision should be more useful; and it should be useful to be able to associate many attributes with a decision that describes how to perform the decision. For example, a decision may not only provide access to a known One of the resources is a member of a known user group and specifies the class of web service intended for access Development work has continued on the standardized policy server of the parent application of this patent application, and has resulted in important improvements. One improvement is used between a component of the system that allows policy and the standardized policy server Agreement to pass messages. In the parent case, this kind of message is used to provide the standardized policy server with the information it needs to make access decisions and return the results of the access decisions to the components that allow East Strategy. Specific protocols for those information. Although any protocol that provides the information needed to transmit the general policy server for access determination and the results of the access determination between the components that allow the policy and the general policy server is acceptable, all What is needed is a protocol in a format familiar to most programmers, which can be easily incorporated into existing and new programs, and can easily handle the information required for an access decision. -14 paper sizes apply Order Country National Standard (CNS) A4 Specification (21 × 297 mm) ----------- f ^ -------- Order -------- End (Please Read the notes on the back before filling (This page) 4 6 4 8 12 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 B7 V. Description of the Invention (12) At least part of it is often unavailable until the request for access is made. '' Another improvement solves one of the problems of the access control system of the parent case of this application and the parent case of the parent case, which is that it can be used as an authentication and user group in the parent case of the parent case of this patent application The two types of information for membership determination and the source of the information are predefined; the access control system 'system administrator inserted in the parent case of this patent application can define the membership group used to determine the membership of the user group Information, but the source of the information is still predefined. Therefore, it is impossible to determine whether to allow access using information from sources such as a company's general database system. It is also not possible to use the access control system to return information other than the information necessary for the access check process to the allow policy to the client. It is therefore an object of the present invention disclosed herein to 'provide a protocol for communicating between elements that allow policies and a standardized policy server, and to provide access control systems that define Sources of information, methods of obtaining information, and technologies used to access information in inspection procedures. SUMMARY OF THE INVENTION The present invention achieves the foregoing objectives as follows: The improved standardized policy server provides an interface to the elements that allow the policy, which presents the access control system as a virtual list of relational databases, in which for each user information The source combination has a row. To determine whether a user has access to an information source, allow the component address of the policy to instruct the user and information source to query this list; the result indicates at least whether the user has access that power. Because a real table ____-15- This paper size is applicable to the Chinese National Standard (CNS) A4 specification (210 x 297 mm) f ^ -------- Order -------- * End {Please (Please read the notes on the back before filling this page) 464812 A7 B7 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs V. Invention Description (13) The list of small amounts will tend to be very large, and in many cases will only be undefinable ' So the relational database tables are virtual. In the improved standardized policy server, a virtual database service uses the data sources it can access, combining the information needed for query results. In the preferred embodiment, the query is written in the well-known SQL language, while the virtual kit service emulates a standard remote-accessible database system. • Improved standardized policy server allows administrators of access control systems to define methods for obtaining user information and associate these methods with user groups. These methods define how information is collected from users, how information is collected from external sources, and how the information collected is used to authenticate users to determine—the membership of users in a user group , And provide information about the user to the components that allow the policy. Other objects and advantages achieved by the present invention will be apparent to those skilled in the art when reading the following detailed description and drawings, in which: Brief Description of the Drawings Figure 1 is used to control information via the Internet An overview of the many technologies that are accessed; Figure 2 is: an overview of one of the many VPNs (virtual private networks) that uses the technologies disclosed herein; and Figure 3 is: Take the total cable of the access control database in the filter; -16- — — — — — — — — — — — ^ -------- 1T'll !! t ·· ^ (Please (Please read the notes on the back before filling this page.) This paper standard outlines the standard for remuneration (CNS) A4 _ &lt; 21β x 297 &gt; Printed by the Consumer Cooperative of Intellectual Property Bureau of the Ministry of Economic Affairs 4 6 4 8 1 2 A7 _______ B7 V. Description of the invention (14) Figure 4 shows: access check and tunneling operation in VPN using one of the many access filters included in the technology disclosed herein; 'Figure 5 shows: by ~ &quot; roamer (Roamer) access information in VPN; Figure 6 is used to define sensitivity and trust, etc. A table in the relationship with many authentication and encryption technologies; Figure 7 疋. An example of the application of SEND (Secure Encrypted Network Delivery) technology; Figure 8 is a flowchart of the decision-making process; Figure 9 shows: Used to define one display of user group; Figure 10 shows: used to define one display of information set; Figure 11 shows: used to define one display of access decision; Figure 12 shows: used to define storage Take one of the filters to display the diagram; Figure 3 A and B are: a part of the definition of the user group's access control database 30j diagram (schema); Figure 14 is: A diagram of a part of the access control database 3001 that defines the information set; Figure 1 5 疋: Sites defined in the VPN and the server 'services and resources at each site Take a diagram of a part of the control database 3001; Figures 16A and B are: a diagram of a part of the access control database that defines the decision; Figures 17A, B 'and C are: a definition temple A diagram of one part of the server's access control database; Figure 18 shows: used in IntraMap (in the image) The display in the figure: Figure 19 shows: how to make changes to the access control database 3 0 丨; -17- This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) --- -* ------ ΐ Install -------- Order --------- μ (Please read the unintentional matter on the back before filling this page) 464812

五、發明說明(π 經濟部智慧財產局員工消費合作社印製 圖20是:存取過濾器2〇3的架構之一詳細方塊圖; 圖21是:_種肘1^1;(記憶體映射檔案)檔案23〇3的結構之 一示意圖; 圖22 :是一種使用SKIP(網際網路通信協定之簡單密鑰 管理)協定所發送的訊息之一示意圖; 圖23 A ’ B ’及c都是:使用在一較佳實施例中之MMF檔 案的一種表; 圖2 4是:IniraMaj^面之一建構例之一示意圖; 圖25疋‘圖免明在vpN 201中的委託權限(delegation) 之一示意圖; 圖2 ό是:一種已經將決策核對和決策施行加以分離的行 動控制系統之一方塊圖; 圖27是:一種具有種種的決策致能(p〇licyenabied)裝置 的行動控制系統之一方塊圖; 圖2 8顯示:-種用來定義通用化決策的語法(⑽㈣; 圖2 9顯示:在一較佳實施例中的決策資料庫29〇ι之總 纜; 圖3 0顯示·決策資料庫29〇丨中的諸多屬性和時間間隔之 一建構例; 圖3 1顯示:列示所有已定義時程安排(defined scheduies) 之一視窗; 圖32顯示:使用在一較佳實施例中,用來定義時程安排 規則之一視窗; 圖3 3顯示.使用在一較佳實施例中,用來將時間間隔應 -18- 本紙張尺度適用中國國家標準(CNS)A4現格(210 X 297公爱) -----------f 裝--------訂-------- (請先閱讀背面之注意事項再填寫本頁) 經濟部智慧財產局員工消費合作社印製 A7 B7_ 五、發明說明(16 ) 用到決策之一視窗: 圖3 4顯示:使用在一較佳實施例中,用來顯示屬性之一 一視窗; 圖3 5顯示:使用在一較佳實施例中,用來將屬性指定到 主體之一視窗; 圖3 6顯示:用來顯示和修改在一較佳實施例中之一屬性 定義之一視窗; 圖3 7顯示:用來顯示和修改在一較佳實施例中之一特點 定義之一視窗; 圖3 8是合併了改良的訊息協定、和用來從uic與存取控 制資料庫以外的來源獲得資訊之技術的一般策略飼服器之 一方塊圖; 圖3 9表示對改良的訊息協定之應用程式程式設計者的介 面之頂層; 圖4 0表7F —實施改良的說息協定之函數C〇ric]aVep0]jqyA]]〇\ved ; 圖41表示對標準化的策略伺服器的一查詢介面之一概要; 圖42展示對VDB服務3813之查詢的第一範例和它們的結 果; 圖43展示對VDB服務3813之查詢的第二範例和它們的結 果; 圖44是策略DB 3825從其编譯的策略資料庫4401的内容 之明細; 圖45是客户使用者資訊取得的一流程圖; 圖46是顯示一客户認證型態的定義之視窗; -19 - 本紙張尺度適用中國國家標準(CNS)A4規柊(210 X 297公髮^ -----------f^--------訂---------線 (請先閱讀背面之注意事項再填寫本頁) 16^8 1 2 A7V. Description of the invention (printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs Figure 20 is a detailed block diagram of one of the structures of the access filter 203; Figure 21 is: _ kind of elbow 1 ^ 1; (memory mapping Figure 22 is a schematic diagram of the structure of file 23〇 Figure 22 is a schematic diagram of a message sent using the SKIP (Simple Key Management of Internet Protocol) protocol; Figure 23 A 'B' and c are both : A table used in a preferred embodiment of the MMF file; Figure 24 is a schematic diagram of one of the construction examples of the IniraMaj plane; Figure 25 (a) illustrates the delegation of delegation authority in vpN 201 A schematic diagram; Figure 2 is: a block diagram of an action control system that has separated decision checking and decision execution; Figure 27 is: one of an action control system with various decision enabling devices Block diagram; Figure 2 8 shows:-a syntax for defining generalized decisions (⑽㈣; Figure 2 9 shows: the total cable of the decision database 29 in a preferred embodiment; Figure 30 shows the decision Many attributes in database 29〇 丨An example of the construction of a time interval; Figure 31 shows: a window listing all defined schedules; Figure 32 shows: used in a preferred embodiment to define one of the schedule rules Windows; Figure 3 3 shows. Used in a preferred embodiment, the time interval should be -18- This paper size applies Chinese National Standard (CNS) A4 (210 X 297 public love) ----- ------ f Packing -------- Order -------- (Please read the notes on the back before filling out this page) Printed by A7 B7_ V. Description of the invention (16) A window for decision making is used: FIG. 34 shows: a window for displaying attributes in a preferred embodiment; FIG. 3 shows a window for use in a preferred embodiment , Used to assign attributes to a window of the subject; Figure 36 shows: a window used to display and modify an attribute definition in a preferred embodiment; Figure 37 shows: used to display and modify a window A window of a feature definition in the preferred embodiment; Figure 38 is a combination of improved message protocols, and A block diagram of one of the general strategy feeders that controls the technology for obtaining information from sources other than the database; Figure 39 shows the top layer of the interface of the application programmer to the improved messaging protocol; Figure 40 Table 7F — Implementing the improved Function of interest agreement Corric] aVep0] jqyA]] 〇 \ ved; Figure 41 shows an overview of a query interface to a standardized policy server; Figure 42 shows a first example of queries to VDB service 3813 and their Figure 43 shows a second example of queries to the VDB service 3813 and their results; Figure 44 is a breakdown of the contents of the policy database 4401 compiled by the policy DB 3825; Figure 45 is obtained from customer user information A flowchart; Figure 46 is a window showing the definition of a customer certification type; -19-This paper size applies Chinese National Standard (CNS) A4 Regulations (210 X 297) ^ --------- --f ^ -------- Order --------- line (Please read the precautions on the back before filling this page) 16 ^ 8 1 2 A7

經濟部智慧財產局員工消費合作社印製 圖47是顯示使用一客户認證型態所存取的資訊資源之 義的視窗; - &amp;圖48表7與一客户認證型態和一使用者群组有關的存取 策略’及與—客户認證型態有關的資訊資源之視窗; 圖49表示在用來定義客户認證型態的資料庫44〇 1中之 列; 圖50表示在用來定義客户認證型態的資料庫4401中之額 外表列; ' 圖51表示由一認證格式3807和區域配置資訊3809所結果 的瀏覽器視窗; ° 圖52表示經由圖5 1的瀏覽器視窗所收集的資訊,如何在 一查构中傳回到虛擬資料庫服務; 圖53表示對圖52的查詢之回應;和 圖54是建立在標準化的策略伺服器中之虛擬資料庫表列 的概念綱要。 在諸多附圖中的參考數字至少都有三個數字。兩個最右 侧數子都是在圖内的參考數字;而在那些數字左側的數字 則都是圖號’在圖中:由參考數字所識別的項目最先出 現。譬如説’在圖2中,具有參考數字203之項目最先出現。 闡述 下列闡述將首先提供:一些容易規模可伸縮性的存取過 濾器’它們怎樣被用來控制在企業内部網路中的存取操 作,以及它們怎樣能夠用來構築虛擬專用網路之總境。因 此,闡述將提供:使用在存取過渡器中的存取控制資剩_ -20- 1本紙張尺度綱中國國家標^NS)A4規格(210 X 297公S ) —I--------f ^--------訂---------Μ (請先閱讀背面之注意事項再填寫本頁】 經濟部智慧財產局員工消費合作社印製 A8 ^ 2 A7 ___B7___ 五、發明說明(18 ) 庫;將它改變,進而將那些改變分佈在諸多存取過渡器中 所用的方式;以及個別存取過濾器控制存取操作所用的方 式之細節。 一種具有不會妨礙規模可伸縮性之諸存取過瀘器的網路: 圖2 圖2顯示一種虛擬專用網路(VPN)201,其中:存取資料 是由被設計用來避免因多重存取過濾器而引起問題的存取 過濾器所控制。VPN 201是由四個内部網路i 〇3所組成,藉 由網際網路121將它們彼此連接。也經由網際網路121連接 到VPN 201的是:一漫遊者217,那就是一種電腦系統,該 系統雖然正在由可能存取在企業内部網路2〇丨中之資料的 人使用者,但是只會藉由網際網路121連接到諸多内部網 路。每個内部網路103都有:許多電腦系統或屬於使用者 的終端機209,以及許多伺服器211 ;該伺服器包含:可能 由在諸多電腦系統或終端機209處之使用者,或可能由在 漫遊者217處之一使用者所存取的資料。然而,並沒有將 電腦系統或終端機209,或者漫遊者2 17直接連接到一词服 器211 ;換成是,各自經由一存取過濾器203而加以連接, 使知:由在使用者系統處之使用者所提出針對飼服器上之 資料項的所有查詢(references)至少都會通過一個存取過滤 器203。於是’使用者系統2〇9(i)被連接到網路2l3(i),該 網路被連接到存取過濾器203(a);而伺服器211 (i)則被連接 到網路215(i),該網路也被連接到存取過濾器2〇3(a),因而 由在使用者系統209(i)處之使用者所做出針對存取伺服器 -21 - 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) -----------J 裝-----!1 訂 *--------M (請先閱讀背面之注意事項再填寫本頁) 經濟部智慧財產局員工消費合作社印製 A 6 4 B 1 2 A7 ~ &quot; ~ ' μ - | B7 五、發明說明(19 ) 211⑴_h之資料的任何嘗試都會通過存取過滤器加⑷,在 該處若使用者無權存取資料,就會被拒絕。’ 既然VPN 201具有任何規模的大小’就會有一相當數目 的存取過濾器203 ;因&amp;,將會立即發生按规模伸縮 (SCaHng)問題。存取過遽器203會避免這些問題,是因爲它 們都是根據下列原理加以設計的: •刀佈型存取控制資料庫。每個存取過濾器203都有它自 己的存取控制資料庫拷貝,用來控制存取在VPN 201 中的資料。將在資料庫之一拷貝中所做的改變傳播到 所有其它的拷貝。 •分佈型管理。可能委託任何數目的管理員對系統之諸 予集合負有貴任。所有管理員可能會同時執行他們的 工作。 •分佈型存取控制。存取控制功能都是在近端(near_end) 存取過濾器203處加以執行的。那就是,在客户機與伺 服器义間的路徑中的第一存取過濾器2〇3會決定;存取 摊作是否被容許;而在路徑中的諸多隨後存取過濾器 則不會重複由第一存取過濾器所執行的存取核對。 * ^對鲕加在、(end-to-end encryption)。加密發生在近端存 取過滤器與可能的最遠加密端點(endp〇int)之間。此端 點不是資訊伺服器本身’就是遠端(far_end)存取過濾 器203-最後在從客户機到伺服器之路由中的那個。動 態隧道都是根據目前網路路由選擇(r〇uting)條件加以 建立的。 -22- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) -----------{ 裝--------訂---------致 (請先閲讀背面之注意事項再填寫本頁) 經濟部智慧財產局員工消費合作杜印製 lu A8 ^ 2 A7 ____B7__ 五、發明說明(20 ) • 可適性加密和鑑定。根據正在被傳送的資訊靈敏度, 將可變加密等級和鑑定要求應用到通過VPN的通信量 (traffic) ° 將所有的這些設計觀點更加詳細地討論於下。 此時應該指出的是,可能以任何方式來建構存取過濾器 203,該方式保證:由可能未經授權就存取該資料的諸多 使用者所提出針對在VPN 201中之資料的所有查詢都會通 過一存取過濾器203。在一較佳實施例中,存取過濾器203 被建構在一飼服器上,並且在由微軟公司(Microsoft Corporation)所製造的Windows NT®(新科技版本的視窗軟 體)作業系統下運作。在其它實施例中,存取過濾器203可 能被建構作爲一種作業系統之組件,及/或可能被建構在 VPN 201中之一路由器(router)中。 分佈型決策資料庫:圖3 每個存取過濾器203都有存取控制資料庫301之一拷貝, 它保時了與在VPN 201中之存取控制有關的所有資料。如 圖2中之存取過濾器203(a)所顯示的一個存取過滤器,它具 有存取控制資料庫301之一主拷貝205。因爲如此,所以將 存取過濾器203⑷稱爲:主決策管理程式(Master p〇Ucy Manager)。主拷貝205是:被用來初始化(initialize) 一些新 存取過濾器203或替換已受損存取控制資料庫3〇1的那個。 主決策管理程式電腦的備用裝置是存取過濾器2〇3(b)。備 份拷貝(backup) 207是主拷貝205之一鏡像。最後,報表管 理程式209包括用來產生報表的軟體;該報表係來自存取 -23- 本紙張尺度適用中國國家標準(CNS)A4現格(210 X 297公釐) (請先閱讀背面之;i意事項再填寫本頁) 裝--------訂---------边 46 48 〗2 A7 B7 五、發明說明(21 ㈣資料庫3G1中的資訊’以及來自從所有其 =^獲得_邮gs)。存取控制資料庫则任料 ==必須這麼執行存取操作的任何使用者所改變; ^ ^ , 佃亿的那樣,將任何這樣的改變, 首先傳播到主決策管理程式^ 飞2〇5 然後再到虛擬專用網路 201中的所有其它存取過濾器2〇3。 圖3是:存取控制資料座·^ 〇 ]— 种犀301 —概念性總覽。資料庫的主 ,功能是對來自存取m2Q3之—存取請求婚作回應, 琢存取m利用-種該請求是否將被准許或拒絕的指示 3U來識別使用者和資訊資源。若下列兩者都成立,則該 請求將被准許: 使用者屬&amp; -使用者群組,其中資料庫^指示·可能 存取資訊資源所屬之一資訊集;以及 •該請求具有-種至少是與屬於資訊資源之靈敏度等級 一樣高的信賴等級。 每位使用者均屬於—個或更多使用者群组,而每個資訊 資源則均屬於-個或更多資訊集;若使用者所屬的一些使 用者群組中沒有一個被拒絕存取資訊資源所屬之一資訊 集,以及使用者所屬的任何使用者群組被容許存取資訊資 源所屬的任何資訊集;則使用者可能存取資訊資源,假若 該請求具有必要之信賴等級的話。 資源之靈敏度等級只是指示著用來存取資源所需的信賴 等級之一數値。就大體而論,需要保護資訊資源愈多,其 靈敏度等級愈高。請求之信賴等級具有許多組成部份: -24- 本纸張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) C請先閱讀背面之ii意事項再壤寫本頁) 裝--------訂---------故 經濟部智慧財產局員工消費合作社印裂 經濟部智慧財產局員工消費合作社印製 Α7 ___Β7__ 五、發明說明(22 ) •用來咸別使用者之識別技術的信賴等級;譬如説,藉 由令牌來減別使用者具有一種比藉由I p位址來識別使 用者還高的信賴等級。 •由經由網路之存取請求所採取路徑的信賴等級;譬如 说’包括網際網路的路徑具有一種比只有包括一些内 部網路的路徑還低的信賴等級。 •若對存取請求加以加密,則使用加密技術的信賴等 級;加密技術愈強,信賴等級愈高。 將識別技術的信賴等級和路徑的信賴等級各別考慮。然 而’路徑的仏賴等級可能會受用來加密存取請求之加密技 術的#賴等級所影響。若利用一種其信賴等級高於路徑之 一部份的信賴等級的加密技術而對請求加以加密,則路徑 之一部份的信賴等級被增加到加密技術的信賴等級。於 疋’右路徑之一部份的-fs賴等級小於資源之靈敏度等級所 需要的;則藉著利用一種具有必要之信賴等級的加密技術 來加密存取請求,就能夠解決問題。 可能將包含於資料庫301中的資訊分成六大類: • 使用者識別資訊3 13,它會識別使用者; • 使用者群組3 15,它會定義使用者所屬的群组; •資訊資源320 ’它會定義蒙受保護的—些個別資訊項, 並且載明在何處找到它們; • 資訊集321,它會定義資訊資源之群组; • 信賴等級資訊323 ’它會載明資訊資源之靈敏度等級以 及使用者識別和網路路徑的信賴等級;以及 -25- 本紙張尺度適用中國國家標準(CNS)A4規格(21〇 x 297公楚) (請先閱讀背面之注意事項再填寫本頁) 裝---- 訂---------竣Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs, Figure 47 is a window showing the meaning of information resources accessed using a client authentication type;-&amp; Figure 48 Table 7 Relevant access strategy 'and a window of information resources related to-client authentication type; Figure 49 shows the column in the database 44001 used to define the client authentication type; Figure 50 shows the definition of the client authentication type Additional listings in the type database 4401; 'Figure 51 shows the browser window resulting from an authentication format 3807 and locale information 3809; ° Figure 52 shows the information collected via the browser window of Figure 51, How to return to the virtual database service in a search structure; Figure 53 shows the response to the query of Figure 52; and Figure 54 is a conceptual outline of the list of virtual databases built in a standardized policy server. The reference numbers in the various figures have at least three digits. The two rightmost numbers are the reference numbers in the figure; the numbers to the left of those numbers are the figure numbers' In the figure: the item identified by the reference number appears first. For example, in FIG. 2, the item with the reference number 203 appears first. The following explanations will be provided first: some easy-to-scale scalability access filters' how they can be used to control access operations in an enterprise intranet, and how they can be used to build a virtual private network landscape . Therefore, the narrative will provide: the access control surplus used in the access transition device _ -20-1 1 paper standard outline China National Standard ^ NS) A4 specification (210 X 297 male S) —I ----- --- f ^ -------- Order --------- M (Please read the notes on the back before filling out this page] Printed by A8, Consumer Cooperatives, Intellectual Property Bureau, Ministry of Economic Affairs ^ 2 A7 ___B7___ V. Description of the invention (18) library; the method of changing it, and then distributing those changes among many access transitioners; and details of the method used by individual access filters to control access operations. Networks that can hinder scale scalability: Figure 2 Figure 2 shows a virtual private network (VPN) 201, in which access data is designed to avoid multiple access filters The access filter that caused the problem is controlled. VPN 201 is composed of four intranets i 03, which are connected to each other via Internet 121. VPN 201 is also connected via Internet 121: A roamer 217, that is a computer system, although the system is being accessed by the enterprise intranet 2〇 丨 the data of users, but only through the Internet 121 to connect to many intranets. Each intranet 103 has: many computer systems or terminal 209 belonging to the user, and many Server 211; The server contains data that may be accessed by users at many computer systems or terminals 209, or by a user at roamer 217. However, no computer system or The terminal 209, or the rover 2 17 is directly connected to the word server 211; instead, they are each connected through an access filter 203, so that: All queries (references) to the data items on the server will pass at least one access filter 203. Then the 'user system 209 (i) is connected to the network 21 (i), which is connected to the storage Take the filter 203 (a); and the server 211 (i) is connected to the network 215 (i), which is also connected to the access filter 203 (a). Access server -21 made by user at 209 (i)-This paper is suitable for Use Chinese National Standard (CNS) A4 specification (210 X 297 mm) ----------- J installed -----! 1 order * -------- M (please first Read the notes on the back and fill out this page) Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs A 6 4 B 1 2 A7 ~ &quot; ~ 'μ-| B7 V. Any attempt to the information of the invention description (19) 211⑴_h By adding access filters, users are denied access to the data there. ‘Since VPN 201 is of any size’, there will be a considerable number of access filters 203; due to &amp; scaling by scale (SCaHng) issues will occur immediately. The access controller 203 avoids these problems because they are designed based on the following principles: • Knife-type access control database. Each access filter 203 has its own copy of the access control database used to control access to data in VPN 201. Changes made in one copy of the repository are propagated to all other copies. • Distributed management. Any number of administrators may be entrusted with valuable responsibility for the collection of systems. All administrators may perform their work at the same time. • Distributed access control. The access control functions are performed at the near (end) access filter 203. That is, the first access filter 203 in the path between the client and server will determine; whether access is allowed; and many subsequent access filters in the path will not repeat. Access check performed by the first access filter. * ^ For end-to-end encryption. Encryption occurs between the near-end access filter and the farthest possible encryption endpoint (endpoint). This endpoint is either the information server itself 'or the far-end access filter 203-the last one in the route from the client to the server. Dynamic tunnels are established based on the current routing conditions. -22- The size of this paper applies to China National Standard (CNS) A4 (210 X 297 mm) ----------- {Packing -------- Order ------ --- To (please read the notes on the back before filling out this page) Du Ai ^ 2 A7 __B7__ printed by the Intellectual Property Bureau of the Ministry of Economic Affairs, Consumer Consumption V. Invention Description (20) • Applicable encryption and authentication. Depending on the sensitivity of the information being transmitted, variable encryption levels and authentication requirements are applied to the traffic through the VPN ° All of these design points are discussed in more detail below. It should be noted at this time that the access filter 203 may be constructed in any way that guarantees that all queries made by the many users who may access the data without authorization against the data in VPN 201 will Pass an access filter 203. In a preferred embodiment, the access filter 203 is constructed on a feeder and operates under a Windows NT® (new technology version of Windows software) operating system manufactured by Microsoft Corporation. In other embodiments, the access filter 203 may be constructed as a component of an operating system, and / or may be constructed in a router in VPN 201. Distributed Decision Database: Figure 3 Each access filter 203 has a copy of the access control database 301, which keeps all the data related to the access control in the VPN 201. An access filter as shown in the access filter 203 (a) in FIG. 2 has a master copy 205 of an access control database 301. Because of this, the access filter 203 is referred to as a master decision manager program (Master poUcy Manager). The master copy 205 is the one that is used to initialize some new access filters 203 or replace the damaged access control database 301. The backup device of the master decision management computer is an access filter 203 (b). A backup 207 is a mirror of one of the main copies 205. Finally, the report management program 209 includes software for generating reports; the reports are from Access-23- This paper size applies Chinese National Standard (CNS) A4 (210 X 297 mm) (please read the back first; (I will fill in this page again) I will install -------- order --------- side 46 48 〖2 A7 B7 V. Description of the invention (21 的 Information in the database 3G1 'and from Get _post gs from all its =). The access control database is changed == any user who must perform the access operation in this way; ^ ^, 佃 billion, any such changes are first propagated to the master decision management program ^ fly 205 then Then go to all other access filters 201 in the virtual private network 201. Figure 3 is a conceptual overview of the access control data block ^ 〇]-species rhino 301. The main function of the database is to respond to the access request from the access m2Q3-the access request marriage, and the access m uses 3U to indicate whether the request will be granted or denied 3U to identify users and information resources. The request will be granted if both of the following are true: user belongs to-user group, in which the database ^ indicates that it may access one of the information sets to which the information resource belongs; and the request has-at least A trust level as high as the sensitivity level of information resources. Each user belongs to one or more user groups, and each information resource belongs to one or more information sets; if none of the user groups to which the user belongs is denied access to the information An information set to which the resource belongs, and any user group to which the user belongs is allowed to access any information set to which the information resource belongs; the user may access the information resource if the request has the necessary level of trust. The sensitivity level of a resource is only one of the levels of trust required to access the resource. In general, the more information resources that need to be protected, the higher the sensitivity level. The requested level of trust has many components: -24- This paper size is in accordance with Chinese National Standard (CNS) A4 (210 X 297 mm) C Please read the notice on the back before writing this page) Pack- ------- Order --------- Therefore, printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs, printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs, printed A7 ___ Β7__ V. Description of the invention (22) The trust level of the identification technology of the user is for example; for example, subtracting the user by the token has a higher trust level than identifying the user by the IP address. • The trust level of the path taken by an access request via the network; for example, a 'path that includes the Internet has a lower level of trust than a path that includes only some internal networks. • If the access request is encrypted, the trust level of the encryption technology is used; the stronger the encryption technology, the higher the trust level. Consider the trust level of the identification technology and the trust level of the path separately. However, the level of reliance on the 'path may be affected by the level of #reliability of the encryption technology used to encrypt the access request. If the request is encrypted using an encryption technology whose trust level is higher than the trust level of a part of the path, the trust level of part of the path is increased to the trust level of the encryption technology. The -fs level in a part of the right path is less than the sensitivity level required for the resource; then, by using an encryption technology with the necessary trust level to encrypt the access request, the problem can be solved. It is possible to divide the information contained in the database 301 into six categories: • User identification information 3 13 which identifies the user; • User group 3 15 which defines the group to which the user belongs; • Information resources 320 'It will define protected individual information items and specify where to find them; • Information set 321, which defines the group of information resources; • Trust level information 323' It will indicate the sensitivity of information resources Level and user identification and trust level of network path; and -25- This paper size is applicable to Chinese National Standard (CNS) A4 specification (21〇x297). (Please read the precautions on the back before filling this page) Loading ---- Order --------- End

五、發明說明(23) 經濟部智慧財產局員工消費合作社印製 •決策資訊,它會依據使用者群组和在VPN 201中的諸 多物件(objects)來定義存取權利。 將決策資訊303進一步分成:存取決策3〇7,管理決策 3〇5 ’以決策制定者決策3〇6。 •存取決策307會定義由使用者群组存取資訊集的權利; •管理決策3〇5會定義使用者群组定義/刪除/修改在vPN 201中之諸多物件的權利。在諸多物件中則有:存取決 策’資訊集,使用者群組,在VPN 201中的位置,伺 服器,及服務;以及 • 決策制定者決策306會定義使用者群組制定針對資訊集 之存取決策的權利。 載明在資料庫301之管理決策和決策制定者決策兩個部份 中的使用者群组都是管理員之使用者群組。在VPN 2〇 i 中’藉著定義管理員群组以及在資料庫301中他們管轄的 物件來委託管理權限(admjjnistratjve authority)。當然,一 既定使用者可能是一般使用者群組3丨7和管理使用者群組 319兩者中之一成員。 使用者識別 使用者群组利用使用者識別資訊313來識別他們的成員。 識別資訊藉由一套可擴充識別技術來識別它的使用者。目 前’這些識別技術包括:X.509號證書(certificates), Windows NT網域識別,鑑定令牌,以及I P位址/網域名 稱5用來識別使用者之識別枝術種類會決定識別之信賴等 級。 -26- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) {請先閱讀背面之注意事項再填寫本頁) { 裝-------—訂--------線 464812 A7 B7___ 五、發明說明(24 ) 在需要強有力識別使用者或與存取過濾器2〇3通信之其它 實體的地方,VPN 201就會使用:由异陽微系統公司(Sun Microsystem,Inc.)所發展出的&quot;網際網路通信協定之簡單密 鑰管理&quot;(Simple Key Management for Internet Protocols,簡 稱SKIP)軟體通信協定。該通信協定會管理:公用密鑰 (public key)交換’密鑰鑑定,以及對話加密。藉由—種從 正在交換資料之各方的公用和專用密鑰中所產生的傳送密 鑰(transport key)來執行對話加密。公用密鑰都包括在 X.509號證書中’該證書都是在使用通稱爲,,證書發現通信 協定&quot;(Certificate Discovery Protocol,簡稱 CDP)之一分離通 信協定的SKIP各方之間交換的。除了已加密訊息之外,一 種使用SKIP來加密的訊息還包括:針對訊息之一已加密傳 送密鑰,以及針對資料之來源和目標之證書的識別符 (identiHers)。訊息接受者使用針對訊息來源之證書的識別 符來指出針對來源之公用密瑜的位置;並使用其密輪和來 源之公用密論,對傳送密瑜加以解密;進而使用傳送密 鑰’對訊息加以解密。SKIP訊息是有自行鑑定性(self_ authenticating) ’從某種意義説來,它包含一種包括分包資 訊内容之密碼摘要(cryptographic digest)的鑑定標題,而任 何種類的修改將會使得摘要不正確。就關於SKIP的細節而 言,請參看由_阿沙♦阿濟芝(Ashar Aziz)和馬丁·斐特森 (Martin Patterson)所發表的&quot;網際網路通信協定之簡單密鑰 管理(SKIP)&quot;專文’該專文能夠上網獲知:1998年2月28 EJ,網 址爲 http://www.skip.orgAnet-95.html。就關於 χ·509號證書 -27- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) ------------^^--------訂---------竣 (請先閱讀背面之沒意事項再填寫本頁) 經濟部智慧財產局員工消費合作社印製 經濟部智慧財產局員工消費合作杜印製 A7 B7________ 五、發明說明(25 ) 的細節而言’請參看能夠上網獲知的描述:丨997年9月2日, 網址爲http://www.rnbo.com/PR〇D/rmadill〇/p/pdoc2.htm_。 在VPN 201中’ SKIP也會被諸多存取過濾器203所使用, 以便識別它們自己和在VPN中的其它存取過濾器203 ;進而 在需要加密的地方’對TCP/IP對話加以加密。當它們正在 執行存取核對時,諸多存取過濾器2〇3也能夠使用針對 SKIP密鑰之證書來識別使用者。這樣—種識別方法是特別 値得信賴的,因而具有一種相當高的信賴等級。這種藉由 祖書的識別方法之一用途是:針對”漫遊者&quot;2 1 7之値得信 賴的識別方法。X.509號證書能夠被使用於使用者識別, 是因爲:它們使密鑰資訊與關於使用者的資訊有關係。 存取過濾器203使用下列來自證書的資訊欄位: • 屆滿曰期:在此日期之後’證書就無效。 •公用余输·一種公用一專用密瑜對的公用半對密鑰, 就像使用在Conclave(秘密會議客户軟體)所使用之基於 SKIP 密碼術(SKIP-based cryptography)中的那樣。 • 證書當局(Certificate Authority)簽字:與發行證書之當 局有關聯的區別名稱。 • 證書序號。 • 主體名稱:發行證書到達之實體名稱。 主體名稱包括下列子欄位(在括派内的代表字是彳闇位之 一般縮寫): •共用名稱(CN):主體之既定名稱,譬如説是J〇hn q. Public c -28- 本紙張尺度適用中國國家標準(CNS)A4規格(210 χ 297公t ) &lt; 1 -----------i^--------訂---------^ f靖先閱讀背面之注意事項再填寫本頁) d6 48 1 2 A7 B7 五、發明說明(26 ) • 國家(c):主體所在之國家。國家代碼都是載明於 X·509號規範(specification)中的2個字母代碼。 (請先閱讀背面之注意事項再填寫本頁) ♦ 所存地(L):主體所在之位置。此欄位通常是主體所在 之城市,但可能被使用任何與位置有關的數値。 •組織(〇):主體所屬之組群。此欄位通常是組織之名 稱。 •組織單位(0U):主體之組織單位。此欄位通常是主體 之郅門’譬如説,,'業務部&quot;。X. 509號證書容許這些欄 位中高達四個欄位存在。 和諸多存取過濾器2〇3 —起使用的證書當局會發行具有 所有這些欄位的證書。並且,四個0 U欄位可能被用來定 義附加分類。在證書中用來描述使用者的資訊皆可供資料 庫301之管理員利用’當定義使用者群組時就加以使用。 若各書中的資訊正確地反映企業的組織結構;則證書將不 仁會咸別使用者,而且會顯示使用者適合於企業組織的所 在;進而達到的程度是,在資料庫3〇1中的使用者群組會 反映:組織結構,使用者所屬之使用者群組。 經濟部智慧財產局員Η消費合作社印製 就像稍後將要更加詳細説明的那樣,其中可能定義諸多 使用者群組之成員的一個方法是:藉由,,證書匹配準則” (certificate matching criteria),該準則定義屬於一既定使用 者群組之成員的證書必須具有的欄位數値。證書匹配準則 可能疋基於與所需一樣少或一樣多的上述櫚位。譬如説, 針對工程使用者群组的證書匹配準則可能是:组織欄位和 載明工程邵的組織單位欄位。識別使用者之其它資訊也可 -29- 不^紙張尺度適用中國國豕铽準(CNS)A4規格(21〇 X 297公釐) A7 B7 五、發明說明(27 ) 能被使用來定義諸多使用者群組之成員。 資訊集 資訊集保持諸多個別資訊資源的收集資訊。一項資源可 能與一個別WWW(全球資訊網)網頁或新聞群组(newsgroup) 一樣小’但它最常是由:網路目錄樹(Web directory tree)及 其内容’ FTP帳户’或主要Usenet(新聞網)新聞分類所組 成。在圖2之諸多伺服器其中之一伺服器中,顯示有兩個 資訊集:219(j)和(k)。雖然存取控制資料庫3〇 1之管理員理 應完全決定:何種資訊被包括在一資訊集中;可是,在— 既定集合中的資訊通常就是:與課題和有意收看者 (audience)兩者都有關係的資訊。針對公司之資訊集實例可 能是:HR policies(HR決策),HR Personnel Records(HR 人 事記錄),以及Public Information(公用資訊)。 存取決策307 概念上,存取決策307由以下格式之簡單陳述所組成: Engineers allowed access to 工程師 被容許存取 engineering data 工程資料V. Description of the invention (23) Printed by the Consumer Cooperative of Intellectual Property Bureau of the Ministry of Economic Affairs • Decision information, which will define access rights based on user groups and various objects in VPN 201. The decision information 303 is further divided into: access decision 307, management decision 305 'and decision maker decision 306. • Access decision 307 defines the right of the user group to access the information set; • Management decision 305 defines the right of the user group to define / delete / modify many objects in vPN 201. Among the many objects are: access decision information sets, user groups, locations, servers, and services in VPN 201; and • decision maker decision 306 defines user groups Right to access decisions. The user groups specified in the two parts of the management decision and decision maker decision of the database 301 are user groups of administrators. In VPN 20i, the management authority (admjjnistratjve authority) is delegated by defining the administrator group and the objects under their jurisdiction in the database 301. Of course, a given user may be a member of both the general user group 317 and the management user group 319. User identification The user group uses the user identification information 313 to identify their members. Identification information identifies its users through a set of extensible identification technologies. Currently, these identification technologies include: X.509 certificates, Windows NT domain identification, authentication tokens, and IP addresses / domain names. 5 The type of identification technique used to identify users will determine the trust of identification. grade. -26- This paper size applies to China National Standard (CNS) A4 (210 X 297 mm) {Please read the notes on the back before filling this page) ---- Line 464812 A7 B7___ V. Description of the invention (24) Where it is necessary to strongly identify the user or other entities communicating with the access filter 203, VPN 201 will be used: by Yiyang Microsystems (Sun Microsystem, Inc.) developed the "Simple Key Management for Internet Protocols" (SKIP) software communication protocol. The communication protocol will manage: public key exchange 'key authentication, and session encryption. Session encryption is performed by a transport key generated from the public and private keys of the parties that are exchanging data. The public key is included in the X.509 certificate. 'The certificates are exchanged between the SKIP parties using a common protocol called Certificate Discovery Protocol (CDP), which is a separate communication protocol. . In addition to encrypted messages, one type of message encrypted using SKIP includes: an encrypted transmission key for one of the messages, and identiHers for the certificate of the source and destination of the data. The recipient of the message uses the identifier of the certificate of the source of the message to indicate the location of the public secret of the source; and uses its secret wheel and the public secret of the source to decrypt the transmitted secret; Decrypt it. SKIP messages are self-authenticating. ‘In a sense, it contains an authentication title that includes a cryptographic digest of the subcontracted information content, and any kind of modification will make the digest incorrect. For details on SKIP, please refer to "Simple Key Management of Internet Protocols (SKIP)" published by Ashar Aziz and Martin Patterson ; Monograph 'This monograph can be found online: February 28, 1998 EJ, the website is http: //www.skip.orgAnet-95.html. Regarding certificate χ · 509-27- This paper size is applicable to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) ------------ ^^ ------- -Order --------- End (please read the unintentional matter on the back before filling out this page) Printed by the Intellectual Property Bureau of the Ministry of Economic Affairs, Consumer Cooperatives, Printed by the Ministry of Economic Affairs, Intellectual Property Bureau, Consumer Consumption Du printed A7 B7________ 5 2. For the details of the description of the invention (25), 'Please refer to the description available on the Internet: September 2, 997, URL: http://www.rnbo.com/PR〇D/rmadill〇/p/pdoc2. htm_. In VPN 201, SKIP is also used by many access filters 203 to identify themselves and other access filters 203 in the VPN; and then to encrypt TCP / IP conversations where encryption is needed. While they are performing access checks, many access filters 203 can also use certificates against SKIP keys to identify users. In this way, an identification method is particularly trustworthy and therefore has a fairly high level of trust. One of the uses of this method of identification by ancestral books is: a trusted identification method for "roamers" 2 1 7. X.509 certificates can be used for user identification because they: The key information is related to the information about the user. The access filter 203 uses the following information fields from the certificate: • Expiry date: 'Certificate is invalid after this date. The right public half-pair key, as used in SKIP-based cryptography used by Conclave. • Certificate Authority signature: with the authority that issued the certificate There are related distinguished names. • Certificate serial number. • Subject name: The name of the entity to which the certificate was issued. The subject name includes the following sub-fields (the representative characters in the parentheses are the general abbreviations of the dark place): ): The established name of the subject, for example, John q. Public c -28- This paper size applies the Chinese National Standard (CNS) A4 specification (210 χ 297 male t) &lt; 1 ----- ------ i ^ -------- Order --------- ^ f Jing first read the notes on the back before filling in this page) d6 48 1 2 A7 B7 V. Description of the invention (26) • Country (c): The country where the subject is located. The country code is a two-letter code specified in the specification X.509. (Please read the precautions on the back before filling this page) ♦ Location (L): The location of the subject. This field is usually the city where the subject is located, but any location-related data may be used. • Organization (〇): The group to which the subject belongs. This field is usually The name of the organization. • Organizational unit (0U): The organizational unit of the subject. This field is usually the gateway to the subject. For example, 'Business Department'. X.509 certificate allows up to four columns in these fields The certificate authority used with many access filters 203 will issue certificates with all of these fields. And, four 0 U fields may be used to define additional classifications. Used in the certificate to describe The user information is available to the administrator of the database 301 to use it when defining user groups. The information in the book correctly reflects the organizational structure of the enterprise; the certificate will be indifferent to users, and will show that the user is suitable for the organization of the enterprise; to the extent that the users in the database 301 Groups will reflect: organizational structure, user groups to which users belong. Printed by the Intellectual Property Bureau of the Ministry of Economic Affairs, Consumer Cooperative, as will be explained in more detail later, which may define one of the members of many user groups The method is: by, "certificate matching criteria", which defines the number of fields that a certificate belonging to a member of a given user group must have. Certificate matching criteria may not be based on as many or as many of the above mentioned bits as required. For example, the certificate matching criteria for the engineering user group may be: the organizational field and the organizational unit field that specifies the engineering organization. Other information for identifying users is also available. -29- No ^ The paper size is applicable to China National Standard (CNS) A4 specification (21 × X 297 mm) A7 B7 5. Invention description (27) Can be used to define many uses A member of the group. Information Sets Information sets hold information about many individual information resources. A resource may be as small as a WWW (World Wide Web) page or newsgroup ', but it is most often made up of: the Web directory tree and its contents' FTP account' or main Usenet (news network) news category. In one of the many servers in Figure 2, two information sets are shown: 219 (j) and (k). Although the administrator of the access control database 3101 should decide exactly what information is included in an information set; however, the information in a given set is usually: both the subject and the intended audience (audience) Related information. Examples of information sets for companies might be: HR policies, HR Personnel Records, and Public Information. Access decision 307 Conceptually, access decision 307 consists of a simple statement in the following format: Engineers allowed access to engineers

Internet allowed access to 網際網路 被容許存取 public web site 公用網路 首欄載明使用者群组:末欄載明資訊集。中間那欄則是 存取決策-容許或拒絕。 資料庫301允許使用者群组和資訊集的分層定義 (hierarchical definition)。譬如説,可能將工程師使用者群 組定義成包括:硬體工程師使用者群組,軟體工程師使用 -30- 本紙張又度適用中國國家標準(CNS)A4規格(21〇χ 297公釐) (請先閲讀背面之注意事項再填寫本頁) 裝--------訂---------^ 經濟部智慧財產局員工消費合作社印製 經濟部智慧財產局員工消費合作社印製 4 6 4 8 1 2 A7 ___ B7 五、發明說明(28 ) 者群組,以及銷售工程師使用者群組。同樣地,可能將工 程資料資訊集定義成包括:硬體工裎資料資訊集, 2體工 程資料資訊集,以及銷售工程資料資訊集。在使用者群組 之層次内,由繼承而獲得存取權利。於是 &amp; 六 &lt; ’馬ί存取核 對’屬於硬體工程師使用者群組之一使用者也會自動地屬 於工程師使用者群組。在資訊集之層次内,同樣地由繼承 而獲得存取權利。爲了存取核對,屬於硬體工程資料資訊集 之—資訊資源也會自動地屬於工程資料資訊集。於是,若 有一項賦予工程師存取工程資料的存取決策,則成爲组成 工程師的三個使用者群組其中之一使用者群組之—成員的 任何使用者都可能存取:屬於組成工程資料的三個資說集 其中任何資訊集的任何資訊資源。在使用者群組和資訊集之 定義中使用繼承權(inheritance)會大大地減少在存取控制資 料庫301中所需的存取決策3〇7之數目。例如,在上述實例 中,單一存取決策就賦予所有的工程師存取所有的工程資 料。繼承權也會使得:實際上依據容許存取操作來定義所 有的存取決策是有可能的。繼續上述實例,若有—個不屬 於工程師&quot;的推銷員11 (Salespeople)使用者群組,但有一 項賦予該使用者群組存取銷售工程資料的存取決策;則成 爲&quot;推銷員&quot;之一成員的使用者將能夠存取銷售工程資料, 但不是软體工程資料或硬體工程資料。 當然’一位使用者可能屬於一個以上的使用者群組,而 一項資訊資源則可能屬於一個以上的資訊集。也可能會有針 對使用者所屬之各種使用者群組以及資訊資源所屬之各種資訊 -31 - 本紙張尺度適用中固國家標準(CNS)A4規格(210 X 297公楚) -----------Λ --------訂---------盛 (請先閱讀背面之注意事項再填寫本頁) A7 B7____ 五、發明說明(29 ) (請先閱讀背面之注意事項再填寫本頁) 集的不同存取決策。當面對既適用於使用者又適用於使用者正 試圖存取之資訊資源的多重存取決策時,存取過滤器乏〇3會以 一種限制性,而非允許性方式來應用決策: • 若多重決策容許或拒絕一使用者群組存取一資訊集, 則拒絕存取操作的決策佔優勢。 • 若一特定使用者是多重使用者群组之一成員,並且, 多重決策容許或拒絕存取資訊集;則拒絕存取操作的 決策佔優勢。 一使用者屬於何種使用者群組可能會根據用來識別使用 者的識別模式而改變。於是,若根據到當時爲止使用者已 經k供給存取過遽益2 0 3之識別模式,並沒有存取決策適 用於使用者所屬之諸使用者群组;則存取過遽器2〇3可能 嘗識獲得附加識別資訊’並決定:附加識別資訊是否將使 用者安置在有一項關於資源的決策所針對之一使用者群組 中。存取過濾器203可能獲得附加識別資訊,如果: •使用者已經士裝使用者識別客户軟體(User Identification Client ’簡稱UIC)(—種會在使用者機器上執 行並將關於使用者的識別資訊提供给存取過爐器2〇3的軟 體” 經濟部智慧財產局員工消費合作社印製 • UIC目前正在使用者機器上執行。 •使用者已經使得他的UIC彈出(p〇p-up),以供進一步鏗 定之用(使用者具有一種致能這項特點的圈選框(check box) ° 若所有這些要求都成立’則存取過濾器2〇3將會迫使使 -32- 本紙張尺度適用中國國家楳準(CNSM4規格(210 X 297公釐) A7 B7 經濟部智慧財產局員工消費合作社印製 五、發明說明(30 ) 用者之UIC彈出’並請求另外的識別資訊。將使用者供廣 的任何識別資訊加以儲存。在每個新的使用者識別資訊片 段之後,存取過濾器203會執行相同的評估處理過程:直 到獲彳寸將使用者安置在有一項允許或拒絕存取操作決策所 針對之一使用者群组中的識別資訊爲止;或者,直到使用 者放棄其請求爲止,將UIC視窗彈出。 管理決策305 管理決策3 05會落實(implement)在VPN 201之存取控制系 統中的諸多物件之管理。包括在物件中的有:使用者群 組,資訊集,存取決策,以及此處所稱的可用資源 (available resourCes);那就是:服務,伺服器,存取過濾 器,以及組成VPN 201的網路硬體。物件是被一個或更多 管理使用者群組所管理。管理一既定物件的管理使用者群 组之一成員可能會修改該物件以及它與其它物件的關係, 並可能會制定針對該物件的管理決策。就像稍後將要更加 詳細説明的那樣,管理物件的管理使用者群組之一成員可 能會制定針對該物件的管理決策之事實會使得:該成員委 託物件官理權是可能的。譬如説,管理”硬體工程師&quot;使用 者群組的管理使用者群组之一成員可能會制定:_項將”硬 體工程師管理權賦予&quot;硬體工程管理員&quot;使用者群组的管 理決策,藉以將”硬體工程師&quot;管理權委託給,t硬體工程管 理員&quot;。應該注意的是:管理資訊集的權利是與制定針對 資訊集之存取決策的權利分開的。一使用者群組有權制定 關於資訊集的存取決策之事實,並不會賦予使用者群组制 (靖先閱讀背面之注意事項再填寫本頁) --------訂 *------1_'&quot; 木紙張尺度適用中國國家標準 -33- 經濟部智慧財產局員工消費合作社印製 A7 五、發明說明(31 疋針對資矾集之管理決策的權利;反之亦然。當一存取過 ;慮器203首先被建立時,單一内建安全官員(咖旧办。脑⑷ 使用者群组就具有:管轄所有在VpN 2〇1中的物件以及管 轄決策制定者決策3〇6的管理權限。 隨著管理決策的繼承權 繼承權隨著音理決策而運作,才目同方法則&amp; :繼承權隨 著存取決策而運作。將諸多使用者群組,資訊集,以及管 理決策所心的可用資源加以分層組織。在使用者群組内, 都疋一既定使用者群組的子集合的使用者群組:都在來自 該既定使用者群組的諸多使用者群组之層次(hierarchy)中 向下的下一層級處。關於資訊集的情形相同。用與關於存 取決策相同的方式,將繼承權應用在層次内。於是,在使 用者群组層次内,管轄(contr〇1) 一使用者群组之一管理使 用者也會管轄所有的附屬者(subsidiary),包含一些使用者 群組在内。同樣地,關於資訊集層次,管轄資訊集之一管 理使用者也會管轄所有的附屬者,包含一資訊集在内;而 管轄針對一資訊集的管理決策之一管理使用者也會管轄针 對所有已包含資訊集的存取決策。 還有一種可用資源的自然層次。譬如説,層次中之一層 級是:位置。在一既定位置内,在該位置處的諸多伺服器 形成向下的下一層級;而在一词服器内,由伺服器所提供 的諸多服務則形成下一層級。具有可用資源樹之任何層級 之管轄權的管理使用者群组也會管轄所用的較低層級。壁 如説,管理決策將存取過濾器203之管轄權賦予的(諸多&amp;) -34 t紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐〉 -----------ΐ 裝--------訂---------線 (請先閱讀背面之注意事項再填寫本頁) Λ64Β 1 2 A7 B7 五、發明說明(32 ) 官理員具有針對:在在網站下之所有伺服器,在那些伺服 器上執行之所有服務,以及由那些服務所支援之所有資源 的管理權利。 委託權限:圖2 5 在VPN 201中,委託權限是挺容易的,因爲:管理物件 之管理使用者群組的成員都可能修改該物件,並且制定針 對它的管理決策。譬如説,若一管理使用者群組管理一資 訊集;則它能夠將資訊集分成兩個子集合,並且制定—些 新的管理決策,該決策賦予兩個其它使用者群組中的每個 使用者群組管轄兩個子集合中的一個子集合之管理權限。 圖2 5顯示委託權限之一擴充實例。在圖2 5中,使用者群 组和其它物件都以圓圈表示;決策制定者決策則以方塊表 示;而決策關係則以不同種類的箭頭表示:實線箭頭代表 官理决成,點線请頭代表決朿制者決策,而虛線箭頭則代 表存取決策。標示2501之附圖的一部份顯示當正在建立存 取過濾器203時的情形:内建,'安全官員,,使用者群组25〇3 具有管轄所有内建物件2505和管轄決策制定者決策25〇7之 管理權限。”安全官員&quot;使用者群組25〇3的成員都會使用他 們的管理權限,以便:組成物件2505之子集合,重新安排 物件層次,以及建立決策制定者決策2507。 在標示2508之圖2 5的部份中,可看出:&quot;安全官員,,使用 者群组2503之活動的一個活動結果。”安全官員,,使用者群 组2503之一成員已經建立:一&quot;工程管理員·ι管理使用者群 組2509,一”工程師&quot;使用者群组25 11,以及—”工程資料,, -35- ^紙張尺度適用中國國家標準&lt;CNS)A4規格&lt;210 X 297公釐) &lt;請先閱讀背面之注意事項再填寫本頁) I ------訂 ---------域 經濟部智慧財產局具工消費合作社印製 經濟部智慧財產局員工消費合作社印製 A7 B7 ----一 五、發明說明(33 ) 資訊集2513 ;並且已經賦予”工程管理員&quot;管轄,,工程師&quot; ”工程資料的管理權限。”安全官員&quot;之成員也已經建立決 策制定者決策2507,使得:&quot;工程管理員”有權制定針對^工 程資料”之存取決策,如點線箭頭25 10所示。&quot;工程管理員 ’·之一成員已經使用該權利來制定:允許工程師25丨〖之成 員存取在&quot;工程資料&quot;2513中之資訊的存取決策,如虚線箭 頭25 12所示。於是,,•安全官員&quot;之成員已經將管轄工程師 25 11,工程資料25 1 3,以及管轄存取工程資料的管理權限 委託給工程管理員2509。 當然’安全官員2503仍然具有管轄工程管理員25〇9的管 理權限;因而能夠使用該權限’以供進—步委託權限之 用。將一實例顯示在25 17處。&quot;安全官員&quot;25〇3之一成員已 經將”工程管理員”分成兩個子集合:”工程人員管理員&quot; (Engineering Personnel Administrators,簡稱 EPA)2519和•'工 程資料管理員&quot;(Engineerng Data Administrators,簡稱 ED A)2 521。這些子集合之成員都是從工程管理員2509中繼 承而得管轄&quot;工程師” 2511和”工程資料” 25 13的管理權利。 EPA 2519和EDA 2521的成員會使用這些管理權利來將管轉 ”工程師&quot;25 11的管理權限委託給”工程人員管理員&quot;wig, 並將管轄”工程資料,,2513的管理權限委託給11工程資料警 理員” 252卜EPA 2519和EDA 2521的成員已經進一步使用他 們的權利來制定針對”工程資料&quot;25丨3的存取決策以改變存 取決策’使得:針對&quot;工程資料”的存取決策是由”工程瞽 理員&quot;2521所制定的,如點線箭頭2523所示,而不是由”工 -36- 本紙張尺度適用中國國家標準(CNS)A4規格(210x 297公釐) -----------f Μ--------訂---------象 &lt;請先閱讀背面之注意事項再填寫本頁)Internet allowed access to the Internet public web site Public network site The first column contains the user group: the last column contains the information set. The middle column is access decision-allow or deny. The database 301 allows a hierarchical definition of user groups and information sets. For example, the engineer user group may be defined as: hardware engineer user group, software engineer use -30- This paper is again applicable to China National Standard (CNS) A4 specification (21〇χ 297 mm) ( (Please read the notes on the back before filling out this page.) Packing -------- Order --------- ^ Printed by the Consumers' Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs Printing 4 6 4 8 1 2 A7 ___ B7 V. Inventor group (28), and sales engineer user group. Similarly, engineering data information sets may be defined to include: hardware engineering data information sets, two-body engineering data information sets, and sales engineering data information sets. Within the hierarchy of user groups, access is granted by inheritance. So & VI &lt; ‘马 ίAccess Check’ A user who belongs to one of the hardware engineer user groups will also automatically belong to the engineer user group. At the level of the information set, access is also obtained by inheritance. For access verification, it belongs to the hardware engineering data information set—the information resource also automatically belongs to the engineering data information set. Therefore, if there is an access decision that gives the engineer access to engineering data, any user who is a member of one of the three user groups that make up the engineer may access: belonging to the constituent engineering data Any of the three resources in any of the information resources. The use of inheritance in the definition of user groups and information sets will greatly reduce the number of access decisions 307 required in the access control database 301. For example, in the above example, a single access decision gives all engineers access to all engineering data. Inheritance rights also make it possible to define all access decisions in terms of allowed access operations. Continuing the above example, if there is a user group of Salespeople 11 (Salespeople) that does not belong to Engineers, but there is an access decision that gives the user group access to sales engineering data, then it becomes a "Salesman" Users of one of the members will be able to access sales engineering data, but not software engineering data or hardware engineering data. Of course, a user may belong to more than one user group, and an information resource may belong to more than one information set. There may also be information for the various user groups to which the user belongs and the information to which the information resource belongs. -31-This paper size applies to the China National Standard (CNS) A4 specification (210 X 297). ----- Λ -------- Order --------- Sheng (Please read the notes on the back before filling this page) A7 B7____ V. Description of the invention (29) (Please first Read the notes on the back and fill out this page) for different access decisions. When faced with multiple access decisions that apply to both the user and the information resource that the user is trying to access, access filters lack the ability to apply decisions in a restrictive rather than permissive way: • If multiple decisions allow or deny a user group access to an information set, then the decision to deny access operations has the advantage. • If a particular user is a member of a multi-user group and multiple decisions allow or deny access to the information set; the decision to deny access operations prevails. The user group to which a user belongs may change depending on the recognition pattern used to identify the user. Therefore, if according to the recognition pattern that the user has provided access to benefits 203 until then, no access decision is applicable to the user groups to which the user belongs; then the access device 203 May try to get additional identifying information 'and decide whether the additional identifying information places the user in one of the user groups for which there is a decision about the resource. The access filter 203 may obtain additional identification information if: • The user has installed the User Identification Client 'UIC' (a type that will be executed on the user's machine and will identify the user) Software provided for access to the furnace 203 "Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs • UIC is currently running on the user's machine. • The user has caused his UIC to pop up (p0p-up), For further definition (the user has a check box that enables this feature ° If all these requirements are true, then the access filter 203 will force the -32- Applicable to China National Standards (CNSM4 specification (210 X 297 mm) A7 B7 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs V. Invention Description (30) The UIC of the user pops up and requests additional identification information. The user Any identification information for the public is stored. After each new piece of user identification information, the access filter 203 performs the same evaluation process: The user places the identification information in one of the user groups for which the operation decision is allowed or denied; or, until the user abandons his request, the UIC window pops up. Management Decision 305 Management Decision 3 05 will be implemented (Implement) Management of many objects in the access control system of VPN 201. Included in the objects are: user groups, information sets, access decisions, and available resources (available resourCes); That is: services, servers, access filters, and the network hardware that makes up VPN 201. Objects are managed by one or more administrative user groups. A member of the administrative user group that manages a given object The object and its relationship with other objects may be modified, and management decisions may be made for the object. As will be explained in more detail later, a member of the administrative user group who manages objects may develop The fact that the management decision of the object makes it possible for the member to delegate the authority of the object. For example, the management "hardware engineer" ; Management of user groups One of the members of a user group may formulate: _ item gives "hardware engineer management rights" to &quot; hardware manager &quot; Engineers are entrusted with management rights, and hardware engineering administrators. It should be noted that the right to manage information sets is separate from the right to make access decisions to information sets. A user group has the right to make The fact that the access decision of the information set is not granted to the user group system (Jing first read the notes on the back before filling this page) -------- Order * ------ 1_ ' &quot; Wood paper standards are applicable to Chinese National Standards-33- Printed by A7 of the Intellectual Property Bureau of the Ministry of Economic Affairs' Consumer Cooperatives. A7. V. Invention Description (31 的 Right to make management decisions on asset collection; vice versa. When the accessor 203 is first established, a single built-in security officer (the old office). The user group has: the jurisdiction of all objects in VpN 2 01 and the decision maker decision 3 〇6 management rights. With the inheritance rights of management decisions, inheritance rights operate with audio decisions, the same method &: inheritance rights with access decisions. Many user groups, information sets, and management decisions The available resources are organized hierarchically. Within a user group, there is a user group that is a subset of a given user group: all of the user groups are from among the many user groups from the given user group The next level down in the hierarchy. The same is true for the information set. The inheritance is applied to the hierarchy in the same way as for access decisions. Therefore, within the user group level, jurisdiction (contr) 〇1) An administrative user of a user group will also govern all subsidiary, including some user groups. Similarly, regarding the level of the information set, the management of the information set Administrative users also govern all subordinates, including an information set; and one of the management decisions for an information set. Administrative users also govern access decisions for all included information sets. The natural level of available resources. For example, one level in the level is: location. Within a given location, many servers at that location form the next level down; while in a server, the server Many services provided by the server form the next level. Groups of administrative users with jurisdiction at any level of the available resource tree will also govern the lower levels used. For example, management decisions will access filter 203. Jurisdiction (many &) -34 t paper size applies Chinese National Standard (CNS) A4 specification (210 X 297 mm) --------------------------------- -Order --------- line (please read the notes on the back before filling this page) Λ64B 1 2 A7 B7 V. Description of the invention (32) The official manager has the aim to: all servos under the website Server, all services running on those servers, and those services Management rights for all resources supported. Delegation authority: Figure 2 5 In VPN 201, delegation authority is very easy, because: members of the management user group of the management object may modify the object and develop management for it Decisions. For example, if an administrative user group manages an information set, it can divide the information set into two sub-sets and make some new management decisions, which are given to two other user groups. Each user group governs the management rights of one of the two sub-sets. Figure 25 shows an extended example of one of the delegated rights. In Figure 25, user groups and other objects are represented by circles; decisions The decision-maker's decision is represented by a square; the decision relationship is represented by different types of arrows: solid arrows represent official decisions, dotted lines indicate head decisions, and dashed arrows represent access decisions. Part of the drawing labeled 2501 shows what happens when the access filter 203 is being built: built-in, 'security officer, user group 2503 has jurisdiction over all built-in objects 2505 and jurisdiction decision maker decisions 2507 management rights. "The members of the security officer" user group 2503 will use their administrative rights to: form a sub-collection of objects 2505, rearrange object hierarchies, and establish decision makers' decisions 2507. Figure 2 5 at 2508 In the section, it can be seen: "Security officer, a result of the activity of user group 2503." Security officer, one of the members of user group 2503 has been established:-"Project manager · ι Management user group 2509, an "engineer" user group 25 11, and — "engineering data, -35- ^ paper size applies to Chinese national standards &lt; CNS) A4 specifications &lt; 210 X 297 mm) &lt; Please read the notes on the back before filling out this page) I ------ Order --------- Specialized Consumer Consumption Cooperative of Intellectual Property Bureau of the Ministry of Economic Affairs Printed Employee Consumption of Intellectual Property Bureau of Ministry of Economic Affairs Cooperatives printed A7 B7 ---- one, five, invention description (33) information set 2513; and has been given "project manager", "engineer," "engineer" management authority for engineering data. The members of the "security officer" have also established a decision maker decision 2507, giving: "The project manager" has the right to make access decisions for the project data, as shown by the dotted line arrow 25 10. "Project management One of the members has used this right to formulate: the decision to allow members of the engineer 25 丨 to access the information in &quot; engineering data &quot; 2513, as shown by the dashed arrow 25 12. Therefore, • The members of the security officer &quot; have delegated the management engineer 25 11, engineering data 25 1 3, and the management authority to access the engineering data to the project manager 2509. Of course, the 'security officer 2503 still has the project manager 2509' Management authority; therefore, this authority can be used for further delegation of authority. An instance is shown at 25 to 17. One of the members of "Security Officer" 2503 has divided the "Project Manager" into two Sub-collections: "Engineering Personnel Administrators" (Engineering Personnel Administrators, EPA) 2519 and "Engineering Data Administrators" Acronym ED A) 2 521. The members of these sub-collections are inherited from the project manager 2509 and have the management rights of "engineers" 2511 and "engineering materials" 25 13. Members of EPA 2519 and EDA 2521 use these management rights to transfer management " The management authority of the engineer "25 11 was entrusted to the" engineer manager "wig, and will have jurisdiction over" engineering materials, and the management authority of 2513 was entrusted to the 11 engineering data police officers "252 members of EPA 2519 and EDA 2521 have been Further use their rights to make access decisions for "engineering data" 25 丨 3 to change access decisions "so that: access decisions for" engineering data "are made by" engineering engineers "2521 , As shown by the dotted line arrow 2523, rather than by "工 -36-" This paper size applies the Chinese National Standard (CNS) A4 specification (210x 297 mm) ----------- f Μ- ------- Order --------- Like &lt; Please read the notes on the back before filling this page)

、發明說明(34 經濟部智慧財產局員工消費合作社印製 =理員,,⑽所制定的,藉以將該嚷功能委託 枓管理員”2521。 - 貧 :在^程人員管理員和工程資料管理員之成貝能夠使 “們官轄工牙王師,工程資料,以及針對工程資料存取決 :的官理椎利來細加區分(refine)針對工程資料之存取操 全。譬如説’&quot;工程人員管理員&quot;之一成員可能將&quot;工程師&quot; 满分成:&quot;軟體工程師&quot;和&quot;硬體工程師,,;而&quot;工程資料管 j員&quot;之一成員則可能將,,工程資料&quot;細分成:&quot;硬體工程資 枓”和”軟體工程資料” ^這樣做,”工程資料管理員,,之一 成員就可能會以賦予”軟體工程師”存取&quot;軟體工程資料&quot;和 賦予,,硬體工程師&quot;存取硬體工程資料&quot;的存取決策來替換 賦予Η工程師”存取”工程資料”的存取決策。 簡要而&amp;,可説是:具有管轄一使用者群组的諸多管理 員皆對正確地定義在使用者群组中之成員資格(membership) 負有貴任;他們可能將此貴任的任何部份委託給其它管理 員。同樣地,具有管轄一資訊集的諸多管理員皆對正確地 將資訊資源包括在資訊集内負有貴任;他們可能將此貴任 的任何部份委託給其它管理員。後者的管理員當然也必須 是針對某種可用資源的管理員,從該資源中可能獲得:正 在被增加到資訊集的資訊。可用資源之管理員皆對整體網 路和安全性操作負有責任。同樣地,他們可能委託他們的 責任。最後,決策制定者管理員都會掌握管轄存取資訊的 最後管轄權。他們可能獨自建立與特定資訊集有關的存取 決策。從某種意義説來,決策制定者決定釺對企業的整體 -37- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) -----------ί^--------訂--------|级 (請先閱讀背面之注意事項再填寫本頁) 48飞 c. A7 B7 負Λ集,以及可用資源 五、發明說明(35 ) 資訊共享決策。針對使用者群組 的管理員然後會決定建構細節。 使用諸多存取過遽器2〇3和資料庫3〇1的存取控制:圖* 如圖2中所示,存取過濾器203在VPN 201中有一位置, 將b安置在使用者正在從其中請求存取資訊資源的客户機 與資訊資源存在其上的词服器之間。於是,藉由在一使用 者與能夠提供使用者存取資訊資源的—項在祠服器上的服 務 &lt; 間的通信中居間調停(interceding),存取過遽器加能 夠控制由使用者存取資源。肖了使使用者獲得存取資訊資 源,在使用者與服務之間必須建立對話。在目前上下文 中,將術語”對話”加以廣義地定義,以便包括一些正派 (抑ΙΙ-behaved)無連接通信協定(c〇nnecti〇nless pr〇t〇e〇is)。 當存取過濾器203發覺使用者嘗試初啓—項具有服務的對 話時,它會決定存取操作是否應該被允許。這麼做是根 據:使用者的已知身份;資訊正在被存取的資訊資源;資 訊的靈敏度等級;以及使用者識別方法,使用者與服務之 間路徑’及所使用之任何加密技術的信賴等級。 圖4顯示:一項對話如何能夠涉及一個以上的存取過濾 器203。顯示於圖4中的對話402涉及在圖中編號爲4〇3 (1,.‘.5)的五個存取過濾器203。存取過濾器2〇3皆被設計而 使ί于:只需要在諸多存取過遽器203中的一個存取過滤器 中,制定是否准許使用者存取資訊資源的決策。諸多存取 過濾器203的這種特點之關鍵是:它們對它們自己彼此鑑 定的能力。SKIP被用來做這件事。每一個存取過減器203 -38- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) -----------^ --------.訂---------德 (請先閱讀背面之注意事項再填寫本頁) 經濟部智慧財產局員工消費合作社印製 Α7 Β7 五、發明說明(36 ) 都有:使存取過濾器203之密鑰與存取過濾器之名稱相結 合’並且由VPN的證書當局所簽署的一種χ.5〇9號證書。在 資料庫301中’每個存取過濾器都具有:在vPN 201中的所 有其它存取過濾器的名稱和I p位址;並且,一項使用Skip 來加密的對話一到達’每個存取過濾器就使用來自在SKIP 之討論中如上所述之證書的&quot;主體名稱”(Subject Name)來決 定:使用SKIP加密的(SKIP-encrypted)網路通信量是否來自 在VPN 20 I中的另一個存取過濾器2〇3。 若存取過濾器接收中的對話並不是對話的目標(那就 是’存取過濾器只是執行像沿著路徑之一〖p路由器那樣的 功能而已)’則存取過濾器只會從資料庫3〇丨中加以驗證 (verify);目標IP位址就是在VpN 2〇1中的某個其它存取過 濾器203的I P位址。如果就是這種情形,就容許對話通過 而不必附加核對。當請求來到最後存取過濾器2〇3時,最 後存取過濾器203就使用SKIP對該請求加以解密,以便證 實:該請求的確被第一存取過濾器2〇3所核對,進而證 實:該請求在轉接中未曾被修改。 於是,在圖4中’存取過濾器4〇3 (丨)使用它自己的存取 控制資料庫301之拷貝來決定:發起對話的使用者是否已 經存取針對該對話所載明的資訊資源。若存取過濾器々们㈠) 如此決定;則它會鑑定對話的—些輸出訊息,並且必要時 對它們加以加密,以便達到適當信賴等級。然後,諸如存 取過爐器4〇3(2,··.,5)會允許對話繼續進行,此乃因爲該對 話是來自存取過濾器403(1)並已經利用SKIp加密;進而既 -39- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) &lt;請先閱讀背面之注意事項再填寫本頁) 丄 ^--------訂---------嫜 經濟部智慧財產局員工消費合作社印製 464812 A7、 Invention note (34 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs = Administrator, which is formulated by the agency to delegate this function to the administrator ”2521.-Poor: in-process personnel administrator and engineering data management Cheng Zhibei can make "the governor of the King of Tooth, engineering data, and access to engineering data: the official management to fine-tune (refine) access to engineering data. For example, ' One of the members of the "Engineer Manager" may score the "Engineer" as "Software Engineer" and "Hardware Engineer," and one member of the "Engineering Data Manager" It is possible to subdivide the engineering data into: "hardware engineering resources" and "software engineering data" ^ In doing so, the "engineering data manager", a member may give access to "software engineers" &quot; Software engineering data &quot; and grant, hardware engineers &quot; access hardware engineering data &quot; access decision to replace the access decision which gives the engineer &quot; access &quot; engineering data &quot; briefly and &amp;, Can say Yes: Many administrators who have jurisdiction over a user group are responsible for the membership that is correctly defined in the user group; they may delegate any part of this responsibility to other administrators Similarly, many administrators who have jurisdiction over an information set have a responsibility for properly including information resources in the information set; they may delegate any part of this responsibility to other administrators. The latter's administrator Of course, it must be for the administrator of an available resource from which the information may be obtained: the information being added to the information set. The administrator of the available resource is responsible for the overall network and security operations. Similarly, They may delegate their responsibilities. In the end, the decision maker administrators will have the final jurisdiction to govern access to the information. They may independently make access decisions related to a particular set of information. In a sense, the decision maker decides釺 To the enterprise as a whole-37- This paper size applies to China National Standard (CNS) A4 (210 X 297 mm) ----------- ί ^ -------- Order- ------ -| Level (please read the notes on the back before filling this page) 48 fly c. A7 B7 negative Λ set, and available resources V. Description of invention (35) Information sharing decision. The administrator for the user group will then Decide on the construction details. Use a number of access controllers 203 and database 301 access control: Figure * As shown in Figure 2, the access filter 203 has a position in VPN 201, and b is placed in Between the client from which the user is requesting access to the information resource and the server on which the information resource resides. Therefore, by a user and a user who can provide the user with access to the information resource, The service on the service is interceding, and the access controller can control the access to resources by the user. To enable users to access information resources, a dialogue must be established between users and services. In the current context, the term "dialogue" is broadly defined so as to include some decent (beamed) connectionless communication protocols (connectionoless pr0toe). When the access filter 203 detects that the user is attempting to initiate a session with a service, it determines whether the access operation should be allowed. This is done based on: the user's known identity; the information resource on which the information is being accessed; the sensitivity level of the information; and the user identification method, the path between the user and the service 'and the level of trust in any encryption technology used . Figure 4 shows how a conversation can involve more than one access filter 203. The dialog 402 shown in FIG. 4 relates to five access filters 203, numbered 403 (1,. '. 5) in the figure. The access filter 203 is designed so that: only one of the access filters 203 needs to make a decision whether to allow users to access information resources. The key to this feature of many access filters 203 is their ability to authenticate themselves to each other. SKIP is used to do this. Each access deducer 203 -38- This paper size is applicable to China National Standard (CNS) A4 (210 X 297 mm) ----------- ^ -------- . Order --------- German (Please read the notes on the back before filling out this page) Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs Α7 Β7 V. Invention Description (36) Both: make access The key of the filter 203 is combined with the name of the access filter 'and is a type χ.509 certificate signed by the certificate authority of the VPN. In database 301 'Each access filter has: the names and IP addresses of all other access filters in vPN 201; and, once a conversation encrypted using Skip arrives' each access The filter is used to determine the "Subject Name" from the certificate as described in the SKIP discussion: whether to use SKIP-encrypted network traffic from the VPN 20 I Another access filter 203. If the conversation in the access filter reception is not the target of the conversation (that is, the 'access filter just performs a function like one of the routers along the path)' then The access filter will only be verified from the database 3o; the target IP address is the IP address of some other access filter 203 in VpN 201. If this is the case, Allow the conversation to pass without additional check. When the request comes to the last access filter 203, the last access filter 203 uses SKIP to decrypt the request in order to confirm that the request is indeed filtered by the first access Check by device 02 It is confirmed that the request has not been modified during the transfer. Therefore, in FIG. 4, the 'access filter 403 (丨) uses a copy of its own access control database 301 to determine: the user who initiated the conversation Whether the information resources specified for the conversation have been accessed. If the access filter (s) ㈠) so decides, it will identify some of the conversation's output messages and encrypt them if necessary in order to achieve an appropriate level of trust . Then, such as access to the furnace 403 (2, ···, 5) will allow the conversation to continue, because the conversation comes from the access filter 403 (1) and has been encrypted with SKIp; -39- This paper size is in accordance with Chinese National Standard (CNS) A4 (210 X 297 mm) &lt; Please read the notes on the back before filling this page) 丄 ^ -------- Order --- ------ 嫜 Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs 464812 A7

五、發明說明(37 ) 不會使用它們自己的存取柝制 加以Μ— Λ ^ 取拴制貝科庫3〇1之拷貝來對訊,| 加以解…不會對訊息加以核取 4〇3(5)會對訊息加以解密, , 仔取過濾益 比丄士 並澄貫:它們都被加密,因此 白由存取過濾器4〇3(1)所核對. ΑΛ , 1极對,且右訊息都是原封不動 ^則將它們轉遞到包含所需資源的伺服器*在词服 益407與使用者系統4〇 I之間傳谀乏抖 “ u + 〈間傳遞《對話中的諸多訊息都用 ”式處M m利料取過遽器4〇3(5)對它 二加以加密;諸存取料㈣3(2,..,,4)會基於由存取過滤 益403(5)所執行的駭而將它們加以傳遞通過;而存取過 遽器403⑴到基於餵定而將訊息傳遞到系統術,並且必要 時,對該訊息加以解密。 經濟部智慧財產局具工消費合作社印製 這種技術所有效執行的是:爲存取過滅器4〇3⑴與存取 過濾器403(5)之間的對話而開關一隨道4〇5;因爲隨道,所 以只有最接近客户機的存取過濾器4〇3才 密’存取核對,以及重新加密。而且,在諸多内:二;; 在網際網路121中,隧道都是同樣安全的。在—種大型vpN 中,存取過濾器403(1)處在最佳位置中以核對存取操作, 此乃因爲:它有權存取關於發起對話之使用者的最詳細資 訊。執行在第一存取過濾器401處之存取核對的技術會進 一步將存取控制貴任均均分佈遍及VPN ,因而容許vpN按 規模伸縮到任何規模的大小。 端對端加密:圖5 圖4之隨道只是從存取過滤器403( 1)延伸到存取過滤器 403(5)而已;對話之訊息在使用者所使用的系統4〇1與存取 -40 - 本紙張尺度適用中國國家標準(CNS)A4規格(210 * 297公Μ ) 46 48 12 經濟部智慧財產局員工消費合作社印製 A7 B7 五、發明說明(38 ) 過濾器403(1)之間都未加密,又在存取過濾器4〇3(5)與伺服 器407之間都未加密。在極爲靈敏之資訊的情形下,從近 端存取過濾器到經由網路之路徑末端,即:在系統4〇3( 1) 與伺服器407之間,可能需要鑑定和加密。 圖5顯示:怎樣使用一些存取過濾器203來達成此目的。 在VPN内,除了 一些存取過濾器203之外,可能和任何客 户端系統401或503,或任何伺服器系統407使用鑑定和加密 技術。當一客户端電腦利用加密技術時,它會使用SKIP來 鑑定對話,並使用一種在客户端電腦與一被選擇存取過濾 器203之間所共享的共享機密(shared secret),對該對話加 以加密,然後會將已加密訊息發送到被選擇存取過濾器 203 ;藉以有效地闢建客户端與被選擇存取過濾器203之間 的隧道,進而使被選擇存取過濾器203和第一存取過濾器 203可作存取核對之用。在第一存取過濾器203處,對訊息 加以解密並執行存取核對。由於SKIP使使用者之證書和已 加密訊息可供利用,故而使用者之已鑑定身份能夠被用於 存取核對。若存取操作被允許:則對訊息再加密一次,並 發送到最接近伺服器407的存取過濾器403(5),它會對該訊 息加以解密。若資料庫301包含一種針對伺服器407的SKIP 名稱和加密演算法(algorithms);則必要時,存取過遽器 403(5)檢索針對伺服器407的證書,並使用SKIP,以便必要 時爲伺服器407而對該對話重新加密。在其它情況,存取 過濾器403(5)只是以明碼方式(in the clear)將訊息發送到伺 服器407。若爲伺服器407而對訊息重新加密,則伺服器 -41 - 本纸張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) -----------‘ *裳*-------訂---------痒. (讀先閱讀背面之注意濘項再填寫本Ϊ B7 五、發明說明(39 ) 407最後會接收已加密訊息並對它加以解密。位居第一存 取過濾器203與最後存取過濾器203中間的一些存取過濾器 203,都只是注意到該訊息是來自另一存取過濾器並利用 SKIP加密,以及將該訊息傳遞而已,如上所述。當伺服器 407檢索資訊資源時,它不是以明碼方式將它發送到存取 過濾器403(5),就是利用針對存取過濾器403(5)的密鑰而對 包含資源的訊息加以加密。然後,依相反順序,成對地執 行上述的解密和加密處理過程:從祠服器407到存取過遽 器403(5);從存取過濾器403(5)到存取過濾器403(1);以及 最後從存取過濾器403(1)到原始客户端系統401,它會對訊 息加以解密。 經濟部智慧財產局員工消費合作社印製V. Explanation of the invention (37) They will not use their own access control system to perform M- Λ ^ to take a copy of the linked Bekoku 301 for interrogation, | 3 (5) will decrypt the message, and then filter the ebibi and make it clear: they are all encrypted, so white is checked by the access filter 403 (1). ΑΛ, 1 pole pair, and The right messages are left intact ^ then they are forwarded to the server containing the required resources * between the word service benefit 407 and the user system 40I, there is a lack of trembling "u +« pass many The message is encrypted by the Mm data processor through the server 403 (5), and the second one is encrypted; the accessors 3 (2, .. ,, 4) are filtered based on the access filter 403 (5 ) To pass them through; and the accessor 403 to pass the message to the system based on the feed, and if necessary, decrypt the message. The Intellectual Property Bureau of the Ministry of Economic Affairs and the Industrial Cooperatives Co., Ltd. printed this technology and effectively implemented it: for the dialogue between the access killer 403⑴ and the access filter 403 (5) Because it follows, only the access filter 403 closest to the client is used for 'access checking' and re-encryption. And, among many: two ;; in Internet 121, tunnels are all equally secure. In this large vpN, the access filter 403 (1) is in the best position to check the access operation because it has access to the most detailed information about the user who initiated the conversation. The technology of access check performed at the first access filter 401 will further distribute access control throughout the VPN, thus allowing vpN to scale to any size. End-to-end encryption: Figures 5 and 4 are only extended from the access filter 403 (1) to the access filter 403 (5); the information of the dialogue is used in the system 401 and access used by the user. -40-This paper size is in accordance with China National Standard (CNS) A4 (210 * 297 gM) 46 48 12 Printed by the Consumers ’Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 B7 V. Description of the invention (38) Filter 403 (1) There is no encryption between them, and there is no encryption between the access filter 403 (5) and the server 407. In the case of extremely sensitive information, authentication and encryption may be required from the near-end access filter to the end of the path through the network, ie between the system 403 (1) and the server 407. Figure 5 shows how to use some access filters 203 to achieve this. Within the VPN, with the exception of some access filters 203, authentication and encryption technology may be used with any client system 401 or 503, or any server system 407. When a client computer utilizes encryption technology, it uses SKIP to authenticate the conversation and uses a shared secret shared between the client computer and a selected access filter 203 to encrypt the conversation. Encrypt, and then send the encrypted message to the selected access filter 203; thereby effectively establishing a tunnel between the client and the selected access filter 203, so that the selected access filter 203 and the first storage The fetch filter 203 can be used for access checking. At the first access filter 203, the message is decrypted and an access check is performed. Since SKIP makes the user's certificate and encrypted information available, the user's authenticated identity can be used for access verification. If the access operation is allowed: the message is encrypted again and sent to the access filter 403 (5) closest to the server 407, which decrypts the message. If the database 301 contains a SKIP name and algorithm for the server 407; if necessary, the access server 403 (5) retrieves the certificate for the server 407, and uses SKIP, if necessary, for The server 407 re-encrypts the conversation. In other cases, the access filter 403 (5) simply sends the message to the server 407 in the clear. If the message is re-encrypted for server 407, then server-41-This paper size applies Chinese National Standard (CNS) A4 specification (210 X 297 mm) ----------- '* ** -------- Order --------- itch. (Read the note on the back first and then fill out this note. B7 V. Invention Description (39) 407 Finally, the encrypted message will be received and Decrypt it. Some access filters 203 between the first access filter 203 and the last access filter 203 just notice that the message came from another access filter and was encrypted with SKIP, and Only pass the message, as described above. When the server 407 retrieves the information resource, it either sends it to the access filter 403 (5) in clear or uses the secret to the access filter 403 (5). Key to encrypt the message containing the resource. Then, in the reverse order, perform the above decryption and encryption processes in pairs: from the server 407 to the access server 403 (5); from the access filter 403 (5) to the access filter 403 (1); and finally from the access filter 403 (1) to the original client system 401, it adds the message Dense Economic Affairs Intellectual Property Office employees consumer cooperatives printed

這種技術的效應是:在客户機與伺服器之間的路徑上構 築隧道,該隧道從在最接近客户機之路徑上的存取過濾器 203延伸到在最接近伺服器之路徑上的存取過濾器2〇3。若 客户機能夠加密和解密,則隧道能夠從最接近客户機的存 取過濾器延伸到客户機;且若伺服器能夠加密和解密,則 隧道同樣地能夠從最接近伺服器的存取過濾器延伸到伺服 器。一旦在路徑中的第一存取過濾器2〇3已經被觸及,並 已經鑑定對話;就不需要進一步加密或解密,直到最接近 飼服器的存取過濾器203已經被觸及爲止。而且,在每個 存取過濾器203中的存取控制資料庫301都會包含針對:客 户機’伺服器,以及在路由中的諸多存取過濾器2〇3之所 有必要的識別和認證(certificati〇n)資訊。剛才描述的端對 如加资技術之一優點是:與其集中注意力於用來連接VPN -42- 本紙張尺度適用中國國家標準(CNS)A4規格⑽χ 297公爱) 464812 A7 _- _ B7 五、發明說明(4〇 ) 到網際網路的諸多存取過濾器,不如將加密負擔分佈遍及 網路,藉以增強規模可伸縮性。 ’ 圖5顯示:該技術如何隨著對話5〇丨而運作,該對話隨著 度遊者而發起,那就是:客户機5〇3連接到vpN是經由網際 網路121。漫遊者503配備有SKIP,就像在一内部網路上的 目標伺服器407那樣。當SKIP被配置在漫遊者中時,就將 針對存取過濾器403(3)的證書賦予漫遊者,並將針對漫遊 者的證書賦予存取過濾器4〇3(3)。當漫遊者503發送一項屬 於對話的訊息時’它會將訊息定址到伺服器4〇7,並使用 它和存取過濾器403(3)共享之一傳送密鑰,對該訊息加以 加密。於是,經由隧道505而將訊息鑿隧道傳送到存取過 滤器403(3)。在那裏’存取過濾器4〇3(3)會對該對話加以 解密’執行存取核對,進而使用針對存取過濾器4〇3(5)之 一傳送密鑰而對該對話重新加密。在路徑中的諸多隨後存 取過濾器403容許對話通過,此乃因爲··該對話是由存取 過濾器403(3)加以鑑定;於是,至少提供隧道507到存取過 濾器403(5) »若目標伺服器407配備有SKIP,則存取過濾 器403(5)會將隧道延伸到目標伺服器4〇7,如上所述。 基於資料靈敏度的可適性加密和鑑定:圖6和7 經濟部智慧財產局員工消費合作社印製 在VPN中’在存取控制方面的一項重要工作是:決定對 逢所需安全性的最小量。這挺重要的,第一是因爲:至少 必須保證該最小量;第二則是因爲:比需要還多的安全性 會浪費資源。將用來決定最小而在存取過濾器2〇3中所使 用的諸多技術集體稱爲安全加密網路遞送(Secure -43- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 464812 A7 B7 五、發明說明(41 )The effect of this technique is to build a tunnel on the path between the client and the server, the tunnel extending from the access filter 203 on the path closest to the client to the storage on the path closest to the server Take the filter 203. If the client can encrypt and decrypt, the tunnel can extend from the access filter closest to the client to the client; and if the server can encrypt and decrypt, the tunnel can similarly access from the access filter closest to the server Extend to the server. Once the first access filter 203 in the path has been reached and the conversation has been authenticated, no further encryption or decryption is required until the access filter 203 closest to the feeder has been reached. Moreover, the access control database 301 in each access filter 203 will contain all the necessary identification and certification for: the client's server, and the many access filters 203 in the routing (certificati 〇n) Information. One of the advantages of the end-to-end funding technology just described is that instead of focusing on connecting to a VPN -42- This paper size applies Chinese National Standard (CNS) A4 specifications ⑽χ 297 public love) 464812 A7 _- _ B7 5 (4) Many access filters to the Internet, it is better to distribute the encryption burden throughout the network to enhance scalability. Figure 5 shows how this technology works with the conversation 50o, which is initiated with the user, that is, the client 503 connects to the vpN via the Internet 121. The rover 503 is equipped with SKIP, just like the target server 407 on an intranet. When SKIP is configured in the roamer, the certificate for the access filter 403 (3) is given to the roamer, and the certificate for the roamer is given to the access filter 403 (3). When the roamer 503 sends a message belonging to a conversation ', it will address the message to the server 407 and use it to share one of the transmission keys with the access filter 403 (3) to encrypt the message. Then, the message is tunneled to the access filter 403 (3) via the tunnel 505. There, the access filter 403 (3) decrypts the dialog, performs an access check, and then re-encrypts the dialog using a transmission key for the access filter 403 (5). Many subsequent access filters 403 in the path allow the conversation to pass because the conversation is authenticated by the access filter 403 (3); therefore, at least a tunnel 507 is provided to the access filter 403 (5) »If the target server 407 is equipped with SKIP, the access filter 403 (5) will extend the tunnel to the target server 407, as described above. Appropriate encryption and authentication based on data sensitivity: Figures 6 and 7 Employee Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs printed in the VPN. An important task in access control is to determine the minimum amount of security required . This is important, first because: at least the minimum amount must be guaranteed; second because: more security than needed wastes resources. Many technologies used in determining the minimum and used in the access filter 203 are collectively referred to as Secure Encrypted Network Delivery (Secure -43- This paper standard applies to the Chinese National Standard (CNS) A4 specification (210 X 297 public) (Centi) 464812 A7 B7 V. Description of the invention (41)

Encrypted Net醫kDelivery ’簡稱咖〇)。在咖时,存取 控制資料庫3〇1包含針對每個資訊資源㈣料靈敏度等 級。資料靈敏度等級會指示盥杳4咨 相不與貝訊貪源有關聯的保密等級 (the Ieve丨of secrecy),並由對資源負有責任的安全管理員 加以指定给資訊資源&quot;諸多等級之一模範集合是:最高機 密(Top Secret),機密(Secret),專用(pdvate),以及公用 (Public) 〇 經濟部智慧財產局員工消費合作社印數 用來指示資料靈敏度的等級也都被用來指示針對存取請 求所需的信賴等級。如前面所描述的,唯若從下列信賴等 級中所決定的信賴等級至少與該資訊之資料靈敏度等級一 樣大,才會允許存取操作;該信賴等級有:用來識別使用 者之技術的信賴等級’存取請求經由VPN 2〇丨之路徑的信 賴等級’或用來對在路徑上所發送的訊息加以加密之任何 加密技術的信賴等級。針對:使用者識別方法,路徑,以 及加密演算的信賴等級都被包含在存取控制資料庫 中。關於路徑的信賴等級,將VPN分成一些網路組件,每 個網路組件都是諸多I P網路之—連接集合,由存取過遽器 203將它和其它組件加以分離。每個網路组件都有—個名 稱和一種信賴等級。譬如説,一網際網路组件將會有,,公 用”信賴等級’而一内部網路組件則可能有”專用&quot;信賴等 級。一既定組件的信賴等級可能是基於它的實體安全性, 或者是基於組件中之加密硬體的使用。因爲將每個存取過 濾器203增加到VPN,所以將一種它與VPN之諸組件連接的 描述增加到資料庫301。包括在這種描述中的都是:諸多 -44- 本紙張尺度遶用中國國家標準(CNS)A4規格(210x 297公釐) G 經濟部智慧財產局員工消費合作社印製 d 1 2 A7 ------------- 五、發明說明(42 ) 網路的信賴等級。因此,任何存取過濾器2〇3都能夠使用 它的資料庫301之拷貝來決定路徑之每個组件的信賴等 級;而在一客户機與一伺服器之間,將會藉由該路徑來載 送一項對話。 使用者的k賴等級是從存取請求識別使用者所依照的方 式中所決定的。在存取控制資料庫3〇1中,每個使用者群 組都有一種或更多與它有關聯的識別技術,而每種識別技 術則都有一種最小信賴等級。諸多基本技術爲: •經由SKIP的證書。使用者藉由在其X.509號證書中的 名稱來加以識別,該證書則和SKIP通信協定一起使 用,以便鑑定和加密通信量。 •經由使用者識別客户軟體的證書。使用者藉由在其 X,509號證書中的名稱來加以識別,該證書則經由一種 稱爲使用者識別客户软體的特殊Conclave(秘密會議)客 户軟體模组而傳送到一些附屬存取過滤器2〇3。使用 一種口令 / 回應機制(challenge/response mechanism),很 安全地完成這項傳送。 • 經·由使用者識別客户软體的Windows Domain ID(視窗 網域識別符)。對Microsoft Windows Domain(微軟視窗 網域)註册(log in)且已經安裝使用者識別客户軟體的 使用者自動地具有其Windows身份,包括群組成員資 格,並且傳送到一些附屬存取過濾器203。在NetBIOS (網路基本輸入/輸出系統)通信協定的機制内,很安全 地完成網路登錄(1 ogon)。 -45- 本紙張尺度適用中囤國家標準(CNS)A4規格(210 X 297公釐) η j.- U η if f 9 --iL :ί Λ ίί- η ;i. :ί 464812 Α7 Β7 五、發明說明(43 ) • 鑑定令牌。可能以下列兩種方式來利用鑑定令牌(諸 如:由安全性動力公司(Security Dynamics Inc.)和亞贊 特公司(Axent Corp.)所製造的那些令牌):經由使用者 識別客户軟體,以在頻帶外的方式;或者,在 Telnet(遠距通信網路)和FTP(檔案傳送協定)通信協定 内,以在頻帶内的方式。 • IP位址及/或網域名稱。使用者之電腦的I P位址或全 限定(fully qualified)網域名稱。 經濟部智慧財產局員工消費合作社印製 在SEND之一較佳建構例中,諸多識別技術都有一種從最 高安全到最低安全的預定次序。應該將剛才列示的諸多技 術加以排列次序,就像它們在上述列表中的那樣:最高安 全的技術都是在列表的上端。雖然識別技術的排列次序 (ordering)是有些主觀,但是卻反映了 :識別技術的通用安 全性’以及應用到使用者身份之分佈和確認的嚴密性 (rigor)。在VPN 201中的管理員隨後會使有序(ordered)信賴 等級與有序識別技術有關係。譬如説,若管理員使&quot;專用” 信賴等級與藉由鑑定令牌的識別技術有關係;則想要存取 具有&quot;專用&quot;靈敏度等級之一資源的使用者必須親自識別, 其方法是藉由:一種鑑定令牌,或者高於識別技術之順序 中的鑑定技術的另一種識別技術β存取過滤器的管理員同 樣地會:將在VPN中可供利用的諸多密碼演算法,從最高 安全到最低安全加以排列次序;使有序信賴等級與有序密 碼演算法有關係:將在VPN 201中所使用的諸多網路路徑 加以排列次序;以及使有序信賴等級與有序網路路徑有關 -46- 本紙張尺度遶用中國國家標準(CNS)A4規格(210 X 297公釐) ^ B d8 1 2 A7Encrypted Net Medicine kDelivery ’is abbreviated to coffee. At the time of access, the access control database 301 contains a sensitivity level for each information resource. The data sensitivity level will indicate the security level (the Ieve 丨 of secrecy) that is not associated with the source of Corinth, and will be assigned to the information resource by the security administrator responsible for the resource &quot; An exemplary collection is: Top Secret, Secret, pdvate, and Public 〇 The level of data used to indicate the sensitivity of data by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs is also used to indicate Indicates the level of trust required for an access request. As described above, access operations are allowed only if the trust level determined from the following trust levels is at least as large as the data sensitivity level of the information; the trust levels are: the trust of the technology used to identify the user Level 'Trust level of access request path through VPN 2 0' or the level of trust of any encryption technology used to encrypt messages sent over the path. Target: User identification methods, paths, and trust levels of encryption algorithms are included in the access control database. Regarding the trust level of the path, the VPN is divided into some network components, and each network component is a collection of IP networks-connection set, which is separated from other components by the access controller 203. Every network component has a name and a level of trust. For example, an Internet component will have a public "trust level" and an internal network component may have a "dedicated" trust level. The trust level of a given component may be based on its physical security or the use of cryptographic hardware in the component. Since each access filter 203 is added to the VPN, a description of its connection to the components of the VPN is added to the database 301. Included in this description are: Many -44- This paper size uses the Chinese National Standard (CNS) A4 specification (210x 297 mm) G Printed by the Intellectual Property Bureau Staff Consumer Cooperatives of the Ministry of Economy d 1 2 A7- ----------- V. Invention Description (42) Network trust level. Therefore, any access filter 203 can use a copy of its database 301 to determine the trust level of each component of the path; between a client and a server, the path will be used to determine Convey a conversation. The user's priority level is determined from the way in which the access request identifies the user. In the access control database 301, each user group has one or more identification technologies associated with it, and each identification technology has a minimum level of trust. Many basic technologies are: • Certificates via SKIP. Users are identified by their names in their X.509 certificate, which is used with the SKIP protocol to authenticate and encrypt traffic. • Certificates that identify customer software by the user. The user is identified by his name in his X, 509 certificate, which is passed to a number of affiliate access filters via a special Conclave client software module called user identification client software 203. This transmission is done securely using a challenge / response mechanism. • Windows Domain ID of the customer software identified by the user. Users who log in to Microsoft Windows Domain and have installed user identification client software automatically have their Windows identity, including group memberships, and pass to some auxiliary access filters 203. Within the mechanism of the NetBIOS (Network Basic Input / Output System) protocol, network registration (1 ogon) is done securely. -45- This paper size is applicable to the national standard (CNS) A4 specification (210 X 297 mm) η j.- U η if f 9 --iL: ί Λ ί- η; i .: ί 464812 Α7 Β7 5 Description of the Invention (43) • Authentication token. Authentication tokens (such as those manufactured by Security Dynamics Inc. and Axent Corp.) may be used in two ways: by identifying the customer software by the user, In an out-of-band manner; or, in a Telnet (long-range communication network) and FTP (File Transfer Protocol) communication protocol, in-band. • IP address and / or domain name. The IP address or fully qualified domain name of the user's computer. Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs In one of the preferred construction examples of SEND, many identification technologies have a predetermined order from highest security to lowest security. Many of the technologies just listed should be ordered, just as they are in the list above: the most secure technologies are at the top of the list. Although the ordering of identification technology is somewhat subjective, it reflects: the general security of identification technology 'and the rigor of the distribution and confirmation of user identities. The administrator in VPN 201 then associates the ordered trust level with the ordered identification technology. For example, if the administrator associates the "private" trust level with the identification technology using an authentication token; users who want to access a resource with one of the "private" sensitivity levels must identify themselves, By: an authentication token, or another identification technology in a sequence higher than the identification technology, the administrator of the beta access filter will likewise: the many cryptographic algorithms that will be available in the VPN, Sort the order from highest security to lowest security; make the order trust level related to the order password algorithm: order the many network paths used in VPN 201; and make the order trust level and order network About the path -46- This paper size is around China National Standard (CNS) A4 (210 X 297 mm) ^ B d8 1 2 A7

五、發明說明(44 ) 係。在彳s賴等級與關於安全性的排列次序之間的這些關係 都包括在存取控制資料庫3〇1中,然後,構築—種信賴及 靈敏度等級與識別及加密技術有關係的SEND表。囷6是: 這樣一種SEND表之一概念性表示法。 經濟部智慧財產局員工消費合作社印?衣 SEND表601有三櫚:一襴是表示信賴/靈敏度等級的 603,一攔是表示最小加密方法的6〇5,以及一欄是表示最 小識別方法的607。就關於攔605之諸加密方法的細節而 T,請參看由布魯斯_ .史尼爾(Bruce Schneier)所著:,_應用 密碼術&quot;一書,該書由約翰·威利及後裔(J〇hn Wiley &amp; Sons)圖書公司印行,美國紐約,:1994年版。表中的每一列 609使信賴/靈敏度等級與連接著存取過濾器,客户機,及 伺服器之路徑的最小加密等級和使用者之最小識別等級有 關聯。於是’列609(1)使”最高機密_'信賴/靈敏度等級與 3DES加密演算法和經由SKIP而獲得的使用者證書有關係。 希望獲得存取具有靈敏度等級爲”最高機密”之一資源的使 用者,因此必須具有一種由SKIP所認證的識別等級;且若 路徑並不具有&quot;最高機密&quot;信賴等級,則必須利用3DES加密 演算法對該對話加以加密。在另一方面,如列6〇9(4)所 示’希望獲得存取具有靈敏度等級爲,,公用&quot;之一資源的使 用者可能藉由任何方法加以識別,因而不必要對該對話加 以加密。 當初啓一項新對話時,在針對該對話所使用之路徑中的 第一存取過濾器203會繼續進行如下: 1 .存取過濾器203會決定正在被存取的資訊資源;並且, -47- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 46481k A7 B7 五、發明說明(45 在資料庫301中查出(i〇〇ks up)它的靈敏度等級。 根據SEND表601,針對該靈敏度等級的最小鑑定方法會載 明:哪些識別機制可能被存取過濾器所使用,以便識 別和鑑定執行存取操作的使用者。 第一存取過濾器203然後會查閱(consuits)資料庫3〇1,以便 根據使用者所屬的使用者群組和資源所屬之資訊集來 決定:使用者是否可存取資源。 第一步驟是根據存取控制資料庫來決定:用來識別使 用者的諸多識別方法中,哪些方法具有對該資源之 靈敏度等級而言是夠高的信賴等級。 然後,第一存取過濾器203根據具有夠高的信賴等級的 每一種識別方法,使用使用者之識別資訊來査閲資 料庫3(H,以便決定:使用者所屬的使用者群组。 第一存取過濾器203也會查閲資料庫301,以便決定: 資源屬於哪些資訊集。 已決定了有關的使用者群组和資訊集,第一存取過濾 器203就會查閱資料庫301,以便指出一些存取決策 的位置’該決策決定:是否打算容許或拒絕存取對 話資訊。若發覺到至少一個容許存取操作的決策以 及發覺到沒有一個拒絕存取操作的決策,則容許使 用者存取操作;在其它情況,則是拒絕存取操作。 將步驟b,c及d的細節加以描述於下。 4 ·若不拒絕存取操作,則第一存取過濾器203隨後會 查閲資料庫3 0 1 ’以便決定組成路由的一些網路组 •48 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐)V. Description of the Invention (44) Department. These relationships between the level of security and the order of security are included in the access control database 301, and then a SEND table is constructed that has a relationship between the level of trust and sensitivity and the identification and encryption technology.囷 6 is: A conceptual representation of such a SEND table. Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs? The SEND table 601 has three branches: one is 603 indicating the trust / sensitivity level, one is 605 indicating the minimum encryption method, and one column is 607 indicating the minimum identification method. For more details on the encryption methods of Block 605, please refer to the book by Bruce Schneier: "Applied Cryptography", a book by John Wiley and his descendants (J 〇hn Wiley &amp; Sons), New York, USA: 1994 edition. Each column 609 in the table relates the trust / sensitivity level to the minimum encryption level of the path connected to the access filter, client, and server and the minimum identification level of the user. So 'Column 609 (1) makes the "Top Secret_' trust / sensitivity level related to the 3DES encryption algorithm and the user certificate obtained through SKIP. I want to obtain access to a resource with a sensitivity level of" Top Secret " The user must therefore have a recognition level certified by SKIP; and if the path does not have a "top secret" trust level, the conversation must be encrypted using a 3DES encryption algorithm. On the other hand, as listed The user who wants to gain access to a resource with a sensitivity level of 6〇9 (4) is, and a user of a public resource may be identified by any method, so it is not necessary to encrypt the conversation. When starting a new conversation At this time, the first access filter 203 in the path used for the dialog will continue as follows: 1. The access filter 203 determines the information resource being accessed; and, -47- This paper standard applies China National Standard (CNS) A4 specification (210 X 297 mm) 46481k A7 B7 V. Description of the invention (45 It is found in database 301 (i〇〇ks up) its sensitivity level. Root SEND table 601. The minimum authentication method for this sensitivity level will specify which identification mechanisms may be used by the access filter to identify and authenticate the user performing the access operation. The first access filter 203 then consults (Consuits) database 301, in order to determine whether the user can access the resource according to the user group to which the user belongs and the information set to which the resource belongs. The first step is to determine according to the access control database: Among the many identification methods to identify the user, which method has a trust level that is sufficiently high for the sensitivity level of the resource. Then, the first access filter 203 is based on each identification method with a sufficiently high trust level, The user's identification information is used to consult the database 3 (H to determine: the user group to which the user belongs. The first access filter 203 also consults the database 301 to determine: which information set the resource belongs to. Having determined the relevant user groups and information sets, the first access filter 203 consults the database 301 to indicate the location of some access decisions The decision determines whether the conversation information is intended to be allowed or denied. If at least one decision to allow the access operation is found and no decision to deny the access operation is found, the user is allowed to access the operation; otherwise, then Is the access denied operation. The details of steps b, c and d are described below. 4 · If the access operation is not denied, the first access filter 203 will then consult the database 3 0 1 'to determine the composition Some network groups for routing • 48 This paper size is applicable to China National Standard (CNS) A4 (210 X 297 mm)

ίί· 5 ί 之 i- -i ; ί裝 本 1 I I I 訂 經濟部智慧財產局員工消費合作社印製 A7 B7 五、發明說明(46 ) 件’該路由是:經由VPN,從客户機到包含資訊資 源的伺服器。 ’ 將路由加以考慮成爲具有高達三個的邏輯分段 (logical segments): 分段(a),從客户機到第一存取過濾器2〇3。此分段 可能已經加密或可能未曾加密’端视客户機是否使 用SKIP而定。 2 . 分段(b) ’從第一存取過濾器203到最接近伺服器而 在路徑中的存取過濾器2〇3 以及 3.分段(〇’從最接近伺服器的存取過濾器2〇3到伺服 器;此分段也可能已加密或可能未加密。 若分段⑷和分段⑷存在,則每個分段將由單—網路组 件组成。若客户機在第-存取過濾器上,貝段⑷將 不存在;若伺服器在最接近伺服器的存取過濾器上, 則分段(c)將不存在。若分段㈨存在,貝q它將由—個或 更多網路組件组成。若在客户機與伺服器之間只有— 個存取過濾器,則分段(b)將不存在。 就每個分段而言: 就分段(a)而言,必須由客户機執行任何加密方 經濟部智慧財產局員工消費合作社印製 法。若分段⑷的信賴等級至少不是與資源之 純产^樣強有力;或者,若由客户機所執行的加 信賴等級至少不是與資源之資料靈敏度— 樣強有力;則拒絕存取操作。 5 .就分段(b)而言,若在路徑中之杯 义任何網路組件的最 -49- 1;五、韻'明說明(47 6. A7 B7 經濟部智慧財產局員Η消費合作社印製 弱信賴等,級大於或等於資源之資料靈敏度,則發送 通信量而不必加密。4對應於網路本來就夠安全用 來傳送資料的情形。在上表之實例中,可能在任何 網路上傳送具有’’公用”資料靈敏度等級的資訊資 源,如列609(4)所示。然而,諸多存取過濾器2〇3 將會使用SKIP來鏗定對話,因而容許諸多隨後存 取過濾器通過對話而不會招致:解密,存取核對, 以及重新加饴的較大開銷(〇verhea(js)。若針對路徑 的最弱信賴等級小於資源之資料靈敏度,則爲針對 靈敏度等級所需之最小加密演算法而查閲SENI) 表’進而使用該演算法’對該對話加以加密。加密 使通k鏈路(link)的安全性升級(upgrades),使它適 合於載送該既定靈敏度之資料,因而允許由使用者 存取資源。 就分段(c)而言’從最接近伺服器的存取過濾器2〇3 到伺服器的路徑部分,第一存取過濾器2〇3根據資 料庫301中的資訊而決定:分段(c)以及在分段((;)中 所使用之任何加密方法的信賴等級。若路徑的這個 分段之信賴等級小於資訊資源之靈敏度等級,並且 在那種情形下,若在分段(c)中所使用的加密方法 之信賴等級至少不是與所需等級一樣強有力,該所 需等級就像在考慮資訊資源之靈敏度等級的SEND 表中的最小等級那樣;則第一存取過濾器203將會 拒絕存取操作。 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 裝 I 訂 d6 d8 ^ 2 A7 B7 五、發明說明(48) 上述決定靈敏度和信賴等級的方法保證:尸、冑當需要達 到必要的信賴等級時’存取過濾器203才會使用加密方 法β在使資料庫301中之網路配置的描述保持既簡單又可 管理的時候’此方法會減少將被加密之對話的數目。結果 疋.關於VPN中的管理和效能方φ,會有較好的規模可伸 縮性。 經濟部智慧財產局員工消費合作杜印製 圖7提供:資訊資源的靈敏度等級,使用者識別方法的 信賴等級’以及和客户機與伺服器之間的路徑有關聯的信 賴等級是怎樣影響由使用者存取資訊資源之一實例。在圖 7中,在客户端7〇3處一配備有SKIP的使用者初啓一項對話 701,以便獲得儲存在配備有SKIP的伺服器7〇5處之一資訊 資源723。上述討論的分段⑷出現在圖7中的7〇7處;分段 (b)出現在709(1,...,4)處:分段(c)出現在7丨1處。資訊資源 723具有”機密&quot;之靈敏度等級。該對話遭遇的第一存取過 濾器203是存取過濾器203 (1)。存取過濾器203 (1)使用它的 存取控制資料庫之拷貝決定資源723的靈敏度等級。此 處,使用者已經使用SKIP證書,而檢視資料庫301中之 SEND表601則對存取過濾器203 (1)顯示:因爲這種使用者 識別方法滿足具有&quot;機密&quot;靈敏度等級之資訊資源的要求, 所以在707處的分段(a)具有所需信賴等級。因此,第一存 取過濾器繼續決定:在VPN中,在存取過濾器203 (1)與伺 服器705之間位在709( 1,...,4)處之分段(b)和位在711處之分 段(c)的信賴等級。分段709具有一些子分段· 709(1) ’ 709(2),709(3),709(4),以及 709(5);而第一存取過濾器 -51 - 本紙張尺度適用中國國家標準(CNS)A4規格(210 x 297公釐) A648 1 2 A7 B7 五、發明說明(49) 203 (1)會核對在資料庫301中的這些分子分段中的每個子分 段之信賴等級。分段709(2)是網際網路121,所以它的信賴 等級是:”公用&quot;,它在分段709中是最小等級。然後,存 取過濾器203 (1)使用存取控制資料庫301來核對分段71 it 信賴等級。它的信賴等級是:&quot;機密&quot;。於是,在7〇9處之 分段(b)只是具有一種對正在存取一&quot;機密&quot;資訊資源703之 一對話的路徑而言是太低的信賴等級而已。要處理這個問 題’存取過滤器203 (1)必須對該話加密,以便將它提升到 必要的信賴等級。第一存取過濾器203 (1)會查閲SEND表 601,以便決定需要何種加密方法;而列609(2)則指示: DES加密方法是足夠的。於是,第一存取過濾器203 (1)會 使用該演算法來對該對話加密,進而將它發送到存取過濾 器 203 (5)。 埋濟部智慧財產局員工消費合作社印製ίί · 5 ί of i- -i; 装 Packed 1 III book printed by the Consumer Property Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs printed A7 B7 V. Description of the invention (46) Piece 'The route is: from the client to the containing information via VPN The server of the resource. ’Consider routing into logical segments with up to three: segment (a), from client to first access filter 203. This segment may or may not have been encrypted 'depending on whether the client is using SKIP. 2. Segment (b) 'Access filter 203 from the first access filter 203 to the closest server and in the path and 3. Segment (〇' access filtering from the closest server Server 203 to the server; this segment may or may not be encrypted. If segment ⑷ and segment ⑷ exist, each segment will consist of a single-network component. If the client If the server is on the access filter closest to the server, then segment (c) will not exist. If the segment is present, it will consist of one or More network components. If there is only one access filter between the client and server, then segment (b) will not exist. For each segment: As far as segment (a) is concerned , The client must enforce any cryptographic party ’s consumer co-operative printing method of the Intellectual Property Bureau of the Ministry of Economic Affairs. If the trust level of the segment is at least not as strong as the pure production of resources, or if the trust performed by the client is The level is at least not as powerful as the resource's data sensitivity; access is denied. 5. As for paragraph (b), if the cup in the path means the most -49- 1 of any network component; five, rhyme 'Ming statement (47 6. A7 B7 members of the Intellectual Property Bureau of the Ministry of Economic Affairs, consumer cooperatives print weak trust, etc. If the level is greater than or equal to the data sensitivity of the resource, then the traffic is sent without encryption. 4 Corresponds to the situation where the network is inherently secure for transmitting data. In the example in the table above, it may be transmitted on any network with " Information resources with "public" data sensitivity level, as shown in column 609 (4). However, many access filters 203 will use SKIP to define the conversation, thus allowing many subsequent access filters to pass the conversation without Incurred: larger overhead of decryption, access check, and re-addition (0verhea (js). If the weakest trust level for the path is less than the data sensitivity of the resource, it is the minimum encryption algorithm required for the sensitivity level Consult the SENI) table 'and then use the algorithm' to encrypt the conversation. Encryption upgrades the security of the k-links, making it suitable for carrying data of that given sensitivity, and therefore Allows users to access resources. As far as segment (c) is concerned, the path from the access filter closest to the server to the server, the first access filter is based on the database 301 The information in the segment (c) and the trust level of any encryption method used in the segment ((;). If the trust level of this segment of the path is less than the sensitivity level of the information resource, and In the case, if the trust level of the encryption method used in segment (c) is at least not as strong as the required level, the required level is like the minimum level in the SEND table considering the sensitivity level of the information resources ; Then the first access filter 203 will deny the access operation. This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) binding I order d6 d8 ^ 2 A7 B7 V. Description of the invention (48 ) The above method of determining sensitivity and trust level guarantees that the corpse and 胄 will only use the encryption method 203 when they need to reach the necessary trust level. Β keeps the description of the network configuration in the database 301 both simple and simple. Can When managing ’this method will reduce the number of conversations that will be encrypted. Results 关于. Regarding the management and efficiency aspects φ in VPN, there will be better scalability. The consumer cooperation of the Intellectual Property Bureau of the Ministry of Economic Affairs, Du printed Figure 7 provides: the sensitivity level of information resources, the trust level of the user identification method, and how the trust level associated with the path between the client and the server affects the use of An instance of access to information resources. In FIG. 7, a user equipped with SKIP at client 703 initiates a conversation 701 in order to obtain an information resource 723 stored at server 705 equipped with SKIP. The segment ⑷ discussed above appears at 707 in Figure 7; segment (b) appears at 709 (1, ..., 4): segment (c) appears at 7 丨 1. The information resource 723 has a sensitivity level of "confidential". The first access filter 203 encountered in this conversation is the access filter 203 (1). The access filter 203 (1) uses its access control database The copy determines the sensitivity level of the resource 723. Here, the user has used the SKIP certificate, and the SEND table 601 in the viewing database 301 shows to the access filter 203 (1): Because this user identification method meets the & quot Confidential &quot; the level of information required by the sensitivity level, so segment (a) at 707 has the required level of trust. Therefore, the first access filter continues to determine: In VPN, access filter 203 ( 1) Trust level between segment (b) at 709 (1, ..., 4) and server (705) and segment (c) at 711. Segment 709 has some sub-segments · 709 (1) '709 (2), 709 (3), 709 (4), and 709 (5); and the first access filter -51-this paper size applies the Chinese National Standard (CNS) A4 specification ( 210 x 297 mm) A648 1 2 A7 B7 V. Description of the invention (49) 203 (1) Each of these molecular segments in the database 301 will be checked The sub-segment's trust level. Segment 709 (2) is the Internet 121, so its trust level is: "Public", which is the lowest level in segment 709. Then, the access filter 203 (1) uses the access control database 301 to check the segment 71 it trust level. Its trust level is: &quot; Confidential &quot;. Thus, subparagraph (b) at 709 only has a level of trust that is too low for a path that is accessing a &quot; confidential &quot; information resource 703 conversation. To deal with this problem, the access filter 203 (1) must encrypt the sentence in order to raise it to the necessary level of trust. The first access filter 203 (1) consults the SEND table 601 in order to decide what encryption method is needed; and column 609 (2) indicates that: the DES encryption method is sufficient. The first access filter 203 (1) then uses the algorithm to encrypt the conversation and sends it to the access filter 203 (5). Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs

在圖7中,連接著客户機7〇3到存取過濾器203(1)的分段 707具有一種對資源之靈敏度等級而言是夠高的信賴等 級’於是客户機703不必對其請求加以加密。當不是這種 情況時,唯若客户機703已經使用一種其信賴等級資源之 靈敏度等級而言是足夠的加密方法來對請求加密,存取過 濾器203 (1)才會賦予客户機703存取操作。爲此緣故,在圖 5中的漫遊者503必須是配備有SKIP的。由於漫遊者503經 由網際網路m來存取:存取過濾器403(3)的資訊;故而漫 遊者503的諸多請求可能從未具有高於&quot;公用,'的信賴等級, 除非將它們加以加密;並且,爲了完全存取在VPN 201中的 資源,漫遊者503就必須使用—種加密方法,諸如:由SKIP -52- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公爱) 4 6 4 8 1 2 A7 _____-____ B7 五__ 經濟部智慧財產局具工消費合作社印製 發明說明(5〇 ) 所提供的-種^法’其信賴等級對最高靈敏 足夠的。在存取過遽器203的一些實施例 取,岛;: 可能以一種與它在較佳實施例中使用來 匕4益 式類似的方式’和客户機協商打算使二:者識別挺 術。 j W异仗用在咕束中的加密技 針對存取控制資料庫301之管理員界面的總覽:圖8到12 存取決策依據使用者群組和資訊集來定義存取操作;因 此’在可能定義存取決策之前’管則必料義使用者群 组和資訊集;將怎樣完成此事顯示於圖8中。 ^ Λ _ 1 疋義使用者 辟组涉及了步驟803到807 :首先定義使用者’然後定義使 用者群组,然後再將使用者指定給適當使用者群组。定義 資訊集涉及了步驟8〇9到813:首先定義資源,然後定義^ 訊集,然後再將資源指定到資訊集》當針對在—項決策中 所涉及的使用者群组和資訊集而已經完成此事時,就能夠 建乂存取決策,如在8 15處所示。如前面所指出的,雖然 制定針對諸多使用者群組和資訊集之存取決策的權利都由 決策制定者決策所決定的;可是用來定義和決定使用者群 組之成員資格和資訊集’以及用來爲它們而制定管理決策 的權利卻都是由管理決策所決定的。 就像從前述中能夠看出的那樣,使用者界面通常被用來 定義在兩個實體或關於它們的集合之間的關係。針對存取 控制資料庫301之圖形使用者界面(graphical user interface, 簡稱GUI)的通用形式對應於該工作。顯示圖包括兩個視 窗’每個視窗都包含打算使彼此有關係的一些實體之表示 -53- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) € 4 丨 2 A7 _ B7__ 五、發明說明(51 ) 法,而關係則藉由選擇實體和需要之所在來定義的,因而 定義關係。 ^ 定義使用者群組:圖9 圖9顯示:用來殖民(popuiating)和定義使用者群組的顯 示圖901。在顯示圈中的視窗903包含目前定義的使用者群 组之一分層顯示圖;視窗903與那些用來顯示由微軟公司 (Microsoft Corporation)所製造的 Windows 95 商標之作業系 統中的檔案層次之視窗相似。在視窗903中,使用著顯示 圖901之管理使用者具有管理權所針對的諸多使用者群組 都呈現黑色;而其它使用者群組則都呈現灰色。在兩個視 經濟部智慧財產局員工消費合作社印製 窗之上的是兩個按知帶(button bars) : 911和915。按紐帶911 列示:用來修改存取控制資料庫3〇1的一些可利用顯示 圖,而按鈕帶9 15則列示:可能在那些顯示圖上執行的一 些操作。於是,在按鈕帶9 11中標示&quot;使用者群組&quot;的按鈕 被凸顯出,因而指示:顯示圖9〇1是用來殖民和定義使用 者群组的一個顯示圖。關於按鈕帶9丨5,當視窗9〇3是現用 狀態時,有權管理一使用者群組之—管理使用者可能會修 改使用者群组,其方法是:在視窗9〇3中選擇使用者群 且’並使用在按纽帶91 5中的&quot;删除&quot;(delete)按la來删除使 使用者群組;或者’使用”新增&quot;(new)按鈕來增加並命名 位在層次中的被選擇使用者群組之下的一個新使用者群 組p當管理使用者點按(clicks):&quot;應用_,(apply)按鈕921時, 存取過濾器203就會修改它的存取控制資料庫3〇丨之拷貝, 以便證實何種東西在顯示圖9〇 1上;並且將修改資訊傳播 -54- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) A7 B7 五、發明說明(52) 到:在VPN中的所有存取控制資料庫3〇i之拷貝。 視窗909顯示使用者。藉由識別在集合中之使用者所依照 的方式,將使用者之一集合指示於顯示圖中。在此情形 下,使用者都疋|皆由I P位址來識別,而他們則都會以I p位 址之範圍出現在顯示圖中。按鈕帶9丨3指示:能夠顯示在 视窗909中之其它種類的識別方法。就像利用視窗9〇3那 樣’當視面疋現用狀態時’能夠使用&quot;新增”和&quot;刪除&quot;兩個 按鈕來增加和刪除使用者。要將由使用者識別資訊所載明 的(諸多)使用者指定給一使用者群組,GUI之使用就會選 擇:一使用者群组’如在917處所顯示的,以及識別資訊 之一集合,如在919處所顯示的;然後再使用在按鈕帶913 中的增加到使用者群組”(a(jd to group)按纽,將識別資訊 之集合增加到使用者群組,就像由以下事實所顯示的那 樣.在919處之被選擇ip位址之範圍現在會出現在位於μ? 處之被選擇使用者群組之下的層次中。本操作之效應是: 使諸多使用者成爲&quot;研發&quot;使用者群組的成員,該使 用者的對話都具有列示在917處的來源I P位址;並且,當 使用者點按:11應用”按紐時,於是所有存取控制資料庫 301之拷貝都被修改。 經濟部智慧財產局員工消費合作社印製 圖1 〇顯示:用來定義資訊集的顯示圖10〇1,此處,視窗 1003包含一種資訊集的分層列表,而視窗丨〇〇5則包含一種 可用資源的分層列表6用與使用者群組之列表相同的方法 來制定:資訊集的分層列表,以及可用使用者群組的分層 列表。再者,顯示圖100 1之使用者有管理權限加以管轄的 -55- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 46 48 12 A7 B7 五、發明說明(53) 資訊集和可用資源都呈現黑色;而在列表上的其它項目則 都呈現灰色。在視窗1〇〇1中,可用資源爲:網際網路和组 成VPN 201的兩個位置。在一種更加開發的VPN 201中,可 用資源的列表應該指示:在位置處的伺服器,在伺服器中 的服務,以及由服務所提供的資訊項。譬如説,若服務提 供一種目錄樹’則應該藉由一個路徑名稱(pathname)來指 示包含在目錄樹中的資訊項;該路徑名稱會載明目錄樹之 根部(root) ’並且會使用通配字元(wiidcard characters)來載 明在目綠樹之根部以上的一些檔案。當將一資源增加到— 伺服器時’可能經由視窗1005來定義資源。於是,已經定 義了資源,可能用與一使用者識別資訊被指定給一使用者 群組相同的方式來將一資源指定給一資訊集。再者,點 按:”應用”按鈕會使顯示圖1001中的改變傳播到所有存取 控制資料庫301之拷貝。 圖1 1顯示:用來定義決策的顯示圖11 〇1。將哪—類型的 決策正在被定義加以載明於按奴帶1113中;如在那裏所指 示的’顯示圖1101正在定義存取決策。所有的決策顯示圖 都具有相同的通用格式:一視窗11 〇3,它包含使用者群组 之一分層顯示圖;一視窗1105,它包含可能定義決策所針 對的物件層次之一顯示圖;以及一決策定義視窗丨1〇7,它 包含一些存取決策定義1108。在物件層次中,顯示圖 之使用者有權定義決策所針對的物件都呈現黑色;而其它 的則呈現灰色。在顯示圖1 1 〇 1中,正在被定義的是存取決 策,所以物件都是資訊集。 -56 - 本紙張尺度適用中國國家標準(CNS)A4規格(210 χ 297公釐) ------------&lt; .裝— &lt;清先閱璜背面之注意事項再填窵本頁) . _ά 經濟部智慧財產局員工消費合作社印製 Λ6 dB ^ A7 ---B7 五、發明說明(54) 每個存取決策定義都有四個部份: ——現用(active)圈選框1117 ’它指示由決策定義 的存取決策是否現用的,即:正在被用來控制存= 作 •存取決策正在被定義所針對的使用者群組n 19 ; •存取決策正在被定義所針對旳資訊集1123 ;以及 •存取操作櫚位Hu,它指示存取操作是否被容許或拒 絕,藉以定義存取決策。 選單帶(menu bar) 1109和按鈕帶丨丨15允許決策制定者決策 容許如此做的那些管理員加以編輯,增加,刪除,以及啓 經濟部智慧財產局員工消費合作社印製 動(activate)或撤除(deactivate)—種被選擇決策定義11〇8。 每個決策定義1108的現用圈選框m7允許管理員啓動或撤 除選擇決策定義1108 ;存取操作欄位1121允許管理員選擇 容許或拒絕作爲決策。在按鈕帶丨丨15中的&quot;删除”按鈕允許 管理員刪除一項被選擇決策;而&quot;新增&quot;按鈕.則允許管理員 制定一種新決策定義1108;要執行此事,管理員會選擇: 在視窗1103中之一使用者群組以及在視窗丨105中之一資訊 集;然後會按M新增•,按鈕。新的存取決策定義1108出現在 顯示圖II07中;並且,管理員能夠编輯新的存取決策定 義,如剛才所描述的。要將改變應用到存取控制資料庫 301,並將它傳播到所有的存取過濾器203 ;管理員會點按 在”應用按鈕1125上。 顯示圖1101也包含一種決策評估者工具程式(policy evaluator tool),它讓管理員看出:存取決策定義的目前集 -57- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公笼) 1 b 4 3 i A7 ___B7___ 五、發明說明(55 ) 合怎樣決定針對一既定使用者群組或資源集的存取操作。 當官理貝點按:按短帶1113中的&quot;決策評估&quot;(py evaluation)按鈕,並從顯示圖11〇3中選擇一使用者群組 時;該工具程式就會顯示:被選擇使用者群組呈現藍色. 決策定義允許使用者群組存取而在顯示圖丨1〇5中的所有資 訊集呈現綠色丨而其餘的則呈現紅色;與哪些資訊集可处 被使用者群組存取之決定有關的所有決策定義都被凸顯^ 相同的顏色集合中。若管理員選擇一資訊集,則發生相同 的事情’然後’坪估者工具程式會顯示:被選擇資訊集呈 現藍色’能夠存取資訊集的所有使用者群組呈現綠色,而 其餘的則呈現紅色,因而也會凸顯出一些有關的決策定 義。使用者也能夠選擇一項決策。在那種情形下,被選擇 決策呈現藍色,而受決策影響的使用者群組和資訊集則都 呈現藍色或紅色,就像由決策所決定的那樣。使用者能夠 另外選擇一個以上的:使用者群組,資訊集,或決策。在 那種情形下,評估者工具程式對每項決策顯示:應用到所 有的被選項,以及那些決策的效應。評估者工具程式能夠 藉由點按在按鈕帶1113中的&quot;決策評估&quot;按鈕來關斷(truned off),而顏色和凸顯功能(highlights)則能夠藉由點按在按鈕 帶1115中的”重新設定評估,,(reset evaluati〇n)按鈕來關斷, 以便針對一項新的決策評估而準備。 圖1 2顯示:顯示圖1201被使用來將關於一存取過濾器 203的資訊輸入到存取控制資料庫3〇1。視窗12〇3顯示:存 取過慮器203之一分層列表;當視窗是現用狀態時,可能 _ -58- 本紙張尺度適用中囷國家標準(CNS)A4規格(210 =&lt; 297公爱) A7 B7 五、發明說明(56 ) ------------^ -裝--- f清毛57凊贤6之^意事項再填寫本頁) 使用在按鈕帶1209中的”新增”和”刪除,,兩個按鈕麥增加或 删除存取過濾器。視窗1205被用來輸入或顯示關於存取過 遽器203的資訊。在視窗1207中的顯示圖是藉由點按在按 叙帶1207中之一按鈕來決定的;如按鈕所顯示的,能夠使 用在視窗1207中的顯示圖’以便:輸入並檢視關於諸多存 取過濾器203之網路連接的資訊,輸入並檢視關於那呰連 接之信賴等級的資訊,針對可用伺服器和服務而掃描網 路’針對存取過濾器203中所檢測的問題而建立警戒資訊 (alerts)’載明針對軟體的可選擇參數,以及載明存取控制 資料庫301改變的分配順序。”警戒資訊建立„ (alen setup) 的凸顯功说指示:顯示於圖1 2中的顯示圖1205是用來顯示 並建立警戒資訊的顯示圖。 經濟部智慧財產局員工消費合作社印製 用來發明資源的使用者界面:圖1 8和2 4 VPN 201的使用者都有一種用來察看在VpN 2〇1内何種資 源可供他們利用的界面。在此處稱爲ImraMap(映像内)界 面(IntraMap是翅―^公司(111如_巧脚“ Incorporated)之一商標)的界面,至少會對每位使用者顯 示:屬於使用者可能根據針對使用者所屬之使用者集合的 存取決策來存取之資訊集的資源。在其它一些實施例中, IntraMap也可能將資源的靈敏度等級以及使用者之識別方 法的信賴等級加以考慮。 藉由一種小爪哇程式(JavaTM applet)來建構IntraMap5 面,該牡式疋在任何配備有Java的全球資訊網(www)瀏覽 器上執行的。使用網路瀏覽器,使用者能夠掃描圖形顯示 -59“ 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) A7 B7 五、發明說明(57) 圖,以便:尋找並存取可供使用者利用的資源;或者,請 求存取因前不是可供使用者利用的資源。由使用者存取資 源是由應用到使用者和資源的諸多存取決策所決定。圖1 8 顯示:由IntraMap界面所產生顯示圖1801。IntraMap顯示圖 1801的左側顯示:資源列表1803 ;而顯示圖的右側則顯 示:尋找(Find)攔位1807,排序(Sort)區段1809,服務 (Services)區段 1811 ’ 以及描述(Description)攔位 1813。藉由 點按&quot;輔助&quot;(Help)按鈕18 15而使使用IntraMap的線上輔助程 式(on-line help可供利用)。 經濟部智慧財產局員工消費合作社印製 資源列表1803顯示:針對正在使用intraMap界面的使用 者而s ’在VPN 201中之可供利用的資源和資說。這種列 表是分層的。使用者能夠藉由點按在分支上的,,+ ”和_ &quot;標 έ己來擴展(expand)或縮減(collapse)&quot;樹&quot;的分支。在列表中 的每個登載項(entry)U04都會包括資源名稱。用來顯示登 載項之顏色則指示:使用者具有何種存取操作。若登载项 1804被顯示呈現藍色:則使用者具有一種針對資源的現用 超通信鍵路(hyperlink),並可能點按資源兩次,以便將它 顯示出來。若資源被顯示呈現黑色,則雖然它也可供使用 者利用’但卻沒有超通信鏈路可供利用,所以必須使用— 種分離應用程式來檢索資源。雖然被顯示呈現灰色的資源 都不是直接地可供使用者利用,但是如果使用者選擇—項 資源,IrmaMap界面就會開啓一對話盒(dial〇g b〇x):允許 使用者將請求存取操作的電子郵件(e_mail)發送給管理員, 該管理員對資源所屬之資訊集的存取決策負有責任。然 -60- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 么6 A匕1二 A7 _ B7 五、發明說明(58) 後,管理員必要時可能修改存取及/或管理決策,以便賦 予使用者存取操作。管理員可能進一步賦予資源/隱藏&quot;特 性(hidden property)。當資源具有該特性時,唯若使用者屬 於存取決策允許存取資源所屬之一資訊集之一使用者群 組’資源才會出現在IntraMap界面1801中。若資源不具有 隱藏特性’則它總會出現在lntraMap界面18〇1中。在其它 情泥’它不會出現。資源可能具有一項比包含在它的登載 項1804中的描述還要詳細的描述。當使用者選擇資源時, 該項描述就被顯示於描述欄位丨8丨3中。 除了資源列表1803之外,lntraMap顯示圖1801還會顯示 兩個專業化(specialized)資源列表在1805處。 •&quot;何者最新”(What’s New) 1806顯示:來自企業内之其 它邪門的最近資訊告示(postings)。若管理員已經賦予 使用者存取”何者最新,,之網頁,則使用者可能將—項 新資源之URL(共通資源指標)公告在那裏。 •&quot;何者最受歡迎&quot;(What's Hot) 1808基於資源多久才被存 取,顯示出企業之最受歡迎的資訊資源。 經濟部智慧財產局員工消費合作社印製 在1811處的服務類型控制表會讓使用者過濾一些按照提 供資源的服務類型而打算顯示在資源列表1803中的資源。 在服務類型控制表1 811中,每種服務類型都有一個圈選 框。若該框被圈選,則包括該服務類型且與此服務有關聯 的資源都會出現在資源列表中。在其它情況,與此服務有 關聯的資源都不會出現在資源列表中。 lntraMap界面讓使用者按照:資訊集,位置’或服務來 -61 - 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) A7 B7 五、潑'明說明(59 ) a 先 tj ί ύ 之 a. I t 4 排序資源列表1803。要執行這件事,使用者會選擇他想要 的方式來排序在排序欄位丨8〇9中的資源列表。使用者也可 能會載明資源種類(categ〇ries)被使用在排序欄位中的順 序。级界面還具有一種搜尋功能。要執行搜尋功能,使用 者會將一搜尋字串(search string)輸入”尋找&quot;欄位18〇7中。 然後依照載明於排序欄位18〇9中的順序,加以搜尋針對關 於字串之諸資源的資源列表和資源描述。搜尋功能只是找 尋全&quot;卩或部份的字組匹配(word matches)而已。情形不是挺 靈敏的,顯示出第一次匹,就可能使用一些功能鍵,以便 指引(navigate)到其它的匹配。當然,若使用者尚未核對在 服務類型欄位181丨中之一服務類型,則該服務類型的諸多 資源在排序或搜尋操作中都未涉及。 經濟部智慧財產局員工消費合作社印製 圖24顯不:IntraMaP界面之一建構例2401。對於VPN 201 的使用者,intraMap界面以網頁出現,該網頁是由正在圖2 之存取過濾器203 (c)上執行的報表管理程式2〇9所提供的諸 多資源中的一種資源。在VPN 2〇1中之一使用者;或者, 甚至於一般大眾(那就是:成爲網際網路使用者群組之一 成員的某人)都可能用與他可能被賦予存取任何其它資源 相同的方式,被賦予存取IntraMap界面◊就像從下列描述 中將會顯而易見的那樣,針對IntraMap的網頁可能是在 VPN 201中的任何伺服器上。建構例24〇1具有.·在工作站 (W〇rkStati〇n)2403中,由使用者所使用以便審視(1〇以叫 IntraMap的组件;在對工作站24〇3而言是局部的存取過濾 器203(1)中的組件;以及在存取過濾器2〇3 (c)中的組件, -62- 本紙張尺度適用中固國家標準(CNS)A4規格(210 X 297公釐) d 6 d 8 1 2 A7 B7 五、發明說明(6Q) 該存取過濾器是報表管理程式209會在其上執行的存取過 濾器。當然,存取過濾器203(c)也可能執行一種局部存取 過濾器那樣的功能。局部存取過濾器203 (I)是藉由VPN 201 而連接到報表存取過濾器203 (c),而工作站2403則是藉由 區域網路(LAN)2 13而連接到局部存取過濾器203 (1)。 經濟部智慧財產局員工消費合作社印製 就像稍後將要更加詳細説明的那樣,所有的存取過遽器 203都具有一種分層架構(layered architecture)。最底層級是 —種網際網路分包資説(IP)過遽器2419,它只是處理網際 網路分包資訊標題而已。分包資訊過;慮器2419讀取在網際 網路分包資訊標題中的來源和目標位址,並將一套規則應 用到分包資訊。就像由规則所決定的那樣,I P過渡器不是 接受它們’捨棄它們·•就是進一步在VPN 201中路由指引 著它們。該規則也會決定:在存取過濾器2〇3内,打算怎 樣路由指引諸多被接受分包資訊。架構中的下—層級是服 務代理伺服器(service proxies)2427。服務代表伺服器會截 取針對諸如全球資訊網(www)之服務的通信量,並執行關 於通信量的存取核對。若存取過濾器203提供服務本身或 執行針對提供服務之一伺服器的存取核對,則ϊρ過滤器 2419會將針對服務的分包資訊發送到針對服務之一服務代 理伺服器2427。服務代理伺服器使用存取控制資料庫3〇1 來執行針對服務的通信協定層級之存取核對。譬如説,針 對網路(Web)服務的服務代理伺服器可能檢查:正在提出 一項針對既定網頁的請求之使用者是否有權存取該網頁。 下一個更高層級是服務層級2425 ;若有關的服務代理伺服 -63- 本纸張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 五、發明說明(61) 器允許一項請求且存取過濾器也是針對該服務的伺服器, 則打算處理前往在服務層級2425處之服務的請求。在網頁 之情形中,該服務應該指出網頁的位置,並將它轉回給請 求者。在IntraMap中,涉及兩種服務:Web(網路)服務和 IntraMap服務。在圖2401中,Web服務以WebS 2423出現。 針對WebS 2423的代理伺服器是WebP 2421 ;爲了在下列描 述中將會變得顯而易見的諸多理由,IntraMap服務只有一 個代理伺服器:IntraMap 2417。此外,存取控制資料庫 301包括IntraMap資訊2422,它是一種在存取控制資料庫 301中之資訊的最佳化版本(0ptimi2ed version),可作 IntraMap顯示圖的基礎用。 關於在存取過濾器203 (c)與存取過濾器203 (I)之間的 IntraMap建構例的主要差異是:存取過濾器2〇3 (c)包括一 種具有IntraMap小爪哇程式2411之拷貝的全球資訊網網頁 2410。當從存取過減器203 (I)下載(downloaded)到工作站 2403中的網路瀏覽器2429時,小爪哇程式2411會產生指向 IntraMap伺服器2425的請求,進而使用由IntraMap伺服器 2425所轉回的結果來產生IntraMap顯示圖18〇1。 經濟部智慧財產局員工消費合作社印製 操作如下:對於工作站24〇3的使用者,IntraMap可能以 針對網頁之一通信鏈路出現。於是,要使用IntraMap,使 用都會啓動針對IntraMap網頁2410之一通信鏈路。在工作 站2403中的網路瀏覽器2429會對啓動通信鏈路作回應,就 像Έ:應該對啓動針對網頁之任何其它通信鏈路作回應那 樣· i提出一項針對網頁的請求,並將該請求發送到通信 _ - 64 - 本紙張尺㈣財關緖準(CNS)A4雜⑵G x 297n b 經濟部智慧財產局員工消費合作社印製 Λ- A7 __B7_五、發明說明(62 ) 鏈路中所指示的伺服器。在針對IntraMap之通信轉路的情 形中,因爲通信鏈路載明在存取過濾器203 (c)中的網路伺 服器2423 ’所以請求會經由局部存取過濾器203 (I)和VPN 201而前往存取過濾器203 (c)。就像對於VPN 201中之一資 源的任何其它存取操作那樣,局部存取過濾器2〇3 會執 行針對IntraMap網頁請求的存取核對。由於該請是針對網 頁’故而由網路代理伺服器2421來完全存取核對。在大多 數的VPN 201中,對於在VPN 201中的任何使用者而言, 111忱&amp;^^0網頁241〇將是可存取的;於是,存取控制資料庫 3 01指示:具有一有效I p來源位址的任何使用者都可能存 取 IntraMap網頁 2410。 當存存取過濾器203 (c)中收到請求時,I p過濾器2419就 會將它轉遞到網路代表伺服器2421,它依序地將請求轉遞 到網路伺服器2423,它藉著將IntraMap小爪哇程式2411下 載到工作站2403中的網路瀏覽器2429而對該請求作回應, 其中:IntraMap小爪哇程式2411開始在網路瀏覽器2429中 執行。在執行期間,它會將一項請求發送到針對IntraMap 資訊2422的IntraMap代理伺服器2427。像所有的小爪哇程 式一樣’ IntraMap小爪哇程式2411會將請求發送到它所處 的伺服器,在這種情形下,就是存取過濾器2〇3 (c)。然 而,就像對於來自工作站2403的任何其它存取操作那樣, 叫求會藉由局邵存取過)慮器2〇3 (I)而前進。瞧,IntraMap代 理伺服器2427會檢測出請求被定址到存取過濾器2〇3 (c)中 的IntraMap代理伺服器2427,而不是將請求發送到存取過 -65- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) tj . 5 S1 之 Jj; 与· % 本 Ϊ 五 經濟部智慧財產局員工消費合作社印製 d6 ΑΒ A7 ______ B7 發明說明(63 ) 濾器203 (c);從局部存取過濾器2〇3 (1)中的存取控制資料 庫301之局部拷貝中獲得IntraMap資訊2422 ;過濾該資訊, 使仔它载明:只會存取那些屬於使用者所屬的諸多使用者 群組所針對的資訊集之資源來產生列表243 1 ;進而經由 LAN 213,將它轉回给IntraMap小爪哇程式24π,該程式隨 後使用列表2431來產生intraMap顯示圖1801。在產生顯示 圖方面,小爪哇程式2411會應用載明於請求中的任何存取 過濾器,也會排序如請求中所載明的列表。列表243丨不但 才a π可供利用的資源,而且包含需要用來提取(fetch)資源 的資訊。於疋,若資源具有一種超通信链路,則將超通信 鏈路包括在列表中;若它是一種雖然使用者目前不會存 取,但是使用者卻可能請求存取所針對的資源,則列表包 括:針對資源之管理員的名字和電子郵件地址。 存取控制資料庫3 〇 1之細節:圖! 3到j 7 在存取過遽器203之一較佳實施例中,在兩個層級處加 以建構存取控制資料庫3 〇丨:一個層級是由圖形使用者界 面所使用’以便操縱存取控制資料庫3 ;而另一個層級 則是使用在實際存取核對中。使用由微軟公司所發展出的 Microsoft jet商標之資料庫系統來建構第一層級。第二層 級則是使用一些根據第一層級資料庫所编譯的記憶體映射 樓案(memory mapped files,簡稱MMF)加以建構的。下列討 論將會描述第一層級建構例,並且説明包含在其中的資訊 怎樣被使用在存取核對中。在研讀這項討論中’應該記 得:實際存取核對是使用MMF加以完成的,就像稍後將要 -66 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 讀 先 閲 讀 背 面 之 注 意 事 項 再 填 寫 本 頁 裝 訂 A7 464812 __B7 五、發明說明(64 ) 詳細描述的那樣。 經濟部智慧財產局員工消費合作社印製 就像對於大多數資料庫系統的情形那樣,Micr〇s〇ft Jet# 標之資料庫系統具有一種圖表,那就是:資料庫之邏輯結 構的一種描述。圖1 3到1 7都是:由針對存取控制資料庫 301之圖表的Microsoft Jet商標之資料庫系統所產生的顯示 圖。圖13顯示:針對定義諸多使用者群組之資料庫的一部 份的圖表13 01。顯示圖由兩種要素组成:在資料庫中的,,表 之類別”(classes of tables) 1303的表示法,以及顯示屬於表 之某些類別的兩種表之間關係的,'通信鏈路&quot;丨3〇5的表示 法。表之類別的表示法顯示:在13 1 〇處的類別名稱;以及 在1308處’將被包含在屬於該類別的每一種表中的資料爛 位。每一種表的實例都有一種由資料庫系統所指定的識別 符(ID)。在表中的其它資料會隨著表之類別而變化。藉著 使用在第一表中之第二表的ID來建立一種在屬於表之第一 類別的第一表與屬於表之第二類別的第二表之間的通信鏈 路’反之亦然®於是,通信鏈路13 〇 5顯示:能夠將&quot;使用者 群组樹&quot;類別表13 0 7中的一些表和&quot;使用者群組”類別表 1309中的一些表加以鏈接。某些通信鏈路在它們的兩個未 端處都有數字。該數字指示:在數字所在之末端處,該表 可能具有的通信鏈路數目。於是,連接著類別表丨3〇9和類 別表1307的通信鏈路具有:在針對類別表1309之末端處的 數字1,以及在針對類別表1307之末端處的數字〇〇 ;因而指 示:類別表1309之諸實例中的任何數目的ID都可能出現在 類別表1307之一實例中;但是,類別表1 307之一實例中的 -67- 本紙張疋度適用中國國家標準(CNS)A4規格(210 X 297公釐) 这 §48 1 2 A7 B7 五、發明說明(65 只有一個1D才可能出現在_表1309之-實例中。 使用者群組表:圖1 3 - ,用者群组表13()1包含針對資料庫術中的每個使 群U使用者群组類別表13〇9。在&quot;使用者群組·, 經濟部智慧財產局員工消費合作社印製 ?09中’特別有興趣的資料包括:群組名稱,它是群組之 字元串(cha⑽er_string)名冑;群组描述,它是群组= 串描述;以及預先^義的資訊,它指示其中成爲群扯之: 士員的使用者是否爲:一位管理員,即,能夠制定管理決 朿;:位安全官員,即,能夠制定決策制定者決策;或者 —位單純的資訊使用者。使用者群组表13〇1會進—步將諸 多使用者群組組織成-種層次列表__不但爲了繼承權,而 且爲了顯示於圖9之視窗903中的使用者群组之分層顯示 圖因而使使用者之識別方法與使用者群組有關聯,以及 使警戒資訊與使用者群組有關聯。组織成層次列表是藉由 使用者群组樹”類別表丨307令的一些表來完成的。,,使用 者群組樹&quot;類別表中的每一種表都會將&quot;使用者群組&quot;類別 表中之一表鏈接到一種母(parent)使用者群组(也是&quot;使用者 群組之類型)。對於一種特定”使用者群組&quot;表而言,多重 &quot;使用者群組樹”表可能存在,端視一特定使用者群組出現 在其中之位置的數目而定。 就像已經提及的那樣,有五種不同的方式用來識別至一 存取過濾器202之使用者:藉由I p位址範圍,藉由一種全 限定網際網路網域名稱,藉由在Microsoft Windows商標之 作業系統中的使用者身份,藉由一種鑑定令牌,以及藉由 -68- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) A7 464812 ___B7______ 五、發明說明(66 ) 證書。針對藉由證書來識別使用者之表的類別表(table classes)被顯示在1321處。針對藉由I P位址範圍來識別使用 者之表的類別表被顯示在13 17處;針對藉由I p網域來識別 使用者之表的那些類別表被顯示在13 1 9處;針對藉由 Microsoft Windows商標之作業系統ID (識別符)來識別使用 者之表的那些類別表被顯示在13 15處;以及針對藉由鑑定 令牌(在圖中,標示爲智慧卡)來識別使用者之表的那些類 別表被顯示在1323處。最後,類別表1325會定義:針對與 使用者群組有關而用於警戒之資訊的一些表。”使用者群 組”類別表13 0 9中之一表,可能使它與針對用來識別使用 者之任何方式的任何數目的表有關聯。就像此事意謂著那 樣,可能同時用很多不同的方式來識別一既定使用者。 爲了執行存取核對,存取過濾器203必須決定:正在提 出請求之使用者屬於哪些使用者群組。該請求包括使用者 識別方法,因而識別方法是決定之起點。在使用者群组表 1301中的一些表都會允許存取過濾器203 :根據識別方法 來決定使用者屬於哪些使用者群組,並且根據那些使用者 群组來決定一些決定使用者所屬之其它使用者群组的分層 關係。假定使用者是藉由I P位址加以識別,存取過據器 203藉由尋找&quot;I P位址範園定義&quot;類別表(在13 17中)中的一 個或更多的表而開始運作,該類別表定義:包括使用者之 IP位址在内的IP位址之範圍。這些表中的每一種表都有一 條指向&quot;I P位址範圍”類別表(在13 17中)的通信鏈路,該類 別表使” I P位址範圍定義”類別表中所定義的範圍與一使用 -69-In FIG. 7, the segment 707 connecting the client 703 to the access filter 203 (1) has a trust level that is sufficiently high for the sensitivity level of the resource ', so the client 703 does not have to encryption. When this is not the case, the access filter 203 (1) will give the client 703 access only if the client 703 has used an encryption method sufficient for the sensitivity level of its trust level resource to encrypt the request. operating. For this reason, the rover 503 in FIG. 5 must be equipped with SKIP. Since the roamer 503 accesses via the Internet m: access to the information of the filter 403 (3); many requests of the roamer 503 may never have a higher trust level than &quot; public, &quot; unless they are added Encryption; and in order to fully access the resources in VPN 201, the roamer 503 must use an encryption method, such as: SKIP -52- This paper standard applies the Chinese National Standard (CNS) A4 specification (210 X 297 public) Love) 4 6 4 8 1 2 A7 _____-____ B7 Five __ Printed by the Intellectual Property Bureau of the Ministry of Economic Affairs, the Industrial Cooperative Co-operative Society printed the description of the invention (50). The method provided is' the trust level is sufficient for the highest sensitivity. In some embodiments of the access server 203, the island; may negotiate with the client in a manner similar to the way it is used in the preferred embodiment 'to identify the two parties. An overview of the encryption technology used in the bundle for the administrator interface of the access control database 301: Figures 8 to 12 Access decisions define access operations based on user groups and information sets; It may be possible to define 'rules before access decisions' for user groups and information sets; how this is done is shown in Figure 8. ^ Λ _ 1 Defining a user group involves steps 803 to 807: first define the user ', then define the user group, and then assign the user to the appropriate user group. Defining the information set involves steps 809 to 813: first define the resource, then define the ^ information set, and then assign the resource to the information set. "When the When this is done, access decisions can be established, as shown at 8-15. As noted earlier, although the right to make access decisions for many user groups and information sets is determined by the decision maker's decision; it is used to define and determine user group membership and information sets' And the right to make management decisions for them is determined by management decisions. As can be seen from the foregoing, user interfaces are often used to define the relationship between two entities or collections about them. The general form of the graphical user interface (GUI) for the access control database 301 corresponds to this task. The display includes two windows. 'Each window contains a representation of some entities intended to be related to each other. -53- This paper size applies to China National Standard (CNS) A4 (210 X 297 mm) € 4 丨 2 A7 _ B7__ 5. Explanation of the invention (51) method, and the relationship is defined by selecting the entity and the need, and thus defining the relationship. ^ Defining user groups: Figure 9 Figure 9 shows a display 901 for popuiating and defining user groups. The window 903 in the display circle contains a hierarchical display of one of the currently defined user groups; the window 903 and the file hierarchy in the operating system used to display the Windows 95 trademark manufactured by Microsoft Corporation Windows are similar. In the window 903, many user groups to which the management user of the display figure 901 has management rights are displayed in black; other user groups are displayed in gray. Above the two windows printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs are two button bars: 911 and 915. Button 911 lists: some of the available displays used to modify the access control database 3001, while button strap 9 15 lists: some of the operations that may be performed on those displays. Thus, the button labeled "User Group" in the button strip 9 11 is highlighted, thereby indicating that the display figure 901 is a display diagram for colonizing and defining the user group. Regarding the button strip 9 丨 5, when window 903 is currently in use, it has the right to manage a user group—managing users may modify the user group. The method is: choose to use in window 903 User group and 'and use the &quot; delete &quot; (delete) in button 91 5 to delete the user group; or' use 'the "New" button to add and name the A new user group p under the selected user group in the hierarchy When the management user clicks the (clicks): &quot; Apply _, (apply) button 921, the access filter 203 will modify it Copy of the access control database 3〇 丨 in order to confirm what is shown in Figure 9101; and will modify the information dissemination-54- This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 public PCT) A7 B7 V. Description of the invention (52) To: a copy of all access control databases 30i in the VPN. Windows 909 displays users. By identifying the users in the collection, the method will be One set of users is indicated in the display. In this case, the users are all | All are identified by IP address, and they will all appear in the display with the range of IP address. Button with 9 丨 3 indication: other types of identification methods that can be displayed in window 909. It is like using a window You can use the "Add" and "Delete" buttons to add and delete users when the viewport is in the active state like 903. To assign the (many) users specified by the user identification information to a user group, the use of the GUI will choose: a user group 'as shown at 917, and a set of identification information, As shown at 919; then use the a (jd to group) button in the button band 913 to add the collection of identifying information to the user group, as shown by the following facts As shown. The range of selected IP addresses at 919 will now appear in the hierarchy below the selected user group at μ ?. The effect of this operation is: make many users &quot; A member of the R & D user group, the user's dialogue has the source IP address listed at 917; and when the user clicks: 11 Apply "button, all access control databases The copy of 301 has been modified. Figure 10 printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs: Figure 1001 is used to define the display of the information set.丨 〇〇5 A hierarchical list containing one available resource6 is formulated in the same way as the list of user groups: a hierarchical list of information sets and a hierarchical list of available user groups. Furthermore, the use of Figure 100 1 is shown -55- This paper size applies to the Chinese National Standard (CNS) A4 (210 X 297 mm) 46 48 12 A7 B7 V. Description of the invention (53) The information set and available resources are black; The other items on the list are grayed out. In Windows 2000, the available resources are: the Internet and the two locations that make up VPN 201. In a more developed VPN 201, the list of available resources should be Instructions: the server at the location, the service in the server, and the items of information provided by the service. For example, if the service provides a directory tree, it should indicate the inclusion of the directory by a pathname Information items in the tree; the path name will indicate the root of the directory tree and will use wildcard characters to indicate some files above the root of the tree When adding a resource to the server, 'the resource may be defined via window 1005. Thus, the resource has been defined, and a resource may be assigned in the same manner as a user identification information is assigned to a user group. Assigned to an information set. Furthermore, clicking the "Apply" button will cause the changes in the display diagram 1001 to be propagated to all copies of the access control database 301. Figure 1 1 shows: a display used to define decisions Figure 11 〇 1. What-type decisions are being defined in the slave band 1113; as shown there, a 'display diagram 1101 is defining access decisions. All decision display diagrams have the same general format: a window 11 03, which contains a hierarchical display of one of the user groups; a window 1105, which may define a display of one of the object hierarchies for which the decision is targeted; And a decision definition window 1007, which contains some access decision definitions 1108. At the object level, the user of the display map has the right to define the objects for which the decision is made; all other objects are gray. In the display figure 1101, the access decision is being defined, so the objects are all information sets. -56-This paper size applies to China National Standard (CNS) A4 (210 χ 297 mm) ------------ &lt; .install— &lt; Please read the notes on the back before filling in this page). _ά Printed by the Intellectual Property Bureau of the Ministry of Economic Affairs, Consumer Cooperatives, Λ6 dB ^ A7 --- B7 V. Description of Invention (54) Each access decision definition is There are four parts:-Active checkbox 1117 'It indicates whether the access decision defined by the decision is active, ie: is being used to control the storage = action • The access decision is being defined for The user group n 19; the access decision is being defined for the set of information 1123; and the access operation bit Hu, which indicates whether the access operation is allowed or denied to define the access decision. Menu bar 1109 and button bar 丨 丨 15 allows decision makers to make decisions for those administrators who are allowed to do so to edit, add, delete, and activate or remove consumer cooperatives from the Intellectual Property Bureau of the Ministry of Economic Affairs (Deactivate)-A selected decision definition 1108. The active selection box m7 of each decision definition 1108 allows the administrator to activate or remove the selection decision definition 1108; the access operation field 1121 allows the administrator to choose whether to allow or deny the decision. The "Delete" button in the button strip allows the administrator to delete a selected decision; and the "Add" button allows the administrator to make a new decision definition. 1108; To do this, the administrator Will choose: a user group in window 1103 and an information set in window 丨 105; then press the MAdd •, button. The new access decision definition 1108 appears in display figure II07; and, The administrator can edit the new access decision definition, as just described. To apply the change to the access control database 301 and propagate it to all access filters 203; the administrator will click on the "Apply" On button 1125. The display figure 1101 also contains a policy evaluator tool, which allows the administrator to see: the current set of access decision definitions -57- This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 (Public cage) 1 b 4 3 i A7 ___B7___ 5. Description of the invention (55) How to decide the access operation for a given user group or resource set. When Guan Libei clicks: press the "decision evaluation" (py evaluation) button in short band 1113, and select a user group from the display in Figure 1103; the tool program will display: selected User groups are shown in blue. The decision definition allows user groups to access and all information sets in the display diagram 丨 105 are shown in green 丨 and the rest are shown in red; and which information sets can be used by the user group All decision definitions related to group access decisions are highlighted ^ in the same color set. If the administrator selects an information set, the same thing happens. Then the 'Estimator Tool' will show: The selected information set is blue. All user groups who can access the information set are green, and the rest are Red, which also highlights some relevant decision definitions. Users can also choose a decision. In that case, the selected decision is blue, and the user groups and information sets affected by the decision are blue or red, as determined by the decision. Users can choose more than one: user groups, information sets, or decisions. In that case, the evaluator's tool shows for each decision: the effects applied to all choices, and those decisions. The evaluator tool can be turned off by clicking the "Decision Evaluation" button in the button strip 1113, and the color and highlights can be clicked in the button strip 1115 "Reset evaluation" button to turn off to prepare for a new decision evaluation. Figure 12 shows: Figure 1201 is used to enter information about an access filter 203 Go to the access control database 30.1. The window 1203 displays: a hierarchical list of one of the access filters 203; when the window is currently in use, it may be _ -58- This paper standard applies the China National Standard (CNS) A4 specification (210 = &lt; 297 public love) A7 B7 V. Description of the invention (56) ------------ ^-equipment --- f Qing Mao 57 凊 6 6 of the ^ intention to fill in this page) use In the button strip 1209, "Add" and "Delete," the two buttons add or delete access filters. Window 1205 is used to enter or display information about the access controller 203. In window 1207, The display map is determined by clicking one of the buttons in the tape 1207; as shown by the button, the display map in the window 1207 can be used to: enter and view the web about the access filters 203 Information about the connection, enter and view the information about the trust level of that connection, scan the network for available servers and services, and create alerts for the problems detected in the access filter 203. Optional parameters for the software, and the order in which the access control database 301 is changed. The alert function creation instructions (alen setup) are highlighted: The display 1205 shown in Figure 12 is used to display And create a display of warning information. Member of the Intellectual Property Bureau of the Ministry of Economic Affairs Industrial and consumer cooperatives print user interfaces to invent resources: Figures 18 and 24 4 VPN 201 users have an interface to see what resources are available to them in VpN 001. Here An interface called ImraMap (intra-image) interface (IntraMap is a trademark of wing company (111, such as _ Qiaojiao "Incorporated)), at least will be displayed to each user: belonging to the user may be based on The collection decision of the user collection to access the resources of the collection. In other embodiments, IntraMap may also consider the sensitivity level of the resource and the trust level of the user's identification method. The IntraMap5 surface is constructed by a Java ™ applet, which is executed on any World Wide Web (www) browser equipped with Java. Using a web browser, the user can scan the graphic display -59 "This paper size is applicable to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) A7 B7 V. Description of the invention (57) Figures: to find coexistence Take resources that are available to users; or, request access to resources that were not previously available to users. Access to resources by users is determined by many access decisions that apply to users and resources. Figure 18 Display: The display map 1801 produced by the IntraMap interface. The left side of the IntraMap display map 1801 shows: the resource list 1803; and the right side of the display map shows: Find block 1807, Sort section 1809, Services ) Section 1811 'and Description block 1813. Click the "Help" button 18 15 to enable the use of IntraMap's on-line help (available on-line help). Ministry of Economic Affairs wisdom Property Bureau employee consumer cooperative prints a resource list 1803 showing: for users who are using the intraMap interface, s' available resources and resources in VPN 201. This list is hierarchical . By the user can tap on a branch ,, + "_ and &quot; standard έ hexyl extend (the expand) or reduced (Collapse) &quot; tree &quot; branch. Each entry U04 in the list includes the resource name. The color used to display the registered items indicates what access operations the user has. If the posted item 1804 is displayed in blue: the user has an active hyperlink for the resource and may double-tap the resource to display it. If the resource is displayed in black, although it is also available for the user ’s use, there is no hypercommunication link available, so a separate application must be used to retrieve the resource. Although the resources displayed in gray are not directly available for users to use, if the user selects a resource, the IrmaMap interface will open a dialog box (dial0gbx): allowing the user to request access The e-mail is sent to the administrator, who is responsible for the access decision of the information set to which the resource belongs. Ran-60- This paper size is in accordance with China National Standard (CNS) A4 (210 X 297 mm)? 6 A Dagger 12 A7 _ B7 V. Description of the invention (58), the administrator may modify the access and And / or manage decisions to give users access. The administrator may further assign the resource / hidden property. When the resource has this characteristic, the resource will only appear in the IntraMap interface 1801 if the user belongs to a user group which is an information set of an information set to which the resource belongs. If the resource does not have the hidden feature ’, it will always appear in the lntraMap interface 1801. In other love mud ’it will not appear. A resource may have a more detailed description than the description contained in its listing 1804. When the user selects the resource, the description is displayed in the description field 丨 8 丨 3. In addition to the resource list 1803, the lntraMap display 1801 will also show two specialized resource lists at 1805. • "What's New" 1806 shows: Recent information postings from other evil doors in the enterprise. If the administrator has given the user access to the "Which is the latest ,," the webpage, the user may— The URL of the new resource (Common Resource Index) is announced there. • "What's Hot" (What's Hot) 1808 is based on how long it takes for a resource to be accessed, showing the company's most popular information resource. Printed by the Employees' Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs The service type control table at 1811 allows users to filter some resources that are intended to be displayed in the resource list 1803 according to the type of service provided. In the service type control table 1 811, each service type has a circle check box. If the box is checked, resources that include the service type and are associated with the service will appear in the resource list. In other cases, resources associated with this service will not appear in the resource list. The lntraMap interface allows users to follow: information set, location, or service. -61-This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) A7 B7 V. Instruction (59) a first tj ί 之 之 a. I t 4 Sort resource list 1803. To do this, the user will choose the way he wants to sort the resource list in the sorting field. The user may also specify the order in which resource categories are used in the sort field. The level interface also has a search function. To perform a search function, the user enters a search string into the "Find" field 1807. Then, in the order specified in the sort field 18009, a search is performed for the relevant string The resource list and resource description of the various resources. The search function is only to find all word matches or partial word matches. The situation is not very sensitive. When the first match is displayed, some function keys may be used. In order to navigate to other matches. Of course, if the user has not checked one of the service types in the service type field 181, many resources of this service type are not involved in the sorting or search operation. Ministry of Economic Affairs The Intellectual Property Bureau employee consumer cooperative prints the picture 24: IntraMaP interface is a construction example 2401. For users of VPN 201, the intraMap interface appears as a web page, which is accessed by the access filter 203 (c) in Figure 2. One of the many resources provided by the report management program 209 running on the Internet. One of the users in VPN 001; or even the general public (that is: Cheng Someone who is a member of the Internet user group may be given access to the IntraMap interface in the same way as he may be given access to any other resource, as will be apparent from the description below, The webpage for IntraMap may be on any server in VPN 201. The construction example 2401 has. In the workstation (WorkStation) 2403, it is used by the user to review (10) called IntraMap Components; components in the access filter 203 (1) that are local to the workstation 2403; and components in the access filter 203 (c), National Standard (CNS) A4 Specification (210 X 297 mm) d 6 d 8 1 2 A7 B7 V. Description of Invention (6Q) The access filter is an access filter that the report management program 209 will run on. Of course, the access filter 203 (c) may also perform a function like a local access filter. The local access filter 203 (I) is connected to the report access filter 203 (c) through VPN 201, The workstation 2403 is connected to the local storage via a LAN 2 13 Take filter 203 (1). Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs, as will be explained in more detail later, all accessors 203 have a layered architecture. The lowest level Level is a kind of Internet subcontracting information (IP) adapter 2419, it only deals with the header of Internet subcontracting information. The subcontracting information has been read; Source and destination addresses, and apply a set of rules to the subcontracting information. Just as determined by the rules, the IP transitioner either accepts them, discards them, or further routes them in VPN 201 to guide them. This rule will also determine how the route in the access filter 203 is intended to direct much of the accepted subcontracting information. The next-level in the architecture is service proxies 2427. The service representative server intercepts traffic for services such as the World Wide Web (www) and performs access checks on the traffic. If the access filter 203 provides the service itself or performs an access check for one of the servers providing the service, the ϊρ filter 2419 sends the subcontracting information for the service to one of the service proxy servers 2427 for the service. The service proxy server uses the access control database 301 to perform protocol-level access check for services. For example, a service proxy server for a web service may check whether the user who is making a request for a given web page has access to the web page. The next higher level is the service level 2425; if the relevant service agent servo-63- this paper size applies to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) V. Description of the invention (61) One item allowed by the device The request and access filter is also a server for that service, and it is intended to process requests to the service at service level 2425. In the case of a web page, the service should indicate the location of the web page and return it to the requester. IntraMap involves two services: Web (network) service and IntraMap service. In Figure 2401, the Web service appears as WebS 2423. The proxy server for WebS 2423 is WebP 2421; for many reasons that will become apparent in the description below, the IntraMap service has only one proxy server: IntraMap 2417. In addition, the access control database 301 includes IntraMap information 2422, which is an optimized version (0ptimi2ed version) of the information in the access control database 301 and can be used as the basis for the IntraMap display map. The main difference regarding the construction example of IntraMap between access filter 203 (c) and access filter 203 (I) is that access filter 203 (c) includes a copy of the IntraMap Java program 2411 World Wide Web Page 2410. When downloaded from the access subtractor 203 (I) to the web browser 2429 in the workstation 2403, the Java program 2411 will generate a request to the IntraMap server 2425, and then use the The result to generate the IntraMap is shown in Figure 1801. Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economics. The operation is as follows: For users of Workstation 2403, IntraMap may appear as a communication link for one of the web pages. Therefore, to use IntraMap, the use will start one of the communication links for IntraMap webpage 2410. The web browser 2429 in the workstation 2403 will respond to the initiation of the communication link, just like: 应该 should respond to initiation of any other communication link to the web page. I make a request for the web page and Request to be sent to communication_-64-This paper is printed on the financial and economic standard (CNS) A4 miscellaneous G x 297n b Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economy The indicated server. In the case of the communication route for IntraMap, because the communication link specifies the web server 2423 'in the access filter 203 (c), the request will pass through the local access filter 203 (I) and VPN 201 Instead, go to the access filter 203 (c). Just like any other access operation to one of the resources in VPN 201, the local access filter 203 performs an access check for IntraMap webpage requests. Since the request is for a web page, the web proxy server 2421 performs full access check. In most VPN 201, for any user in VPN 201, 111 &amp; ^^ 0 webpage 2410 will be accessible; therefore, the access control database 3 01 indicates that: Any user with a valid IP source address may access the IntraMap webpage 2410. When a request is received in the storage access filter 203 (c), the IP filter 2419 forwards it to the network representative server 2421, which in turn forwards the request to the network server 2423. It responds to this request by downloading the IntraMap Java program 2411 to the web browser 2429 in the workstation 2403, where the IntraMap Java program 2411 starts to execute in the web browser 2429. During execution, it sends a request to IntraMap proxy server 2427 for IntraMap information 2422. Like all Java programs, the IntraMap Java program 2411 sends the request to the server where it is located. In this case, it is the access filter 203 (c). However, as for any other access operation from the workstation 2403, the request will be advanced by the cache 203 (I). Voila, the IntraMap proxy server 2427 will detect that the request is addressed to the IntraMap proxy server 2427 in the access filter 203 (c), instead of sending the request to the access-65- Standard (CNS) A4 specification (210 X 297 mm) tj. 5 S1 Jj; and ·% Ben printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs d6 ΑΒ A7 ______ B7 Description of the invention (63) Filter 203 (c ); IntraMap information 2422 is obtained from a local copy of the access control database 301 in the local access filter 203 (1); the information is filtered so that it specifies that only those belonging to the user The list of 243 1 is generated by the resources of the information set targeted by many user groups; and then it is transferred back to the IntraMap Java program 24π via LAN 213, which then uses the list 2431 to generate the intraMap display 1801. In generating the display graph, the Java program 2411 will apply any access filters specified in the request, and will also sort the list as specified in the request. List 243 丨 not only has a π available resources, but also contains the information needed to fetch the resources. Yu Xun, if the resource has a hyper communication link, the hyper communication link is included in the list; if it is a type that although the user currently does not access, but the user may request access to the resource targeted, then The list includes: the name and email address of the administrator for the resource. Details of the access control database 3 01: Figure! 3 to j 7 In a preferred embodiment of the access controller 203, an access control database 3 is constructed at two levels: one level is used by a graphical user interface to facilitate access Control database 3; the other level is used in actual access check. The first level is constructed using the Microsoft Jet trademark database system developed by Microsoft Corporation. The second level is constructed using memory mapped files (MMFs) compiled from the first level database. The following discussion will describe first-level construction examples and explain how the information contained in them is used in access checks. In studying this discussion, 'you should remember: the actual access check is done using MMF, as will be later -66 This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) Read first Note on the back then fill in this page to bind A7 464812 __B7 V. Description of Invention (64) As described in detail. Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs As is the case with most database systems, the database system of the Micr0sft Jet # target has a diagram, which is: a description of the logical structure of the database. Figures 13 to 17 are: displays generated by the Microsoft Jet trademark database system for the diagram of the access control database 301. Figure 13 shows: Figure 13 01 for a part of a database that defines many user groups. The display diagram consists of two elements: the notation of "classes of tables" 1303 in the database, and the relationship between the two tables belonging to certain categories of the table, 'communication link &quot; 丨 3〇5 notation. The notation of the category of the table shows: the name of the category at 13 1 0; and at 1308 'the data will be included in every type of table belonging to that category. Each An instance of a table has an identifier (ID) assigned by the database system. The other information in the table varies with the type of the table. By using the ID of the second table in the first table to Establish a communication link between a first table that belongs to the first category of the table and a second table that belongs to the second category of the table 'and vice versa'. Therefore, the communication link 13 05 shows: Some tables in the "user group tree" category table 13 07 are linked to some tables in the "user group" category table 1309. Some communication links have numbers at both ends of them. The number indicates the number of communication links the table may have at the end of the number. Thus, the communication link connecting the category table 3309 and the category table 1307 has: the number 1 at the end of the category table 1309, and the number 0 at the end of the category table 1307; thus indicating: category Any number of IDs in the examples of Table 1309 may appear in one of the examples of Category Table 1307; however, -67- in this example of one of Category Table 1307 applies to the Chinese National Standard (CNS) A4 (210 X 297 mm) This §48 1 2 A7 B7 V. Description of the invention (65 Only one 1D may appear in the _ table 1309-examples. User group table: Figure 1 3-, user group Table 13 () 1 contains a table of user groups for each user group in the database. Table 1309. In "user groups", printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs? Interested data includes: group name, which is the name of the group's string (cha⑽er_string); group description, which is the group = string description; and pre-defined information, which indicates that it becomes a group : Is the user of the non-commissioned officer: an administrator, ie Make management decisions; a security officer, that is, able to make decisions for decision makers; or-pure information users. The user group table 1301 will further organize many user groups into- Hierarchical list __ not only for inheritance rights, but also for the hierarchical display of user groups shown in window 903 in FIG. 9 so that the user identification method is associated with the user group and the alert information is associated with the user Groups are related. Organizing into a hierarchical list is done by some tables in the "User Group Tree" category table 307 order. Each type of table in the user group tree &quot; category table will be &quot;; One of the user group &quot; category tables is linked to a parent user group (also a type of &quot; user group). For a particular "user group" table, Multiple "user group tree" tables may exist, depending on the number of places in which a particular user group appears. As already mentioned, there are five different ways to identify to one Access filtering User 202: by IP address range, by a fully qualified Internet domain name, by user identity in the Microsoft Windows trademarked operating system, by an authentication token, and by -68- This paper size applies to China National Standard (CNS) A4 (210 X 297 mm) A7 464812 ___B7______ V. Description of the invention (66) Certificate. Table classes for the tables that identify users by certificate ) Is displayed at 1321. Category tables for tables that identify users by IP address range are shown at 13 17; category tables for tables that identify users by IP domain are shown at 13 1 9; The category tables that identify the user ’s table by the operating system ID (identifier) of the Microsoft Windows trademark are shown at 13 15; and for identifying users by an authentication token (in the figure, labeled as a smart card) Those category tables are shown at 1323. Finally, the category table 1325 defines some tables for alerting information related to user groups. One of the "user group" category tables 13 0 9 may associate it with any number of tables for any way to identify users. Just as this means that, there may be many different ways to identify an intended user at the same time. In order to perform an access check, the access filter 203 must decide which user groups the user who is making the request belongs to. The request includes a user identification method, so the identification method is the starting point for the decision. Some tables in the user group table 1301 will allow access to the filter 203: according to the identification method to determine which user groups the user belongs to, and according to those user groups, determine some other uses that determine which user the user belongs to Hierarchical relationship of the group. Assuming that the user is identified by the IP address, the access register 203 starts to work by looking for one or more of the "IP address range definition" category tables (in 13 17). The category table defines: the range of IP addresses including the user's IP address. Each of these tables has a communication link to the &quot; IP address range &quot; category table (in 13-17), which makes the range defined in the "IP Address Range Definition" category table and One use -69-

本紙張尺度適用中國國家標準(CNS)A4規輅【210 X 297 H {請先閱讀背面之;i意事項再填寫本頁) -一-裝 訂---------. 經濟部智慧財產局員工消費合作社印製 46 48 12 Α7 Β7 五、發明說明(67 ) 經濟部智慧財產局員工消費合作社印製 者群組Ϊ D有關係,就對應於j p位址範圍的使用考群組而 s,Έ:依序地可作爲一條指向,,使用者群組”類別表丨3〇9的 通仏鏈路义用。’’使用者群组,,類別表1309中的每一種表都 有一條指向”使用者群组樹μ類別表丨3〇7的通信鏈路,因此 flb夠順著一些通信鏈路而指向針對一些使用者群组的,,使 用者群组&quot;類別表,因而由〗p位址所載明的一些使用者群 &gt;’且都會繼承存取權利。於是,在處理過程結束時,丨ρ過濾 益203已經指出所有使用者群组的位置,它們都與決定使 用者是否可能存取資源有關。而且,〗ρ過濾器2〇3根據請 求而瞭解:怎樣識別使用者;並根據請求而能夠決定:應 該指定何種等級給用於請求中的使用者識別方法。將使用 者群組表1301中的資訊加以編譯進入mmf(記憶體映射檔 案)中。當使用者初啓一項對話時,使用者會提供一種使 用者識別方法給在對話路徑上的第一存取過濾器2〇3 ;存 取過濾器203使用具有MMF的使用者識別方法,以便作出 一項等效於以上所説明之—決定的決定。於是,存取過濾 器203能夠決定:對於一既定使用者識別方法而言,它是 否識別有權存取資訊之一使用者;它是何種使用者識別方 法;因此它具有何種信賴等級;以及使用者屬於哪些使用 者群組。於是,使用者群组表13〇1包含了 :針對一項存取 決策110 8之使用者部份所需的所有資訊。 資訊集表:圖1 4 圖14顯示:針對定義資訊集的一些表之圖表14〇1。這些 表會使諸多資訊集(在圖1 4中的資源群組)與組成它們的資 -70- 本紙張尺度適用中國國家標準(CNS)A4規格(2Κ)Χ 297公楚) '~~' ^648 12 A7 ____B7 五、發明說明(68) 源有關係,並與資源之網路位置有關係;並且也會將諸多 資訊集組織成:在圖10中之1〇〇3處所顯示之資訊集的分層 列表。在存取控制資料庫301中的每個資訊集都是由&quot;資源 群组&quot;類別表购所表示。藉由表1419而將資源群組類別 表中的一些表加以組織成—種針對繼承權和顯示目的的層 次。資訊集與掌握中組成它的一些資源之間,以及與儲存 它們在其中而在VPN中的一些位置之間的關係都是由,,資 源群組單元(resource group elements)類別表1407中的一些 ,所建互的。可能將&quot;資源群组&quot;類別表鏈接到,t資源群組 單元”類別表中的任何數目的表。將”資源群組單元”類別 表中之-表鏈接到諸多類別表:&quot;網站單元,.(㈣服職⑷ 1411 ’ ’’服務&quot;14丨3,以及”資源&quot;14〇9”中的任何數目的表。 針對資料庫301中所表不的每一項資源都會有&quot;資源”類別 表。包括在Μ表中的有:資源之工D ;其名稱;針對提供資 源的服務之1D ;針對定義資源的靈敏度等級之ID :資源 描述;資源管理員的電子郵件地址;以及一種隱藏旗標 (hidden flag),它指示著IntraMap是否應該將資源顯示給不 屬於—些有權存取資源之使用者群組的使用者。IntraMap 界面會獲彳于它需要的資訊,該資訊關於來自針對資源之” ;貝源&quot;表的一項資源。 兩種類別表”網站單元&quot;和&quot;服務&quot;中的—些表,以及兩 種類別表:&quot;網站,'⑷5和”词服器&quot;14Π中的-些表都是屬 於描述著在VPN中之資訊位置的類別表1421。針對在 中的每一個實體位置都會有&quot;網站&quot;類別表:針對在VPN中 ____ -71 - I紙張尺中國國家標準(CNS)k4規格x 297公爱) 誚 先 閲 讀 背 S 之 注 意 事 項 再 填 頁 裝 I 訂 經濟部智慧財產局員工消費合作社印製 4048 12 A7 B7 五、發明說明(69) 的每一個伺服器都會有”伺服器,,類別表;以及針對在VPN 中的每一項服務都會有”服務”類別表。在&quot;網站單元&quot;類別 表中的一些表中的通信鏈路都會使諸多網站與諸多飼服器 有關係;在”伺服器”類別表中的一些表中的通信鏈路都會 使諸多伺服器與它們提供的諸多服務有關係;以及在,,服 務&quot;類別表中的一些表中的通信鏈路都會使諸多服務與它 們寄宿(host)的諸多資源有關係。 裝 i I I I I I I 訂 經濟部智慧財產局員工消費合作社印製 在決定被請求資源屬於何種資訊集方面,存取過遽器 203就從請求中的資訊開始。該請求被包含在—種〗p分包 資訊中,因此具有:一標題和一主體(b〇dy)。在標題中, 有:一IP位址,它載明在虛擬專用網路2〇1中之一位置, 以及在該位置處之一伺服器;一埠號,它載明關於伺服器 之一項服務。而在本體中,則有:以通信協定所規定的形 式呈現之資源描述。譬如説,若請求是針對一網頁,則資 源描述將是資源之URL。存取過濾器2〇3使用〗p位址來指 出”網站”類別表的位置,使用在該表中的通信鏈路來指出 ”網站單元&quot;類別表丨411的位置。該表使網站與針對網站處 之諸伺服器的伺服器ID(識別符)有關係;並且,存取過濾 器203會使用伺服器10來指出針對網站之諸伺服器的&quot;伺服 器”類別表1417中的一些表的位置。然後,它能夠再使用 IP位址來指出對應於載明在請求中之伺服器的&quot;词服器,,類 別表的位置;並且能夠順著從”伺服器”表到針對服務之,· 服務&quot;類別表中的一些表的諸多通信鏈路;進而能夠使用 來自請求的埠號來尋找適當的&quot;服務&quot;表。一旦它已經發覺 -72- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 464812 發明說明(7〇 適當的_’服務_,表,它就能夠順著指向,,資源 . 的-些表的諸多通信鏈路 二“ .1409中 η 失 η 背 面 之 a -t 項 項 寫 4 Ά ”資源”表的位置⑽裏,會有中之資源的 :表二7的通信鏈路’該表使諸多資源與針對它們所屬 資Λ集的一些資源群組織別符有關係。 別符依序地載明&quot;資源群組,,類別表14〇3中的一=辟= 經濟部智慧財產局員工消費合作社印製 2都:指向”資源群組樹&quot;類別表中的一些表的諸多通: 鏈路’因而能夠決定:$明在請求中之資源所屬的諸多資 =組的層次。已經完成那些事,存取過攄器2。3就已經 -覺.與決請求是否應該被准許有關的—些資源群 組。針對資源的&quot;資源&quot;表還包含針對資源之靈敏度等級。 再者如資訊集表1401中的資訊加以编輯進入MMF中。當 清求來到在使用者與&amp;供資源的伺服器之間路徑中的第一 存取過濾器203時,第一存取過濾器2〇3就會使用1^1^1?檔 案,以便作出一項邏輯上等效於剛才所描述之一決定的決 定。於是,在檢視包含來自使用者群組表13〇1和資訊集表 1401之資訊的MMF檔案之後,代理伺服器就已經決定:使用 者識別方法的信賴等級’資訊資源的靈敏度等級,使用者所 屬的一些使用者群組,以及資訊資源所屬的一些資訊集。 決策表:圖1 6 圖16顯示:使用於存取控制資料庫3〇1中,用來定義存 取決策的一些表;包括在這些決策中的有:存取決策,管 理決策,以及決策制定者決策: • 存取決策使使用者群組與資源群组有關係; 73- 本紙張尺度適用中國國家標準(CNS)A4規格(2丨0 X 297公釐) A7 B7 五' 發明說明(71) e理決朿使其成員都是管理員之一使用者群組與下列 其中之一有關係: ’ 1 .另一使用者群组 2. —資訊集 3 .—資源 4 .在VPN中之一位置(網站) 5 —存取過;慮器203或其它词服器 6 .—項服務 •決策制定者決策使管理員之使用者群组與資訊集有關 係。 經濟部智慧財產局員工消費合作社印製 每項決策都會使”左側,,與&quot;右側,,有關係,左侧總是&quot;使 ,者群組”類別表1309,而右侧則端視決策種類而定,可 能是:”資源類別表1409,&quot;資源群組,•類別表14〇3(表示 資訊集),&quot;網站”類別表〗415,”服務,,類別表1413,&quot;伺服 益•'類別表1417,或者,1使用者群組&quot;類別表13〇9。於是, 決策諸表1601分成三大群組:左侧諸表i6〇3,決策諸表 1605,以及右側諸表丨6〇9。改變決策的權利是分層性的: 一使用者群組之成員能夠改變存取決策,就像由針對該群 組之管理決策所決定的那樣,該群组之&quot;使用者群組”表指 示著:它是諸多管理員中之一類型的—種群組。依序地, 那些管理員可能載明與他們的子網域(sub_d〇main)有關的其 他管理決策。 ' 對應於三種決策,在決策諸表1605中有三個類別表:屬 於存取決策&quot;(Policies Access)類別表1611,”管理員決策&quot; -74- 本紐尺巾關家標準(CNS)A4絲(21G X 297公爱) ' 464812 A7 B7 五、發明說明(72 ) (Policies Administer)類別表1613,以及”決策制定者決策” (Policies Policy Maker)類別表1691的一些表。所有的這些 類別表共享很多特點;它們都包含:針對決策之左側的使 用者群组表之I D,針對表示載明在決策之右側中項目的表 之I D ’決策(存取操作被容許或被拒絕)的一種指示,決策 是否預先定義的且無法被刪除的一種指示,以及決策是否 爲目前現用的一種指示。類別表之間的差異是:何者可能 在決策之右侧上,因而就是指向在右側上諸多實體的通信 鏈路;在存取決策和決策制定者決策的情形下,右側實體 都只是資訊集而已,因此,”存取決策&quot;和&quot;決策制定者決 策’’兩種類別表中的—些表都只包含指向”資源群組&quot;類別 表中的—些表的諸多右側通信鏈路而已;而,,管理員決策&quot; 類別表中的一些表則可能包含指向下列替換性的:&quot;使用 者群組”類別表資源群組&quot;類別表,”網站&quot;類別表,”伺 服益&quot;類別表,&quot;服務,’類別表,以及&quot;資源&quot;類別表中的— 些表的諸多右側通信鏈路。 賦予由管理決策右側上的使用者群组所載明的使用者群 組官轄由右側所載明的諸多實體之集合的權利會有所變 化,翊視貫體種類而定,如下表中所顯示的:This paper size is subject to Chinese National Standard (CNS) A4 regulations [210 X 297 H {Please read the back; please fill in this page before you fill out this page)-One-binding ---------. Ministry of Economic Affairs wisdom Printed by the Consumer Affairs Cooperative of the Property Bureau 46 48 12 Α7 Β7 V. Description of the Invention (67) The Consumers Cooperative Producer Group of the Intellectual Property Bureau of the Ministry of Economic Affairs has a relationship with D, which corresponds to the use test group corresponding to the jp address range. s, Έ: sequentially can be used as a pointing, user group ", the general link of the category table 3309." user group ", each table in the category table 1309 has A communication link pointing to the “user group tree μ category table” 307, so flb is enough to follow some communication links to point to some user groups, the user group &quot; category table, so Some user groups specified by the p address &gt; 'will inherit access rights. Therefore, at the end of the processing process, the filtering benefit 203 has pointed out the location of all user groups, which are all related to determining whether the user is likely to access the resource. Furthermore, the filter 203 understands how to identify the user based on the request, and can decide, based on the request, what level should be assigned to the user identification method used in the request. The information in the user group table 1301 is compiled into mmf (memory mapping file). When a user initiates a conversation, the user will provide a user identification method to the first access filter 203 on the conversation path; the access filter 203 uses the user identification method with MMF in order to make A decision equivalent to the one described above—decision. Thus, the access filter 203 can determine: for a given user identification method, whether it recognizes a user who has access to the information; what user identification method it is; and therefore what level of trust it has; And which user groups the user belongs to. Thus, the user group table 1301 contains all the information needed for the user part of an access decision 110 8. Infoset Tables: Figures 1 4 and Figure 14 show: Charts 1401 for some tables that define infosets. These tables make many information sets (resource groups in Figure 14) and the resources that make up them -70- This paper size applies to China National Standard (CNS) A4 Specification (2K) × 297 Kung Chu) '~~' ^ 648 12 A7 ____B7 V. Description of the invention (68) The source has a relationship and is related to the network location of the resource; and it also organizes many information sets into: the information set shown in Fig. 10 at 103 A hierarchical list. Each information set in the access control database 301 is represented by a &quot; resource group &quot; category list purchase. Table 1419 is used to organize some of the resource group category tables into a hierarchy for inheritance and display purposes. The relationship between the information set and some of the resources that make up it, as well as some of the locations in the VPN where they are stored, are some of the resource group elements category table 1407 , Built by each other. It is possible to link the &quot; resource group &quot; category table to any number of tables in the "resource group unit" category table. Link the tables in the "resource group unit" category table to many category tables: &quot; Web site unit, ((Services 1411 '' 'Services "14 丨 3, and any number of tables in" Resources "14〇9". For each resource listed in the database 301 will be There are "resource" category tables. Included in the M table are: resource resource D; its name; 1D for the service that provides the resource; ID for defining the sensitivity level of the resource: resource description; email of the resource administrator Address; and a hidden flag, which indicates whether IntraMap should display resources to users who do not belong to some user groups who have access to the resources. The IntraMap interface will get the information it needs , The information is about a resource from the "Beijing source" table for resources. There are two types of tables in the "Website Unit" and "Services" tables, and two types of tables: "Website, ' ⑷5 和 "word These tables in the device "14Π belong to the category table 1421 describing the location of information in the VPN. There will be a" site "category table for each physical location in the: for the VPN ____- 71-I Paper Ruler Chinese National Standard (CNS) k4 size x 297 public love) 阅读 Read the precautions for S before filling in the pages I. Order printed by the Intellectual Property Bureau of the Ministry of Economic Affairs, Consumer Cooperatives 4048 12 A7 B7 V. Description of the invention (69) Each server will have a "server," and a category table; and for each service in the VPN, there will be a "service" category table. The communication links in some tables in the "Website Unit" category table will make many websites related to many feeders; the communication links in some tables in the "Server" category table will make many servers Servers are related to the many services they provide; and the communication links in some tables in the Service &quot; Category table will make many services related to many resources of their host. Installed by I I I I I I I Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs. In determining what information set the requested resource belongs to, the accessor 203 starts with the information in the request. The request is included in the p-subcontracting information, so it has: a title and a body (body). In the title, there are: an IP address, which indicates a location in the virtual private network 201, and a server at the location; a port number, which indicates an item about the server service. In the ontology, there are: resource descriptions in the form prescribed by the communication protocol. For example, if the request is for a web page, the resource description will be the URL of the resource. The access filter 203 uses the p address to indicate the location of the "website" category table, and the communication link in the table to indicate the location of the "website unit" category table 411. This table enables the website and The server IDs (identifiers) for the servers at the website are related; and, the access filter 203 uses the server 10 to indicate some of the "servers" category table 1417 for the servers at the website The position of the table. Then, it can use the IP address to indicate the position of the &quot; server, &quot; corresponding to the server specified in the request; and it can follow the "server" table to the service-specific table, · Many of the communication links of some tables in the service &quot; category table; in turn, the port number from the request can be used to find the appropriate &quot; service &quot; table. Once it has found out that -72- this paper size is applicable to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) 464812 Invention description (70 Appropriate _'service_, table, it will be able to follow the direction ,, resources -Many communication links in some tables II. ".1409 in η lost η in the back of the 1409, write 4 in the a-t entry on the back of the" Resources "table, there will be resources in the table: the communication chain of Table II 7 This table associates many resources with some resource group organization identifiers for the set of resources to which they belong. The identifiers sequentially specify the &quot; resource group, and one of the category tables 1403 = = = economy Printed by the Ministry of Intellectual Property Bureau's Consumer Cooperatives 2: Many points to some tables in the "Resource Group Tree" category table: The link 'can therefore determine: the resources that the resource in the request belongs to The level has been completed, and access to the device 2.3 has already been aware of. There are resource groups related to the decision whether the request should be granted or not. The resource-specific &quot; resource &quot; table also contains Sensitivity level, and the information in the information set table 1401 The editor enters MMF. When the request comes to the first access filter 203 in the path between the user and the server providing resources, the first access filter 203 will use 1 ^ 1 ^ 1? File in order to make a decision that is logically equivalent to one of the decisions just described. Then, after reviewing the MMF file containing information from the user group table 1301 and the information set table 1401, the agent The server has already decided: the trust level of the user identification method, the sensitivity level of the information resource, the user groups to which the user belongs, and the information sets to which the information resource belongs. Decision table: Figure 1 6 Figure 16 shows: use In the access control database 301, tables used to define access decisions; included in these decisions are: access decisions, management decisions, and decision maker decisions: • Access decisions enable user groups The group has a relationship with the resource group; 73- This paper size applies to the Chinese National Standard (CNS) A4 specification (2 丨 0 X 297 mm) A7 B7 Five 'Description of the invention (71) e management decided that all its members are management User group with One of the following is related: '1. Another user group 2. —Information set 3 — —Resources 4. Location (website) in the VPN 5 —Accessed; Cache 203 or other server 6 .—Services • Decision makers make decisions related to the user group of the administrator and the information set. Each decision printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs will make "the left side, and the" right side, "there are Relationship, the left is always "quote, group of people" category table 1309, while the right side depends on the type of decision, it may be: "resource category table 1409," resource group, category table 14〇3 (Indicating information set), &quot; Website &quot; Category Table 415, &quot; Services &quot;, Category Table 1413, &quot; Servo Benefits &quot; Category Table 1417, or 1 User Group &quot; Category Table 1309. Therefore, the decision tables 1601 are divided into three large groups: the left table i606, the decision tables 1605, and the right table 609. The right to change decisions is hierarchical: members of a user group can change access decisions, as determined by management decisions for that group, the "user group" table for that group Indicating: It is one of many types of administrators—a group. In turn, those administrators may specify other management decisions related to their subdomain (sub_d0main). 'Corresponds to three decisions There are three category tables in the decision tables 1605: belong to the Access Decisions &quot; (Policies Access) category table 1611, &quot; Administrative Decisions &quot; -74- CNS A4 wire (21G X 297 (Public Love) '464812 A7 B7 V. The invention description (72) (Policies Administer) category table 1613, and some tables of the "Policies Policy Maker" category table 1691. All of these category tables share many characteristics; they all include: the ID of the user group table on the left side of the decision, the ID of the table representing the items that are listed on the right side of the decision 'decision (access operation is allowed or restricted An indication of rejection), an indication of whether a decision is predefined and cannot be deleted, and an indication of whether the decision is currently in use. The difference between the category tables is: which may be on the right side of the decision, and therefore is a communication link to many entities on the right side; in the case of access decisions and decision makers' decisions, the right entities are just information sets. Therefore, the two categories of "access decision" and "decision maker decision" —these tables contain only the right communication links to the tables in the "resource group" category table. ; And, some tables in the administrator's decision category table may contain alternatives pointing to the following: &quot; user group &quot; category table resource group &quot; category table, "site &quot; category table," server Benefits of the "Category Table", "Services", "Category Table," and "Resources" Category Tables—these tables have many right-hand communication links. The use specified by the user groups on the right-hand side of management decisions is given The right of the group to govern the collection of many entities listed on the right will vary depending on the type of penetrating body, as shown in the following table:

tf 失 -tj ϋ 之 &gt;1 I Η I 本 I 裝 訂 經濟部智慧財產局員工消費合作社印製 -75- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公笼 464812 A7 B7 五、發明說明(73 ) 經濟部智慧財產局員工消費合作社印製 左側 右側 被容許_'存取操作的意義 使用者 群組 任何一個 使用者群組的成員都能夠建立針對目標或已包 括項目的管理決策。這樣會容許責任之委託權 限〇 使用者 群組 使用者群 组 使用者群組的成員都能夠管理目標使用者群 组,包括一些套疊式(nested)使用者群组。被 容許的管理,包括:將目標使用者群组加以删 除,移動,及拷貝;將它套疊在另一使用者群 組中;增加成員给它;以及將其它一些使用者 群组套疊在其中 使用者 群组 資訊集 使用者群組的成員都能夠管理資訊集,包括 -些套疊式資訊集。被容許的管理,包括:將 目標資訊集加以删除’移動,及拷貝;將它套 叠在另-資訊集中;增加成員給它;以及將其 它一些資訊集套疊在其Φ。 使用者 群組 網站 { 使用者群組成員都能夠管理網站,包括:來 f可用資源,,列表(所有的存取過滤器,词服 益’服務,以及資源),在網站之下的一此單 =被容許的管理,包括:將網站加以刪除和 =,將*ε增加到資訊集;以及增加—此位 取3器給它:爲了定義-些新的;取過 =e纟業内部網路位置的管轄權是必需 (請先閱讀背面之ii]意事項再頊寫本頁) 訂----- -76- 木紙張尺度適用中國國豕H (CNS)A4規格(210 X 297公爱) 4648 1 2 A7 _ ___B7 五、發明說明(74 ) 使用者 群组 存取過濾 器 使用者群組的成員都能管理存取過濾器,包 括:來自”可用資源,,列表(所有的伺服器,服 務,以及資源),在存取過濾器之下的一些單 元。被容許的管理,包括:將存取過濾器加以 刪除和移動;將它增加到資訊集;以及增加一 些飼服器或服務給它。 使用者 群組 伺服器 使用者群组的成員都能夠管理伺服器,包括: 來自”可用資源&quot;列表(所有的服務和資源),在伺 服器之下的一些單元《被容許的管理,包括: 將伺服器加以删除和移動;將它增加到資訊 集;以及増加一些伺服器或服務給它。 使用者 群組 服務 使用者群組的成員都能夠管理服務,包括:來 自•'可用資源&quot;列表(所有的資源),在服務之下 的一些資源。被容許的管理,包括:將服務加 以删除’移動,及拷貝;將它增加到資訊集; 以及增加一些資源給它。 使用者 群組 資源 使用者群組的成員都能夠管理資源。被容許的 管理,包括:將資源加以刪除,移動,及拷 貝;以及將它增加到資訊集。 -77- 經 濟 部 智 慧 財 產 局 員 工 消 費 合 作 社 印 製 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 464812 A7—--------五、發明說明(75 ) 下表描述:當管理使用者群組出現在決策制定者決策左 侧上時’賦予管理使用者群組的權利。 左側 右側 ”被容許&quot;存取操作的意義 使用者 資訊集 使用者群组的成員都能夠管理:用來控制由任 群组 何使用者群组包括一些套疊式資訊集在内的資 訊集的諸多存取決策。他們也可能將資訊集和 其後裔(descendants)中的任何資訊集包括在決 _ 策制定者決策中=1 經濟部智慧財產局員工消費合作社印製 如上述資訊集表之討論中所指出的,正在執行存取核對 的代理伺服器能夠使用”使用者群組&quot;表和&quot;資訊集,,表來尋 找:在正在提出存取請求之使用者所屬的使用者群組,以 及正在被存取之資訊資源所屬的資訊集;並且也能夠使用 這些表來決定:使用者識別方法的信賴等級,以及資訊資 源靈敏度等級。代理伺服器隨即能夠使用&quot;存取決策&quot;表來 尋找.使用者所屬的任何一個使用者群組是否可能存取資 訊資源所屬的任何一個資訊集。若發覺任何一個這樣的使 用者群組;則使用者可能存取資訊集,如果請求之信賴等 級與資訊資源之靈敏度等級一樣高的話。要決定請求之信 賴等級,代理伺服器就必須決定:正在被使用之任何加密 技術的#賴等級,及/或正在被用於存取操作而在VPN 2〇 j 中之路徑的信賴等級。這項資訊可在顯示於圖1 7中的存取 過濾器諸表1701中加以獲得,並描述於下。若存取決策或 存取請求之靈敏度等級不允許存取操作;則該訊息不予理 會’因而將它所屬的任何對話加以棄置。當請求是由成爲 -78- 本紙張尺度適用中國國家標準(CNS)A4覘格(210 X 297公釐)tf --tj ϋ of &gt; 1 I Η I This booklet is printed by the Consumers' Cooperative of the Intellectual Property Bureau of the Ministry of Economics-75- This paper size applies to China National Standard (CNS) A4 (210 X 297 public cage 464812 A7 B7 5 Description of the invention (73) Printed on the left and right by the Consumers' Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs. The meaning of allowed access operations on the left side of the user group. Members of any user group can establish management for targets or included items. Decision-making. This will allow delegation of responsibility. User group User group Members of the user group can manage the target user group, including some nested user groups. Allowed management , Including: deleting, moving, and copying the target user group; nesting it in another user group; adding members to it; and nesting some other user groups in the user group The members of the group information set user group can manage the information set, including some nested information sets. Permitted management, including: deleting the target information set 'Move and copy; nest it in another-information set; add members to it; and nest some other information sets in its Φ. User Group Website {User group members can manage the website, including : Come to available resources, list (all access filters, word service 'services, and resources), the list under the website = allowed management, including: delete the website and =, will * ε is added to the information set; and added-this bit takes 3 devices to it: for definition-some new; fetched = e professional jurisdiction over the location of the intranet is required (please read ii on the back first) Reprint this page) Order ----- -76- Wood paper size applies to China's national H (CNS) A4 specification (210 X 297 public love) 4648 1 2 A7 _ _B7 V. Description of the invention (74) Users Group Access Filters Members of the user group can manage access filters, including: from "available resources," lists (all servers, services, and resources), some of them below the access filter Module. Permitted management, including: adding access filters To delete and move; add it to the information set; and add some feeders or services to it. User group server Members of the user group can manage the server, including: From the "Available Resources" list (All services and resources), some units under the server "Allowed management, including: deleting and moving servers; adding it to the information set; and adding some servers or services to it. Use User group service Members of the user group are able to manage services, including: from the 'Available Resources' list (all resources), some resources under the service. Permissible management includes: deleting a service, moving it, and copying it; adding it to an information set; and adding some resources to it. User Group Resources Members of a user group can manage resources. Allowed management, including: deleting, moving, and copying resources; and adding it to information sets. -77- Printed by the Consumers' Cooperative of the Intellectual Property Bureau of the Ministry of Economy The paper size is applicable to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) 464812 A7 ---------- V. Description of the invention (75) The following table describes: 'Administrative user groups' rights when they appear on the left side of a decision maker's decision. "Left and right" meaning of allowed access user information set members of the user group can manage: used to control any group and user group including some nested information sets Many access decisions. They may also include information sets and any information sets in their descendants (decisions) in the decision _ decision maker decision = 1. The Intellectual Property Bureau of the Ministry of Economic Affairs employee consumer cooperatives printed the information set table above It was pointed out in the discussion that the proxy server that is performing the access check can use the "user group" table and "information set" to find: the user group to which the user who is making the access request belongs Group, and the information set to which the information resource being accessed belongs; and these tables can also be used to determine: the trust level of the user identification method, and the information resource sensitivity level. The proxy server can then use the "access decision" table to find out whether any user group to which the user belongs may access any information set to which the information resource belongs. If any such user group is found, the user may access the information set if the requested level of trust is as high as the sensitivity level of the information resource. To determine the level of trust requested, the proxy server must determine: the level of trust of any encryption technology being used, and / or the level of trust of the path in VPN 20j being used for access operations. This information is available in the access filter tables 1701 shown in Figure 17 and described below. If the sensitivity level of the access decision or access request does not allow the access operation; the message is ignored ’and any dialogue to which it belongs is discarded. When the request is made -78- This paper size applies the Chinese National Standard (CNS) A4 grid (210 X 297 mm)

A7 ^64812 五、發明說明( 存取資料庫301之一管理使用者群组之一成員的使用者所 提出的一項請求時,存取核對處理過程實質上是相同的. 只可惜:當存取操作被允許時,根據以上所宣示的規則, 它可能會導致修改資料庫。該項修改隨後將被傳播到 201中之所有其它的存取過濾器203。 伺服器表:圖1 7 圖17顯示:針對對在VPN中的諸多伺服器之操作而言都 是特別重要的一些表之圖表。在VPN中,有三種伺服器: •陽春伺服器(Plain servers)。這些是:有資源儲存在其 上並藉由執行服務來存取資源的伺服器。 • 存取過濾器203。 •決策管理程式词服器。這些是:會附帶地統合 (coordinate)和分配資料庫3〇1,及/或產生關於vpN二 操作和狀態的一些報表的存取過濾器2〇3。 存取過濾益203可能附帶地執行像一種陽春伺服器那樣 的功能。 絰濟部智慧財產局員工消費合作杜印製 針對在VPN中的每一個伺服器都會有&quot;伺服器,,類別表 1417。在針對每個伺服器之表中的資訊,包括:伺服器之 ID,名稱,在Wind〇ws Ντ商標之作業系統中的網域,其 網際網路名稱,它是否爲一存取過濾器203且附帶地爲一 決策伺服器,存取資訊是否只有經由存取過濾器2〇3才可 以獲得,以及它是否在VPN之内。若伺服器爲一存取過濾 器203,^會附帶地具有一種存取過濾器2〇3提供給在vpN 201中之其它貫體的身份識別(identity),以供鑑定和加密之 -79- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) A7 五、發明說明(77) 用。在一較佳實施例中’該身份識別是:由SKIP所使用之 針對存取過濾器的X.509號證書β x.5〇9號證書也包括:針 對存取過濾器203的公用密鑰。公用密鑰可能屬於很多個 名稱空間(name space)中的一個;名稱空間識別符(name space ID,簡稱NSID)是一種針對公用密鑰之名稱空間的識 別符;而主密鑰識別符(mester key ID,簡稱MKID)則是識 別在名稱艾間内的公用密鑰。也包括在表中的是:一條指 向&quot;證書當局&quot;類別表1711的通信鏈路,該類別表會指示發 行針對存取過濾器之X.509號證書的證書當局。當然,與 存取過濾器不同的一些伺服器也都有χ.5〇9號證書:並 且,在那種情形下,它們的&quot;伺服器&quot;表將會具有伺服器之 NSID和MKID。 經濟部智慧財產局員工消費合作社印製 在VPN中的每一個陽春伺服器都會有一項或更多服務在 其上執行。譬如説,一項FTp(權案傳送協定)服務會根據 tcp/i:成套協定(_。⑽suite)中的檀案傳送協定來存取在 飼服器上的樓案(資源)。在十對陽春词服器的,,飼服器,.類別 表1417中的每-種表都有:指向定義在词服器上可供利用 的服務和資源之-群表的諸多通信鍵路。如在i7i9處所顯 不的’這些表包括:’,服務I,類別表1413,它表示服務;&quot; 資源”類別表1409,它表示經由服務而供利㈣資源;以及&quot; 服務定義&quot;類別表n Μ,它會定義服務。 針對圖&quot;諸表中的其餘部份則顯示:包含存取過濾器 203所用之資訊的—此圖表。立榷别本二 u . t ^ 衣其類別表均顯示在口〇5處的 -些表都會包含:都是一些用來分配資科庫3〇1及/或用來 _ -80- 匕本紙張尺度適用宁關家標準(CNS)A4規格(210 X 297公爱) 經濟部智慧財產局員工消費合作社印製 8 4812 . A7 ________B7____ 五、發明說明(78 ) 產生報表的決策管理程式而由存取過濾器203所使用的資 訊;其類別表均顯示在1717處的一些表都會包含:關於針 對正在被一既定存取過濾器203執行之軟體的諸多可選擇 參數的資訊;其類別表均顯示在1709處的那些表都會包 含:關於代理伺服器及其它軟體模組的資訊,諸多存取過 濾器203都會使用該模組來執行在存取過濾器203中的通信 協定層級之存取核對;而在1707處的一些表則都會包含: 關於針對使用者識別方法和加密種類的信賴和靈敏度定義 的資訊。 由參考數字1708所指示的一些表都會包含:關於存取過 濾器203所屬之VPN的資訊。存取過濾器203使用此資訊來 路由指引對話;並且也會用來決定:針對一既定對話,正 在被使用之路徑的信賴等級。”路由選擇表&quot;(R0uting table) 類別表1721會定義:列示指向可從存取過濾器203存取資 訊之所有網路的諸多目前路由的一些表。當那些路由改變 時’該表就會被自動地更新。”附屬網路”(Attached Network) 類別表17:23會定義一些表,該表指示:對每個存取過濾器 203而言,存取過濾器203目前所附屬的一些網路;該類別 表中的一些表都會包含指向&quot;網路定義•,類別表丨723中的一 些表的諸多通信鏈路,該類別表依序地包含指向”信賴等 級定義’’(trust definitions)類別表丨7〇7中之一定義之一通信 链路,而該類別表則會指示網路的信賴等級。在此群组中 的最後類別表是&quot;點對點連接&quot;(Point to Point Connection)類 別表Π13,它會定義:描述可經由VPN存取資訊的兩個存 -81 - 本紙張尺度適用中國國家標準(CNS)A4規格(210x 297公楚) (讀失聞ttl背面之汪意事項再垓寫本—) •裳--------訂-------^ ! 464812 A7 B7 五、發明說明(79 ) K ΐί % 5 &gt;i 荨 Η 4 % 取過濾器203之間連接的一些表。有針對來源和目標存取 過濾器203的每種組合的一種表,以及指向一種載明在來 源和目標兩個存取過濾器203之間路徑之信賴等級的信賴 等級定義之一通信鏈路。在此表中的信賴等級是基於針對 橫過路徑之訊息所使用的加密技術。 經濟部智慧財產局員工消費合作社印製 如前面所説明的,,,使用者群組&quot;表13〇1和資訊集&quot;表 1401會提供存取過濾器2〇3所需的資訊,以便決定:決策 諸表1601中的存取決策是否允許存取操作;並且,也會提 供:關於正在被存取之資源的靈敏度等級的資訊。存取過 滤器諸表1701會附帶地提供存取過濾器203所需的資訊, 以便決疋.正在由對話所採取而在VPN中之路徑的最小尸 賴等級,以及一些可用加密演算法的信賴等級。於是,若 存取過濾器203決定:正想要存取一既定資源之一既定使 用者屬於有權存取該既定資源所屬的資訊集之一使用者群 组,並JL決定:用於使用者之識別方法的鑑定等級並不低 於針對資源之靈敏度等級所需的鑑定等級;則存取過濾器 203能夠進一步決定:路徑之信賴等級是否夠高;且若信 賴等級不夠高,則存取過濾器2〇3藉由選擇一種具有所需 信賴等級的加密演算法並對該對話加以加密,就能夠將信 賴等級提升爲需要量。 可用資訊表:圖15 圖15顯示針對可用資訊諸表15〇1的圖表。該表皆由存取 過滤器203所使用,以便產生可用資源顯示圖1〇〇5,如圖 1 0中所示。在1502處所顯示的—些類別表都會使每個伺服 -82- 本紙張尺度適用中國國家標準(CNS)A4規格(21〇 x 297公釐) 464812 A7 ---—-- ...._ 五、發明說明() 器與它的服務有關係,並與由服務所提供的資源有關係。 在1504處所顯示的一些類別表會將諸多可用資源加以組織 成一種針對繼承權目的的層次;並且也會被使用來產生在 1005處所顯示的分層列表;進而藉由順著從&quot;網站單元&quot;表 到”伺服器”表的諸多通信鏈路,存取過濾器2〇3就能夠決 定:網站,伺服器,服務,以及資源的層次。在15〇3處的 —些類別表,最後會建立一種存取過濾器2〇3的分配樹 (distribution tree)。就像稍後將要更加詳細説明的那樣, 當存取控制資料庫301被修改時,由那些表所定義的樹就 會決定:修改被分配到一些存取過濾器所依照的順序。 修改存取控制資料庫301 :圖1 9 如前面所提及的,每個存取過濾器2〇3都會有一種屬於 在圖2之存取過濾器203 (a)中之主決策管理程式2〇5的存取 控制資料庫301之拷貝的精確副本(exact dupHcate)。圖19 顯示:怎樣修改存取控制資料庫301的那份拷貝,以及怎 樣將修改資&amp;K*從存取過滤器203 (a)分配到其它存取過淚器 203。圖19顯示:具有主決策管理程式2〇5的存取過濾器 203 (a);以及另一個存取過濾器203 (i),在該處,使用工作 站之一管理員正在修改存取控制資料庫3 01。需要用來分 配和同步修改資訊的訊息1909都是使用SKIP加以加密的, 並且經由VPN 201,使用一種稱爲”專用通信服務&quot; (private communications service,簡稱 PCS)的通信協定加以 發送。每個存取過濾器都會有很多存取控制資料庫30丨的 拷貝。任何存取過濾器203最少限度都有兩種拷貝:活資 -83- 本紙張尺度適用中國國家標準(CNS)A4規格(210 x 297公釐) 請 先 閱 讀 背 fir 之 注 意 事 項 再 本 頁 經濟部智慧財產局員工消費合作社印*1^ 464812 A7 --------B7____ 五、發明說明(81 ) 料庫(live database,簡稱LDB)1907,它是目前正在被用來 執行存取核對的資料庫;以及鏡像資料庫(niirn)r , 簡稱MDB)1905,它是:能夠被切換入内,打算用來代替活 資料庫1907的資料庫之一拷貝。於是,存取過減器2〇3⑷ 具有:一 MDB 1905⑷和一 LDB 1907⑷;而存取過濾器 2〇3(ι)則具有:MDB 1905⑴和LDB 1907(i)。 若一存取過濾器203正在被管理員使用來修改存取控制 資料庫301,則它將會附帶地具有至少—個工作資料庫 (working database,簡稱WDB)1903。工作資料庫是:不是 正在被用來控制存取操作的資料庫之一拷貝,因而能夠由 管理員加以修改。管理員會使用一種經由網路而連接到存 取過濾器之一工作站或p c (個人電腦)而這麼做。工作站 或PC會顯示上述的管理圖形使用者界面,進而管理員使 用GUI(圖形使用者界面)來做出像由一些管理決策所致能 那樣的諸多改變。這些改變可能影響到儲存.在存取控制資 料庫301中的任何方面的資訊。如以上所指示的,其中諸 多改變都是在存取或管理決策方面的改變,因而管理員能 夠使用決策評估特點來察看改變之效應。當管理員對變化 感到滿意時,他就會點按:&quot;應用,,按鈕;因而將諸多改變 經濟部智慧財產局員工消費合作社印製 分配到所有的存取過濾器,並納入每個存取過濾器的活資 料庫中。 將更新所有活資料庫的處理過程稱爲:資料庫同步和分 配。該處理過程有三個階段: •首先’將修改資訊從產生它們之所在的存取過遽器 *- 84 - 本纸張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 464812 A7 一..._—__B7______ 五、發明說明(82 ) 203 (此處’就是存取過濾器2〇3 (⑴發送到主資料庫所 屬的存取過濾器2〇3(此處,就是存取過濾器203(a))。 •在那種情況,將諸多改變納入主資料庫中。完成此事 的方法是:將諸多改變納入鏡像資料庫1905(a)中,然後 將活資料庫1907⑷和鏡像資料庫19〇5⑷交換 (swapping) ’然後再改變新鏡像資料庫19〇5(a)。 •然後,將諸多改變從主決策管理程式分配到其它存取 過濾器。 在每個存取過濾器2〇3處,用與利用存取過濾器2〇3 (幻相 同的方式來冗成同步。在vpN 2〇丨之存取過濾器2〇3中做出 改變所依照的順序是由分配樹丨5丨〗所決定,使用存取過濾 器顯π圖1201依序地將它建立起來。具有主決策管理程式 205的存取過濾器203總是樹的根部。依照預設方式 (default),安裝在γρΝ 2〇1中的第—存取過濾器2〇3具有主 決策管理程式205。當安裝了其它存取過濾器2〇3時,就會 將它們增加到樹中’作爲主決策管理程式的孩子們 (children) 〇 主決策管理程式會將諸多改變循序地分配給它的孩子 們。當每個予(child)存取過濾器203都收到它的分配資訊 時,它隨後就再分配給它的孩予們。這意謂著:一種自頂 層分叉出很多分支(branches)的淺型(shall〇w)分配樹完成一 個分配周期將會比一種自頂層分又出很少分支的深型(deep) 分配樹還快。適當存取資訊的管理員能夠重新配置分配 樹,以使分配更加有效。 -85- 本紙張尺度適用中國國家標準(CNS)A4規辂(210 X 297公釐) A 2 A7 B7 五、發明說明(83 若兩位管理員已經修改在不同的工作資料庫丨9〇3中的相 同資訊段(譬如説,存取過濾器定義),則會發生同步衝 突。畲此事發生時,主決策管理程式205就會決定:要將 哪個修改資訊納入存取控制資料庫301中。 使存取控制資料庫301最佳化:圖21和23 雖然藉由管理圖形使用者界面(GUI)丨9 1 5適合於持續儲存 和使用;但是對於使用在即時存取核對中而言,資料庫 301並不是最佳化的。就像將要更加詳細説明於下那樣, 存取過濾器203會使資料庫3〇1中的資料最佳化,那是運轉 時間(run-time)存取核對所需的,進而用來產生針對 IntraMap的顯示圖。每次在存取過濾器2〇3中收到資料庫 301之一新拷貝的時候,它都會執行最佳化(optimizati〇n)。 依照它們的最佳化形式,資料庫3〇丨是諸多記憶體映射樓 案(MMF)之一集合,其中以一種允許快速存取的形式來儲 存存取決策資訊。之所以如此稱爲MMF,是因爲:雖然它 們都被當作正常檔案來產生,但是隨後卻都附屬於一程式 的記憶體S間,並且都是藉由一些記憶體操作,而不是檔 案操作加以存取的。藉由使用MMF檔案來達成進一步最佳 化’以便產生一些規則:藉由I P來源和目標位址以及針對 存取操作被容許或拒絕的埠號,使用該規則來執行訊息之 低層級過濾操作。 圖2 1顯示:MMF檔案2303之一實例。正被談論的Μ M F 樓案是:DBCertificatesbyUserGroup(藉由使用者群组來識 別的資料庫&quot;證書&quot;)檔案2101,它將用來識別屬於諸多特定 -86- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 誚 背 之 意 項 η 項 窝 裝 I 訂 經濟部智慧財產局員工消費合作社印製 A7 B7 46 五、發明說明(84 ) 使用者群組的證書之證書匹配準則加以映射到:針對由产 書匹配準則所載明的諸多使用者群组的記綠,在資料庫 301中的一些識別符。於是,檔案2101允許具有會識別已 經使用SKIP加以加密之一訊息之來源的證書之一代理飼服 器快速決定:由證書加以識別之使用者所屬的諸多使用者 群組。在較佳實施例中’證書匹配準則是:χ.5〇9號證書 中的0(組織)’ OU(组織單位),及CA(證書當局)欄位。 所有的MMF檔案2303都有相同的通用形式,有兩個主要 部份:標題部份2103,它包含正被映射所根據的資訊:以 及資料邵份2105,它包含正被映射所指向的資訊。標題 2103包含諸多登載項(entries)2107之一列表。每個登載項都 會包含’正被映射所根據之一數値(在這種情形下,就是 證書匹配準則(CMC)2109);以及指向在資料部份21〇5中之 一記綠的指標(p〇inter)2111 ’它包含正被映射所指向的資 訊(在這種情形下,就是:針對由CMC 2109加乂識別之使 用者所屬的諸多使用者群组,在資料庫301中的諸多識別 符2113之一列表2115)。在標題2103中的諸多登載項都是依 照正被映射所根據的資訊(此處,就是CMC 2109)加以排序 的’使得:可能使用諸多標準快速搜尋演算法來指出對應 於一既定證書匹配準則集合之一登載項2 107的位置。 圖23A,B及C提供:被使用在存取過濾器203之一建構例 中的諸多MMF檔案2301之一完整列表。根據表中所提供之 諸檔案内容的描述,這些檔案與資料庫301中的一些表之 間的關係將會顯而易見的。每個MMF檔案2303都是由表中 87- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 讀 先 K 讀 背 面 之 注 意 事 為 填 寫 頁 裝 訂 經濟部智慧財產局員工消費合作社印製 A7 B7 五、發明說明(85 ) 失 讀 背 S 之 &gt;ϊ 意 % 才 1 之一登載項所表示,該表指示檔案名稱及其内容。將諸多 檔案細分成下列群組:2311,2313,2319,2321,2323,以 及2422。特別感興趣的一些檔案有:DBUsers(資料庫&quot;使用 者”)檔案2307和DBResources(資料庫&quot;資源&quot;)檔案2309,它 們都描述決策;DBCertificatesByUserGroup(藉由使用者群 组來識別的資料庫”證書&quot;)檔案2101,它是詳細顯示於圖 2 1 中的 MMF檔案;DBResourcelDbyServicelD(藉由 IP 名稱 來識別的資料庫&quot;資源識別符&quot;)檔案23 15,它會使資源的 URL (共通資源指標)與資源ID (識別符)有關係; 〇81^8 011]^635&gt;^^011]^610(藉由資源1〇來識別的資料庫&quot;資 源&quot;)檔案23 17,它會使資源與資源群組有關係;以及 DBTrustTable(資料庫”信賴等級表”)檔案2325,它會建構 SEND表 601 ◊ 而且,下列檔案都被用來编譯規則: DBServerlDByNameFile(藉由IP名稱來識別的資料庫&quot;伺服 器I D &quot;檔案) DBIPAndTypeByServerlDFile(藉由伺服器1D來識別的資料 庫&quot;I P位址和類型··) 經 濟 部 智 慧 財 產 局 員 工 消 費 合 作 社 印 製 DBServicePortToProxyPortFiIe(資料庫&quot;服務埠對代理伺服 器埠”檔案) DBAttachedNetworksByServerlDFile(藉由祠服器 ID 來識別 的資料庫”附屬網路”檔案) DBRoutingTableFile(資料庫”路由選擇表”檔案) DBRoutingTablebyServerlDFile(藉由伺服器 ID 來識別的資 -88- 本紙張尺度適用中画國家標準(CNS)A4規格(210 X 297公釐) 48 12 Α7 Β7 五、發明說明(86) 料庫”路由選擇表,I檔案) 在IntraMap資訊2422中的諸多檔案,最後被被過濾,以 便產生列表243 1,然後再利用IntraMap小爪p圭程式2411將 ιΐ下載到客户端以供使用。 存取過濾器203之細節:圖20 圖20是一種存取過濾器203的架構2〇〇1之一方塊圖。在 顯示於圖2 0中的建構例中,與一些NIc(網路界面卡)卡 2013不同的所有存取過濾器203组件都是以软體方式來建 構的。建構例中的軟體會在微軟公司所製造的Windows NT 商標之作業系統下執行。軟體组件分爲兩大類:在作業系 統之使用者層級2003處,當作應用程式執行的那些組件; 以及在作業系統之核心層級(kernel level)2005處所執行的 那些組件。就大體而論,在核心層級處所執行的程式會執 行:IP層級存取核對,以及加密和鑑定;而在使用者層級 處所執行的那些程式則會執行應用層級存取核對。也包括 在使用者層級组件中的是:管理存取控制資料庫3〇1的軟 體,以及根據存取控制資料庫301而產生針對I p層級存取 核對之諸MMF和規則的軟體。下列討論將從核心層級组件 開始’繼續討論與存取控制資料庫301有關的使用者層級 纽件’然後將會討論針對通信協定層級存取核對的組件。 核心層級组件 網路界面卡(Network Interface Card,簡稱 NIC)2013 :這 些是安裝在存取過濾器203中的乙太網路(ethernet)和令牌 環卡(token ring card)。一般説來,配置(conngured)有三種 -89- (請先閱讀背面之注意事項再填寫本頁) 裝 經濟部智慧財產局員Η消費合作社印製 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公爱) d 6 4- 8 I / A7 B7 五、發明說明(87) 網路卡。一種是爲:針對網際網路,針對一種廣域網路 (wide area network,簡稱WAN)2011,或者針對連接到另— 存取過滤器203之一網路的界面而配置的。另一種是爲針 對所有客户端電腦的界面2007而配置的;而第三種則是爲 針對提供TCP/IP服務之諸伺服器的界面20〇9而配置的。若 不必要將一存取過濾器203置於諸多客户機與伺服器之 間’則可能只有兩種NIC 2013 : —種針對WAN 2011,而另 一種則針對LAN(區域網路)。若在存取過濾器2〇3之位置處 並沒有伺服器存在,或者,若所有的局部客户機都有權存 取所有的局部資訊資源是可接受的;則不必要將存取過遽 器置於其間。 填隙軟體在安裝時,將—種塡隙(shim)软體 模組插入Windows NT商標之作業系統的兩個層級(NDIS* TDIS層級)之間。這樣會造成針對特定通信協定的所有通 h τ都會通過SHIM 2017。在建構例中,針對tcp/ip通信 協定的所有通信量都會通過SHIM 2017,而非TCP/IP通信 協定之通信量則從NIC直接前往一些適當的其它核心模 組。SHIH 2017必要時會調用(inv〇ke) skip模組來處理 TCP/IP通信協定之通信量。A7 ^ 64812 V. Description of the invention (When accessing a request made by a user who is a member of the management user group of one of the database 301, the access verification process is essentially the same. Unfortunately, when the When the fetch operation is allowed, it may result in modification of the database according to the rules announced above. This modification will then be propagated to all other access filters 203 in 201. Server table: Figure 1 7 Figure 17 Display: A chart of some tables that are particularly important for the operation of many servers in a VPN. In a VPN, there are three types of servers: • Plain servers. These are: There are resources stored in A server on which resources are accessed by executing services. • Access filter 203. • Decision manager servlet. These are: coordinate and allocation database 3101, and / Or an access filter 203 that generates some reports on the operation and status of the vpN. The access filter 203 may additionally perform functions like a Yangchun server. The Ministry of Economic Affairs, Intellectual Property Bureau, employee consumption cooperation For each server in the VPN, there will be a "server", category table 1417. The information in the table for each server includes: server ID, name, trademark in Wind〇ws Ντ Domain in the operating system, its Internet name, whether it is an access filter 203 and incidentally a decision server, whether access information is available only through access filter 203, and Is it within a VPN. If the server is an access filter 203, it will have an access filter 203 attached to the identity of other entities in vpN 201 for Authentication and Encryption -79- This paper size applies to China National Standard (CNS) A4 (210 X 297 mm) A7 V. Description of invention (77). In a preferred embodiment, 'the identity is: SKIP's X.509 certificate for access filter β x.509 certificate also includes the public key for access filter 203. The public key may belong to many name spaces One of; name space identifier ID (abbreviated as NSID) is an identifier for the public key's name space; and mester key ID (MKID) is a public key that identifies the name Ai. Also included in the table What it is: A communication link to the "Certificate Authority" category table 1711, which will indicate the certificate authority that issued the X.509 certificate for the access filter. Of course, some are different from the access filter The servers also have χ.509 certificates: and, in that case, their "server" tables will have the server's NSID and MKID. Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs Each Yangchun server in the VPN will have one or more services running on it. For example, an FTP (right case transmission protocol) service will access the case (resource) on the feeder according to the tanta case transmission agreement in the tcp / i: package agreement (_.⑽suite). In the ten pairs of Yangchun Serving Servers, Feeders,. Each category table in Table 1417 has: many communication links to the group tables that define the services and resources available on the Serving Server. . As shown on i7i9, 'these tables include:', service I, category table 1413, which indicates services; &quot; resource 'category table 1409, which indicates that resources are provided through services; and &quot; service definition &quot; The category table n Μ, which defines the service. For the rest of the graphs, the table shows: This chart contains the information used by the access filter 203-this chart. Distinguish this category u. T ^ from its category table All the tables shown at the mouth 0-5 will contain: all are used to allocate the asset library 3101 and / or _ -80- The paper size of the dagger is applicable to the Ningguan Family Standard (CNS) A4 specification ( 210 X 297 Public Love) Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 8 4812. A7 ________B7____ V. Description of the Invention (78) Information used by the access filter 203 to generate a decision management program for reports; Some of the tables shown at 1717 will contain: information about many selectable parameters for the software being executed by a given access filter 203; those tables whose category tables are shown at 1709 will include: About proxy servers and Software module information, many access filters 203 will use this module to perform protocol-level access check in access filter 203; and some tables at 1707 will contain: Information on the definition of the trust and sensitivity of the identification method and the type of encryption. Some tables indicated by the reference number 1708 will include: information about the VPN to which the access filter 203 belongs. The access filter 203 uses this information to route the guidance dialog; It will also be used to determine: the trust level of the path being used for a given conversation. "The routing table" (Routing table) category table 1721 will define: list points to information accessible from access filter 203 Some tables for the many current routes of all networks. When those routes change, the table is automatically updated. The "Attached Network" category table 17:23 defines tables that indicate: for each access filter 203, the networks to which the access filter 203 is currently attached; the category table Some tables in the table will contain many communication links to some of the tables in the &quot; Network Definitions &quot;, the category table, which in turn contains pointers to the "trust definitions" category table, 7 〇7 defines a communication link, and this category table indicates the trust level of the network. The last category table in this group is the "Point to Point Connection" category table Π13, It will define: Description of two storages that can access information via VPN -81-This paper size applies the Chinese National Standard (CNS) A4 specification (210x 297 cm) (read the transcript on the back of ttl) ) • Shang -------- Order ------- ^! 464812 A7 B7 V. Description of the invention (79) K ΐί% 5 &gt; i Nettle 4% Take the connection between the filters 203 Tables. There is a table for each combination of source and destination access filters 203 And a communication link that points to a definition of a trust level that specifies the trust level of the path between the source and destination access filters 203. The trust level in this table is based on the messages used to traverse the path Encryption technology. Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs, as explained above, the user group &quot; table 1301 and information set &quot; table 1401 will provide the required access filter 203 Information in order to determine: whether the access decision in the access list 1601 allows access; and, it also provides: information on the sensitivity level of the resource being accessed. Access filter 1701 will additionally provide access The information required by the filter 203 in order to determine the minimum level of the path in the VPN being taken by the conversation, and the trust level of some available encryption algorithms. Therefore, if the access filter 203 determines: positive A given user who wants to access a given resource belongs to a user group that has access to the information set to which the given resource belongs, and JL decides: for user identification The authentication level of the method is not lower than the required authentication level for the sensitivity level of the resource; then the access filter 203 can further determine: whether the path's trust level is high enough; and if the trust level is not high enough, the access filter 2 〇3 By selecting an encryption algorithm with the required trust level and encrypting the conversation, the trust level can be increased to the required amount. Available information table: Figure 15 Figure 15 shows a chart of the available information tables 1501 The table is used by the access filter 203 in order to generate the available resource display FIG. 105 as shown in FIG. 10. The category table shown at 1502 will make each servo-82- this paper size applies the Chinese National Standard (CNS) A4 specification (21〇x 297 mm) 464812 A7 ------... ... Fifth, the invention description () device has a relationship with its services, and with the resources provided by the service. The category tables shown at 1504 organize many available resources into a hierarchy for inheritance purposes; they are also used to generate the hierarchical list shown at 1005; further by following the "Website Unit" ; Many communication links from table to "server" table, access filter 203 can determine: website, server, service, and resource level. At some categories table at 1503, a distribution tree of access filter 203 is finally created. As will be explained in more detail later, when the access control database 301 is modified, the tree defined by those tables determines the order in which the changes are assigned to some access filters. Modify the access control database 301: Figure 19 As mentioned earlier, each access filter 203 will have a master decision management program 2 in the access filter 203 (a) of FIG. 2 An exact copy of the 05 copy of the access control database 301. Fig. 19 shows how to modify that copy of the access control database 301, and how to assign the modification data & K * from the access filter 203 (a) to other access tearers 203. Figure 19 shows: an access filter 203 (a) with a master decision manager 205; and another access filter 203 (i), where an administrator using one of the workstations is modifying the access control data Library 3 01. Messages 1909 that are needed to distribute and synchronize modification information are encrypted using SKIP and sent via VPN 201 using a communication protocol called "private communications service" (PCS). Each The access filter will have many copies of the access control database 30. There are at least two copies of any access filter 203: living capital -83- This paper size applies to the Chinese National Standard (CNS) A4 specification (210 x 297 mm) Please read the precautions for fir first, and then on this page printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs * 1 ^ 464812 A7 -------- B7____ V. Description of the invention (81) Material library (live database (LDB) 1907, which is the database currently being used to perform access check; and mirror database (niirn) r (MDB) 1905, which can be switched into, intended to replace live data A copy of one of the databases of the library 1907. Thus, the access subtractor 203⑷ has: an MDB 1905⑷ and an LDB 1907⑷; and the access filter 2003 (ι) has: MDB 1905⑴ and LDB 1907 (i). If an access filter 203 is being used by an administrator to modify the access control database 301, it will additionally have at least one working database (WDB) 1903. Working database Yes: it is not a copy of a database that is being used to control access operations and can be modified by the administrator. The administrator uses a workstation or pc (personal computer) connected to the access filter via the network In doing so, the workstation or PC displays the management graphical user interface described above, and the administrator uses the GUI (graphical user interface) to make many changes as enabled by some management decisions. These changes may affect storage Information in any aspect of the access control database 301. As indicated above, many of these changes are changes in access or management decisions, so administrators can use decision evaluation features to see the effects of the changes. When the administrator is satisfied with the change, he will click: "Apply," button; therefore, many changes will be made to the Intellectual Property Bureau of the Ministry of Economic Affairs The consumer cooperative prints and distributes to all access filters and includes them in the live database of each access filter. The process of updating all live databases is called: database synchronization and allocation. There are three processes in this process. Phase: • First, 'modify information from the access device where they were generated *-84-This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) 464812 A7 A ..._ —__ B7______ 5. Description of the invention (82) 203 (here 'is the access filter 203 (⑴ is sent to the access filter to which the main database belongs 203 (here, it is the access filter 203 (a )). • In that case, incorporate many changes into the master database. The way to do this is to incorporate many changes into the mirror database 1905 (a) and then swap the live database 1907⑷ and the mirror database 1905⑷ 'and then change the new mirror database 1905 (a ). • Then, assign many changes from the master decision manager to other access filters. At each access filter 203, synchronization is redundant in the same way as using access filter 203 (magic). Changes are made in access filter 203 of vpN 20 The order in which it is determined is determined by the distribution tree, which is created sequentially using the access filter graph 1201. The access filter 203 with the master decision management program 205 is always the root of the tree. By default, the first access filter 203 installed in γρΝ 2〇1 has a master decision management program 205. When other access filters 203 are installed, they will be added to Children in the tree as the main decision management program. The main decision management program sequentially assigns many changes to its children. When each child access filter 203 receives its allocation Information, it then redistributes it to its children. This means that: a shallow allocation tree that forks many branches from the top level (shall 00w) to complete an allocation cycle will The top-level deep allocation tree with very few branches is faster. Proper The administrator who accesses the information can reconfigure the allocation tree to make the allocation more effective. -85- This paper size applies the Chinese National Standard (CNS) A4 (210 X 297 mm) A 2 A7 B7 V. Description of the invention ( 83 If two administrators have modified the same information section (for example, access filter definitions) in different job databases 丨 903, a synchronization conflict will occur. When this happens, the master decision management program 205 will decide: which modification information is to be included in the access control database 301. To optimize the access control database 301: Figures 21 and 23 Although it is managed by the graphical user interface (GUI) 丨 9 1 5 is suitable For continuous storage and use; but for use in real-time access check, database 301 is not optimized. As will be explained in more detail below, access filter 203 will make database 301 The data optimization in that is required for run-time access check, which is then used to generate a display map for IntraMap. Each time the database 301 is received in the access filter 203 When a new copy is made, it all Perform optimization (optimizati〇n). According to their optimization form, the database 30 is a collection of many memory-mapped building plans (MMF), in which access is stored in a form that allows fast access Decision information. The reason why it is called MMF is that although they are all generated as normal files, they are subsequently attached to the memory S of a program and are operated by some memory instead of File operations are accessed. Further optimization is achieved through the use of MMF files in order to generate some rules: use IP rules for source and destination addresses, and ports that are allowed or denied for access operations. Low-level filtering of messages. Figure 21 shows an example of MMF file 2303. The MF building case being discussed is: DBCertificatesbyUserGroup (database &quot; certificate &quot;) file 2101, which will be used to identify belonging to many specific -86- This paper standard applies Chinese national standards (CNS) A4 specification (210 X 297 mm) Backward meaning item η Item nesting I Order Printed by the Consumers ’Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 B7 46 V. Description of the invention (84) Certificate of the user group The certificate matching criteria are mapped to: some identifiers in the database 301 for the records of many user groups specified by the production book matching criteria. Thus, file 2101 allows an agent feeder with a certificate that can identify the source of a message that has been encrypted using SKIP to quickly determine the user groups to which the user identified by the certificate belongs. In the preferred embodiment, the 'certificate matching criteria are: 0 (organization)' OU (organization unit) in the χ.509 certificate, and the CA (certificate authority) field. All MMF files 2303 have the same general form and have two main parts: the header part 2103, which contains the information on which it is being mapped: and the data file 2105, which contains the information to which it is being mapped. Header 2103 contains a list of many entries 2107. Each entry will contain one of the numbers on which it is being mapped (in this case, the Certificate Matching Criterion (CMC) 2109); and an indicator pointing to one of the greens in the data section 2105 ( p〇inter) 2111 'It contains the information that is being pointed to by the mapping (in this case, it is: in the database 301 for the many user groups to which the user identified by CMC 2109 plus belongs) 2115). Many of the entries in Title 2103 are ordered according to the information being mapped (here, CMC 2109), making it possible to use a number of standard fast search algorithms to indicate a set of matching criteria for a given certificate One of them is listed in Item 2 107. Figures 23A, B and C provide a complete list of one of the many MMF files 2301 used in one construction example of the access filter 203. From the description of the contents of the files provided in the tables, the relationship between these files and some tables in the database 301 will be obvious. Each MMF file 2303 is composed of 87- this paper size applies Chinese National Standard (CNS) A4 specification (210 X 297 mm) Read first K Read the note on the back for filling out the page for binding Consumption by the Intellectual Property Bureau of the Ministry of Economic Affairs Printed by the cooperative A7 B7 V. Description of the invention (85) Misreading S &gt; ϊ %% Only one of the entries listed in the table indicates the name of the file and its contents. Subdivide the files into the following groups: 2311, 2313, 2319, 2321, 2323, and 2422. Some files of particular interest are: DBUsers (database &quot; user ") file 2307 and DBResources (database &quot; resource &quot;) file 2309, both of which describe decisions; DBCertificatesByUserGroup (identified by user group "Database" certificate "file 2101, which is an MMF file shown in detail in Figure 21; DBResourcelDbyServicelD (database identified by IP name &quot; resource identifier &quot;) file 23 15, which makes resources URL (common resource indicator) is related to resource ID (identifier); 〇81 ^ 8 011] ^ 635 &gt; ^^ 011] ^ 610 (database identified by resource 10 &quot; resource &quot;) file 23 17, it will make the resource and resource group related; and DBTrustTable (database "trust level table") file 2325, it will build the SEND table 601 ◊ Moreover, the following files are used to compile the rules: DBServerlDByNameFile (borrowed Database identified by IP name &quot; Server ID &quot; File) DBIPAndTypeByServerlDFile (Database identified by server 1D &quot; IP address and type ...) Wisdom Property Bureau employee consumer cooperative prints DBServicePortToProxyPortFiIe (database &quot; service port to proxy server port "file) DBAttachedNetworksByServerlDFile (database" affiliated network "file identified by server ID) DBRoutingTableFile (database" routing "Selection table" file) DBRoutingTablebyServerlDFile (data identified by the server ID -88- This paper size applies to the National Standard for Chinese Painting (CNS) A4 specification (210 X 297 mm) 48 12 Α7 Β7 V. Description of the invention (86) "Database" routing table, I file) Many files in the IntraMap information 2422 were finally filtered to generate the list 243 1 and then downloaded to the client for use by using the IntraMap claw program 2411. Details of the access filter 203: FIG. 20 FIG. 20 is a block diagram of an architecture of the access filter 203 in 2001. In the construction example shown in FIG. 20, all the access filter 203 components different from some NIc (Network Interface Card) cards 2013 are constructed in software. The software in the construction example will be executed under the operating system of Windows NT trademark manufactured by Microsoft Corporation. Software components fall into two broad categories: those that are executed as applications at the user level 2003 of the operating system; and those that are executed at the kernel level 2005 of the operating system. By and large, programs executed at the core level perform: IP-level access checks, as well as encryption and authentication; those executed at the user level perform application-level access checks. Also included in the user-level component are software for managing the access control database 301, and software for generating MMF and rules for IP-level access checking based on the access control database 301. The following discussion will begin with core-level components &apos; continuing discussion of user-level buttons related to the access control database 301 &apos; and then will discuss components for protocol-level access check. Core-level components Network Interface Card (NIC) 2013: These are the Ethernet and token ring cards installed in the access filter 203. Generally speaking, there are three types of configuration (-89-) (please read the notes on the back before filling this page). It is printed by the member of the Intellectual Property Bureau of the Ministry of Economic Affairs and the Consumer Cooperative. 210 X 297 public love) d 6 4- 8 I / A7 B7 V. Description of the invention (87) Network card. One is configured for the Internet, for a wide area network (WAN) 2011, or for an interface connected to one of the other access filter 203 networks. The other is configured for the interface 2007 for all client computers; the third is configured for the interface 209 for servers providing TCP / IP services. If it is not necessary to place an access filter 203 between many clients and servers, there may be only two types of NIC 2013: one for WAN 2011 and the other for LAN (Local Area Network). If no server exists at the position of the access filter 203, or if all local clients have the right to access all local information resources, it is acceptable; Put in between. When the gap filler software is installed, a kind of shim software module is inserted between two levels of the operating system of the Windows NT trademark (NDIS * TDIS level). This will cause all communications h τ for a particular communication protocol to pass SHIM 2017. In the construction example, all the traffic for the TCP / IP communication protocol will pass SHIM 2017, and the traffic for the non-TCP / IP communication protocol will go directly from the NIC to some appropriate other core modules. SHIH 2017 will call the (inv〇ke) skip module when necessary to handle the TCP / IP communication protocol traffic.

SKIP模组2〇21 :經由SKIP 2 021來發送所有的ιρ網路通 仏量。去·輸入分包資訊不是skip類型,即:不需要由 SKIP來執行鑑定和解密服務;則SKlp模組2〇2〗會將它傳遞 到I P過濾器模組2019。同樣地,若不打算對輪出分包資訊 加以加密,則SKIP模组2021會將它直接發送到適當的NIC ,90 - 本紙張尺度適用中國國家標準(CNS)A4規格(210 χ 297公釐) 閱 讀 背 之 &gt;1 意 事 項 再 項 本 頁 裝 經濟部智慧財產局員工消費合作社印製 464812 A7 __B7 五、發明說明(88) 2013,以供傳輸之用。雖有SKIP類型之分包資訊,俨在 SKIP模組202 1中的鑑定符(authenticator)2024可作爲梦定 項對話之用;而加密器/解密器2022則可作爲對在—種對 話層級處的資訊加以加密和解密之用。可能利用:任竞數 目的其它存取過濾器203,使用SKIP的一些飼服器,以及 使用SKIP的一些客户機來完成鑑定以及加密/解密。鑑定 和加密演算法都是基於SEND參數,針對輸出分包資訊, 由IP過濾器模组2019加以設定的;或者,都是在輸入分包 資訊内加以載明的。 SKIP模組202 1會爲與它對談的每個其它網站維持足夠的 狀態資訊,使得:對於大多數的SKIP類型之分包資訊而 巨,它能夠維持咼速操作。分包資訊有時候會&quot;被停留 (parked),而附加處理(共享機密及暫時密鑰(temp〇rary key) 計算)則會被執行。在使用者空間2〇〇3中的„skipd&quot;模组 2037會執行這種額外處理。 IP過滤器2019 : IP過濾器根據一套規則而操作,該規則 是:資料庫服務2029之一組件的規則編譯程式,根據存取 控制資料庫301中的存取決策加以制定的。〖p過濾器的一 些基本功能都是用來: 經濟部智慧財產局員工消費合作社印製 1 ·將通信量傳遞到TCP/IP堆疊。 2 .阻擋通信量-將針對特定I p位址的通信量明確地棄 置,並且是根據針對緊急情況的諸多特別規則。 3 .棄置通信量-將既不和任何規則匹配又不被任何決策所 容許的通信量明確地棄置。 -91 - 本紙張尺度適用中國國家標準(CNS)A4規格(21〇 X 297公釐) 464812 A7 B7 五、發明說明(89 ) 4 ’ ^理處理通信量_不是將通信量遞送到被指示目標,而 疋將Έ:路由指引到在目前機器上之一代理伺服器 程式。 〜 5 ·執行網路位址轉換-將可能是非法的内部ιρ位址改變 成合法的I p位址。 6. 建1拱法由規則嚴格地決定存取控制操作所針對的 一嚷新對話,就會將決策遞給Prjpf(被討論於下)。_ 般龙來,這疋針對可能被決策或被前逑之VPN馨隧道 操作特點所容許的對話。 IP過濾器2019基於下列資訊而執行這些功能: • 由規則編譯程式所產生的規則; • 來源和目標IP位址和埠號; •關於輸入分包資訊的加密,或者不加密;以及 •關於輸出分包資訊的所需加密和鑑定。 與資料庫301有關的组件 經濟部智慧財產局員工消費合作社印製 共享目錄(Shared Directory)2028 : VPN 201使用什麼存取 過減益203都會保持駐留其中的單·一存取控制資料庫301。 在一既定存取過濾器203中之資料庫301的所有版本都被維 持在共享目錄2028中。共享目錄2028也包含每個存取過濾 器203的登錄檔案(log files)。 專用連接服務(Private Connect Service,簡稱PCS)模组· 2025 : PCS模組2025提供在VPN 201中的,'存取過濾器對存 取過減·器”通信。所有這樣的通信都會通過PCS。PCS具有 它自己的I P埠號,而其訊息則必須被加密。藉由PCS訊息 -92- 本紙張尺度適用中國國家標準(CNS)A4規格(210 x 297公餐) 4 6 4 8 I 2 A7 B7 五、發明說明(90) 經濟部智慧財產局員工消費合作社印製 來實行的一些特定功能有: 分配樹管理; 資料庫301之分配和同步; 路由選擇表1721之檢索和分配; Windows網域和使用者資訊之檢索; 網路掃描; 登錄内容之檢索;以及 由報表及其它子系統所使用之諸檔案的傳送。 ISDB管理程式2027 : ISDB管理程式2〇7會管理資料庫 301。它和PCS都是唯一針對在每個存取過濾器2〇3中的資 料庫301之諸拷貝的界面〇它包含用來讀寫在資料庫之 諸拷貝中之所有表的軟體。 ;貝料庫(D B)服務和規則編譯程式2 〇 2 9 :資料庫服務模组 2029會產生諸多MMF檔案230丨。每次在存取過濾器2〇3中 收到資料庫301之一新拷貝的時候,它都會這麼做。它利 用由ISDB管理程式2027所提供的功能來讀取針對一既定存 取過濾器203 (I)的活資料庫1907⑴並產生諸多MMF 23〇1。 資料庫服務模组2〇29之一組件是規則編譯程式,它會根據 諸多MMF 2301中的一些有關MMF來產生使用在ιρ過濾器 模組2〇19中的一些規則。該規則會載明存 拒絕所針對的:时源,目標,以及淳號= 存在,无當一種DLL以及一種只是調用DLL中之諸常式 (routines)的應用程式。在正常操作中,每當在存取過渡^ 203 (1)中,從主決策管理程式2〇5中收到已修改資料庫 -93- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 請 先 間 讀 背 面 之 注 意 事 項 再 填 寫 本 頁 裝 訂 '卜 46 48 12 A7 B7 五、發明說明(91 ) 時’在DLL中之諸常式都是由資料庫服務模組2029加以調 用的。在安裝和啓動程式(b0〇tstrapping)處理過程期間,應 用程式被使用在一些特別模式中。 記憶體映射檔案(MMF)2301 :像已經説明的那樣,MMF 2301都是由資料庫服務模组2029所產生的資料檔案,並且 都被存取過濾器203中的很多其它模組所利用。設計標案 以使下列操作儘可能有效的·· • 從使用者識別方法映射到(諸多)使用者群組; • 從資訊資源映射到(諸多)資訊集; • 尋找與諸多使用者群組有關聯的決策;以及 • 尋找與諸多資訊集有關聯的決策。 與鑑定有關的'組件 評估程式(Evaluator)2036 :評估程式2036是由諸多代理词 服器2031中的每個代理伺服器所使用的諸多DLLt _集 合。評估程式2036會提供下列功能給諸多代理词服器: • 提示(Prompting)使用者另外的11在頻帶内,•或&quot;在頻帶外 &quot;識別資訊; •從鑑定工具程式服務(Authentication 丁。。1 Sefviee,Μ 稱ATS)中獲得&quot;在頻帶外”鑑定資訊; • 從SKIPd中獲得與目前使用者有關聯的證書; •讀取諸多MMF 2301,並決定:存取決策是否允許使用 者存取資源;以及 •若在其它情況下存取操作被容許,則建構針對路徑之 信賴/靈敏度等級計算,包括決定存取搡作是否可能於 -94- 本紙張尺度適用中國國家標準(CNS&gt;A4規格(21〇 x 297公爱) f清先閱璜背面之?i意事頃再瞋寫本頁) -------- 訂·--- 經濟部智慧財產局員工消費合作社印製 五、 發明說明(92 A7 B7 經濟部智慧財產局員工消費合作社印製 由路徑而被容許,如果這樣;則需要何種加密和鑑定 方法,以及哪個存取過濾器最接近伺服器。這些功能 都是由稱爲VPN管理程式的評估程式2036之一组件加 以執行的。 鑑定工具程式服務/使用者識別客户軟體(ATS/UIC)2039 和2041 : ATS 2039是在一種會搜集和鑑定使用者資訊的客 户機一伺服器應用程式t的伺服器。ATS 2039會在電腦上 執行,而在其上則有存取過濾器203之其它組件正在執 行。客户機部份是UIC 2041,它會在基於Windows之客户 機上執行。ATS 2039和UIC 2041都是機制,存取過濾器203 會藉由該機制來獲得&quot;在頻帶外&quot;鑑定資訊。ATS 2039和 UIC 2041會藉由一項與正在被鑑定之對話分離的對話而通 信。ATS 2039會收集並快速存取(caches)它從諸多UIC客户 機中獲得的鑑定資訊,進而提供該資訊给評估程式2046。 來自諸客户機的被快速存取資訊包括·· • Windows ID ; •身份識別證書;以及 • 鑑定令牌I D。 SKIPd 2037 : 大多數的SKIP,d功能都是支援SKIP模組2021。那些功能 包括: • 與其它通信夥伴們交換證書資訊。藉由使用證書發現 通信協定(CDP)來完成此事。 • 計算狄菲-黑爾曼(Diffie-Hellman)共韋嬙密古法。這種 -95 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) ίί· 先 βί tj ί £ 之 ij. I t n 裴 I I I訂 A7 B7 經 濟 部 智 慧 財 產 局 消 費 合 作 社 印 製 五、發明說明(93 ) 共享機密方法是SKIP操作的關鍵。這種計算可能花上 一段可觀的時間,並且以一種加密形式將它儲存到磁 碟。 •計算用來加密對話的傳送密餘。這些密鑰會延續一段 時間或資料量。 •此外’ SKIPd將會提供證書匹配準則給(諸多)評估程 式,以便使用在使用者識別方法中。 代理伺服器203 1 如前面所説明的,代理伺服器是:在截取針對特定通信 協定之通信量的存取過濾器203中的軟體。代理伺服器,,瞭 解”通信協定的是:它正在載取資訊,因而能夠獲得用來 識別正在被存取的資源及/或從對話期間正在被交換的訊 息中加以鑑定使用者所需的資訊。隨著〗p過濾器將一些使 用一既定通信協定的訊息從其標準埠重新指引到其非標準 埠’除SMTP外的所有代理伺服器都會接收:針對它們的 通信協定,在與標準埠不同的一些埠上的訊息。代理伺服 器提供它已經從對話中獲得的資訊給評估程式2〇3 6,以便 決定:使用者是否有權存取資訊資源。若使用者有權存 取,則存取過濾、器203會將輸入訊息轉遞到它們被定址到 的伺服器,並且藉由針對該通信協定的服務,在伺服器中 將訊息進一步處理。在下列描述中,使用在一較佳實施例 中的每個通信協定都會被討論;當然,其它實施例則可能 包括針對其它通信協定的代理飼服器。SKIP module 2021: Send all network traffic via SKIP 2 021. To enter the subcontracting information is not skip type, that is, SKIP does not need to perform authentication and decryption services; then SKlp module 202 will pass it to the IP filter module 2019. Similarly, if you do not plan to encrypt the round-off subcontracting information, the SKIP module 2021 will send it directly to the appropriate NIC. 90-This paper size applies the Chinese National Standard (CNS) A4 specification (210 x 297 mm). ) Read the back of the matter &gt; 1 and reprint this page on the page of the Intellectual Property Bureau of the Ministry of Economic Affairs's Consumer Cooperatives to print 464812 A7 __B7 V. Description of Invention (88) 2013 for transmission. Although there is SKIP type of subcontracting information, the authenticator 2024 in the SKIP module 202 1 can be used as a dream-item dialogue; the encryptor / decryptor 2022 can be used as a pair at the dialogue level. Information for encryption and decryption. Possible use: other access filters 203 for any number of purposes, some feeders using SKIP, and some clients using SKIP for authentication and encryption / decryption. The authentication and encryption algorithms are based on the SEND parameter, and the output subcontracting information is set by the IP filter module 2019; or both are specified in the input subcontracting information. The SKIP module 202 1 will maintain sufficient status information for every other website that it talks with, making it huge for most SKIP type subcontracting information, and it can maintain rapid operation. Subcontracting information is sometimes &quot; parked &quot; and additional processing (shared secret and temporary key calculations) is performed. The "skipd" module 2037 in user space 2003 performs this additional processing. IP Filter 2019: IP filters operate according to a set of rules, which are: a component of database service 2029 The rule compiler is made according to the access decision in the access control database 301. 〖Some of the basic functions of the p filter are: Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs1. Pass the traffic to TCP / IP stack. 2. Block traffic-Explicitly discard traffic for specific IP addresses, and based on many special rules for emergency situations. 3. Discard traffic-will neither match any rules nor It is not explicitly discarded by the traffic allowed by any decision. -91-This paper size applies the Chinese National Standard (CNS) A4 specification (21 × 297 mm) 464812 A7 B7 V. Description of the invention (89) 4 Handling traffic_ Instead of delivering traffic to the indicated target, I will: route to a proxy server program on the current machine. ~ 5 · Perform network address translation-it may be illegal The internal lp address is changed to a legal IP address. 6. The 1-arch method strictly determines the new dialogue for the access control operation by the rules, and then passes the decision to Prjpf (discussed below). _ General Longlai, this is aimed at dialogues that may be allowed by decision-making or by the operating characteristics of the previous VPN Tunnel. IP Filter 2019 performs these functions based on the following information: • rules generated by the rule compiler; • source And target IP address and port number; • Encryption or non-encryption of the input subcontracting information; and • Encryption and authentication of the required output subcontracting information. Components related to database 301 Intellectual Property Bureau employee consumption Cooperative prints Shared Directory 2028: What access and debuffs 203 VPN 201 uses will keep a single access control database 301 in it. All of the databases 301 in a given access filter 203 Versions are maintained in a shared directory 2028. The shared directory 2028 also contains log files for each access filter 203. Private Connect Service Referred to as PCS) module · 2025: PCS module 2025 is provided in the VPN 201, 'access through the filter to the stored Save-taken "on communication. All such communication goes through the PCS. The PCS has its own IP port number, and its messages must be encrypted. By PCS message-92- This paper size is in accordance with Chinese National Standard (CNS) A4 (210 x 297 meals) 4 6 4 8 I 2 A7 B7 V. Description of the invention (90) Printed by the Consumer Cooperative of Intellectual Property Bureau of the Ministry of Economic Affairs Some specific functions implemented by the system are: distribution tree management; distribution and synchronization of database 301; retrieval and distribution of routing table 1721; retrieval of Windows domain and user information; network scanning; retrieval of registered content; and Transfer of files used by reports and other subsystems. ISDB management program 2027: ISDB management program 207 manages database 301. It and PCS are the only interfaces for the copies of the database 301 in each access filter 203. It contains software for reading and writing all the tables in the copies of the database. ; DB material service and rule compiling program 2 009: Database service module 2029 will generate many MMF files 230 丨. It does this every time it receives a new copy of one of the databases 301 in the access filter 203. It uses the functions provided by the ISDB management program 2027 to read the live database 1907⑴ for a given access filter 203 (I) and generate a number of MMFs 2301. One of the components of the database service module 2029 is a rule compiler, which will generate some rules used in the ιρ filter module 2019 according to some of the MMF 2301 related to MMF. The rule will specify what the rejection is for: time source, destination, and shun number = existence, no DLL, and an application that just calls the routines in the DLL. In normal operation, whenever the access transition ^ 203 (1), the modified database is received from the main decision management program 205-93- This paper size applies to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) Please read the precautions on the back before filling in this page to bind 'Bu 46 48 12 A7 B7 V. Description of the invention (91)' All routines in the DLL are provided by the database service module 2029 Call it. During the process of installing and launching the program (b0tstrapping), the application is used in some special modes. Memory Map File (MMF) 2301: As already explained, MMF 2301 is a data file generated by the database service module 2029, and is used by many other modules in the access filter 203. Design proposals to make the following operations as effective as possible: • Mapping from user identification methods to (many) user groups; • Mapping from information resources to (many) information sets; • Finding relationships with many user groups Related decisions; and • Find decisions that are relevant to many sets of information. Evaluation-related components Evaluator 2036: The evaluation program 2036 is a collection of DLLt_s used by each proxy server in the proxy server 2031. The evaluation program 2036 will provide the following functions to many proxy servers: • Prompting users for another 11 in the band, or “out of band” identification information; • Services from the authentication tool program (Authentication D). (1 Sefviee, M called ATS) to obtain "out-of-band" identification information; • Obtain certificates associated with the current user from SKIPd; • Read many MMF 2301 and decide whether the access decision allows the user Access resources; and • if access operations are allowed under other circumstances, construct a path-based trust / sensitivity level calculation, including determining whether access operations are possible at -94- This paper standard applies Chinese national standards (CNS &gt; A4 specifications (21〇x 297 public love) f Qing first read the "I" on the back of the page and then write this page) -------- Order · --- Printed by the Intellectual Property Bureau of the Ministry of Economic Affairs and Consumer Cooperatives System V. Description of the Invention (92 A7 B7 Printing by the Intellectual Property Bureau Employee Consumer Cooperatives of the Ministry of Economic Affairs is permitted by path, if so; what encryption and authentication methods are required, and which access filter is closest These functions are performed by a component of an evaluation program 2036 called a VPN management program. Authentication tool program service / user identification client software (ATS / UIC) 2039 and 2041: ATS 2039 A client-server application t and a server that authenticates user information. ATS 2039 runs on the computer, and other components on which access filter 203 is running. The client part is UIC 2041 It will run on a Windows-based client. ATS 2039 and UIC 2041 are mechanisms, and the access filter 203 will use this mechanism to obtain "out-of-band" authentication information. ATS 2039 and UIC 2041 will borrow Communicating from a conversation that is separate from the conversation being authenticated. ATS 2039 collects and quickly caches the authentication information it obtains from a number of UIC clients, and then provides that information to the evaluation program 2046. From customers Quick access information of the machine includes: • Windows ID; • Identity certificate; and • Authentication token ID. SKIPd 2037: Most SKIP and d functions support SKIP modules. 2021. Those functions include: • Exchanging certificate information with other communication partners. This is done by using the Certificate Discovery Protocol (CDP). • Calculating Diffie-Hellman's shared ancient methods. This Species-95 This paper size applies Chinese National Standard (CNS) A4 specifications (210 X 297 mm) ίί · β β tj ί ij. I tn Pei III order A7 B7 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs Description of the invention (93) The secret sharing method is the key to SKIP operation. This calculation can take a considerable amount of time and store it to disk in an encrypted form. • Calculate the transmission secret used to encrypt the conversation. These keys can last for a period of time or amount of data. • In addition, SKIPd will provide certificate matching criteria to (among many) evaluation procedures for use in user identification methods. Proxy server 2031 As described above, the proxy server is software in the access filter 203 that intercepts traffic for a specific communication protocol. The proxy server understands the "protocol": it is carrying information so it can obtain the information it needs to identify the resource being accessed and / or authenticate the user from the messages being exchanged during the conversation As the p-filter redirects some messages that use a given protocol from its standard port to its non-standard port, all proxy servers except SMTP will receive: For their protocol, they differ from the standard port Messages on some ports. The proxy server provides the information it has obtained from the conversation to the evaluation program 206 in order to determine whether the user has access to the information resources. The fetch filter 203 forwards the input messages to the server to which they are addressed, and further processes the messages in the server with a service for the communication protocol. In the following description, a preferred implementation is used Each communication protocol in the example will be discussed; of course, other embodiments may include proxy feeders for other communication protocols.

Pr_ipf(IP過遽器代理伺服器)··大多數的網路通信量會 '96- 本紙張尺度適用中國國家標準(CNS)A4規格(21〇 x 297公釐)Pr_ipf (IP router proxy server) ·· Most network traffic will be '96-This paper size applies to China National Standard (CNS) A4 specification (21〇 x 297 mm)

tr t 1 之 、'· ΐ· τ ; 与· $ ;. J A7 五、發明說明(94 ) 在少數通信協定上發生,而在存取過濾器2〇3中則會有針 對該協定的諸多代理伺服器。然而,甚至在沒有代理伺服 器的地方,也必須制定一項存取決策。在某些情形下,可 能在掠心層級處由IP過濾器2〇19來制定決策;當它不會制 炎或時’ I P過遽益2〇 19就提供通信量給pr jpf,它會獲 ί于任何它能夠從通信量中獲得與使用者識別方法和資訊資 源有關的資訊’進而將該資訊傳遞到評估程式2〇36,以便 決疋存取操作是否應該被准許。:Pr_ipf事實上並不是一種 代理伺服器’由於它只是做出一項針對〗p過濾器2〇丨9的存 取决定而已’故而不會將任何通信量傳遞到標準通信協定 軟體。 經濟部智慧財產局員工消費合作社印製 FTP(檔案傳送協定):FTp代理伺服器會處理針對檔案傳 达協定的tcp/ip分包資訊。在VPN 2〇1之一當前實施例 中,只是將存取控制施行到帳户(登綠)層級;而在其它實 施例中,則可能將存取操作控制到檔案存取層級。在通信 協定之FTP登錄部份期間,代理伺服器會決定正在被存取 的伺服器及帳户(acc〇unt),並且將此資訊提供給評估程式 2036,以便決定:使用者是否屬於一使用者群組,該群组 的諸多成員可能存取對應於該帳户的資訊集。代理伺服器 使用載明於F T P通信協定中與使用者互相作用的令牌來進 步處理”在頻帶内”鏗定資訊。 FTP實際上是—種非常複雜的通信協定,涉及主動㈣㈣ 和被動(passive)模式(被使用在網路瀏覽器及某些自動FTp 客户軟體中)。此外,FTP資料傳送是利用一種第二動態決 _ -97- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 46 A7 B7 五、發明說明(95 定式TCP(傳輸控制通信協定)對話。這就需要一種FTp代理 伺服器與I P過濾器2019之間的特殊界面,使得FTP代理伺 服器能夠對IP過濾器2〇19指示:它應該會容許第二對話。 HTTP(超本文傳送協定):對於Ηττρ之公用網域 粒子物理研究所)建構例而言,HTTP代理伺服器是根據 來源碼(source code)而構築的,並且包含所有它的快速存 取邏輯(caching logic)。代理伺服器使用評估程式2〇36來核 對指向一 URL的每項存取操作。沒有,,在頻帶内,,鑑定資訊 是利用HTTP執行的。tr t 1 of, '· ΐ · τ; and · $;. J A7 V. Invention Description (94) Occurs on a few communication protocols, and in access filter 203 there will be many for this protocol Proxy server. However, even where no proxy server is available, an access decision must be made. In some cases, the decision may be made by the IP filter 2019 at the heart-grabbing level; when it does not cause inflammation or 'IP too good 2019 provides traffic to pr jpf, it will get In any case, it can obtain information related to user identification methods and information resources from the traffic, and then pass this information to the evaluation program 2036, so as to determine whether the access operation should be permitted. : Pr_ipf is not actually a proxy server, because it just makes an access decision for the p filter 20, 9 and does not pass any traffic to the standard communication protocol software. Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs FTP (File Transfer Protocol): FTp proxy server will process TCP / IP subcontracting information for file transfer agreement. In one of the current embodiments of VPN 201, the access control is only applied to the account (green) level; in other embodiments, it is possible to control the access operation to the file access level. During the FTP login part of the communication protocol, the proxy server will determine the server and account (acc〇unt) being accessed, and provide this information to the evaluation program 2036 in order to determine whether the user belongs to a use Group, many members of the group may have access to the information set corresponding to the account. The proxy server uses tokens specified in the TP communication protocol to interact with the user to further process the "in-band" fixed information. FTP is actually a very complex communication protocol involving both active and passive modes (used in web browsers and some automated FTP client software). In addition, FTP data transmission uses a second dynamic decision. -97- This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) 46 A7 B7 V. Description of the invention (95 Definitive TCP (Transmission Control Communication Protocol) dialogue. This requires a special interface between the FTp proxy server and the IP filter 2019, so that the FTP proxy server can indicate to the IP filter 2019 that it should allow a second dialog. Transmission protocol): For the public domain institute of public domain particle physics (Ηττρ) construction example, the HTTP proxy server is constructed based on source code and contains all its fast access logic (caching logic). The proxy server uses an evaluation program 2036 to check each access operation pointing to a URL. No, in the frequency band, authentication information is performed using HTTP.

Telnet(遠距通信網路):Telnet資源由sTeinet註册的非 標準化性質而只被控制到伺服器層級。只是了提供附加的 在頻帶内&quot;鑑定資訊才會使用Telnet代理伺服器。它是諸 多眞實代理伺服器中最簡單的。 NNTP :網路新聞傳送協定(Netw〇rk News 丁㈣此 Protocol,簡稱NNTP)被使用來控制新聞傳送(news feed)和 新聞讀取兩種操作。在新聞傳送操作期間,NNTp代理伺 服器注視著未编碼訊息。這些訊息都是已經被轉換成美_ 資訊交換標準碼本文(ASCII text)以供傳輸之用的二進制訊 息(binary messages)。這種訊息常被解散成爲多重部份 (multi-part)訊息,以便將它們保持達到—種合理的尺寸。 NNTP代理伺服器會快速存取二進制訊息的^有部份。就 每個這樣的訊息而言,若該訊息是將要完成—项多重部份 訊息的最後部份’則將整個多重部份訊息加以组合,進而 抗病毒(anti-vinis)模组2033會針對諸多病毒加以核對該訊 -98 - 本紙張尺度適用中國國家標準(cns)a4規格(210 χ 297公楚)Telnet (Remote Communication Network): Telnet resources are non-standardized registered by sTeinet and are controlled only to the server level. The Telnet proxy server is used only to provide additional in-band authentication information. It is the easiest of many real proxy servers. NNTP: Network News protocol (NNTP) is used to control two operations of news feed and news reading. During the news feed operation, the NNTp proxy server looks at the unencoded message. These messages are binary messages that have been converted into ASCII text for transmission. Such messages are often disbanded into multi-part messages in order to keep them to a reasonable size. The NNTP proxy server will quickly access parts of the binary message. For each such message, if the message is to be completed—the last part of a multi-part message, then the entire multi-part message is combined, and the anti-vinis module 2033 will Virus verification check -98-This paper size applies Chinese National Standard (cns) a4 specifications (210 x 297)

% ' β| 言, 1* 之 λ Ϊ; I- 与: ΐ. 本 I 裝 1 訂 經濟部智慧財產局眞工消費合作社印製 464812 A7 B7__________ 五、發明說明(96 ) 息,就像更加詳細描述於下的那樣。在新聞讀哿操作期 間,將存取操作保護到新聞群组層級。就像在其它代理伺 服器中那樣,評估程式2036被使用來決定:目前使用者是 否可能存取新聞群組。 眞實聲頻通信(Real Audio):眞實聲頻通信代理伺服器容 許客户機存取只有在伺服器層級處才受到保護的眞實聲頻 通信伺服器。眞實聲頻通信協定雖然利用一種標準TCP套 接通信連接(socket connection)來建立一項對話,但是隨後 就使用一種轉回UP頻道。就像對於FTP那樣,眞實聲頻通 信代理伺服器具有一種針對I P過濾器2019的界面,該界面 允許它對IP過濾器2019指示:轉回UP頻道是被容許的。 SMTP :簡單郵件傳送協定(Simple Mail Transfer Protocol, 簡稱SMTP)代理伺服器與其它代理伺服器不同處在於:(p 過濾器之代理伺服器的諸多規則都不是被使用來重新指引 通信量到SMTP代理伺服器。其實其它代理伺服器會在一 個非標準埠上&quot;傾聽&quot;;而SMTP代理伺服器則會在標準蜂 (25)上傾聽,隨後會執行它自己與標準5μτΡ伺服器軟體的 通信連接。在資料庫301中的存取決策必須明確地容許此 存取操作。 經濟部智慧財產局員工消費合作社印製% 'β | Words, λ of 1 * I; I- and: ΐ. This book is bound to print 464812 A7 B7__________ printed by the Intellectual Property Bureau of the Intellectual Property Bureau of the Ministry of Economic Affairs. Described below. Protect access operations to the newsgroup level during news reading operations. As in other proxy servers, the evaluation program 2036 is used to determine whether the current user is likely to access the newsgroup. RealReal Audio: 眞 Real Audio Communication Agent Server allows clients to access the 伺服 Real Audio Communication Server which is only protected at the server level. Although the real audio communication protocol uses a standard TCP socket connection to establish a conversation, it then uses a switch back to the UP channel. Just like for FTP, the Real Audio Communication Agent Server has an interface for IP Filter 2019, which allows it to indicate to IP Filter 2019 that switching back to the UP channel is allowed. SMTP: Simple Mail Transfer Protocol (SMTP) proxy server differs from other proxy servers in that: (Many rules of the p-filter's proxy server are not used to redirect traffic to the SMTP proxy Server. In fact, other proxy servers will "listen" on a non-standard port, while the SMTP proxy server will listen on the standard bee (25), and will then execute its own communication with the standard 5μτP server software. Access. Access decisions in database 301 must explicitly allow this access. Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs

IntraMap :當使用者載明針對lntraMapt URL時,報表管 理程式209會下載IntraMap小爪哇程式,而被下載之小爪哇 程式則嘗試執行一種接回到具有報表管理程式的存取 過/慮器203之一套接口(socket)的通信連接。局部存取過淚 器203 (I)的i P過濾器2019會截取嘗試執行通信連接資訊^ -99- 表紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 46^8 12 A7 B7 五、發明說明(97 進而將它提供給局部存取過濾器1〇3 (I)上的IntraMap代理伺 服器。藉由尋找在資料庫3〇1之局部拷貝中的回答(answers) 並將回答轉回給小爪哇程式,代理伺服器會對來自小爪哇 程式的查詢(query)作回應。隨著所有的回答正在被過濾而 反映使用者之存取權利。Intra]V[ap代理伺服器並非一種眞 實代理伺服器是因爲:整個通信連接總是由截取通信連接 之IntraMap代理伺服器的實例加以完全服務的。 抗病毒模组2033 在一杈佳實施例中的抗病毒模組2〇33是由位於美國加州 支趙市(Cupertino, CA.)的趨勢微裝置公司(Trend Micro Devices,inc_)所提供的諸多DLL&lt; —集合。在其它實施例 中,可此使用來自其它來源的抗病毒模組。抗病毒模組 2033會針對病毒加以檢查所有進入2〇1的資科。爲了 提供使用者關於資料轉移進行的回授功能㈣如叫並預防 使用者之客户叙體私式時間暫停(此㈣_),將 機並在同時間内加以拷貝進人-種用於病毒檢^ 0’檔案中。然而’並未將資料的最後部份;户 =直到完成病毒檢查後爲止。該最後部份—處:二 案中就會針對諸多病毒加以檢 &quot;· 經濟部智慧財產局員工消費合作社印製 毒,則將資料的其餘料發送到客户二若出病 中止資料轉移。在太音w 尸极方發見竭,,則 若管理員已4㈣明% ^ ’使用者被通知傳輸失效。 理員。ι‘·、樣載明,則可能將-種警戒資訊發送到管 &quot;動〇aUnCk) ’登錄,警戒以及報表模组2 0 2 7 : 100-IntraMap: When the user specifies the URL for lntraMapt, the report management program 209 will download the IntraMap Java program, and the downloaded Java program will try to execute a return to the access / rejector 203 with the report management program. A set of interface (socket) communication connections. The IP filter 2019 of the local access teardropper 203 (I) will intercept the information of the attempt to perform communication connection ^ -99- The paper size is applicable to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) 46 ^ 8 12 A7 B7 V. Description of the invention (97 and then provide it to the IntraMap proxy server on the local access filter 103 (I). By looking for the answers in the local copy of the database 301 (answers) and Return the answer to the Java program, and the proxy server will respond to the query from the Java program. As all the answers are being filtered to reflect the user's access rights. Intra] V [ap proxy server The server is not a real proxy server because the entire communication connection is always fully serviced by the instance of the IntraMap proxy server that intercepts the communication connection. Anti-virus module 2033 Anti-virus module 2 in a preferred embodiment 33 is a collection of many DLLs provided by Trend Micro Devices (inc_) located in Cupertino, CA. In other embodiments, antibodies from other sources may be used for this purpose. disease Module. The anti-virus module 2033 will check all the assets that have entered 001 for viruses. In order to provide users with feedback functions on data transfer, such as calling and preventing users from suspending private time for customers ’stylistic private time ( This ㈣_), copy the machine into the human-species for virus detection ^ 0 'file at the same time. However,' the last part of the data is not; the household = until after the virus check is completed. The last part Copy-office: In the second case, many viruses will be checked. "· The Intellectual Property Bureau of the Ministry of Economic Affairs' employee consumer cooperatives will print the virus, and send the rest of the data to the customer. If the illness occurs, the data transfer will be suspended. In Taiyin w After the dead body is exhausted, if the administrator has stated that the user has been notified that the transmission is invalid. The administrator. Ι. ··, it is possible to send a kind of alert information to the manager. aUnCk) 'Login, Alert and Reporting Module 2 0 2 7: 100-

4648 12 經濟部智慧財產局員工消費合作社印製 A7 B7 五、發明說明(98 ) 此模组的一些組件會執行下列功能 • 啓動-控制起動(startup)工作之初始順序;當建立vpN 201時,該初始順序就會在一存取過濾器2〇3上發生。 • 登錄-一種提供已標準化登綠界面的DLL。 •警戒-一種注視著所有NT登錄的獨立(standai〇ne)程4648 12 Printed by A7 B7, Consumer Cooperative of Intellectual Property Bureau of the Ministry of Economic Affairs 5. Description of the Invention (98) Some components of this module will perform the following functions This initial sequence occurs on an access filter 203. • Login-A DLL that provides a standardized green login interface. • Alert-a stand-alone process that looks at all NT logins

式,因而找尋載明於資料庫301的警戒條件。使用GUI 來載明遞送警戒資訊所利用的方法,以供定義警戒資 訊之用。 •報表•將諸多登錄之一子集合轉遞到一種特別報表登 錄,加以濃縮成資料庫,稍後再轉遞到報表管理程式 209 » 管理圖形使用者界面1 915 : GUI(圖形使用者界面)可能在存取過濾器2〇3上,或者在 附屬於存取過濾器203而具有一種3 2位元Windows商標之 作業系統的任何電腦上執行。GUI不論是在存取過遽器2〇3 上還疋在附屬系統上執行,它都會利用IS D B管理程式2 〇 2 7 來讀出或寫入在存取控制資料庫301中之一工作資料庫 1903。經由GUI 1915,對存取控制資料庫301做出所有的必 要修改。在GUI中之一&quot;應用”操作,被當作一種信號發送 到PCS 2025,它會藉由起動前述的分配和同步操作來對信 號作回應。 存取過濾器203之操作的詳細實例:圖5和2 2 在下列描述中,將要詳細説明圖5之端對端加密實例。 在該實例中,其P C配備有SKIP之一漫遊者503正在存取: -101 - 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公髮) ---------~ 裝--------訂---------Λ (請先閱讀背面之注意事項再填寫本頁)- 464812 A7 B7 五、發明說明(99 ) 經濟部智慧財產局員工消費合作社印製 在VPN 201上之一網站之内,一種配備有SKIP的词服器 407。當漫遊者503被建立來存取VPN 201時,它是經由使 用一種特別加密類型的存取過濾器4〇3(3)而被這樣建立 的。此處,將會假定:正在被漫遊者503所使用的加密類 型具有”機密&quot;之信賴等級:並且假定:使用者想要存取在 伺服器407上之網頁,該網頁具有”機密之靈敏度等級。 由於正在被存取的是網頁,故而漫遊者503正在使用針對 它與伺服器407上之HTTP服務之對話的HTTP通信協定。由 於漫遊者503,在VPN 201中的諸多存取過濾器203,以及 伺服器407全部配備有SKIP ;故而它們全部備有它們自己 的公用和專用密鑰。最小限度下,漫遊者503也具有針對 存取過濾器403(3)的證書和公用密鑰,它會將針對VPN 201内部之諸伺服器的訊息指引到存取過濾器403(3);存取 過濾器403(3)具有針對漫遊者503的證書和公用密鑰(或者 使用證書發現通信協定來獲得它們);在VPN 201中的所有 存取過濾器203具有或能夠得到:彼此的公用密鑰,以及 針對在VPN 201中配備有SKIP的諸多伺服器之公用密鑰。 此外,在VPN 201中的每個存取過濾器203都會知道:在 VPN 201中的所有其它的存取過濾器203及諸多伺服器之I P 位址。 被當作漫遊者503與伺服器407之間的HTTP對話之一部份 加以發送和接收的所有訊息都是由SKIP加以加密和鑑定 的。圖22顯示:由這樣一種SKIP訊息2201所採用的格 式。SKIP訊息是由SKIP軟體加以製作在就是skip訊息之 -102- 本纸張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) Λα 14812 A7 B7 五、發明說明(1〇〇 ) 來源的系統上。此處所顯示的SKIP訊息2201是來自漫遊者 503。它的主要組成部份是: 外IP標題2203 :外IP標題2203被使用來將SKIP訊息遞送 到存取過濾器403 ( 3)。包含在I P標題2203中的有··針對漫 遊者503之來源IP位址22〇9,以及針對存取過濾器403(3)之 目標IP位址2206。當漫遊者503被建立來存取VPN 201時, 由漫遊者503所使用的目標位址2206就被設立來載明存取 過濾器403 (3)。來源I P位址2209可能由網際網路服務提供 者(Internet service provider)以動態方式指定給漫遊者503 ; 而漫遊者503則加以使用,以便連接到網際網路12 1。外I P 標題2203還包含一個訊息類別(message type,簡稱Μ T)攔 位2208,它會載明:訊息是一種SKIP訊息。 SKIP標題2205 ·· SKIP標題2205包含當收到SKIP訊息時就 用來解密SKIP訊息2201所需的資訊。SKIP標題2205至少包 含:針對目標之證書,那就是,針對存取過遽器403 (3)之 證書的目標NSID(名稱空間識別符)2215和目標MKID(主密 鑰識別符)2213 ;以及針對來源之證書,那就是,針對漫遊 者 503之證書的來源NSID2219和來源MKID2217。此外, SKIP標題2205包含:針對用來鑑定訊息之演算法(MAC ALG 2226)和用來加密訊息之演算法(CRYPT ALG 2225)的 識別符;以及用來解密訊息的一種已加密傳送密鑰(Kp 2223)和針對用來解密傳送密鑰之演算法的識別符2224。 鑑定標題221 1 :鑑定標題221 1包含一種訊息鑑定碼 (message authentication code,簡稱MAC)2221,它是根據在 -103- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公爱) w I βί 言- r ίι 之 i; #- ^ jy: * i 裝 1 訂 經濟部智慧財產局員工消費合作社印製 4 b A7 B7 五、發明說明(1〇1 ) 欄位2226中所識別的]MAC演算法加以計算出的;年且它被 存取過濾器403 (3)使用,以便驗證:訊息在沒有干預下抵 達。 已加密有故負載(payload)2227 :已加密有效負載2227包 含漫遊者503正在發送到伺服器407的已知加密訊息,它包 括:針對該訊息的I P標題233 1,以及已加密訊息2229。IP 標題233 1具有:針對伺服器407的IP位址,以及針對HTTP 通信協定服務的埠號。藉著使用具有由CRYPT ALG(加密 演算法識別符)2225所載明之解密演算法的傳送密鑰Kp 2223,就能夠對已加密有效負載2227加以解密。 處理SKIP訊息2201 SKIP訊息2201抵達在存取過濾器403 (3)的網際網路界面 2011上。訊息之處理始於核心層級2005中的SHIM層級處。 SHIM 2017會將所有輸入通信量發送到SKIP 2021,它依序 地根據Μ T欄位2208而察覺到:該訊息是一種SKIP訊息。 要解密並鑑定訊息,SKIP需要解密傳送密鑰Κρ 2223,並 且要做的是:它會將 SNSID 2219,SMKID 2217,DNSID 2215,以及 DMKID 22 13 提供給 SKIPd 2037,SKIPd會用這 些ID,以便從SKIPd 2037之證書快速存取儲存器(cache)中 檢索針對漫遊者503和存取過濾器403 (3)的證書。若證書不 在那裏’則SKIPd 2037使用CDP通信協定來提取證書。然 後’將證書中的資訊和存取過濾器403 (3)之專用密鑰一起 使用;以便產生一種共享機密數値,然後使用該數値來解 密傳送密输Kp 2223 ’進而產生兩個内部密输:Akp和Ekp。 -104 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) t t t ύί i. Λ 圳 Ι· ij. f裝 f ! I I I I I I 訂 經濟部智慧財產局員工消費合作社印製 46 dB 1 A7 B7 五、發明說明(1〇2 ) U ίι β] 含1 r 夂 i:L ί; ΰ ή ί; ί: SKIP會安全地儲存共享機密數値,以便和未來訊息一起使 用’此乃因爲該數値之計算要花費可觀的時間量。其次, 爲整個已收到訊息計算出MAC,並且將Akp和mac 2221及 MAC ALG 2226—起使用’以便驗證:整個SKIp訊息22〇1未 W被干預。如果就是這種情形,就使用内部密鑰£kp來解 法已加密有效負載2227,以便恢復來自漫遊者503的原始訊 息。然後將已解密有效負載2227提供給Ip過濾器2〇19,它 會將它的一些規則應用到•來源j p位址,目標j p位址,以 及1 P標題223 1的埠號。若沒有規則拒絕存取操作;則I P過 遽器2019遵從另一規則,並將未加密訊息連同snsid 2219 和SMKID 2217重新指引到針對http代理伺服器之埠。IP 過遽器 2019使用 MMF 2301 中的 DBServicePortToProxyPort檔 案來尋找正被談論之埠。 在作業系統之使用者層級2〇〇3中的應用層級處繼續訊息 义處理。HTTP代理伺服器能掌握的有:伺服器之丨p位 址’服務之埠號,針對網頁之Url,屬於漫遊者503的使用 者之證書’以及用來加密訊息的加密方法。它會使用評估 程式2036,以便根據MMF 2301來決定下列各項: •由證書所表示之使用者所屬的諸多使用者群組; 經濟部智慧財產局員工消費合作社印製 •網頁所屬的諸多資訊集; • 是否有一項存取決策會允許諸多使用者群組中的至少 —個使用者群组存取諸多資訊集中的至少一個資訊 集;以及 * 訊息之k賴等級是否至少等於網頁之靈敏度等級。 -105 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 464812 A7 B7 五、發明說明(1〇3 ) 就從這些工作中的第一項工作開始,評估程式2036會接 收針對證書的NSID和MKID,並且使用來具有 DBCertificatesByUserGroup檔案之證書的證書匹配準則來 獲得:正在發送訊息之使用者所屬的諸多使用者群組之識 別符* 評估程式2036藉由採由:伺服器之j p位址,服務之埠 號’以及針對網頁之URL來決定資訊集;並且使用:具有 DBServerlDByIP(藉由I p位址來識別的資料庫&quot;伺服器I 〇 ’’) 檔案之IP位址來決定包含網頁之伺服器,具有 DBServicelDByPort(藉由埠號來識別的資料庫”服務I D &quot;)檔 案之埠號來決定關於提供服務之伺服器的服務,以及具有 DBResourcelDbyName(藉由IP名稱來識別的資料庫&quot;資源 I D )樓案之URL來得到針對網頁所屬之資訊集的識別符。 經濟部智慧財產局員工消費合作社印製 隨著能掌握:針對使用者群组和資訊集,在資料庫3〇i 中的識別符:評估程式2036使用DBRes〇urces檔案來決定: 疋否有一項存取決策會允許使用者所屬的任何使用者群組 存取網頁所屬的任何資訊集。這樣做,它可能只會考慮一 些其成員資格都是使用識別模式加以決定的使用者群組, 而該識別模式的信賴等級對資源之靈敏度等級而言是足夠 的。DBReSOurces檔案會將每個資訊集識別符映射到:會有 一些涉及該資源集的存取決策所針對的諸多使用者群組之 一列表。對於每個使用者群組而言,DBResources檔案會進 一步指示:決策是否容許或拒絕存取操作。評估程式2〇36 使用DBResources檔案,依序地爲網頁所屬的每個資訊集而 -106- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公爱) 4648 1 A7 B7 五、發明說明(104 ) 決定:會有一些關於資訊集的存取決策所針對的諸多使用 者群組之列表是否包括使用者所屬的諸多使用者群组中的 —個使用者群組。若有一項針對任何使用者群組的存取決 策拒絕存取操作,則評估程式對HTTP代理伺服器指示: 存取操作被拒絕;若沒有針對任何使用者群组的存取決策 拒絕存取搡作且至少有—項決策容許存取操作,則評估程 式對HTTP代理伺服器指示:存取操作被容許;若沒有針 對任何使用者群組的任何種類之存取決策,則評估程式會 決定:是否至少會有一個基於證書或令牌之使用者群组具 有一項針對資源的容許決策。如果這樣,並且請求客户機 有UIC(使用者識別客户軟體)正在執行:則聯繫uIC來對使 用者要求附加身份證別資訊。若有附加身份識別資訊回 來,則重複上述處理過程。在其它情況,評估程式對 HTTP代理伺服器指示:存取操作被拒絕。 經濟部智慧財產局員工消費合作社印製 當然,若存取請求並不具有一種等於網頁之靈敏度等級 的信賴等級’則評估程式2036也會拒絕存取操作》評估程 式2036從DBResourcesByResourcelD檔案中獲得網頁之靈斂 度等級’從DBTrustAuthentications(資料庫&quot;信賴等級鑑定 檔案中獲得使用者識別方法之信賴等級,以及從 DBTrustEncrypti〇ns(資料庫”信賴等級加密&quot;)檔案中獲得加 密方法之信賴等級。由於SKIP已經利用一種具有',機密”之 信賴等級的方法來加密訊息,故而經由網路之路徑的信賴 等級與本實例無關。要決定:針對使用者識別和加密方法 的信賴等級是否對網頁之靈敏度等級而言是足夠的;評估 -107- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) A7 B7 五、發明說明(1〇5 稃式203 6就會使用有效地建構3£1^0表601的1)81'〇18汀31^樓 案。若信賴等級是足夠的,則評估程式203 6對代理伺服器 指示:存取操作被容許。 V 身 % ί I ( 1 1: 屮 ί· I 本 ) —旦代理伺服器已經確認:打算容許存取載明於訊息中 的資訊資源;代理伺服器就會發起一項新對話,針對實際 服務:關於伺服器407之HTTP服務。代理伺服器2〇3 1會將 一項特別訊息發送到I P過濾器2019,因而告訴它:容許特 定對話通過;此乃因爲:在其它情況,此對話可能會被— 些規則所阻擋,或者再度被發送到代理伺服器。針對〗p過 逾器2 019的訊息也包括關於新對話所需的加密方法之資 訊’在本實例中’該資訊是:針對最後存取過濾器4〇3 (5), 應該對該對話加以加密;並且應該使用適合於資料靈敏度 等級就是機密的加密方法。當IP過濾器2〇 19遭遇新對話 時’它會發覺到:因爲該對話與代理伺服器203 1所載明的 準則匹配’所以它會將該對話傳遞到SKIP模組。由於就此 對話而言加密是必要的,故而訊息將會被重新加密。除了 下列各項之外’ SKIP模組2021會以如上所述的相同方式來 產生一種SKIP訊息2201 : 經濟部智慧財產局員工消費合作社印製 • 針對訊息的外IP標題2203載明:將存取過濾器403 (3)當 作訊息之來源,而將存取過濾器403(5)當作訊息之目標; • SKIP標題2205具有:針對存取過濾器403 (3)的SNSID 2219和SMKID 2217 ;以及針對存取過濾器403 (5)的 1^810 2215和0乂幻0 2213;並且,在標題2205中的其 它數値也都是·由訊息之來源和目標現在就是存取過 -108 本紙張尺度適用中國固家標準(CNS)A4規格(210 X 297公釐) 4 6 4 8 A7 B7 五、發明說明(106 ) 滤器403 (3)和存取過濾器403 (5)之事實所需的那些數 値; 二 • 已加密有效負載2227與以前相同(除了使用—種不同的 密鑰而已經將它加密之外:並且必要時爲整個新^ _ 2201 而產生 MAC 2221。 、 當代理伺服器正在轉發(relaying)訊息時,它也正在注視 著可能包含病毒的檔案傳送類型。當它遭遇病毒時,它會 將抗病毒軟體2033應用到這些檔案。若檔案包含病毒,則 代理词服器未能遞送完整樓案,藉以使病毒不致於造成傷 害。若存取控制資料庫301這樣指示,則當抗病毒軟體 2033檢測出病毒時,代理伺服器就會發送—項警戒資味。 經濟部智慧財產局員工消費合作社印製 當SKIP訊息2201在存取過濾器403 (5)處被接收時,就將 它傳遞到SKIP模組202 1 ’在該處’如前面所描述的,將它 鑑定和解密。關於存取過濾器403 (3),藉由如上所述的相 同機制’在存取過濾器403(5)上的IP過濾器2019察覺到·· 因爲訊息是指定給HTTP應用通信協定的,所以它會將訊 息指引到HTTP代理伺服器203 1。該代理伺服器會接受訊 息;然後將來自外IP標題2203和SKIP標題2205,它能夠獲 得關於訊息之發起者(存取過濾器403 (3))的資訊發送到評 估程式2036 ’以便決定:正在被此訊息鼓動的對話是否應 該被容許繼續進行。評估程式2036會檢視訊息之來源I p位 址以及其它身份識別資訊;並且藉由查出在MMF檔案之 DBServerlDByIP檔案中的來源I p位址來決定:針對存取過 濾器403 (3),在資料庫301中的識別符;使用該識別符來 -109- 本紙張尺度適用中國國家標準&lt;CNS)A4規格(210 X 297公釐) 經濟部智慧財產局員工消費合作社印製Formula, so look for the alert conditions listed in the database 301. Use the GUI to specify the methods used to deliver alert information for defining alert information. • Reports • Transfers a subset of many logins to a special report login, condenses it into a database, and later forwards it to the report management program 209 »Management Graphical User Interface 1 915: GUI (Graphical User Interface) It may run on the access filter 203, or on any computer attached to the access filter 203 and having a 32-bit Windows trademark operating system. Whether the GUI is executed on the access controller 203 or on the accessory system, it will use the IS DB management program 2 07 to read or write one of the working data in the access control database 301. Library 1903. Via GUI 1915, all necessary modifications are made to the access control database 301. One of the "application" operations in the GUI is sent to PCS 2025 as a signal, which responds to the signal by initiating the aforementioned allocation and synchronization operations. Detailed example of the operation of the access filter 203: Figure 5 and 2 2 In the following description, the end-to-end encryption example of Figure 5 will be explained in detail. In this example, its PC is equipped with one of the SKIP roamers 503 is accessing: -101-This paper standard applies Chinese national standards (CNS) A4 specifications (210 X 297 public) --------- ~ Outfit -------- Order --------- Λ (Please read the precautions on the back first (Fill in this page again)-464812 A7 B7 V. Description of Invention (99) An employee consumer cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs printed on one of the sites on VPN 201, a server equipped with SKIP 407. As a roamer 503 When it is set up to access VPN 201, it is set up by using a special encryption type of access filter 403 (3). Here, it will be assumed that the encryption being used by the roamer 503 Type has a "confidential" level of trust: and assumes that the user wants to access the web on server 407 The webpage has a "confidential level of sensitivity. Because the webpage being accessed is, the roamer 503 is using the HTTP communication protocol for its dialogue with the HTTP service on the server 407. As the roamer 503, in the VPN 201 Many of the access filters 203 and 407 in the server are all equipped with SKIP; therefore they are all equipped with their own public and private keys. At a minimum, the roamer 503 also has access filters 403 (3) Certificate and public key, it will direct messages for servers inside VPN 201 to access filter 403 (3); access filter 403 (3) has certificate and public key for roamer 503 (Or use certificate discovery communication protocols to obtain them); all access filters 203 in VPN 201 have or can get: each other's public keys, and public secrets for many servers equipped with SKIP in VPN 201 In addition, each access filter 203 in VPN 201 will know: the IP addresses of all other access filters 203 and many servers in VPN 201. As a roamer 503 All messages sent and received as part of the HTTP conversation with server 407 are encrypted and authenticated by SKIP. Figure 22 shows the format used by such a SKIP message 2201. SKIP messages are by SKIP The software is produced on the basis of -102, which is the skip message. The paper size is applicable to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) Λα 14812 A7 B7 5. The system of the source of the invention description (100). The SKIP message 2201 shown here is from the roamer 503. Its main components are: Outer IP header 2203: Outer IP header 2203 is used to deliver SKIP messages to the access filter 403 (3). Included in the IP title 2203 are: the source IP address 2209 for the roamer 503, and the destination IP address 2206 for the access filter 403 (3). When the roamer 503 is established to access the VPN 201, the target address 2206 used by the roamer 503 is set up to specify the access filter 403 (3). The source IP address 2209 may be dynamically assigned to the roamer 503 by an Internet service provider; the roamer 503 uses it to connect to the Internet 12 1. The outer IP header 2203 also includes a message type (MT) block 2208, which will state that the message is a SKIP message. SKIP header 2205 ... The SKIP header 2205 contains information required to decrypt the SKIP message 2201 when the SKIP message is received. The SKIP header 2205 contains at least: a certificate for the target, that is, a target NSID (name space identifier) 2215 and a target MKID (master key identifier) 2213 for the certificate that accessed the server 403 (3); and The certificate of the source is the source NSID2219 and the source MKID2217 of the certificate of the roamer 503. In addition, the SKIP header 2205 contains: an identifier for the algorithm used to authenticate the message (MAC ALG 2226) and the algorithm used to encrypt the message (CRYPT ALG 2225); and an encrypted transmission key used to decrypt the message ( Kp 2223) and identifier 2224 for the algorithm used to decrypt the transport key. Appraisal title 2211: Appraisal title 2211 contains a message authentication code (MAC) 2221, which is based on -103- this paper size applies Chinese National Standard (CNS) A4 specifications (210 X 297 public love) w I βί language-r ίι i; #-^ jy: * i book 1 printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 4 b A7 B7 V. Identification of the invention (1〇1) in column 2226 ] Calculated by the MAC algorithm; and it is used by the access filter 403 (3) to verify that the message arrived without intervention. Encrypted payload 2227: Encrypted payload 2227 contains a known encrypted message that the roamer 503 is sending to the server 407. It includes an IP header 233 1 for the message, and an encrypted message 2229. The IP header 233 1 has an IP address for the server 407 and a port number for the HTTP protocol service. By using the transfer key Kp 2223 having the decryption algorithm specified in CRYPT ALG (Cryptographic Algorithm Identifier) 2225, the encrypted payload 2227 can be decrypted. Processing SKIP message 2201 SKIP message 2201 arrives on the Internet interface 2011 of the access filter 403 (3). Message processing starts at the SHIM level in the core level 2005. SHIM 2017 will send all incoming traffic to SKIP 2021, and it will sequentially perceive according to MT field 2208 that the message is a SKIP message. To decrypt and authenticate the message, SKIP needs to decrypt the transmission key κρ 2223, and what it has to do is: it will provide SNSID 2219, SMKID 2217, DNSID 2215, and DMKID 22 13 to SKIPd 2037, and SKIPd will use these IDs in order to retrieve The certificate quick access cache (SKIPd 2037) retrieves the certificate for the roamer 503 and the access filter 403 (3). If the certificate is not there, then SKIPd 2037 uses the CDP communication protocol to extract the certificate. Then 'use the information in the certificate with the private key of the access filter 403 (3); in order to generate a shared secret number, and then use this number to decrypt the transmission key Kp 2223' to generate two internal secrets Losing: Akp and Ekp. -104 This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) ttt ύί i. Λ zhen Ι · ij. F f f III III Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs 46 dB 1 A7 B7 V. Description of the invention (102) U ί β] Contains 1 r 夂 i: L ί; ΰή ί; ί: SKIP will safely store the shared secret number 値 for use with future messages' This is because The calculation of this number takes a considerable amount of time. Secondly, the MAC is calculated for the entire received message, and Akp and mac 2221 and MAC ALG 2226 are used together 'to verify that the entire SKIp message 2201 is not intervened. If this is the case, the internal key £ kp is used to resolve the encrypted payload 2227 in order to recover the original message from the roamer 503. The decrypted payload 2227 is then provided to the IP filter 2019, which will apply some of its rules to the source j p address, the destination j p address, and the port number of the 1 P header 223 1. If there is no rule to deny the access operation, IP Server 2019 follows another rule and redirects the unencrypted message along with snsid 2219 and SMKID 2217 to the port for the http proxy server. IP Adapter 2019 uses the DBServicePortToProxyPort file in MMF 2301 to find the port in question. Message processing continues at the application level in the user level 2003 of the operating system. The HTTP proxy server can grasp: the server's p address, the service port number, the URL for the web page, the user's certificate belonging to the roamer 503, and the encryption method used to encrypt the message. It uses evaluation program 2036 to determine the following according to MMF 2301: • Many user groups to which the users indicated by the certificate belong; Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs • Many information sets to which the web pages belong ; • Is there an access decision that will allow at least one of the many user groups to access at least one of the information sets in the many information sets; and * Whether the k-level of the message is at least equal to the sensitivity level of the web page. -105 This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) 464812 A7 B7 V. Description of the invention (103) Starting from the first of these tasks, the evaluation program 2036 will receive For the NSID and MKID of the certificate, and using the certificate matching criteria of the certificate with the DBCertificatesByUserGroup file to obtain: the identifiers of the various user groups to which the user who is sending the message * The evaluation program 2036 is obtained by: jp address, port number of the service 'and the URL of the webpage to determine the information set; and use: DBServerlDByIP (the database identified by the IP address &quot; server I 〇' ') IP address of the file To determine the server that contains the web page, the port number of the DBServicelDByPort (database identified by the port number "Service ID &quot;) file to determine the service on the server providing the service, and the DBResourcelDbyName (by IP name to Identify the database &quot; resource ID) URL of the case to get the identifier for the information set to which the web page belongs. Employees, Intellectual Property Bureau, Ministry of Economic Affairs Printed by the consumer cooperative: As soon as it can be grasped: For user groups and information sets, the identifier in the database 30i: The evaluation program 2036 uses the DBRes〇urces file to determine: 疋 Is there an access decision that will allow use Any user group that the user belongs to accesses any information set that the page belongs to. In doing so, it may only consider some user groups whose membership is determined using a recognition pattern, and the trust level of the recognition pattern is The sensitivity level of the resource is sufficient. The DBReSOurces file maps each information set identifier to: There will be a list of one of the many user groups for which access decisions concerning the resource set are targeted. For each use For the group of users, the DBResources file will further indicate: decide whether to allow or deny the access operation. The evaluation program 2036 uses the DBResources file to sequentially for each information set to which the webpage belongs -106- This paper standard applies to China National Standard (CNS) A4 Specification (210 X 297 Public Love) 4648 1 A7 B7 V. Description of Invention (104) Decision: There will be some information about the information set Whether the list of many user groups for which the decision is made includes one of the user groups to which the user belongs. If there is an access decision for any user group that denies access, The evaluator instructs the HTTP proxy server: The access operation is denied; if no access decision is denied for the access decision of any user group and at least one decision allows the access operation, the evaluator makes the HTTP proxy The server indicates that the access operation is allowed; if there is no access decision of any kind for any user group, the evaluator will determine whether at least one certificate or token-based user group has one Allowable decisions for resources. If so, and the requesting client has UIC (User Identification Client Software) running: contact uIC to request additional identification information from the user. If additional identification information comes back, the above process is repeated. In other cases, the evaluator instructed the HTTP proxy server that the access operation was denied. Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs Of course, if the access request does not have a trust level equal to the sensitivity level of the webpage, then the evaluation program 2036 will also deny the access operation. The evaluation program 2036 obtains the webpage from the DBResourcesByResourcelD file Convergence level 'obtains the trust level of the user identification method from the DBTrustAuthentications (database &quot; trust level authentication file) and the trust level of the encryption method from the DBTrustEncryptions (database's trust level encryption &quot;) file. Since SKIP has used a method with a ", confidential" trust level to encrypt the message, the trust level of the path through the network has nothing to do with this example. To determine: whether the trust level for user identification and encryption methods is Sensitivity level is sufficient; Evaluation -107- This paper size applies Chinese National Standard (CNS) A4 specification (210 X 297 mm) A7 B7 V. Description of invention (105) Formula 20 6 will be used effectively Construct a case of 1) 81'〇18 Ting 31 ^ building of 3 £ 1 ^ 0 Table 601. If the trust level is sufficient If yes, the evaluation program 2036 instructs the proxy server that the access operation is allowed. V %% ί I (1 1: · ί · I copy) — Once the proxy server has confirmed that it intends to allow the access specified in the message Information resources in the Internet; the proxy server will initiate a new dialogue for the actual service: HTTP service on server 407. The proxy server 201 will send a special message to the IP filter 2019, so tell It: Allows a specific conversation to pass; this is because: In other cases, the conversation may be blocked by some rules or sent to a proxy server again. The message for the overpass 2 019 also includes information about new conversations The information needed for the encryption method 'in this example' is that the dialog should be encrypted for the final access filter 4 03 (5); and an encryption method suitable for the sensitivity level of the data which is confidential should be used When the IP filter 2019 encounters a new conversation, 'it will find: because the conversation matches the criteria stated by the proxy server 2031', it will pass the conversation to the SKIP module Since encryption is necessary for this conversation, the message will be re-encrypted. Except for the following, the SKIP module 2021 will generate a SKIP message 2201 in the same way as described above: Employees of the Intellectual Property Office of the Ministry of Economic Affairs Printed by Consumer Cooperatives • Outer IP header 2203 for messages states: Use access filter 403 (3) as the source of the message and access filter 403 (5) as the destination of the message; • SKIP header 2205 Has: SNSID 2219 and SMKID 2217 for access filter 403 (3); and 1 ^ 810 2215 and 0 (0 2213) for access filter 403 (5); and, other numbers in heading 2205 It ’s also the source and target of the information. Now it has been accessed. -108 This paper size is applicable to the Chinese solid standard (CNS) A4 specification (210 X 297 mm). 4 6 4 8 A7 B7 V. Description of the invention (106) Those required for the fact of filter 403 (3) and access filter 403 (5); two • The encrypted payload 2227 is the same as before (except that it has been encrypted using a different key: And generate MAC 2 for the whole new ^ _2201 if necessary 221. When the proxy server is relaying messages, it is also watching the type of file transfers that may contain viruses. When it encounters a virus, it applies anti-virus software 2033 to these files. If the file contains a virus, the proxy server fails to deliver the complete case so that the virus will not cause harm. If the access control database 301 instructs this, when the anti-virus software 2033 detects a virus, the proxy server will send an alert message. Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs. When the SKIP message 2201 is received at the access filter 403 (5), it is passed to the SKIP module 202 1 'where' as described previously, the It authenticates and decrypts. Regarding the access filter 403 (3), through the same mechanism as described above, the IP filter 2019 on the access filter 403 (5) notices that the message is specified to the HTTP application protocol, so It directs the message to the HTTP proxy server 2031. The proxy server accepts the message; it then sends information from the outer IP header 2203 and SKIP header 2205, which can obtain information about the originator of the message (access filter 403 (3)), to the evaluation program 2036 'in order to determine: Whether the dialogue inspired by this message should be allowed to continue. The evaluation program 2036 will check the source IP address of the message and other identifying information; and determine it by finding the source IP address in the DBServerlDByIP file of the MMF file: For the access filter 403 (3), Identifier in database 301; use this identifier to -109- This paper size applies to the Chinese National Standard &lt; CNS) A4 specification (210 X 297 mm) Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs

4 8 I A7 ___B7_____ 五、發明說明(1〇7 ) 指出存取過濾器403 (3)之證書的位置:以及發覺$ :證書 資訊與被檢索證書匹配,該被檢索證書與正在被處理的存 取過濾器403 (3)之訊息有關聯。訊息之來源的存取過濾器 4〇3(3)因此而被認爲在VPN 201中之一存取過濾器403,所 以評估程式2036作出回應是:該對話應該被容許,理由是 它是一種已經被在相同VPN 201内之另一存取過濾器403所 允許的訊息。將容許訊息的這項決策轉回給HTTP代理词 服器2031。評估程式2036會指導在存取過濾器403 (5)上的 HTTP代理伺月艮器203 1 :爲了相同的理田,容許從相同對話 傳來的任何請求。當HTTP請求被處理時,代理伺服器就 用與輸出對話被建立在存取過濾器4〇3(3)上相同的方式來 建立一種與在伺服器407上之HTTP服務的輸出通信連接。 當初啓與伺服器407的通信連接時,評估程式2036會查出 在MMF檔案之DBServerlDByIP檔案中的伺服器407之I P位 址,以便決定:針對伺服器4 0 7,在資料庫301中的識別 符;使用該識別符來指出伺服器表的位置;進而使用來自 該表之證書識別和DBCertificates(資料庫’’證書&quot;)樓案來尋 找針對伺服器407之證書。然後它使用針對存取過遽器 403 (3)的密鑰以及針對伺服器407的公用密鑰(從證書中獲 得)來構築一項SKIP對話,如前面所描述的。將實際訊息 加以加密和鑑定,增加SKIP標題2205,並且增加外ιρ標題 2203 ’因而將訊息指引到伺服器407 » 當訊息觸及伺服器407時,在伺服器407中的SKIP就會: 核對關於訊息的鑑定資訊,對它解密,進而將已解密訊息 _ -110- 本紙張尺度適甩中國國家標準CCNS)A4規格(210 X 297公釐) ----------------I I I 訂--I--! 1--^. C謹先K讀之注意事^#_ίΛί^1 } 46 48 1 A7 B7 五、發明說明(108) 轉遞到HTTP服務·,該服務會執行存取:由包含於有效負 載中之訊息所請求的網頁。已經獲得網頁,HTTP服務會 產生一種具有載明將漫遊者503當作目標之I p標題的轉回 訊息(return message)。然後,將此轉回訊息加以封裝在一 種SKIP訊息2201中,如前面所描述的。此SKIP訊息被指引 到存取過濾器403 (5),並且包含在外標題2203和SKIP標題 2205中的資訊’該資訊對那些實體之間的訊息而言是必要 的。 當回答(reply)訊息觸及存取過濾器403 (5)時,在那裏的 SKIP模組2〇21就會對它加以鑑定和解密,並傳送到丨p過滤 器2019。該訊息被發覺與一現存對話匹配,所以不必要評 估;因而將它直接轉遞到HTTP代理伺服器203 1。在那裏, 將它當作一種HTTP通信協定回答訊息加以核對有效性, 進而將它重新傳送回到就是存取過濾器4〇3 (3)之HTTP對話 的發起者。由於瞭解此對話的發起者可能是在vpN 2〇丨中 的另一存取過濾器403,故而不會執行抗病毒模组2〇33的 核對操作,就像瞭解必要時存取過濾器會執行核對操作那 樣。使用對存取過濾器403 (3)與存取過濾器4〇3 (5)之間的 訊息交換而言是必要的諸多SKIP參數,經由SKIp模组 經濟部智慧財產局員工消費合作社印製 2021,再度處理回答訊息之重新傳輸,並且對它加以加 密’如上述。 當此回答訊息來到存取過濾器4〇3 (3)時,恰好發生相同 的事情’那就是,訊息通過SKIP模组2〇21和Ip過滤器 2019 ’來到HTTP代理伺服器2031。在那裏,將它當作一種 -111 - 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) dB 48 A7 B7 五、發明說明(1〇9 ) HTTP通信協定回答訊息加以核對有效性;可能通過抗病 毒模組2033(如果訊息内容類型對它保證的話);進而將它 重新傳送回到就是漫遊者503之HTTP對話的發起者。對於 正在將一項訊息從存取過滤器403 (3)發送到漫遊者503而 言’使用如上所宣示的SKIP參數,經由SKIP模組2021,再 度處理回答訊息之傳輸,進而如上述般對它加以加密。然 後’在漫遊者503處接收回答訊息;在該處:利用SKIP對 該訊息鑑定和解密,提供訊息給使用者之瀏覽器,並且爲 使用者而顯示出來。 使用在存取過遽器203中的諸多技術之通則 使用在存取過濾器203中的諸多技術已經用兩種方式加 以通用化: • 將決策評估和決策施行分離’它會允許與存取過滤器 不同的實體加以施行決策;以及 •決策資料庫現在不但允許定義:使用者,使用者群 組’資源,以及資源群组;而且允許定義;諸多新使 用者識別類型,可能定義決策所針對的諸多新行動類 型’以及諸多新資源類型。 下列討論將首先描述:可能怎樣將決策評估和決策施行 經濟部智慧財產局員工消费合作社印製 分離,然後再描述:可能怎樣擴充用來定義決策的諸多類 型0 將決策評估和決策施行分離:圖2〇,26,及27 圖2 6是一種決策施行系統26〇 1之一方塊圖,其中:已經 將決東評估和決策施行分離。在系統2601中,決策的觀念 -112- 本紙張尺度剌巾國國家標毕(CNS&gt;A4規格(21〇 X 297公ίΤ4 8 I A7 ___B7_____ 5. The description of the invention (107) indicates the location of the certificate of the access filter 403 (3): and it is found that $: The certificate information matches the retrieved certificate, and the retrieved certificate matches the certificate being processed. The message from filter 403 (3) is related. The access filter 4403 (3) of the source of the message is therefore considered to be one of the access filters 403 in VPN 201, so the evaluator 2036 responds that the conversation should be allowed because it is a Messages that have been allowed by another access filter 403 within the same VPN 201. This decision to allow the message is passed back to the HTTP proxy server 2031. The evaluation program 2036 instructs the HTTP proxy server 203 1 on the access filter 403 (5) to allow any request from the same conversation for the same reasoning. When the HTTP request is processed, the proxy server establishes an outgoing communication connection with the HTTP service on the server 407 in the same manner as the output session is established on the access filter 403 (3). When the communication connection with the server 407 is started, the evaluation program 2036 will find the IP address of the server 407 in the DBServerlDByIP file of the MMF file in order to determine: the identification in the database 301 for the server 407 Use this identifier to indicate the location of the server table; then use the certificate identification and DBCertificates from the table to find the certificate for server 407. It then constructs a SKIP session using the key for the access server 403 (3) and the public key (obtained from the certificate) for the server 407, as described earlier. Encrypt and authenticate the actual message, add the SKIP header 2205, and add the outer title 2203 'so that the message is directed to the server 407 »When the message reaches the server 407, SKIP in the server 407 will: Check the message Identification information, decrypt it, and then decrypt the decrypted message _ -110- This paper size is suitable for China National Standard CCNS) A4 specification (210 X 297 mm) -------------- --III Order--I--! 1-^. C I would like to read the notice ^ # _ ίΛί ^ 1} 46 48 1 A7 B7 V. Description of the invention (108) Forwarded to the HTTP service. This service Access will be performed: the webpage requested by the message contained in the payload. Having obtained a web page, the HTTP service will generate a return message with an IP header that specifies the rover 503 as the target. This switchback message is then encapsulated in a SKIP message 2201, as previously described. This SKIP message is directed to the access filter 403 (5), and the information contained in the outer header 2203 and the SKIP header 2205 is necessary for the information between those entities. When the reply message hits the access filter 403 (5), the SKIP module 2021 there will authenticate and decrypt it, and send it to the p filter 2019. The message was found to match an existing conversation, so no evaluation is necessary; it is therefore forwarded directly to the HTTP proxy server 2031. There, it is checked for validity as an HTTP protocol response message, and it is retransmitted back to the originator of the HTTP conversation which is the access filter 403 (3). Since it is understood that the initiator of this conversation may be another access filter 403 in vpN 2〇 丨, the check operation of the anti-virus module 2033 will not be performed, just like the access filter will perform when necessary Check operation like that. Uses many SKIP parameters necessary for information exchange between the access filter 403 (3) and the access filter 403 (5), printed by the SKIp module, the Intellectual Property Bureau of the Ministry of Economic Affairs, Employee Consumption Cooperative, 2021 , Re-processing the retransmission of the reply message, and encrypting it as described above. When this answer message came to the access filter 4 03 (3), exactly the same thing happened ', that is, the message came to the HTTP proxy server 2031 through the SKIP module 2021 and the IP filter 2019'. There, regard it as a -111-This paper size is applicable to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) dB 48 A7 B7 V. Description of the invention (1109) HTTP communication protocol response message to check Validity; possibly through anti-virus module 2033 (if the message content type guarantees it); and then retransmit it back to the originator of the HTTP conversation that was the roamer 503. For a message being sent from the access filter 403 (3) to the roamer 503, 'using the SKIP parameters as announced above, the SKIP module 2021 is used to process the transmission of the reply message again, and then to it as above Encrypted. Then 'receive the answer message at the roamer 503; where: use SKIP to authenticate and decrypt the message, provide the message to the user's browser, and display it for the user. General principles of many technologies used in access filter 203 Many technologies used in access filter 203 have been generalized in two ways: • Separate decision evaluation and decision execution. Filter different entities to implement decisions; and • the decision database now allows not only definitions: users, user groups' resources, and resource groups; but also definitions; many new types of user identification that may define the decisions for Many new action types' and many new resource types. The following discussion will first describe how the decision evaluation and decision implementation may be separated from the print by the Intellectual Property Bureau of the Ministry of Economic Affairs' employee consumer cooperatives, and then describe how the many types used to define decisions may be expanded. 20, 26, and 27 Figure 26 is a block diagram of a decision execution system 2601, in which the decision evaluation and decision execution have been separated. In the system 2601, the concept of decision-making

五、發明說明(110 (rion)已經加以通用化,不但包括··存取決策,管理決 2 乂及决策制疋決策;而且包括:使用者可能針一資訊 資源執行的任何行動。譬如説,—項決策可能陳述:—特 定使用者群組可能印出屬於_特定資訊集I些文件。 系統2601具有五個主要組件: •請求實體则,它會請求要對資訊資源執行的行動, 並且Έ:可能是能夠屬於一使用者群組的任何實體; •決策施行器2609,它能夠控制被請求行動的效能; ’諸多資源2611(0,.,n),它可能是:彳由決策施行器 2609存取的或裝置控制的任何資訊; •決策伺服器2617’它會決定:行動是否被允許;以及 •決策資料庫26丨9,它包含諸多決策,決策伺服器2617 根據該決策來決定:行動是否被允許。 經濟部智慧財產局員工消費合作社印製 叫求貫體2603,決策施行器2609,以及決策伺服器2617 能夠各自被定位在任何地方。唯一的要求是:在請求實體 2603與决朿施行器2609之間以及在決策施行器26〇9與決策 伺服器2617之間都會有訊息傳輸媒體。在請求實體26〇3與 決策把行器2609之間的媒體允許請求實體26〇3 :將一種請 求要對一資源R2611 (1)執行一項行動的訊息2605發送到決 策施行器261 9 ;並且接收一種來自決策施行器26〇9的行動 回應訊息2607 ’它指示著:是否要採取行動,以及如果這 樣的結果。在決策施行器2609與決策伺服器2617之間的媒 體允許決策施行器2609 :將一項決策請求% 13,發送到決 策伺服器2617 ’因而請求決策伺服器261 7指示:在決策伺 113- 本紙張尺度適用中國國家標準(CNS)A4規格&lt;210 X 297公芨) 4648 1 2 A7 _ B7 五、發明說明(111) 服器資料庫2 6 19中的諸多決策是否允許—既定請求實體採 取相對於一既定資源之一既定行動;並且請求決策伺1器 2617用一種決策回應2615來對決策請求2613作回應,該回 應指示:諸多決策是否會允許載明於決策請求中的行動。 應該進一步注意的是:受決策施行器26〇9控制的行動甚至 不扃要被成版系統之一組件所執行。例如,在決策資料庫 中的諸多決策可能被圖書館主顧們加以控制存取書本,而 载明於決策中的行動則可能是具有—種從書架中提取一本 書的圖書館網頁。 決策請求訊息26 13以及決策回應訊息26 15的格式都是藉 由一種決策通信協定加以定義的。目前正在被研發的一些 標準決策通信協定之實例是:公用開放決策系統(c〇mm〇n Open Policy System,簡稱COPS),該系統可上網獲知:就 像1999年6月2 1日所描述的,網址爲:http:&quot;www htf…/ internet-drafts/draft-ietf-rap-cops-06.txt :以及在使用者服務 中的遠程鑑疋撥號(Remote Authentication Dial In User Service,簡稱RADIUS ;參考:網際網路標準第RFC2138 號)。 決策伺服器2617獲得產生決策回應2615所需的資訊,然 後提供回應給決策施行器2609。決策伺服器2617包括一種 包含諸多決策的決策伺服器資料庫2619,該決策包括:針 對請求實體2603已經請求決策施行器2609要對一項資源 R2611(i)執行行動的一項或更多決策。決策伺服器2617會 查詢決策伺服器資料庫2619,以便指出一些有關決策的位 114- 本紙張尺度適用中國國家標準&lt;CNS)A4規格(210 X 297公釐) a 关 βί % 5 a 兔 ηV. Description of the invention (110 (rion) has been generalized, which not only includes access decisions, management decisions, and decision-making decisions; it also includes: any actions that users may perform on an information resource. For example, — A decision may state: — A specific user group may print some documents belonging to a specific information set. The system 2601 has five main components: • The requesting entity then requests an action to be performed on the information resource, and : May be any entity that can belong to a user group; • Decision executor 2609, which can control the effectiveness of the requested action; 'Many resources 2611 (0,., N), it may be: 彳 by the decision executor Any information accessed or controlled by 2609; • Decision server 2617 'which determines: whether the action is allowed; and • Decision database 26 丨 9, which contains many decisions, and decision server 2617 decides based on the decision: Whether the action is allowed. The Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs printed a request body 2603, a decision executor 2609, and a decision server 2617. Located anywhere. The only requirement is that there will be a message transmission medium between the requesting entity 2603 and the decision implementer 2609, and between the decision implementer 2609 and the decision server 2617. The requesting entity 2603 and The decision allows the media between requesters 2609 to request the entity 2603: to send a message 2605 requesting an action to be performed on a resource R2611 (1) to the decision executor 2619; and to receive a message from the decision executor 26 〇 9 action response message 2607 'It indicates whether action is to be taken and if so, the result. The media between the decision executor 2609 and the decision server 2617 allows the decision executor 2609 to request a decision% 13 , Sent to the decision server 2617 'so request the decision server 261 7 instructions: In the decision server 113- This paper size applies the Chinese National Standard (CNS) A4 specification &lt; 210 X 297 Gong) 4648 1 2 A7 _ B7 V. Description of the invention (111) whether many decisions in the server database 2 6 19 are allowed-a given requesting entity takes a given action relative to a given resource; and requests the decision server 2617 to use 2615 kinds of decision-making to respond to the request of the 2613 decision to respond, the back should indicate: whether the decision would allow many states to request action decision. It should be further noted that the actions controlled by the decision executor 2609 need not even be performed by one of the components of the publishing system. For example, many decisions in the decision database may be controlled by library patrons, and the actions specified in the decision may be library pages that have a book extracted from the bookshelf. The format of the decision request message 26 13 and the decision response message 26 15 are defined by a decision communication protocol. Examples of some standard decision communication protocols that are currently being developed are: the Common Open Decision System (COP0) Open Policy System (COPS), which can be accessed online: as described on June 21, 1999 , The URL is: http: &quot; www htf ... / internet-drafts / draft-ietf-rap-cops-06.txt: and Remote Authentication Dial In User Service (referred to as RADIUS; Reference: Internet Standard RFC2138). The decision server 2617 obtains the information needed to generate a decision response 2615, and then provides the response to the decision executor 2609. The decision server 2617 includes a decision server database 2619 containing a number of decisions, the decision including: one or more decisions regarding the requesting entity 2603 having requested the decision executor 2609 to perform an action on a resource R2611 (i). The decision server 2617 will query the decision server database 2619 in order to indicate some bits related to decision 114- This paper size applies the Chinese National Standard &lt; CNS) A4 specification (210 X 297 mm) a Off βί% 5 a Rabbit η

I 經濟部智慧財產局員工消費合作社印製 46 48 12 A7 經濟部智慧財產局員工消費合作社印製 __B7_____五、發明說明(112 ) 置,然後再將它們應用到決策請求2613。做這件事情可能 會要求決策伺服器2617要從可由決策伺服器2617存取的任 何位置中獲得其它與決策有關的資訊2623。這種處理過程 之一實例是:在存取過濾器203之討論中所描述的技術; 藉由該技術,存取過濾器203獲得關於使用者的附加識別 資訊。若決策伺服器2617從決策伺服器資料庫2619以及其 它資源中獲得的資訊指示著行動被允許,則決策词服器 2617會發送一種這樣指示的決策回應2615,而決策施行器 2609會執行如26 10處所指示的行動,並且經由行動回應 2607’將結果轉回給請求貫體2603 :若決策回應2615指 示行動未被允許’則決策施行器2 6 0 9會發送一種指示著 行動未被允許的行動回應2607。 將決策施行器2609和決策伺服器2617分離之一重要優點 是:可能在系統内的很多不同層級處建構決策施行器 2609,其中瞭解到該系統包括一些由網路所連接的諸多裝 置組成的系統。決策伺服器26 Π可能包含針對任何決策施 行器的决策’因此,可能受該決策支配的行動不再受限於 在系統之一個或更多層級處所採取的行動。 圖2 7顯示:一種具有諸多組件的系統27〇丨,該組件都是 藉由包括一公用網路2702及一内部網路i〇3的網路加以連 接的。在最高層級處,系統2701具有:一個或更多決策決 策點(policy decision points)2723,它會決定決策是否允許 頁行動;以及一個或更多決策施行點2 7 2 1,其中諸多決 策決策點的決策都會被施行。決策決策點將會包括決策伺 η 失 η 背 ΐ 之 a 寫 氺 1 裝 I I I訂 -115- 本紙張尺度適用中國國家標準(CNS)A4現格(210 X 297公釐) Λ 6 A 8 1 2 Α7 --------- Β7______ 五、發明說明(113) ,器2617 ;而決策施行點則會包括決策致能裝置,那就 是:一種能夠執行如決策施行器26〇9般之功能的裝置。在 決策決策點與決策施行點之間的通信是藉由決策訊息 2725,該訊息則包括:決策請求2613以及決策回應2615。 當一實體2603請求要使用資源尺2611來執行一項行動時, 將會由一種受決策施行點2721所控制的裝置來執行該行 動,決策施行點2721將會和決策決策點2723交換決策訊息 2725,以便決定:該行動是否被允許;如果是的話,決策 如行點2 7 2 1就會使該行動被執行。 包括在系統27〇 1内的諸多決策致能裝置中有: •決策致能路由器2713,它會施行在實體網路中的路由 指引通信量之層級處的決策; •決策致能附屬裝置2719,它會執行在_裝置之層級處 的決策,該裝置附屬於系統27〇1的網路。一個實例就 是印表機,它能夠查閱決策伺服器2617.,以便決定: 疋否要接受一項來自某—實體26〇3的印出請求。 •決策致能應用程式2717,它會執行在應用程式之層級 處的決策。 經濟部智慧財產局員工消費合作社印製 每個決策致能裝“會用像針料策施㈣細9所描述 那樣的相同方式來處理決策:當決策致能裝置收到它必須 決定該行動請求是否遵從建立在決策伺服器資料庫“^中 的諸多存取決策所針對的—項行動請求27〇3時,它就會將 一種決策訊息2725發送到決策伺服器2617 ;並且當它收到 決策訊息時就會作出回應,允許或拒絕如決策訊息所指示 -116 -I Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs 46 48 12 A7 Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs __B7_____ V. Invention Description (112), and then apply them to decision request 2613. Doing this may require the decision server 2617 to obtain other decision-related information 2623 from any location accessible by the decision server 2617. An example of such a process is the technique described in the discussion of the access filter 203; by this technique, the access filter 203 obtains additional identification information about the user. If the information obtained by the decision server 2617 from the decision server database 2619 and other resources indicates that the action is allowed, the decision server 2617 sends a decision response 2615 instructed in this way, and the decision executor 2609 executes such as 26 10 indicates the action, and the result is returned to the requesting body 2603 through the action response 2607 ': if the decision response 2615 indicates that the action is not allowed', the decision executor 2 6 0 9 sends a message indicating that the action is not allowed Action response 2607. An important advantage of separating the decision implementer 2609 from the decision server 2617 is that it is possible to construct the decision implementer 2609 at many different levels in the system. It is understood that the system includes some systems composed of many devices connected to the network . The decision server 26 may contain decisions for any decision executor &apos; Therefore, actions that may be governed by that decision are no longer limited to actions taken at one or more levels of the system. Figure 27 shows a system 27o with many components, which are connected by a network including a public network 2702 and an internal network 103. At the highest level, the system 2701 has: one or more policy decision points 2723 that determine whether a decision allows page actions; and one or more decision execution points 2 7 2 1, many of which Decisions are made. Decision-making decision points will include decision-making service η loss η back a writing 1 binding III binding -115- This paper size applies Chinese National Standard (CNS) A4 (210 X 297 mm) Λ 6 A 8 1 2 Α7 --------- Β7 ______ 5. Description of the invention (113), device 2617; and the decision execution point will include a decision enabling device, that is: a type of device that can perform the function of the decision implement 2609 Device. The communication between the decision decision point and the decision execution point is through a decision message 2725, which includes: a decision request 2613 and a decision response 2615. When an entity 2603 requests to use resource rule 2611 to perform an action, the action will be performed by a device controlled by decision execution point 2721. Decision execution point 2721 will exchange decision information 2725 with decision decision point 2723. In order to decide: whether the action is allowed; if so, a decision such as line point 2 7 2 1 will cause the action to be executed. Among the many decision-enabling devices included in the system 27001 are: • Decision-enabling router 2713, which executes decisions at the level of routing guidance traffic in the physical network; • Decision-enabling subsidiary device 2719, It executes decisions at the level of the device attached to the system's 2701 network. An example is a printer, which can consult the decision server 2617. to determine: 疋 Whether to accept a print request from a certain entity 2603. • Decision-enabled application 2717, which executes decisions at the application level. The Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs prints out each decision enabling device "will process the decision in the same way as described in Needs Policy Application Note 9: When the decision enabling device receives it, it must decide the action request Whether to comply with the many access decisions established in the decision server database "^ for an action request 2703, it will send a decision message 2725 to the decision server 2617; and when it receives the decision Will respond to the message, allowing or denying it as indicated in the decision message -116-

本紙張尺度適用中國國家標準(CNS)A4規格(210 X A7 B7 五、發明說明(114) 的行動。 繼續更加詳細地討論關於圖2 7之諸決策致能裝置運作所 處的層級,決策致能路由器27丨3可能保持針對它所路由指 引的諸多分包資訊之被允許來源和目標的一些表;當路由 器2 713被初始化時’這些表都是根據由決策伺服器%丨7所 提供的資訊加以建立的;從當時起,當路由器27丨3收到— 種具有來源或目標不在其表中的分包資訊時,它就會將一 種決策訊息2725發送到指示著來源或目標的決策伺服器 2617 ’而決策伺服器2617則會藉由指示著是否打算將來源 或目標包括在一些表中來對該訊息作回應。當然,當決策 伺服器資料庫2619改變時,路由器2713的一些表可能也會 由決策伺服器26 17發送到路由器2713的訊息來保持更新。 就像從前述中能夠看出的那樣,路由器27丨3會在存取過濾 器203之建構例2001中的IP過濾器2〇19之層級處執行決策 核對。 經濟部智慧財產局員工消費合作社印製 決策致能附屬裝置2719是一種諸如附屬於網路之一印表 機的裝置。該裝置能夠對一項由一實體提出的請求作回 應’以便隨著決策伺服器261 7所發送之一決策訊息而使用 它,並且能夠根據它從決策伺服器2617中收到的資訊而繼 續進行。這種決策致能附屬裝置2719會允許管轄這些裝置 的管轄詳細程度(granularity of control)比在存取過滤器203 之層級處的存取核對可能允許的還更加精細。 最後,決策致能應用程式2717會允許:在一種比存取過 濾器203可能允許的還要高之層級處的決策施行。只要決 -117- 本紙張尺度適用中國國家標準(CNS)A4現格(210 X 297公釐) A7 164812 _______B7 五、發明說明(115 ) 裝 i I I I I I I 訂 朿伺服器資料庫2619包含與正在被應用程式存取的諸多資 源有關的決策資訊,決策致能應用程式2717就能夠和決策 飼服器2617交換決策訊息2725,因而能夠藉以決定:是否 要允許或拒絕決策致能應用程式2717之使用者正在請求的 行動。決策致能應用程式2717之一實例是:一種建構諸如 FTP,HTTP,或SMTP之一網際網路服務的應用程式。這是 由圖2 0中的諸多代理伺服器203 1所處理的層級。因爲服務 現在可能都是決策致能的,所以代理伺服器不再是必要 的;換成是,只能夠將網際網通信協定傳遞到服務存在的 系統上,該服務將會提供由通信協定所請求的存取操作。 如圖27中所示’該服務隨後能夠親自和決策伺服器2617交 換決策訊息2725,以便決定:被請求存取操作是否應該被 允許。 經濟部智慧財產局員工消費合作社印製 決策致能應用程式2717之另一實例是:一種文件處理程 式。在這種情形下,決策伺服器資料庫2619可能包含一些 決策’該決策載明:有權修改諸多文件之集合的諸多使用 者之集合。當使用者使用程式來選擇一份文件以供編輯之 用時,文件處理程式就能夠和決策伺服器2617交換決策訊 息2725 ;且若來自決策伺服器2617的決策回應指示:使用 者可能不會修改文件;則文件處理程式可能對使用者這樣 指示,並且拒絕允許使用者修改文件。 就像從前述中能夠看出的那樣,將決策評估和決策施行 分離以及決策定義的可擴充性質實際上共同允許:程式能 夠對項資源執行的任何操作成爲決策之主體;於是,使 -118- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) Α7 ______Β7 五、發明說明(116 ) 得存取控制系統就像圖27中所顯示的那些系統:不但規模 可伸縮性又容易管理,而且很容易地適應任何現在或未來 的裝置或程式。 此處應該要指出的是:在存取過濾器2〇3中,將決策評 估和決策施行加以合乎邏輯地分離,縱使兩者都被包含在 相同的裝置中。當依據圖26來審視圖2〇時,顯而易見的 是:GUI 1915 ;啓動,登綠,警戒以及報表模组2〇27 ;資 料庫共孕目綠2028 ; ISDB管理程式2027 ; PCS 2025 ;以及 MMF 23〇1會建構決策伺服器26丨7 ;而其餘的組件則會建構 在IP過濾器及網際網路通信協定層級處操作的決策施行器 2609。 決策之通則:圖2 8 在存取過濾器203中,適當存取資訊的管理員:能夠定 義新使用者和使用者群組,能夠定義新資源和資訊集,並 且能夠增加服務和伺服器。管理員並不能夠定義與存取資 訊不同的行動。並且’任何人能夠用來定義新使用者群组 的方法都是固定的’而資源則皆受限於資訊之來源。在較 佳實施例的通用化決策伺服器中,這些限制都已經被解 除。現在’管理員要定義:新行動,用來定義使用者群組 的新万法,以及不是資訊集的資源是有可能的。當然,制 定廷些定義的權利本身就是由決策伺服器資料庫Mb中的 決策加以決定的,就像關於存取過濾器203中的管理決策 及決策制定者決策所説明的那樣。在大多數的系統中,定 義:諸多實體類型’資源類型,以及行動類型應該只限於 ____ -119- 本紙張尺度¥时_家標 A7 B7 五、發明說明(117 ) 屬於”安全官員”使用者群組的那些人。 將這些新的可能性圖解説明於針對顯示於圖2 8中之決策 陳述的通用化決策語法280丨中。通用化決策語法28〇1描 述:在可能操縱決策所針對的視窗中,怎樣將決策呈現給 管理員。在圖2 8中,用斜體字表示的項目都是可能被決策 詞服器26丨7之管理員所定義的諸多決策陳述的組成部份, 該管理員有權必需存取決策伺服器資料庫2619。在方括弧 中的項目都是使以斜體字表示的項目與定義一項決策有關 係的字組。譬如説,,This paper scale applies the Chinese National Standard (CNS) A4 specification (210 X A7 B7. V. Action of the invention description (114). Continue to discuss in more detail the level of operation of the decision enabling devices in Figure 2 7 Capable router 27 丨 3 may maintain some tables for the permitted sources and destinations of the many subcontracting information it routes; when router 2 713 is initialized 'these tables are provided by the decision server% 丨 7 Information is created; since then, when router 27 丨 3 receives—a type of subcontracting information with a source or destination not in its list, it sends a decision message 2725 to a decision server indicating the source or destination Server 2617 'and the decision server 2617 responds to this message by indicating whether it intends to include the source or destination in some tables. Of course, when the decision server database 2619 changes, some tables of the router 2713 may It will also be updated by the message sent by the decision server 26 17 to the router 2713. As can be seen from the foregoing, the router 27 丨 3 will be accessed before In the construction example of the device 203, the IP filter 2019 performs decision check at the level of the 2001. The Intellectual Property Bureau of the Ministry of Economic Affairs employee consumer cooperative prints the decision-enabling auxiliary device 2719, such as a printer attached to a network. The device is capable of responding to a request made by an entity 'so as to use it with a decision message sent by the decision server 2617 and based on the information it receives from the decision server 2617 Continue. This decision enabling accessory 2719 would allow the granularity of control over these devices to be more fine-grained than the access check at the level of the access filter 203 might allow. Finally, the decision enabling The applicable application 2717 will allow: decision-making to be performed at a higher level than the access filter 203 may allow. As long as the decision -117- this paper size applies the Chinese National Standard (CNS) A4 (210 X 297) (Mm) A7 164812 _______B7 V. Description of the invention (115) The installation of the IIIIII subscription server database 2619 contains many information that is being accessed by applications. Source decision information, the decision enabling application 2717 can exchange decision information 2725 with the decision feeder 2617, and thus can decide whether to allow or deny the action being requested by the user of the decision enabling application 2717. Decision An example of an enabled application 2717 is: an application that builds an Internet service such as FTP, HTTP, or SMTP. This is the level handled by many proxy servers 2031 in Figure 20 because of the service It may now be decision-enabled, so a proxy server is no longer necessary; instead, it can only pass the Internet communication protocol to the system where the service exists, and the service will provide the storage requested by the communication protocol. Take operation. As shown in Figure 27 ', the service can then personally exchange decision message 2725 with decision server 2617 to decide whether the requested access operation should be allowed. Printed by the Consumer Property Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs, another example of a decision enabling application 2717 is a document processing program. In this case, the decision server database 2619 may contain some decisions' which states: a collection of users who have the right to modify a collection of files. When the user uses the program to select a document for editing, the document processing program can exchange decision information 2725 with the decision server 2617; and if the decision response instruction from the decision server 2617 indicates that the user may not modify Document; the document handler may instruct the user and refuses to allow the user to modify the document. As can be seen from the foregoing, the separation of decision evaluation and decision execution and the extensible nature of decision definition actually collectively allow: any operation that a program can perform on an item resource becomes the subject of a decision; therefore, make -118- This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) Α7 ______ Β7 V. Description of the invention (116) The access control system is like those shown in Figure 27: not only the scale scalability but also Easy to manage and easily adapt to any current or future device or program. It should be noted here that in the access filter 203, the decision evaluation and decision execution are logically separated, even if both are contained in the same device. When reviewing view 20 according to FIG. 26, it is obvious that: GUI 1915; startup, log-in, alert, and report module 2027; database total pregnancy green 2028; ISDB management program 2027; PCS 2025; and MMF 23〇1 will build a decision server 26 丨 7; the remaining components will build a decision implementer 2609 that operates at the IP filter and Internet communication protocol level. General rules for decision making: Figure 2 8 In the access filter 203, the administrator who appropriately accesses information: can define new users and user groups, can define new resources and information sets, and can add services and servers. Administrators cannot define actions that are different from accessing information. And ‘the methods anyone can use to define new user groups are fixed’ and resources are limited by the source of the information. In the generalized decision server of the preferred embodiment, these restrictions have been removed. Now the admin is going to define: new actions, new ways to define user groups, and resources that are not information sets are possible. Of course, the right to make these definitions is itself determined by the decisions in the decision server database Mb, as explained in relation to the management decision in the access filter 203 and the decision maker decision. In most systems, the definition: many types of entities' resource types, and types of actions should be limited to ____ -119- This paper size ¥ Hour_ house standard A7 B7 V. Description of the invention (117) belongs to the use of "security officials" Group of people. These new possibilities are illustrated in a generalized decision syntax 280 for the decision statement shown in Figure 28. The generalized decision grammar 281 describes how to present the decision to the administrator in the window to which the decision can be manipulated. In Figure 28, the items in italics are part of many decision statements that may be defined by the administrator of the decision server 26, which has the right to access the decision server data. Library 2619. Items in square brackets are words that make the items in italics relate to defining a decision. For example,

Employees are allowed to Access the HR Web Site (雇員們都被容許存取H R網站資訊) 其中 Employees(雇員們)是一使用者群組,Access(存取) 是一項行動,而HR Web Site(HR網站)則是一資訊集;該決 策陳述允許:屬於&quot;雇員們&quot;使用者群組的任何使用者存取 屬於&quot;HR網站”資訊集的任何資源。 經濟部智慧財產局員工消費合作社印製 繼續更加詳細地討論關於通用化決策語法28〇丨,Entity (貫體)表示一使用者群組,其成員都是:由使用在存取過 濾器203中的諸多技術中的一種技術;或者由決策伺服器 2617之管理員所定義的一種技術加以定義的。針對實體的 唯一要求是:它必須是可由決策施行器26〇9辨識的。 Action(行動)表示;可能只是像存取過濾器203中之存取操 作那樣的一項行動而已,或者是由決策伺服器2617之管理 員所定義的一項行動。針對行動的唯一要求是:使決策施行 器2609能夠對一項資源執行行動^ Resource(資源)表示一 -120- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) S d B ^ 2 A7Employees are allowed to Access the HR Web Site (Employees is a user group, Access is an action, and HR Web Site (HR Website) is an information set; this decision statement allows: any user belonging to the "employees" user group to access any resource belonging to the "HR website" information set. Intellectual Property Bureau, Ministry of Economic Affairs, Consumer Consumption Cooperative Printing continues to discuss the generalized decision syntax 28 in more detail. Entity represents a group of users whose members are: one of many technologies used in the access filter 203; Or it is defined by a technology defined by the administrator of the decision server 2617. The only requirement for the entity is that it must be recognizable by the decision implementer 2609. The action represents; it may be just like access filtering An action such as an access operation in the server 203, or an action defined by the administrator of the decision server 2617. The only requirement for the action is Decision-making purposes 2609 can perform actions on a resource ^ Resource (resource) -120- This paper represents a scale suitable for China National Standard (CNS) A4 size (210 X 297 mm) S d B ^ 2 A7

資訊集。然而’在通用化決策飼服器中,—資訊集 如:印表機或檔案伺服器的諸多裝置之一集合。針疋諸 的唯-要求是··使決策施行器2_能夠對資源執行行動貪屈 Timelntervals (時間間隔)28〇9允許管理員定義—種° 使用通用化決策語法而正在被載明之決策的時間:: (temporal restriction)。當決策正在被評估用來決定—既定 使用者是否有權存取-既^資源時,唯若評估時間在時^ 間隔内,才會考慮一項具有時間間隔的決策。譬如說:3 Employees are allowed to Access the HR Web Site from 9:00 am-5:00 pm weekdays (雇員們都被容許存取H R網站資訊 平日:從上午9時到下午5時) 它會將由雇員們存取H R網站的時間限制爲正常營業時 間。在一較佳實施例中’可能將時間間隔定義如下: • 每天工作時間之始末的範圍; • 工作日期之始末的範圍; • 對於每周之工作日及休假日的限制:可選擇將每周的 特定工作日,及/或被列示爲休假日的日期包括在内或 排除在外; 經濟部智慧財產局員工消費合作社印製 • 對於每月之工作周的限制:容許將每周,從參考曰期 起的每隔X周(其中X是從2到1 2的一個數字),或者在 每一適用月份内的周數表加以規範; • 每年之適用月份表。Information set. However, in a universal decision feeder, a collection of information, such as a printer or a file server, is one of many devices. The only requirement is to make the decision executor 2_ able to perform actions on resources. Timelntervals (Time Interval) 2809 allows administrators to define—the types of decisions that are being specified using a common decision syntax Time: (temporal restriction). When a decision is being evaluated to determine whether a given user has access to the existing resource, a time-interval decision will be considered only if the evaluation time is within the time interval. For example: 3 Employees are allowed to Access the HR Web Site from 9:00 am-5: 00 pm weekdays. Our access to the HR website is limited to normal business hours. In a preferred embodiment, the time interval may be defined as follows: • The range of the beginning and end of the working day each day; • The range of the beginning and end of the working day; • Restrictions on weekly working days and holidays: You can choose to change the weekly Specific working days, and / or dates listed as vacation days are included or excluded; printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs • Restrictions on the working week of each month: weekly, from reference Every X weeks from the date (where X is a number from 2 to 12), or a table of weeks in each applicable month is specified; • The applicable monthly table for each year.

ActionAUribute(s)(行動屬性)2811都是可能實行被決策陳 -121 - 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 464812 A7 -------- ---B7 五、發明說明(119 ) 述允許之行動所用方法的一些由管理員定義的定義。再 者,唯—的要求是:決策施行器2609能夠實行如行動屬性 所載明的行動。譬如説:ActionAUribute (s) 2811 are all possible to be decided Chen-121-This paper size applies Chinese National Standard (CNS) A4 specification (210 X 297 mm) 464812 A7 --------- -B7 V. Invention Description (119) Some of the methods defined by the administrator are defined by the administrator. Furthermore, the only requirement is that the decision implementer 2609 is able to perform the action as stated in the attribute of the action. For example:

Marketing is allowed to print to the Marketing Printer with type=color (行銷員被容許使用具有列印類型爲彩色的行銷員之印 表機來列印) 达項決策包含行動屬性type=c〇1〇r(列印類型=彩色),該決 策允4屬於&quot;行銷員&quot;(Marketing)使用者群組之使用者使用 行銷員之印表機的資源來執行彩色列印。 行動屬性的諸多附加實例有: *針對網路通信連接所需的服務類別; •打算使用的路由或媒體類型; •打算適用的結帳費率; •這項交易的最大數量; •芜成交易所容許的最大時間。 就像由語法[with | when](具有|每逢)所指示的那樣,能 狗將時間間隔和行動屬性,以及和整個決策陳述一起使 經濟部智慧財產局員工消費合作社印製 用。例如’對服務類別設下時間限制的一項決策看起來像 這樣: (Everyone is allowed to access the World Wide Web with bandwidth=90°/〇 when weekends (每個人都被容許每逢周末就存取具有頻寬=90%的全球 資訊網資訊) -122- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 464812 A7 B7 五、發明說明(12〇 ) 每個人”之使用者群組中的實體每逢周末 == 的全球資訊網資訊。當已經將時問間 =行動屬性時,雖若在應用到行動屬性之時間間隔 =出執行仙之請求,才會㈣明於㈣屬性中那樣地 執行載明於決策中的行動。 通用化決策的建構例:圖2 9和3 0 /29顯示決策資料庫2901。決策資料庫290!是決策資料 庫仙的-種修改;以便適應用語法28〇1所定義的通用化 決朿’並且在-種已經將決策評估和決策施行分離的環境 ^運作。於是’在圖29中’決策查詢2939是來自決策飼服 器2617而不是存取過滤器2〇3,因而包括:—種打算執行 經濟部智慧財產局員工消費合作社印製 :行動的説明符(specifier),以及一種資訊來源或打算執行 行動所針對的其它資源的規範(specificati〇n)。將決策查詢 的結果294!轉回給決策伺服器2617。除了決策是否允^該 行動的-種指不外’該結果現在還包括與行動有關的屬性 數値。在圖2 9中而其功能維持不變的諸多圖3中的單元都 具有艺們在圖3中所具備的參考數字。就從存取決策3〇7開 始,資訊之第一附加項目是存取類型定義2929,它會定 義:諸多附加行動類別,可能針對它而將決策定義在存取 決策307中。其次,會有屬性資訊2927,它會定義:可能 附屬於涉及實行—項決策的諸多實體之屬性。包括在屬性 資訊2937内的則有下列各種資訊: •屬性指定2937,它會載明打算和屬性一起使用的是何 種:使用者群組,資訊集,網站,或服務; 123- 本紙張尺度適用中國國家標準(CNS)A4規格(21〇 X 297公爱 d6 48 1 2 A7 B7 五、發明說明(121 ) • 屬性標記2941,它會定義;在使用者界面中,爲人所 熟知的諸多屬性名稱;以及 •屬性特點M39 ’它實際上會定義:屬性怎樣影響被它 指定的諸多使用者群組等等。 時程安排(schedules)資訊29M會定義:可能附屬於決策 或屬性的時間間隔。在時程安排資訊2925内,時程安排規 則293 1實際上會定義時間間隔;而休假日表2933則是一種 使用在時程安排規則中的休假日表。資源類型2935會定 義:可能定義決策所針對的資源之類型,而使用者ID類型 2937則會定義:針對可能定義決策所針對的實體所需的識 別方法之類型。 在一較佳實施例中,使用微軟公司之爲人熟知的:Marketing is allowed to print to the Marketing Printer with type = color (marketers are allowed to print with a marketer with a print type of color). The reach decision includes the action attribute type = c〇1〇r ( Print type = color), this decision allows users belonging to the &quot; Marketer &quot; (Marketing) user group to use the resources of the marketer's printer to perform color printing. Many additional examples of mobile attributes are: * The type of service required for network communication connections; • The type of routing or media that is intended to be used; • The billing rate that is intended to apply; • The maximum number of this transaction; • Wucheng transaction The maximum time allowed. As indicated by the grammar [with | when] (with | every), energy can be printed by the consumer co-operatives of the Intellectual Property Bureau of the Ministry of Economic Affairs with the time interval and action attributes, and with the entire decision statement. For example, a decision that sets a time limit on a service category looks like this: (Everyone is allowed to access the World Wide Web with bandwidth = 90 ° / 〇when weekends (Everyone is allowed to access Bandwidth = 90% of the World Wide Web Information) -122- This paper size applies to China National Standard (CNS) A4 (210 X 297 mm) 464812 A7 B7 V. Description of Invention (12) Everyone "user Entities in the group every weekend == World Wide Web Information. When the time interval = mobile attribute has been used, it will not be clear if the time interval applied to the mobile attribute = the request to execute the fairy. The actions set out in decision-making are performed as in attributes. Examples of the construction of generalized decision-making: Figures 2 9 and 30/29 show the decision-making database 2901. The decision-making database 290! Is a kind of modification of the decision-making database; Adapt to the generalized decision defined by grammar 2801 and operate in an environment where decision evaluation and decision execution have been separated. So 'in Figure 29' decision query 2939 comes from decision feeder 2617 instead of access Filter 203, thus includes:-a specifier printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs: a specifier of the action, and a source of information or a specification of other resources for which the action is intended ). The result of the decision query 294! Is transferred back to the decision server 2617. In addition to the decision whether the action is allowed-the type is not specified, the result now also includes the number of attributes related to the action. Many of the units in Figure 3 whose functions remain unchanged have the reference numbers that the artists have in Figure 3. Starting from the access decision 3007, the first additional item of information is the access type definition 2929, which Will define: There are many additional action categories, and decisions may be defined in access decision 307 for it. Second, there will be attribute information 2927, which will define: attributes that may be attached to many entities involved in the implementation of a decision. Included in The attribute information 2937 contains the following various types of information: • Attribute designation 2937, which will indicate what is intended to be used with the attribute: user group, information set, website, Service; 123- This paper size applies to China National Standard (CNS) A4 specifications (21〇X 297 public love d6 48 1 2 A7 B7 V. Description of the invention (121) • Attribute mark 2941, it will be defined; in the user interface , Many well-known attribute names; and • attribute characteristics M39 'It will actually define: how the attribute affects many user groups specified by it, etc. Schedule information 29M will define: May be attached The time interval that belongs to a decision or attribute. In the schedule information 2925, the schedule rule 293 1 actually defines the time interval; and the vacation table 2933 is a vacation table used in the schedule rule. Resource type 2935 defines: the type of resource for which a decision may be defined, and user ID type 2937 defines: the type of identification method required for the entity that may define a decision. In a preferred embodiment, what is known from Microsoft Corporation is used:

Microsoft®存取資料庫軟體來建構資料庫29〇1。存取軟體 是一種關係資料庫(relational database),那就是:將資料庫 中的資訊儲存在一些表中。在存取軟體中的一種公用程式 (utility)會提供:一些表的圖像以及它們彼此的關係。本 申請案的圖1 3到1 7以及圖3 0都是源自那些圖像。在圖3 〇 中,出現在圖1 3到1 7中的一些表都具有它們在那些圖中 所具備的參考數字;而一些新的表則具有開頭是&quot;3〇&quot;的參 經濟部智慧財產局員工消費合作社印製 考數字。在圖30中的一些表3001顯示:怎樣將用來定義時 間間隔和屬性的一些表加以整合進入決策資料庫29〇I中。 更籠統地説,它們顯示:怎樣藉由增加另外一些單元而可 能修改一項決策,以及怎樣针對決策而可能定義諸多新單 元類型。 -124、 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公餐) 4 6 4 8 ^ 2 A7 !--— B7 _ 五、發明說明(122〉 時間間隔的詳細建構例 就從時間間隔開始’將這些時間間隔加以定義在時間間 隔表3025中。該表包括:一時程安排定義表3〇23,它會定 義可能出現在通用化決策語法讀内的丁咖工咖二⑷ 2809中的名稱;以及—時程安排規則表3〇25,它會定義可 能與定義在&quot;時程安排定義,,表助中的名稱有關聯的時程 安排規則。一個以上的時程安排規則可能與一既定名稱有 關聯。ScheduIeDefICK時間安排定義ID)使定義在表3〇25中 的每項時程安排規則都與使用表3〇23中之規則的時間排程 有關係;從〇町]^_(工作曰掩蔽)到£11£10攸(結束曰期)的 諸多欄位會定義時間安排規則。&quot;DescripU〇n,,(描述)搁位 則載示規則及其目的之描述。 經濟部智慧財產局員工消費合作社印製 如以下所提及的,可能針對整個決策以及針對決策中的 屬性而定義時間間隔。於是,定義在&quot;存取決策,,表ι中 的每项決策現在都包括一個ScheduleDefID欄位。每個這樣 的攔位都會包含··針對打算應用到決策之—時間間隔而在 表3023中之一定義的—個Schedu丨eDefID識別符。於是,當 決策伺服器2617正在決定一項決策是否可適用於一項行動 請求時,經由:在針對決策之表161丨内的登載項中,針對 時間間隔的SchediileDefID欄位;它就能夠指出應用到—項 決策之時間間隔的位置。同樣地,”屬性指定,,表3〇〇7,它 會使屬性與:使用者群组,資源集,網站,或服務有關 係;該表包括:針對可適用於該特定屬性指定的任何時間 間隔的一個ScheduleDeflD欄位。最後,用來定義時間間隔 _ -125- 本纸張尺度適用中國國家標準(CNS)A4規格(2J〇 x 297公爱) 464812 A7 B7 五、發明說明(123) 的機制也被使用在用來時程安排警戒資訊之一較佳實施例 中;於是,在表3023中的諸多登載項也都可以從 ”AlertSchedules”(警戒資訊時程安排)表3〇2丨中指出位置。 屬性的詳細建構例 將用來定義諸多屬性並使它們與可能被應用的:使用者 群組,資源群组,網站,以及服務有關係的一些表顯示於 圖3 0中的屬性表30〇3中。一既定屬性是由三種表:&quot;屬性 標記&quot;表3〇〇5 ’ &quot;屬性&quot;表3011 ’以及&quot;屬性特定&quot;表3〇〇9中的 登載項所定義的。&quot;屬性標記&quot;表3〇〇5會定義:用於針對在 決策定義語法2801内的ActionAttribute⑷中之諸屬性的標 記。每個這樣的標記都會有一個登載項,該登載項包括; 標記本身,屬性之描述,標記之優先次序(precedence),以 及屬性之類型。標記之優先次序會定義:當一個以上的屬 性與決策評估連接時,將會應用哪些屬性。當一項指定具 有一種比另一項指定還高的優先次序時,就會將具有較低 優先次序的那一項指定不予理會。每個屬性標記登載項都 是由一個&quot;AttributeLabellD”(屬性標記加以識別的。 經濟部智慧財產局員工消費合作社印製 在”屬性”表3011中的每個登載都會載示屬性之目前定 義。該定義可能具有用來識別&quot;屬性標記”表3005中之諸登 載項的一個或更多”屬性標記I D &quot;攔位。由,,屬性標記”表 3005中的那個登載項所定義的標記表示由屬性,•表3011中 的登載項所定義的屬性。屬性的目前意義是由表3011中的 一些攔位加以定義的。包括有:屬性之描述,其類型,它 應用到的伺服器之I D ’以及關於伺服器的裝置類塑。三個 -126- 家標準(CNS)A4 規格(210 κ 297 公釐) 46 48 12 A7 B7 五 經濟部智慧財產局員工消費合作社印製 、發明說明(124 ) a ft Μ ΐ ί i 与 % i 1 欄位:&quot;AttributeFeaturelD&quot;(屬性特點ID),”valuel&quot;(數値 1),以及”Value2&quot;(數値2)都是特別感興趣的欄位。在那 裏,必須至少有一個”AttributeFeatureID&quot;欄位。該欄位會 識別屬性特點&quot;表3009中之一登載項,該表則會定義使; 在2性中的諸多數値之種類和範圍。” Va]uel&quot;和” value2&quot; 會定義:單一數値(Valuel)之目前範圍,或者兩種數値 (Valuel和Value2兩者)之目前範圍;該數値係選擇自針對”屬 性特點”表3009中之屬性而定義的諸多數値之種類和範圍。 就像從前述中將會顯而易見的那樣,,,屬性特點&quot;表3〇〇9 能夠被用來定義諸多新屬性種類。在表3〇〇9中的每個登載 項都會包括用來指出登載項之位置的”屬性特點工D π識別符 及一些攔位如下: •類別:屬性所屬的類別之名稱(譬如說:服務品質,結 帳費率,或交易之最大數量); ° •特點ID :唯一定義在其類別内之特點的數字; •名稱:使用者藉由它來瞭解特點的名稱; • 描述:特點的一種描述; •數値類型:定義屬性的諸多數値之類型的一種定義(譬 如説:需要單-數値還是一對數値,以及資料類型資 訊); •特點優先次序:次序的一種指示,依照該次序將諸多 特點應用在評估屬性中; •數値優先次序:打算選擇範圍中的最高數値還是最低 數値的一種指示;以及 127· 本紙張尺度適用中國國家標準(CNS)A4規格(210x297公爱) 464812 A7 B7 五、發明說明(125) • 限制:對於數値之限制的一種指示。 要定義新屬性類別,被決策伺服器26丨7之決策允許這樣 做的管理員只是定義針對&quot;屬性特點&quot;表3009中之新類別的 特點’然後再開始定義使用那些特點的屬性。一續特點可 能是:對將要施行決策的決策施行器2609而言是很有意義 的任何事物。此處應該要注意的是:可能將用來定義諸多 新屬性種類的一些上述通用技術使用在決策資料庫2901中 的別處,以便定義諸多:新行動,用來識別使用者的新方 法,以及新資源類型。 —旦屬性已經藉由三種表:3〇〇5,3〇1〖及3〇〇9中的資訊 加以定義,它就會與一個屬性可能應用到的實體有關係。將 此實體稱爲:屬性之主體。&quot;屬性指定&quot;(AttHbuteAssignment) 經濟部智慧財產局員工消費合作社印製 表3007會載明這些關係。在表3〇〇7中的每個登載項都會使 載明在它的&quot;AttributeLabellD”(屬性標記I D )中的屬性與單 一主體有關係;此外,它可能使屬性與一使用者群組有關 係,而該使用者群組的成員則可能執行—項涉及主體的行 動。若登載項未載明一使用者群組,則屬性應用到主體之 任何用途,在其匕情沉,只有當被載明使用者群組使用主 體時’屬性才會應用。主體可能是:使用者群組,資源集, 網站’或服務;就像藉由諸多欄位。”使用者群組ID &quot;,”資 源群組ID&quot;,&quot;網站id&quot;,以及”伺服器ID,,的數値加以栽 明的那樣。在表30〇7中的另外一些欄位會指示:屬性是否 爲現用的(即:打算目前應用的),應用程式應該何時開 始’它何時滿期,以及屬性是否涉及時間間隔,針對時間 -128- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 464812 A7 五、發明說明(126 間隔的&quot;ScheduleDefiD”數値。 定給-既定實體的諸多屬:中==:指示:在* 在決定將哪些屬性應用在制定一項將:策有, 服器2617繼續進行如下:杏'万面中’決策# 決策評估有關的使用者^^決策評估時’針對指向婆 链路,加以搜尋在表_中的屬啦 用者群组’則順著來自表3 :,值 路走,就會來到表3005中的二,屬丨以的諸多通信詞 的屬性’最後來到表聰中的屬性特點…已=: 的Γ=(: 了表3011外)都會包含優先次序資訊,使用 :2決定:針對那些順著所有通信鏈路走而發現的屬 性’在表则中有哪些屬性實際上將會應用到決策評估的屬 經濟部智慧財產局員工消費合作社印製 針對每個類別的屬性而各別地考慮這些優先次序,就傳 藉由表雇中的屬性特點加以定義的那樣。在每個類別 内’:先考慮:在表3007中的屬性指定中的優先次序。雖 然共享相同優先次序的所有指定都會被考慮,但是只有那 些具有最高優先次序數値的指定才會進—步被考慮。其 次’考慮,針對其餘的已鏈接屬性,在表3〇〇5中的屬性標 記中的標記優先次序。雖然共享相同標記優先次序的所有 標記都會被考慮,但是只有那些具有最高優先次序數値的 標記才會進-步被考慮。其次,考慮:針對其餘的已缝接 屬性,在&quot;屬性特點&quot;表3〇〇9中的登載項中的特點優先次 序。只有那些共享最高特點優先次序的屬性才會被保留。 -129-本紙張尺度適用中國國家標準(CNS)A4視格(210 X 297公釐) 經濟部智慧財產局員工消費合作杜印製 A7 B7 五、發明說明(127) 最後,對於在表3 011中的每個屬性而言,該屬性被鏈接到 &quot;屬性特點&quot;表3009中的相同登載項;在”屬性特點,•表3009 中的數値優先次序,藉著指示打算選擇的是最高數値還是 最低數値而被用來決定:要使用來自表3011中的哪個屬性。 這時候,對於在表3 009中的諸多有關屬性特點登載項而 吉’定義在表3〇11中最多一個屬性會保持原狀,而在這些 登載項中的數値和特點都將會被轉回,以便用於評估決 策。在某些情形下,請求可能指示需要何種屬性數値;並 且’若它們與載明在決策中的那些數値不匹配,則該請求 可能被拒絕;在其它情形下,將諸多屬性數値提供給決策 施行2609,以便用於執行行動。 使屬性表3003和時間間隔表3025最佳化 .τ尤像在上述存取過遽器2〇3的討論中所描述的以及在圖 2 1和23中所圖解説明的那樣,在一較佳實施例中的決策 伺服器2617,藉著從其中產生諸多MMF檔案23 03而使決策 資料庫290 1最佳化。在較佳實施例中,已經增加兩個新 MMF檔案,以使表3003和3025中的資訊最佳化。兩個新 MMF檔案如下: • DBPr〇pertieS(資料庫”特性_,)檔案:包含能夠應用到其 它物件的所有&quot;特性、屬性及時程安排。此索引(mdex) 是藉由在那些其它物件中的&quot;特性j D ,,加以编製索引 的0 • DBPropertiesMetaDataC資料庫&quot;特性元資料,,)檔案:所 有特性都有一個名稱。此檔案是藉由特性類型名稱加 -130- 本紙張尺埂迺用中國國家標準(CNS)A4規格(210 X 297公爱) -----------ί *裝--------訂* A7 B7 五、發明說明(128 ) 以編製索引的(料包含在DBPmp㈣es檔案中的每個 特性名稱而言’在索引中具有一個登載項);並且將一 些名稱映射到諸多特性10之一列表,以使它們在 DBProperties檔案中很快地被查出。 針對時間間隔的使用者界面:圖3 1到3 3 圖3 1到3 3顯示: &lt; 用在-較佳實施例中,在圖形使用者 界面中所使用的視窗;用來:察看何種時間間隔(或時程 安排)已經被定義,定義針對一時間間隔的一項規則,以 及使用一時間間隔與一項決策有關聯。就從圖3 1開始,該 圖顯示:一種用來顯示已定義時程安排的視窗31〇2。子^ 窗(SUbwindow)3103會依照名稱列示所有的已定義時程安 排,·而予視窗3〖〇6則會依照名稱列示所有的已定義規則。 被顯示資訊是來自··&quot;時程安排定義,,表3〇23和&quot;時程安排 規則&quot;表3025。 經濟部智慧財產局員工消費合作社印製 要察看一時程安排名稱表示何種規則,使用者會選擇在 子視窗3 103中的名稱,如3丨〇5處所顯示的,在該·處,已經 選擇”非工作時間&quot;。此時程安排具有兩個组成規則:一個 表示每周之工作曰’顯示在31〇7處;一個表示周六,周 曰,及体假日,顯示在3109處。當選擇時程安排名稱時, 屬於它的(諸多)規則都會被凸顯在視窗3丨〇6中。相反地, 當選擇規則時,釺對使用該规則的諸多時程安排的時程安 排名稱都會被凸顯出來β在予視窗3丨〇6中的3丨丨丨處顯示: 針對營業時間的规則:而在子視窗3丨〇3中則顯示:另外一 些時程安排名稱。 131 · 本紙張尺度適用中國國家標準(CNS)A4規核·(210 X 297公笼) A7 -----------B7 __ 五、發明說明〇29 ) 裝 二要產生一項新時程安排,當子視窗3 ι〇3處在現用狀態時 •沈點按新增按鈕,並輸入新時程安排名稱;然後再選擇 新時私安排,並將屬於它的一些規則凸顯在子視窗3丨〇2 中。要改變指定給一時程安排的—些規則,先選擇時程安 排名稱,然後在子视窗31〇6中選擇針對該名稱的不同規 則。要產生針對一現存時程安排的一項新規則,先選擇時 私安排足名稱並點按&quot;新增&quot;按鈕,在當時就可能產生新規 則,如以下描述的8當處於子視窗3106中時,也能夠點按 新增按鈕,產生新規則,然後再使新規則與一時程安排 名稱有關係,如以上描述的。藉著將規則拖曳(dragging) 到時程安排名稱,並且將它棄置在時程安排名稱上,也能 夠使一項規則與一時程安排名稱有關係。 經濟部智慧財產局員工消費合作社印製 將用來產生一項新規則的視窗顯示在圖3 2中的32〇 1處。 這是用來修改一現存規則或產生一項新規則的視窗。要修 改一現存規則,就對它點按二次。在视窗中的輸入資訊會 允許使用者:依據時程安排之時間的有效性來定義正在被 應用到決策或屬性的時間間隔(3203),定義被選擇時間都 有效的每周之工作日(3205),定義時程安排有效的工作周 (3207) ’以及定義時程安排有效的每年的—部份(32〇9)。如 圖示,視窗3 2 01將顯示於圖3 1中的時程安排定義在3 111 處。該時程安排是由營業時間•'所表示。顯示於視窗3201 中的資訊是來自”時程安排規則&quot;表3025,而使用視窗3201 所做出的諸多修改則被應用到該表。 圖3 3顯示:用來將時間間隔增加到一項決策之定義的視 -132- 本紙張尺度適用中國S家標準(CNS)A4規格(210 X 297公釐) 4648 1 2 A7-------- 經濟部智慧財產扃員工消費合作社印製 五、發明說明(130 ) 窗。視窗3301將由屬於&quot;社團&quot;(c〇rp〇rate)使用者群組諸多 使用者存取&quot;社團,'資訊集限定爲:在3303處所指示的,,營 業時間’’之時程安排。當使用者點按方框33〇3時,就會顯 示諸多已定義時程安排的整個列表,因而使用者可能選擇 其中一個或增加一項新名稱。當使用者點按&quot;定義&quot;按鈕 3305時’就會顯示針對被選擇決策的視窗32〇丨。若正在增 加一項新名稱,則必要時使用者會針對新時程安排而塡寫 視窗3201。依據圖30,選擇在圖η中之—時程安排會使,,存 取決策&quot;表16Π中之一&quot;ScheduleDeflD&quot;攔位被填寫:針對,,時 程安排定義&quot;表3023中之登載項的識別符;而表3〇23則將時 程士排名稱包含在它的&quot;名稱&quot;爛位中。若時程安棑名稱是 新的’則針對新名稱而將一新登載項增加到表3〇23。若增加 或修改一項規則,則&quot;時程安排規則”表3〇25也會被修改。 針對屬性的使用者界面:圖3 4到3 7 針對屬性定義和指定的使用者界面是相似的。圖34顯示: 一種列示服務品質(quality of service,簡稱Q〇S)類型的諸 多目前已定義屬性的視窗3 4 01。這些屬性決定:有多少頻 寬(bandwidth)可供一種根據既定決策而正在執行的存取操 作利用。在3401處,列示有一些屬性標記或名稱。此處,定 義四種QoS屬性:三種表示頻寬數量(&quot;高,’,”中”,&quot;低。,一 種Γ最高優先級&quot;)表示若有衝突時的優先級(Priority)。所 有的這些屬性都有一種。的優先次序,如在3405處所顯示 的。諸多頻寬屬性全部都由”頻寬”特點加以定義,如在 3407處所顯示的。針對每個屬性的”數値”則被定義在3409 -133- 用中國國家標準(CNS)A4規格(210 X 297公釐) η 夹 κ 劳 ί &gt;ϊ I 濘 項 項 寫 本 頁Microsoft® accesses database software to build the database 2901. Access software is a relational database, that is, the information in the database is stored in some tables. A utility in access software provides: images of some tables and their relationship to each other. Figures 13 to 17 and Figure 30 of this application are derived from those images. In Figure 3, some of the tables appearing in Figures 13 to 17 have the reference numbers they have in those figures; while some new tables have the Ministry of Economic Affairs beginning with "quote 3". The Intellectual Property Bureau employee consumer cooperatives printed test figures. Tables 3001 in Fig. 30 show how some tables used to define time intervals and attributes can be integrated into the decision database 2901. More generally, they show how a decision can be modified by adding additional units, and how many new unit types can be defined for a decision. -124. This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 meals) 4 6 4 8 ^ 2 A7! --- B7 _ V. Description of the invention (122) Detailed construction examples of time intervals Time interval start 'defines these time intervals in the time interval table 3025. This table includes: a schedule definition table 3203, which will define the Dingerongerji 2809 that may appear in the reading of the generalized decision grammar The name in the table; and-schedule rule table 3025, which will define schedule rules that may be associated with the names defined in the "scheduling definition," table help. More than one schedule rule May be associated with an established name. ScheduIeDefICK schedule definition ID) makes each schedule rule defined in Table 3025 related to the schedule using the rules in Table 3203; from Omachi] ^ _ (Work day masking) to £ 11 £ 10 y (end date) define the timing rules. &quot; DescripU〇n ,, (Description) The shelf contains a description of the rules and their purpose. Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs As mentioned below, time intervals may be defined for the entire decision and for the attributes in the decision. Thus, each decision defined in the &quot; access decision, table now includes a ScheduleDefID field. Each such stop will contain a Schedu eDefID identifier defined in one of Tables 3023 for the time interval intended to be applied to the decision. Therefore, when the decision server 2617 is deciding whether a decision is applicable to an action request, via: the SchediileDefID field for the time interval in the entries in the decision table 161 丨; it can indicate the application To — The location of the time interval for the decision. Similarly, the "attribute designation," Table 3007, will associate attributes with: user groups, resource sets, websites, or services; the table includes: for any time that is applicable to that particular attribute designation A ScheduleDeflD field for the interval. Finally, it is used to define the interval _ -125- This paper size applies the Chinese National Standard (CNS) A4 specification (2J0x 297 public love) 464812 A7 B7 V. Description of the invention (123) The mechanism is also used in a preferred embodiment for scheduling alert information; therefore, many of the entries in Table 3023 can also be taken from the "AlertSchedules" Table 3202 Indicate the location. Detailed construction examples of attributes will be used to define a number of attributes and make them relevant to what may be applied: user groups, resource groups, websites, and services. Some tables are shown in the attribute table in Figure 30 3003. A given attribute is composed of three types of tables: &quot; attribute tag &quot; table 3005 '&quot; attribute &quot; table 3011' and &quot; attribute specific &quot; table entry in table 3009 Defined. & Quo t; attribute tags &quot; Table 3005 will define: tags for attributes in ActionAttribute () within the decision definition syntax 2801. Each such tag will have a posting item that includes; the tag itself , The description of the attribute, the precedence of the tag, and the type of the attribute. The precedence of the tag defines what attributes will be applied when more than one attribute is connected to the decision evaluation. When one designation has one attribute over another When an item is assigned a higher priority, the item with the lower priority will be ignored. Each attribute tag posting item is identified by an "AttributeLabellD" (attribute tag. Ministry of Economic Affairs) Each posting printed by the Intellectual Property Bureau employee consumer cooperative in the "attributes" table 3011 will contain the current definition of the attribute. The definition may have one or more of the entries in the &quot; attribute tag "table 3005 Multiple "attribute tag ID &quot; stop. The tag defined by the entry in the attribute tag table 3005 indicates that the attribute • The attributes defined by the entries in Table 3011. The current meaning of attributes is defined by some of the stops in Table 3011. Including: description of the attribute, its type, the ID of the server to which it applies, and About the device type of the server. Three -126- Home Standard (CNS) A4 specifications (210 κ 297 mm) 46 48 12 A7 B7 5. Printed by the Consumers ’Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs, Invention Description (124) a ft Μ ΐ ί i and% i 1 fields: &quot; AttributeFeaturelD &quot; (attribute feature ID), "valuel" (number 1), and "Value2" (number 2) are fields of particular interest. There must be at least one "AttributeFeatureID" field. This field will identify one of the attributes listed in table 3009, and the table will define the types and ranges of many numbers in the two properties. "Va] uel &quot; and" value2 &quot; will define: the current range of a single number (Valuel), or the current range of two numbers (both Valuel and Value2); this number is selected from the "attribute characteristics" table The types and ranges of many numbers defined by the attributes in 3009. As will be apparent from the foregoing, the attribute characteristics &quot; Table 3009 can be used to define many new attribute types. In Table 3 Each entry in 〇09 will include the "attribute characteristic ID" identifier and some stops to indicate the location of the entry: • Category: the name of the category to which the attribute belongs (for example: service quality, final Account rate, or maximum number of transactions) ° ° Feature ID: a number that uniquely defines a feature within its category; • Name: the name by which the user understands the feature; • Description: a type of feature Description; • Number type: A definition that defines one of the many types of attributes (for example, whether a single-number or a pair number is required, and data type information); • Feature priority: an indication of order, according to the The sequence applies many characteristics to the evaluation attributes; • Number priority: an indication of whether to choose the highest or lowest number in the range; and 127. This paper size applies the Chinese National Standard (CNS) A4 specification (210x297). Love) 464812 A7 B7 V. Description of the Invention (125) • Restriction: An indication of the limitation of data. To define new attribute categories, the administrator who is allowed to do so by the decision of the decision server 26, 7 simply defines the features for the new category in the &quot; attribute feature &quot; table 3009, and then begins to define the attributes that use those features. The continuation feature may be anything that makes sense for the decision implementer 2609 where the decision is to be made. It should be noted here that some of the above-mentioned general techniques that may be used to define many new types of attributes may be used elsewhere in the decision database 2901 in order to define many: new actions, new methods to identify users, and new Resource Type. -Once the attribute has been defined by the information in three tables: 305, 301, and 2009, it will be related to the entity to which an attribute may be applied. This entity is called: the subject of the attribute. &quot; Attribute Assignment &quot; (AttHbuteAssignment) A printed form 3007 from the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs will state these relationships. Each entry in Table 3007 associates the attribute stated in its "AttributeLabellD" with a single subject; moreover, it may cause the attribute to be associated with a user group Relationship, and members of the user group may perform an action involving the subject. If the posted item does not specify a user group, the attribute applies to any use of the subject. It states that the 'attribute' will only be applied when the user group uses a subject. The subject may be: a user group, a resource set, a website 'or a service; it is like having many fields. "User group ID &quot;," The resource group ID &quot;, &quot; website id &quot;, and the &quot; server ID &quot; Additional fields in Table 3007 indicate whether the attribute is active (ie: intended to be currently applied), when the application should start, when it expires, and whether the attribute involves a time interval, for time-128 -This paper size is in accordance with China National Standard (CNS) A4 (210 X 297 mm) 464812 A7 V. Description of the invention (126 interval &quot; ScheduleDefiD "number. Given to-Many genus of the given entity: Medium ==: Instructions: In * When deciding which attributes to apply in formulating a policy, the server 2617 continues as follows: Apricot '万 面 中' decision # Decision evaluation related users ^ ^ Decision evaluation is targeted at the pointing chain And search for the "user group" in the table _ followed by from Table 3 :, the value will go to the second in Table 3005, the attribute of the many communication words that belong to the last The characteristics of the attributes in Table Satoshi ... have =: Γ = (: outside of Table 3011) will contain priority information, use: 2 to determine: for those attributes found along all communication links, 'in the table rule What properties will actually be applied to The Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs, which evaluates policy evaluation, prints these priorities individually for each category of attributes, as defined by attribute characteristics in table employment. Within each category ' : Consider first: Priority in attribute assignments in table 3007. Although all assignments that share the same priority order will be considered, only those assignments with the highest priority number will be taken into account-next step is considered. For the remaining linked attributes, the tag precedence in the attribute tags in Table 3005. Although all tags that share the same tag precedence will be considered, only those tags with the highest priority number will be Further steps are considered. Secondly, consider: For the remaining stitched attributes, the feature priorities in the "Entry features" table entry in Table 3009. Only those attributes that share the highest feature priority order Will be retained. -129- This paper size applies to China National Standard (CNS) A4 Vision (210 X 297 mm). Bureau employee consumption cooperation printed A7 B7 V. Description of the invention (127) Finally, for each attribute in Table 3 011, the attribute is linked to the same entry in the "Attribute Characteristics" table 3009; In the "attribute feature", the priority of the numbers in table 3009 is used to decide which attribute from table 3011 to use by indicating whether the highest or lowest number is to be selected. At this time, for There are many related attributes and attributes listed in Table 3 009, and Ji 'is defined in Table 3, at most one attribute will remain the same, and the numbers and characteristics in these published items will be transferred back for evaluation decision making. In some cases, the request may indicate what attribute numbers are needed; and 'if they do not match those specified in the decision, the request may be rejected; in other cases, many attributes are counted Provided to Decision Enforcement 2609 for use in performing actions. The attribute table 3003 and the time interval table 3025 are optimized. Τ is particularly preferred as described in the discussion of the accessor 203 above and illustrated in FIGS. 21 and 23. The decision server 2617 in the embodiment optimizes the decision database 2901 by generating a large number of MMF files 23 03 therefrom. In the preferred embodiment, two new MMF files have been added to optimize the information in tables 3003 and 3025. The two new MMF files are as follows: • DBProperperS file: contains all &quot; characteristics, attributes, and schedules that can be applied to other objects. This index (mdex) is used on those other objects &Quot; Feature j D ,, 0 indexed in the DBPropertiesMetaDataC database &quot; file: all properties have a name. This file is added by the property type name -130- this paper The ruler uses the Chinese National Standard (CNS) A4 specification (210 X 297 public love) ----------- ί * installation -------- order * A7 B7 V. Description of the invention ( 128) Indexed (for each property name included in the DBPmp㈣es file 'has a entry in the index); and map some names to a list of many properties 10 so that they are in the DBProperties file Quickly detected. User interface for time intervals: Figures 3 1 to 3 3 Figure 3 1 to 3 3 shows: &lt; Used in-preferred embodiment, the window used in the graphical user interface ; Used to: see what time interval (or schedule) ) Has been defined, defining a rule for a time interval, and using a time interval to be associated with a decision. Beginning with Figure 31, the figure shows: a window to display a defined schedule 31 〇 2. Sub ^ window (SUbwindow) 3103 will list all the defined schedules according to the name, and the window 3 〖〇6 will list all the defined rules by the name. The displayed information is from ... &quot; Schedule definition, Table 3203 and &quot; Schedule rules &quot; Table 3025. Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs, the user must choose which rules the schedule name indicates. The name in the sub-window 3 103, as shown at 3, where the "non-working time" has been selected. This schedule has two composition rules: one indicates that the workday of each week is displayed at 3107; the other indicates that Saturday, weekdays, and sports holidays are displayed at 3109. When selecting a schedule name, the rule (s) that belong to it will be highlighted in window 3 丨 06. Conversely, when a rule is selected, the schedule name of many schedules that use the rule will be highlighted. Β is displayed at 3 丨 丨 丨 in the window 3 丨 〇6: Rules for business hours: And in the sub-window 3 丨 〇3: Other schedule names. 131 · This paper size is subject to China National Standard (CNS) A4 regulations. (210 X 297 male cage) A7 ----------- B7 __ V. Description of the invention 〇 29 New schedule, when the sub-window 3 ι〇3 is in the active state • Press the add button and enter the name of the new schedule; then select the new private schedule and highlight some of the rules that belong to it Sub-window 3 丨 〇2. To change some of the rules assigned to a schedule, first select the schedule name and then select a different rule for that name in subwindow 3106. To generate a new rule for an existing schedule, first select the private name of the schedule and click the "Add" button. A new rule may be generated at that time, as described below in the sub-window 3106 At middle time, you can also click the Add button to generate a new rule, and then make the new rule related to a schedule name, as described above. It is also possible to associate a rule with a schedule name by dragging the rule to the schedule name and discarding it on the schedule name. Printed by the Consumers' Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs The window used to generate a new rule is shown at 3201 in Figure 32. This is the window used to modify an existing rule or generate a new rule. To modify an existing rule, double-click it. Entering information in the window will allow the user to: define the time interval being applied to decisions or attributes based on the validity of the scheduled time (3203), define the weekly working day (3205) where the selected time is valid ), Define the work week in which the schedule is valid (3207) 'and define the annual part of the schedule in which it is valid (3207). As shown in the figure, the window 3 2 01 defines the schedule shown in FIG. 31 at 3 111. The schedule is indicated by the opening hours • '. The information displayed in window 3201 comes from the "Scheduling Rules" table 3025, and many modifications made using window 3201 are applied to the table. Figure 3 3 shows: used to increase the time interval to an item Vision of the definition of decision-132- This paper size is applicable to China Standards (CNS) A4 (210 X 297 mm) 4648 1 2 A7 -------- Printed by the Intellectual Property of the Ministry of Economic Affairs and the Consumer Cooperative Fifth, the description of the invention (130) window. Windows 3301 will be accessed by many users belonging to the "community" (croparate) user group "community," the information set is limited to: as indicated at 3303, "Business hours" schedule. When the user taps the box 3303, the entire list of many defined schedules will be displayed, so the user may choose one of them or add a new name. When When the user clicks the "definition" button 3305, a window 32 for the selected decision will be displayed. If a new name is being added, the user will write a window 3201 for the new schedule if necessary Based on Figure 30, select in Figure η — The schedule will cause the access decision "ScheduleDeflD" in Table 16II to be filled in: for, the schedule definition "identifier of the entry in Table 3023; and Table 3 23 will include the name of the scheduler in its "name". If the name of the scheduler is new, a new entry will be added to the table for the new name. Table 302. If it is added or modified A rule, the "Scheduling Rules" table 3025 will also be modified. User interface for attributes: Figures 3 to 3 7 The user interfaces for attribute definitions and assignments are similar. Figure 34 shows: A window 3 4 01 listing a number of currently defined attributes of the type of quality of service (QOS). These attributes determine how much bandwidth is available for an access operation being performed based on a given decision. At 3401, some attribute tags or names are listed. Here, four QoS attributes are defined: three types indicate the amount of bandwidth (&quot; high, &apos;, &quot; medium &quot;, &quot; low., And one Γ highest priority &quot; indicates the priority when there is a conflict (Priority). All of these properties have one. Priority, as shown at 3405. Many bandwidth attributes are all defined by "bandwidth" characteristics, as shown at 3407. The "number" for each attribute is defined in 3409 -133- Use Chinese National Standard (CNS) A4 specification (210 X 297 mm) η Clip κ Labor & &gt; ϊ I Item Write this page

X 裝 訂 A7 B7 464812 五、發明說明(131 ) 處。只有”最高優先級”才會有”數値2 ”。就像栽明於視窗 34〇1中的那樣,QoS頻寬屬性中的:&quot;高&quot;會接收512〇〇〇的 最大頻寬,',中,,會接收64000的最大頻寬’而”低&quot;則會接 收32000的最大頻寬。關於”最高優先級”,針對屬性所載 明的優先級必須位在針對&quot;數値1 ”和&quot;數値2 &quot;所載明的兩 個數値之間。在視窗3401中的資訊當然是來自三種表: 3005,301 1,以及 3009。 圖3 5顯示:用來將一種QoS屬性指定給使用者群組,資 訊集,網站,或服務的視窗3501。在子視窗3503中,顯 示··對於所有使用者群组(3507)而言,已經怎樣將,,中”, ”高”’以及”低三種QoS頻寬屬性(3509)分別指定給全球 資訊網服務,檔案傳送服務,以及遠距存取服務三種主體 (3511);以及已經怎樣將&quot;高&quot;Q〇s優先級屬性指定給”財務&quot; (Finance)使用者群組主體。諸多不同的指定會反映以下事 實:頻寬是一種通信服務的屬性,而優先級則是通信服務 之一使用者的屬性。於是,在可供網路服務利用的頻寬 内’ ”財務”使用者群組的諸多成員都具有高優先級。就像 由本實例所顯示的那樣,一個以上的行動屬性可能應用到 —項決策。若能夠藉著從兩個予视窗3513和3515中分別選 經濟部智慧財產局員工消費合作社印製 擇一些使用者群组和主題來產生針對主題的屬性,則會促 進屬性指定。在此視窗中所做的選擇當然都會被應用到,,屬 性指定”表3007。用與视窗3丨〇2觸及諸多用來定義屬性標 記和特點的视窗相同的通用方式,就能夠進一步使用视窗 3503。 -134- 本紙張尺㈣財 _ (〇Ν3)Α4Ί^^Ι^297 464812 ^_____ 經濟部智慧財產局員工消費合作社印製 A7 B7 、發明說明(132) 圖3 6顯示:用來讀取,修改,或產生,,屬性標記”表3〇i i 中之一登載項的視窗3601。此處,正在讀取的登載項是針 對”中&quot;QoS頻寬屬性。在36〇3處,顯示有:登載項之&quot;檁記,,, M描述”,及”標記優先次序,,攔位的數値。具有適當存取權 利的管理員當然能夠經由视窗36〇〖而改變這呰襴位的數 値。在3605處’顯示:針對與標記有關聯的屬性,來自,,屬 性”表3011中之登載項的資訊。在那裏顯示有:在登載項 中之&quot;數値1 &quot;的目前數値’以及特點之名稱。特點名稱當 然是來自針對該屬性之,'屬性特點”表3〇〇9。再者,可能經 由視窗3601而編輯這些數値。按鈕36〇7被用來檢視一種視 窗,該視窗會顯示:在,,屬性特點”表30〇9中之特點登載項 的完整内容。 圖3 7顯示該視窗。視窗370 1是用來定義針對一既定屬性 類別及諸多新屬性類別的諸多新屬性的視窗。視窗當然會 依?,?、屬性特點’’表3009中之一登載項的數値而運作。方框 3703是諸多屬性類別之一列表;可能藉由增加到列表來定 義新類別。方框3705是目前特點之名稱;在它們(類別與 名稱)之間會唯一地識別一登载項,而類別與名稱則對應 於表3009内的諸多登載項中的,_類別,|與I,名稱,•兩個欄位。 在這種情形下,登載項是針對q〇S”優先級屬性”(Pri〇rity attribute)。&quot;描述”方框3707會包含:在正在被檢視之登載 項中的”描述”之數値。3709指示:特點具有哪種數値類 型’此處是一對數値,如圖3 4中所指示的。在3 7 11處,顯 示有”特點優先次序&quot;和”數値優先次序”兩個攔位的目前 -135- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐)X Binding A7 B7 464812 Fifth, the description of the invention (131). Only "highest priority" will have "Number 2". As stated in Windows 3401, the QoS bandwidth attribute: "High" will receive a maximum bandwidth of 512,000, ', Medium, will receive a maximum bandwidth of 64000' and "Low" will receive a maximum bandwidth of 32000. Regarding the "highest priority", the priority stated in the attribute must be in the "quotation number 1" and "quotation number 2" Between two numbers. The information in window 3401 is of course from three tables: 3005, 3011, and 3009. Figure 35 shows a window 3501 used to assign a QoS attribute to a user group, information set, website, or service. In the sub-window 3503, it is shown that ... For all user groups (3507), how have the three types of QoS bandwidth attributes (3,509), "medium", "high" and "low" been assigned to the World Wide Web Service, file transfer service, and remote access service (3511); and how the "High" Q〇s priority attribute has been assigned to the "Finance" user group subject. Many different The designation of will reflect the fact that bandwidth is an attribute of a communication service, and priority is an attribute of one of the users of the communication service. Therefore, within the bandwidth available for network services, the 'financial' user group Many members of the group have high priority. As shown by this example, more than one action attribute may be applied to a decision. If you can choose the intellectual property of the Ministry of Economic Affairs from two pre-view windows 3513 and 3515, respectively Bureau employee consumer cooperatives print and select some user groups and themes to generate theme-specific attributes, which will promote attribute designation. Of course, the choices made in this window will be applied to, "Attribute Assignment" Table 3007. Windows 3503 can be further used in the same general way as Windows 3, which touches many of the windows used to define attribute marks and features. -134- This paper rule __ (〇Ν3) Α4Ί ^^ Ι ^ 297 464812 ^ _____ Printed by A7 B7, Employees' Cooperative of Intellectual Property Bureau of the Ministry of Economic Affairs, A description of the invention (132) Figure 36 shows: used to read, Modify, or generate, the attribute tag "window 3601 of one of the entries listed in Table 30i. Here, the entry being read is for the" Quo "QoS bandwidth attribute. At 36〇3, the following items are displayed: "Remarks,", M description ", and" Mark priority ", and the number of stops. An administrator with appropriate access rights can of course change the number of bits through the window 36. At 3605, 'display: for the attributes associated with the tag, from ,, attributes' information in the entry in the table 3011. There is displayed: &quot; numerical number 1 &quot; the current number in the posted item' And the name of the feature. Of course, the feature name comes from the 'Attribute Feature' table 3009 for this attribute. Furthermore, these data may be edited via Windows 3601. The button 3607 is used to view a window that displays: the complete contents of the feature entries in the "Attributes" table 3009. Figure 37 shows the window. Window 3701 is used to define A window with many new attributes for a given attribute category and many new attribute categories. Of course, the window will operate according to the number of entries in one of the "Attributes" table 3009. Box 3703 is one of many attribute categories A new category may be defined by adding to the list. Box 3705 is the name of the current feature; a listing is uniquely identified between them (category and name), and the category and name correspond to those in table 3009 Among the many entries, _ category, | and I, name, • two fields. In this case, the entry is for q〇S "Priority attribute". &Quot; Description " Box 3707 will contain the number of "descriptions" in the item being viewed. 3709 indicates: what kind of data type the feature has ′ here is a pair of numerical values, as indicated in FIG. 34. At 3 7 11 there are currently displayed two barriers of "characteristic priority" and "number priority" -135- This paper size applies to China National Standard (CNS) A4 (210 X 297 mm)

η 先 η % 5 之 'Δ η 寫 I 裝 464812 A7 B7 五、發明說明(133 ) 設定値;而在3713處,則會出現任何限制資訊。 對標準化策略伺服器之改良 _ 下列討論將由使用在一較佳具體實施例中,以在—允許 策略之元件和標準化的策略伺服器之間傳送資訊的協定開 始,而然後將討論使用在存取控制系統的一較佳具體實施 例中,以允許存取控制系統的管理人定義他們自己的方法 來收集有關一使用者的資訊,和單純地把資訊提供給允許 策略之το件 '或使用此資訊來認證使用者、或判斷使用者 在一使用者群組中的會員資格之技術。 將存取請求當成資料庫查詢處理:圖3 8 _ 4 0,5 4 圖38是結合了在此處所揭露對標準化的策略伺服器之改 良的系統之一方塊圖。在圖38中,在本申請案的母案或母 案之母案中所揭露的存取控制系統之元件,有母案或母案 之母案的圖形中它們所用的參考號碼β改良的協定381丨在 一允許策略之元件2609和一標準化的策略伺服器26〖7之間 傳送資訊。在大部份的情形下,此協定將在—連接元件 2609和伺服器2617的網路上進行。 經濟部智慧財產局員工消費合作社印製 在此改良的協定中,來自允許策略之元件2609的存取請 求採用標準S Q L査詢的格式。對來自標準化的策略伺服器 2617的查詢之回應當然根據此查詢的内容而定;最低限 度’查詢結果指示存取請求是否允許或回絕。在標準化策 略祠服器2617當中,那些査詢由代理20 31中的一新代理, 即虚擬資料庫(VDB)服務3813,解譯。VDB服務3813模擬 一 SQL資料庫伺服器;在較佳具體實施例中,它不是模擬 -136- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 464812 A7 B7 五、發明說明(134 ) 一使用眾所週知的TDS協定之SQL伺服器,就是模擬一使 用眾所週知的TNS協定之Oracle®資料庫伺服器。當然,在 其他具體實施例中,VDB服務3813能夠模擬接收一輸入、 並在此輸入之後選擇一列集合的任何機制。 如先前所解釋’一代理是在一般策略伺服器26丨7中攔截 —特定協定的交通之軟體。代理》了解,它正在攔截的協 定,且可從交易期間中所交換的訊息獲得識別正在存取的 資源及/或認證使用者所需要的資訊。代理提供它已從交易 期間獲得的資訊給評估器2036,以決定使用者對資訊資源 是否有存取權力。評估器2036使用策略db编譯過的mmf 版本2301作決定。在VDB服務38 13的情況中,vdb服務 38Π不攔截交通,而只是接收VDB服務3813所模擬的資料 庫系統使用的協定中之訊息,解釋包含在—訊息中的一查 詢以取得獲得結果所必需的資訊,然後並傳回一至少包含 此結果的訊息到允許策略之元件26〇9。 虛擬的資料庫一圖54 因爲VDB服務3813模擬一關聯式資料庫協定,所查詢的 資訊顯現爲組織成一表列,其對允許策略之元件26〇9所控 制的資源之每一潛在使用者/潛在資源组合有一列,和定義 經濟部智慧財產局員工消費合作社印製 那些列中的欄位之行。在一列中的每—欄位包含此欄位所 屬的行之列的數値。對關聯式資料庫的查詢時常是使用 SQL語言所寫成。對-關聯式資料庫表列的哪查詢有普 遍的格式: SELECT &lt;攔位名稱清單&gt; from &lt;關聯式資料庫表列名稱&gt; -137- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 4648 1 2 A7 _________^^ B7 五、發明說明(135) WHERE &lt;«欄位名稱,數値對&gt;,操作元&gt;清單&gt; 舉一簡單的範例,如果一表列AccountBaiances的每一列 有三個欄位 ’ DepositorName、AccountID、和 Balance,每 一欄位包含它的名稱所指示的,獲得存款者&quot;R. Date&quot;和帳 户識別&quot;549362&quot;的帳户餘額之查詢就像: SELECT Balance from AccountBalances WHERE DepositorName='R.Date, AND AccountID='549362' WHERE子句指示其値將用來選擇表列中有興趣的那些記 錄之欄位、和那些數値將如何結合;SELECT子句指示所 選擇i己錄的哪些欄位會由查詢將它們的數値傳回。因此, 在上述範例中’如果在表列AccountBa!ances中有一記錄, 其 DepositorName欄位帶有數値 ”R Date_,、且其 Acc〇untID欄 位帶有數値&quot;549362&quot; ’此查詢將傳回欄位ACC0untBalances 的數値。 經濟部智慧財產局員Η消費合作社印製 VDB服務3813稱爲一虛擬資料庫服務是因爲那些查詢是 對一虛擬的關聯式表列進行而非一眞實的表列。這樣做的 理由是,由VDB服務3813所處理的那些查詢是爲了要找出 在策略資料庫3825中的存取策略,是否將允許正在請求對 一資訊資源的存取之使用者有資訊資源的存取權力。此種 查詢的一眞實的關聯式資料庫表列對每潛在使用者, 資訊資源&gt;配對在表列中將必須有一列,因爲任何潛在使 用者可能請求存取。在大多數應用中眞實的關聯式資料庫 表列將不只是大到無法接受,它將會是不可定義的,因爲 ____ -138- ^紙張尺度適用中固國豕標準(CNSXA4規格(21〇 X 297公爱) &quot;—- 46 48 1 2 A7 B7 五、發明說明(136) 將無法知道所有潛在使用者是誰。 圖54表示帶有VDB服務3813和虛擬的關聯式資料庫表列 5411之虛擬關聯式資料庫系統5401。虛擬的關聯式資料庫 表列5411並不眞的存在’而是對查詢它的應用程式好像存 在。從應用程式的觀點,虛擬的關聯式資料庫表列5411就 好像一眞實的關聯式資料庫表列5411 —樣運作。虚擬的關 聯式資料庫表列5 411呈現包括一些數目的虛擬列 5413(0. .q),每一列有許多欄位5415(0. _p)。當一使用者 對虛擬的表列541 1進行一查詢時,此查詢的WHERE子句決 定選擇哪一列5413 ’而SELECT子句決定傳回所選擇的列 中之哪些欄位5415。 經濟部智慧財產局員工消費合作社印製 當然,由查构所敘述的那些列和所傳回的那些攔位像表 列5411 —樣是虛擬的。即使表列54 11不存在VDB服務3813 也能夠回應查詢5403 ’因爲它能夠使用查詢的WHERE子句 中之資訊,找出並取回在SELECT子句中所敘述一或更多 資訊來源5409中的結果。取回結果之後,Vdb服務3 813建 立一對應於此查詢所選擇的虛擬的列541 3(i)之組合的列 5417。組合的列5417至少包括將對查詢傳回的結果之眞實 的攔位5419。組合的列5417對每一查詢建立,而且對每一 查詢只建立如此查詢所敘述的虛擬表列的那些列所需要— 樣多的列。資訊來源5409可能包括對VDB服務3813是區域 内的資訊來源,或非區域的資訊來源,且甚至可能包括其 他資料庫。 於使用在標準化的策略伺服器2 617中之虛擬關聯式資料 -139- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 48 1 2η first η% 5 of 'Δ η Write I 464812 A7 B7 V. Description of the invention (133) Setting 値; and at 3713, any restriction information will appear. Improvements to the standardized policy server_ The following discussion will begin with the use in a preferred embodiment of a protocol that allows information to be transmitted between the elements of the policy and the standardized policy server, and then will be used in access In a preferred embodiment of the control system, the administrators of the access control system define their own methods to collect information about a user, and simply provide the information to the το pieces of the permission policy 'or use this Information to authenticate users, or determine users' membership in a user group. The access request is treated as a database query: Figure 3 8 _ 4 0, 5 4 Figure 38 is a block diagram of a system incorporating improvements to the standardized policy server disclosed herein. In FIG. 38, the components of the access control system disclosed in the parent case of the present application or the parent case of the parent case, there are drawings of the parent case or the parent case of the parent case in which they use the reference number β modified agreement 381 丨 Transmits information between an element 2609 that allows policy and a standardized policy server 26 [7]. In most cases, this agreement will be performed on a network that connects component 2609 and server 2617. Printed by the Employees' Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs In this improved agreement, access requests from elements 2609 that allow policy are in the standard SQL query format. The response to the query from the standardized policy server 2617 depends of course on the content of this query; the minimum 'query result indicates whether the access request is allowed or denied. In the standardization strategy server 2617, those queries are interpreted by a new agent in the agent 2031, namely the virtual database (VDB) service 3813. VDB service 3813 simulates a SQL database server; in a preferred embodiment, it is not a simulation -136- This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) 464812 A7 B7 V. Invention Explanation (134) A SQL server using the well-known TDS protocol is a simulation of an Oracle® database server using the well-known TNS protocol. Of course, in other specific embodiments, the VDB service 3813 can simulate any mechanism that receives an input and selects a list set after this input. As explained previously, an agent is software that intercepts traffic of a particular protocol in a general policy server 26,7. The Agent understands that it is intercepting the agreement and can obtain the information needed to identify the resource being accessed and / or authenticate the user from the messages exchanged during the transaction. The agent provides the information it has obtained from the transaction to the evaluator 2036 to determine whether the user has access to the information resource. The evaluator 2036 makes a decision using the mmf version 2301 compiled by the strategy db. In the case of the VDB service 38 13, the vdb service 38 Π does not intercept the traffic, but only receives the information in the agreement used by the database system simulated by the VDB service 3813, explaining a query contained in the message to obtain the necessary results And then return a message containing at least this result to the element 2609 that allows the policy. Virtual database-Figure 54 Because VDB service 3813 simulates a relational database agreement, the query information appears as a table organized for each potential user of the resource controlled by element 2609 of the allowed policy / The potential resource combination has a row and the rows that define those columns printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs. Each field in a row contains the number of rows in the row to which the field belongs. Queries on relational databases are often written in SQL. Which query of the relational database table has a common format: SELECT &lt; List of stop names &gt; from &lt; Relationship database table name &gt; -137- This paper standard applies Chinese National Standard (CNS) A4 specifications (210 X 297 mm) 4648 1 2 A7 _________ ^^ B7 V. Description of the invention (135) WHERE &lt; «field name, number pair &gt;, operator &gt; list &gt; give a simple example If each column of a AccountBaiances table has three fields' DepositorName, AccountID, and Balance, each field contains its name as indicated, the depositor &quot; R. Date &quot; and account identification &quot; 549362 &quot; The query for the account balance is like: SELECT Balance from AccountBalances WHERE DepositorName = 'R.Date, AND AccountID =' 549362 'The WHERE clause indicates the fields it will use to select those records that are of interest in the table column, and How those numbers will be combined; the SELECT clause indicates which fields of the selected i record will be returned by the query. Therefore, in the above example, 'If there is a record in the table AccountBa! Ances, its DepositorName field has the number "R Date_, and its AccOuntID field has the number" &quot; 549362 &quot;' This query will return The number of the field ACC0untBalances. The member of the Intellectual Property Bureau of the Ministry of Economic Affairs and the Consumer Cooperative printed VDB service 3813 called a virtual database service because those queries are performed on a virtual relational list rather than a solid list. The reason for this is that those queries processed by the VDB service 3813 are to find out whether the access policy in the policy database 3825 will allow users who are requesting access to an information resource to have the information resource stored. Take power. A solid relational database listing of this kind of query For each potential user, the information resource> pairing will have to be in the listing because any potential user may request access. In most applications The list of real-world relational databases will not only be too large to be acceptable, it will be undefinable because ____ -138- ^ The paper scale is applicable to Zhonggu Guo 豕Standard (CNSXA4 specification (21〇X 297 public love) &quot;-46 48 1 2 A7 B7 V. Description of the invention (136) will not know who all potential users are. Figure 54 shows the VDB service 3813 and virtual The relational database table 5411 is a virtual relational database system 5401. The virtual relational database table 5411 does not exist, but it appears to the application that queries it. From the application point of view, the virtual The relational database table 5411 behaves like a solid relational database table 5411. The virtual relational database table column 5 411 presents a number of virtual columns 5413 (0. .q), each column There are many fields 5415 (0. _P). When a user performs a query on the virtual table column 541 1, the WHERE clause of this query determines which column is selected 5413 'and the SELECT clause returns the selected column Which of the columns is 5415. Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs Of course, the columns described by the investigation and the stops returned are as virtual as table 5411. Even if table 54 11 VDB service 3813 does not exist Enough to respond to query 5403 'Because it can use the information in the WHERE clause of the query to find and retrieve the results from one or more information sources 5409 described in the SELECT clause. After retrieving the results, Vdb service 3 813 Create a column 5417 corresponding to the combination of the virtual column 541 3 (i) selected by this query. The combined column 5417 at least includes a solid stop 5419 that will return the results returned by the query. The combined column 5417 is created for each query, and for each query, only those columns required by the virtual table columns described by the query are required-as many columns. Information source 5409 may include information sources that are regional to VDB service 3813, or non-regional sources, and may even include other databases. Virtual relational data used in the standardized policy server 2 617 -139- This paper size applies to China National Standard (CNS) A4 (210 X 297 mm) 48 1 2

五、發明說明(137〉 庫系統5401的具體實施例中’允許策略的元件26〇9藉由對 虛擬的關聯式資料庫表列p〇liCyEvai作一查詢,回應一使 用者對存取一資源的請求。select子句至少敘述一指示 使用者對資源疋否有存取椎力的糊位。where子句敘述允 許標準化策略伺服器2617決定使用者是否確實有存取權力 的資訊。在策略伺服器26 Π的一目前較佳具體實施例中, 在WHERE予句中敘述的資訊可能來自允許策略的元件 2609、來自評估器2036、及/或認證協調器3829。認證協調 器3829將在稍後更詳細地解釋。依查詢而定,使用者的概 念列5417之各種欄位傳回到允許策略之元件26〇9。vDB服 務38 13的其他具體實施例,當然可以使用獲得和傳回必要 的資訊以回答此查詢的任何機制。 經濟部智慧財產局員工消費合作社印製 WHERE子句中的資訊在虚擬的關聯式資料庫系統54〇1中 應用於資訊來源5409,而非一關聯式資料庫表列中欄位的 數値之有趣的結果是’在一 WHERE子句中的一數値可與從 一資訊來源5409⑴所獲得的數値,以標準的關聯式資料庫 系統中不可得的方式比較。舉例來説,如果使用者的15)位 址是在一範圍的IP位址當中,一使用者可能屬於對一資訊 資源有存取權力的一使用者群組;資訊來源可能直接地定 義IP位址的範圍,而當評估WHERE子句時,VDBifi]服器 5407只是判斷在WHERE子句中的IP位址是否包含在範圍 中。相同的技術可與樣式比對一起使用。舉例來説,如果 使用者的電子郵件地址是一公司電子郵件地址,一使用者 可能屬於一使用者群組。如果公司的電子郵件地址全部有 -140- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) A7 f648 1 2 B7 ~ — 1 — 五、發明說明(138 ) &lt;311丫_511*丨1^&gt;@(:011^3117.£;0111的格式,那麼當\^3伺服器評 估WHERE子句時它只需要決定,使用者的電予郵件-地址是 否符合* @ company, com的樣式。 在允許策略的元件2609中的查詢 繼績進行更多細節,在一較佳具體實抱例中有二種方法 能將對VD B服務3 8 13作查詢的能力包含在一允許策略的元 件中。一種方式是把那些必需的查詢加入VDB服務38 13, 以編碼允許策略之元件所執行的例如網路應用程式或伺服 器3803。這和任何允許策略的應用程式一起運作,並准許 由允許策略之元件所操縱的任何實體之存取的控制,如本 專利申請案的母案所描述。舉例來説,控制存取的實體可 能是一份文件中的一欄位。 另一方法是利用一策略插入模组進行那些查詢。一策略 插入模组是對一應用程式的增加,其准許此應用程式執行 策略評估。舉例來説,許多網路應用程式有策略插入模组 3805的使用之提供。如果已對網路應用程式提供一策略插 入模組’當伺服器接收要從瀏覽器抓取的下一網頁之URL 時,它把那些網頁提供給瀏覽器啓動了插入模组。當插入 模組執行時,它判斷瀏覽器是否可存取網頁,而伺服器只 有當策略插入模組如此指示時才提供網頁給瀏覽器。在存 取控制由標準化的策略伺服器2617完成時,插入模組對 VDB服務38 13進行要判斷瀏覽器是否可有存取權力所必須 的查〇句。如圖3 8所指示,系統3 8 01的一較佳具體實施例中 之策略插入模组3805可能是負載平衡的,也就是,他們可 -141 - 本紙張尺度適用中國园家標準(CNS)A4規格⑽x 297公爱) (請先閱讀背面之注意事項再填寫本頁) -裝 經濟部智慧財產局員工消費合作社印製 4648 1 2 A7 B7 經濟部智慧財產居員工消費合作社印製 五、發明說明(139 ) 能對許多不同標準化策略词服器2617有存取權力,且將定 址-特定查詢3811到目前最少負載的—個。這在標準化的 策略伺服器2617中當然是可能的,因爲在存取控制系統中 每一標準化的策略伺服器有—完全相同的策略資料庫 3825,而且因爲在存取控制系統中的那些標準化策略伺服 器彼此認證,使得一標準化的策略伺服器信任從另—標準 化策略伺服器獲得的資訊成爲可能。 一允許策略之元件不需要特別的軟體來進行VDB服務 3S13的查詢〇所必需的是對一轉換查詢成爲指向VDB服務 3813的訊息 '且屬於—可由VDB服務38丨3所模擬的資料庫 系統中之一個解譯的一種協定之公用程式的存取。此種公 用程式是廣泛地可得的。圖39和40提供對VDB服務3813進 行的查詢,如何出現在由允許策略之元件所執行的程式, 例如一網路伺服器或應用程式38〇3或策略插入模組38〇5中 的範例。圖 39表示商階介面 3901。ConclavePolicyAllowed〇3903 是一建構用來執行存取檢查 '把查詢送到VDB服務3813、 並接收和傳回結果之SQL查詢的函數。如果結果是”是&quot;, 指示允許存取’高階介面3901執行分支3905 ;否則,它執 行分支3907。這些分支的内容當然根據應用程式38〇3或策 略插入模組3 8 0 5的程式將如何回應,以准許或回絕存取。 圖40表示ConcIavePolicyAllowed()3903的一較佳具體實施 例。在4003,變數設定成將给允許策略之實體2609對一標 準化的策略伺服器2617的存取權力。在4005,存取設定成 内定數値”不&quot;,所以如果VDB服務3813未能回應,將不核 -142 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 請 先 閱 讀 背 面 之 注 項 再 填 寫 頁 裝 訂 A7 B7 4648 1 2 五、發明說明(140 可存取權力。在4007,存取請求的來源和目的ιρ位址、目 的埠、和所存取之資源的URL指派成變數。在4〇〇9,建構 SQL查詢。它使用標準sql格式。此查詢選擇關聯式表列 PolicyEval的一列中之欄位IsA11〇wed的數値。p〇licyEva^ 現爲有一列給由允許策略的元件2609所控制的資源之每— 潛在使用者,以WHERE子句中所敛述的那些數値選擇的一 列、和所選擇的列之IsAllowed欄位,指示是否允許那個使 用者存取。然而’事實上,如上述所指出,以丨丨^以以是 虛擬的’也就是’使用者的&quot;列__是在存取請求之後组合 的。在此,WHERE子句使用在4007設定的那些變數完成, 而因此利用一來源IP位址叙述使用者,並利用一目的ip位 址、一目的埠、和一資源名稱敘述此資源。如本申請案的 母案之母案所解釋,評估器2036可使用這個資訊來決定使 用者屬於哪一使用者群組,和資源屬於哪一資訊集。有了 這個資訊’評估器2036進一步從應用於那些使用者群組和 資sfL集的存取策略決定’是否將准許由來源位址所敘述 的使用者對由目的IP位址、目的埠、和資源名稱所敘述的 資源之存取。 如果使用者識別資訊不足以敎述一給使用者對資源的存 取權力之使用者群組,AskClientForldentities WHERE子句 指示評估器2036可使用ATS 2039來從使用者的UIC獲得更 多使用者識別資訊,如本申請案的母案所描述。 在401 1,建立連接到VDB服務3 8 13所需要的物件、和保 存查詢結果所需要的物件,且對VDB服務38 13的連接是使 -143- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) n 夫 u a £ 之 ·;ϊ 意 事 項 為 填 寫 本 頁 裝 訂 經濟部智慧財產局員工消費合作社印製 4648 12 A7 _________ B7 五、發明說明(141 ) 用在4003設定的那些變數所建立。在4〇13 ’在4〇〇9所敘述 的查詢由在4003所敘述的策略伺服器中之vdb服務3 813執 行。在40 15,如果在進行查詢上沒有錯誤發生,且查詢有 一非空的結果,那麼此查詢的結果(也就是,IsAU〇wed的 數値)是在1己綠集的第一個元件中。這個數値由 ConclavePolicyllowed傳回。如果查詢失敗,所傳回的數値 是在4005指派的數値。在4017,關閉對記錄集和策略伺月艮 器的那些連接,且與那些連接中有關的那些物件設定爲無 效數値。 經濟部智慧財產局員工消費合作社印製V. Description of the Invention (137) In the specific embodiment of the library system 5401, the 'allowed policy element 2609' responds to a user's access to a resource by making a query on the virtual relational database list p0liCyEvai. The request.select clause describes at least one bit that indicates whether the user has access to the resource. The where clause describes the information that allows the standardized policy server 2617 to determine whether the user does have access rights. The policy server In a presently preferred embodiment of the orchestrator 26, the information described in the WHERE clause may come from the element 2609 that allows the policy, from the evaluator 2036, and / or the authentication coordinator 3829. The authentication coordinator 3829 will be later Explain in more detail. Depending on the query, the various fields of the user's concept column 5417 are returned to the element 2609 that allows the policy. Other specific embodiments of vDB service 38 13 can of course be used to obtain and return the necessary Information in order to answer this query. The information in the WHERE clause printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs is applied in the virtual relational database system 5401 Source 5409, rather than the number of columns in a relational database table. The interesting result is that 'a number in a WHERE clause is comparable to the number obtained from a source 5409'. Comparison of methods not available in the relational database system. For example, if the user's 15) address is in a range of IP addresses, a user may belong to a group that has access to an information resource. User group; the source of information may directly define the range of IP addresses, and when evaluating the WHERE clause, the VDBifi server 5407 just determines whether the IP address in the WHERE clause is included in the range. The same technique can be used with style matching. For example, if a user's email address is a company email address, a user might belong to a user group. If all the company's e-mail addresses are -140- This paper size is applicable to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) A7 f648 1 2 B7 ~ — 1 — V. Description of the invention (138) &lt; 311 丫_511 * 丨 1 ^ &gt; @ (: 011 ^ 3117. £; 0111 format, then when the \ ^ 3 server evaluates the WHERE clause, it only needs to decide whether the user ’s email address is consistent with the * * company, com style. The query succession in the element 2609 that allows the strategy is more detailed, and in a better specific example there are two ways to include the ability to query VD B services 3 8 13 in A component that allows a policy. One way is to add those necessary queries to the VDB service 38 13 to encode a component that allows the policy to execute such as a web application or server 3803. This works with any application that allows a policy And permit access control by any entity manipulated by the elements of the allow policy, as described in the parent case of this patent application. For example, the entity that controls access may be a field in a document. Another method is to use a policy The plug-in module performs those queries. A policy plug-in module is an addition to an application that allows the application to perform policy evaluation. For example, many web applications have the use of a policy plug-in module 3805 provided. If a policy plug-in module has been provided for the web application, 'When the server receives the URL of the next web page to be fetched from the browser, it provides those web pages to the browser and activates the plug-in module. When the plug-in module When executed, it determines whether the browser can access the web page, and the server only provides the web page to the browser when the policy insertion module so instructs it. When the access control is done by the standardized policy server 2617, the insertion module pair The VDB service 38 13 performs the necessary sentences to determine whether the browser has access rights. As indicated by FIG. 38, the policy insertion module 3805 in a preferred embodiment of the system 3 8 01 may be a load. Balanced, that is, they can be -141-This paper size applies the Chinese Gardener's Standard (CNS) A4 specification ⑽ x 297 public love) (Please read the precautions on the back before filling this page)- Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs 4648 1 2 A7 B7 Printed by the Consumer Cooperatives of the Intellectual Property of the Ministry of Economy Employees ’Cooperatives V. Invention Description (139) Can access to many different standardized tactics server 2617, and will Addressing-a specific query 3811 to the one with the least current load. This is of course possible in the standardized policy server 2617, because each standardized policy server in the access control system has-the exact same policy database 3825, and because of those standardized policies in the access control system The servers authenticate each other, making it possible for a standardized policy server to trust the information obtained from another standardized server. A component that allows the strategy does not require special software to make a query to the VDB service 3S13. What is necessary is to convert a query into a message that points to the VDB service 3813 'and belongs to-a database system that can be simulated by the VDB service 38 An interpreted access to a protocol utility. Such public programs are widely available. Figures 39 and 40 provide examples of queries to the VDB service 3813 that appear in programs executed by elements that allow policies, such as a web server or application 3803 or a policy insertion module 3805. Figure 39 shows the commercial interface 3901. ConclavePolicyAllowed 03903 is a function that constructs a SQL query that performs an access check 'to send a query to the VDB service 3813, and to receive and return results. If the result is "Yes", it indicates that access is allowed to the 'high-level interface 3901 execution branch 3905; otherwise, it executes branch 3907. Of course, the contents of these branches are of course inserted into the module 3 805 according to the application 3803 or the policy. How to respond to grant or deny access. Figure 40 shows a preferred embodiment of ConcIavePolicyAllowed () 3903. At 4003, the variables are set to give the policy-allowing entity 2609 access to a standardized policy server 2617. . At 4005, the access is set to the default number "No", so if the VDB service 3813 fails to respond, it will not be checked -142 This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) Please First read the note on the back and then fill in the page binding A7 B7 4648 1 2 V. Description of the invention (140 access rights. At 4007, the source and destination address of the access request, the destination port, and the resources accessed The URL is assigned as a variable. At 409, a SQL query is constructed. It uses the standard SQL format. This query selects the number of the column IsA11〇wed in a column of the relational table column PolicyEval. P〇licy Eva ^ now has a column for each of the resources controlled by the element 2609 of the allow policy—a potential user, a column selected with those numbers described in the WHERE clause, and an IsAllowed field for the selected column, Indicates whether or not that user is allowed to access. However, 'in fact, as indicated above, it is virtual to use' that is, 'the user's &quot; column__ is combined after the access request. Therefore, the WHERE clause is completed using those variables set in 4007, and thus the user is described by a source IP address, and the resource is described by a destination IP address, a destination port, and a resource name. As in this application As explained in the parent case of the parent case, the evaluator 2036 can use this information to decide which user group the user belongs to and which information set the resource belongs to. With this information, the evaluator 2036 is further applied to those uses The access policy of the user group and the sfL set determines whether the user described by the source address will be allowed to access the resource described by the destination IP address, destination port, and resource name. The user identification information is not enough to describe a user group that gives users access to resources. The AskClientForldentities WHERE clause instructs the evaluator 2036 to use ATS 2039 to obtain more user identification information from the user ’s UIC, such as Described in the parent case of this application. At 4011, the objects required to establish a connection to the VDB service 3 8 13 and the objects required to save the query results, and the connection to the VDB service 38 13 is made -143- this paper Standards are applicable to China National Standard (CNS) A4 specifications (210 X 297 mm) n husband ua £; · The matter of intent is to fill in this page and print it out of the Intellectual Property Bureau Staff Consumer Cooperatives of the Ministry of Economy 4648 12 A7 _________ B7 V. Invention Explanation (141) is created with those variables set in 4003. The query described at 4013 'at 409 is performed by the vdb service 3 813 in the policy server described at 4003. At 40-15, if no error occurred during the query and the query has a non-empty result, then the result of this query (that is, the number of IsAU〇wed) is in the first element of the green set. This number is returned by ConclavePolicyllowed. If the query fails, the number returned is the number assigned at 4005. At 4017, those connections to the recordset and policy server are closed, and those related to those connections are set to invalid numbers. Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs

PolicyEval的細節虛擬的關聯式資料庫表列:圖4丨_ 43 圖41表示PoiicyEval表列的概要。眞實的資料庫表列的概 要疋資料庫系統所使用的表列之定義。對於PolicyEval來 説’它是在允許策略之元件2609和VDB服務3813中,用來 指示進行策略評估所需要的那些數値如何安排在查詢3S j i 中的定義。圖4丨表示在一較佳具體實施例中可使用的欄 位’以使用在提供到VDB伺服器38 13的查詢之SELECT和 WHERE子句中。那些欄位中的某些主要使用在客户認證 中,且將會在那裡更詳細地解釋。當一欄位使用在一選擇 子句中時’ VDB服務3813不是使用從評估器2036所接收的 資訊 '就是使用在查詢中所接收的資訊設定攔位的數値。 當一攔位使用在一 WHERE子句時,允許策略之元件2609設 定攔位的數値。如將從下列表列看到的,某些攔位是只有 SELECT的,而其他的是WHERE或SELECT的。查詢必須對 一些WHERE欄位提供數値以使一策略評估發生;對其他的 欄位,當WHERE欄位未提供時使用内定的數値。 -144- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 46 48 12 A7 B7 五、發明說明(142 ) 經濟部智慧財產局員工消費合作社印製 只有SELECT的 - 行 資料型態 説明 Is Allowed 4103 VARCHAR(l) 包含Ύ'或'N1以顯示使用者是否可存取所請 求的資源,其中Y :是和N :否。 PolicySet 4105 INTEGER 策略伺服器用來執行評估的策略之目前版本 的識別符。每次執行一&quot;Apply Changes&quot;且那 些MMF檔案重新编譯這會增大。如果允許 策略的應用程式正在快取決定、且當資料庫 改變時需要刷新/重設快取,這可能是有用 的。 HasExpireTime 4107 VARCHAR (1) 包含Ύ1或1Ν',其中Y :是和N :否,依 ExpireTime是否有一有效數値而定。如果這 個欄包含W,總是忽略ExpireTime數値。 ExpireTime4109 DATE 日期和時間在應該進行另一評估以確認存取 之後,仍然允許存取所請求的資源。 ExpireSeconds 4111 LONG INTEGER 直到策略決定期滿之前的秒數(每一時間表 限制)。可用來取代ExpireTime以得到更有 效率的實施。 ReasonCode 4113 INTEGER 評估決定理由的编碼 Reason 4115 VARCHAR (254) 評估決定理由的説明本文(爲了最大的效 率,只有除錯時使用ReasonCode)。 -145- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公复) 464812 五、發明說明(143) A7 B7 經濟部智慧財產局員工消費合作社印製 只有SELECT的 行 資料型態 說明 EvalTimeStamp 4133 DATE 策略評估器作決定的日期和眭間。 AuthCode 4149 VARCHAR (254) 使用在確認回應是由一信任的策略伺 服器提供的數位簽章。 MaybeList4151 VARCHAR (254) 可用來存取所請求資源的認證型態以 逗點分隔的清單。通常對PPI或應用 程式指示需要從使用者收集什麼資訊 作認證。 AttributeName 4153 VARCHAR() 可取代使用網路使用者識別程式,用 來取得任何數目的屬性名稱/數値對 (每一列一對)。 AttributeV alue 415 7 VARCHAR () 可取代使用網路使用者識別程式,用 來取得任何數目的屬性名稱/數値對 (每一列一對)。 IdentityNumber 4159 INTEGER 當存在多重識別時,這是—順序號 碼0 IdentityType 4161 VARCHAR () 用來授權存取的識別之都錤。 IdentitylsValid 4163 VARCHAR (1) 簡單的Ύ1或’Ν1以判斷認證是否成功 (注意即使認證成功你可能被拒絕存 取)。 Identity AuthStatus 4165 INTEGER 由認證模组傳回的回應碼。 Identity AuthStatusDesc 4167 VARCHAR (254) 與上面的碼有關之描述本文。 -146- 关 Μ η 劳 s 之 &gt;ί 意 事 埭 寫 本 頁 裝 訂 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 4648 1 2 A7 B7 五、發明說明(W ) 經濟部智慧財產局員工消費合作社印製 WHERE 或 SELECT 行 資料型態 説明 Application 4137 VARCHAR (254) 作查詢的應用程式之名稱。注意多個 词服器/服務可識別它們自己爲相同 的應用程式。 SourcelP 4119 VARCHAR(25) 以加點表示法的IP位址。如果策略 是透過IP位址(網路或應用程式查詢) 時使用。 DestinationIP 4121 VARCHAR (25) 以加點表示法的IP位址。只對網路 資源查詢(而不對應用程式)使用。 Cookie VARCHAR (254) 包括識別和屬性資訊的HTTP標準網 路使用者識別程式〇 PS將確認簽章 和期限。在SELECT中,這是對將 由PS發出的一新網路使用者識別程 式的請求。在WHERE中,這是由應 用程式傳遞進來以使用在評估中的先 前設定之網路使用者識別程式。 SourcePort4123 INTEGER 如果在WHERE子句中沒有提供埠號 碼,内定爲零。只對網路查詢使用。 DestinationPort 4125 INTEGER 使用在應用程式不存在的網路查詢 中。如果在WHERE子句中沒有提供 埠號碼,内定爲80(HTTP)。 ------- -----{ * 裝'-- (請先閱讀背面之注意事項再填寫本頁)Details of PolicyEval Virtual relational database table: Figure 4 丨 _ 43 Figure 41 shows the outline of PoiicyEval table. Summary of solid database tables 疋 Definitions of tables used in database systems. For PolicyEval, it is used in the policy allowing element 2609 and VDB service 3813 to indicate how to arrange the definitions of those data required for policy evaluation in the query 3S j i. Figure 4 丨 shows the fields that can be used in a preferred embodiment to be used in the SELECT and WHERE clauses of the query provided to the VDB server 3813. Some of those fields are mainly used in customer certification and will be explained in more detail there. When a field is used in a select clause, 'VDB service 3813 either uses the information received from evaluator 2036' or sets the number of stops using the information received in the query. When a block is used in a WHERE clause, the allowed element 2609 sets the number of blocks. As can be seen from the list below, some of the stops are only SELECT, while others are WHERE or SELECT. The query must provide numbers for some WHERE fields for a strategy evaluation to occur; for other fields, use the default number when the WHERE field is not provided. -144- This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) 46 48 12 A7 B7 V. Description of the invention (142) Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs. Type Description Is Allowed 4103 VARCHAR (l) contains Ύ 'or' N1 to show whether the user can access the requested resource, where Y: Yes and N: No. PolicySet 4105 INTEGER The identifier of the current version of the policy used by the policy server to perform the evaluation. "Apply Changes" is executed one at a time and recompilation of those MMF files will increase. This may be useful if the application that allows the policy is caching decisions and needs to refresh / reset the cache when the database changes. HasExpireTime 4107 VARCHAR (1) contains Ύ1 or 1N ', where Y: Yes and N: No, depending on whether ExpireTime has a valid number. If this column contains W, the ExpireTime number is always ignored. ExpireTime4109 DATE The date and time are still allowed to access the requested resource after another evaluation should be performed to confirm access. ExpireSeconds 4111 LONG INTEGER The number of seconds until the policy decision expires (per timetable limit). Can be used instead of ExpireTime for more efficient implementation. ReasonCode 4113 INTEGER Code for evaluating decision reasons Reason 4115 VARCHAR (254) Explanation of the reason for evaluating decisions (For maximum efficiency, use ReasonCode only for debugging). -145- This paper size is in accordance with Chinese National Standard (CNS) A4 (210 X 297 public reply) 464812 V. Description of invention (143) A7 B7 Only the SELECT line data type description printed by the Intellectual Property Bureau Staff Consumer Cooperatives EvalTimeStamp 4133 DATE The date and time when the policy evaluator made the decision. AuthCode 4149 VARCHAR (254) uses the digital signature provided by a trusted policy server in confirming the response. MaybeList4151 VARCHAR (254) Comma-separated list of authentication types that can be used to access the requested resource. PPIs or applications usually indicate what information needs to be collected from the user for authentication. AttributeName 4153 VARCHAR () can be used instead of a web user identifier to get any number of attribute name / number pairs (one for each row). AttributeV alue 415 7 VARCHAR () can be used instead of a web user identifier to get any number of attribute name / number pairs (one for each row). IdentityNumber 4159 INTEGER When multiple identities are present, this is—sequence number 0 IdentityType 4161 VARCHAR () The identity capital used to authorize access. IdentitylsValid 4163 VARCHAR (1) Simple Ύ1 or ‘Ν1 to determine whether the authentication was successful (note that you may be denied access even if the authentication is successful). Identity AuthStatus 4165 INTEGER The response code returned by the authentication module. Identity AuthStatusDesc 4167 VARCHAR (254) Description related to the code above. -146- Guan M η Labors &gt; ί Matters transcribed on this page Binding paper size Applicable to Chinese National Standard (CNS) A4 specifications (210 X 297 mm) 4648 1 2 A7 B7 V. Description of the invention (W) WHERE or SELECT row data type description printed by the Employees' Cooperative of Intellectual Property Bureau of the Ministry of Economic Affairs Application name 4137 VARCHAR (254) The name of the application for query. Note that multiple servlets / services can identify themselves as the same application. SourcelP 4119 VARCHAR (25) IP address in dotted notation. Used if the policy is an IP address (network or application query). DestinationIP 4121 VARCHAR (25) IP address in dotted notation. Used only for web resource queries (not for applications). Cookie VARCHAR (254) HTTP standard web user identification program including identification and attribute information. PS will confirm the signature and expiration date. In SELECT, this is a request for a new network user identification procedure to be issued by the PS. In WHERE, this is passed by the application to use the previously identified network user identification program in the evaluation. SourcePort4123 INTEGER If no port number is provided in the WHERE clause, it defaults to zero. Used only for web queries. DestinationPort 4125 INTEGER is used in web queries where the application does not exist. If no port number is provided in the WHERE clause, it is set to 80 (HTTP). ------- ----- {* 装 '-(Please read the precautions on the back before filling this page)

.5J -147- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 464812 A7 B7 五、發明說明(145 ) 經濟部智慧財產局員工消費合作社印製 WHERE 或 SELECT 行 資料型態 説明 EncryptionAlg 4127 INTEGER 使用在虛擬私人網路(VPN)查詢中。 如果在WHERE子句中沒有提供演算 法,内定爲64(3DES)。 AuthenticationAlg 4129 INTEGER 使用在虛擬私人網路(VPN)查詢中。 如果在WHERE子句中沒有提供演算 法,内定爲2(DSS簽章 IPProtocol 4131 INTEGER 使用在虛擬私人網路(VPN)查詢中。 如果在WHERE子句中沒有提供協 定,内定爲6(TCP)。 Resource 4135 VARCHAR (254) 識別請求哪一資源的字串。 Identity 4117 VARCHAR (255) 識別的眞實字串编碼數値(Select)或 從使用者收集的識別資訊 (WHERE) 〇 IncludeQoS 4139 VARCHAR (1) 由網路/VPN裝置使用。在評估中是 不是包含一QoS決定?Y'es或'N'o » 内定爲_N_(增進效率)。 IncludeSchedules 4141 VARCHAR (1) 在評估中不是包含時間表?'Y'es或 W〇。内定爲_Ν·(增進效率)。 IncludeldentityStore 4143 VARCHAR(l) 快取在使用者的識別儲存中的識別 (通常由UIC提供)是不是將使用在評 估中?Ύ’或_Ν·。内定爲Ύ'。 AskClientF orldentities 4145 VARCHAR (1) 識別用户端(UIC)是不是要求識 別?Ves或1Nb。内定爲_Ν_。 -148- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公爱) 4648 1 2 A7 B7 五、發明說明(146 ) 圖42- 44表示查詢和它們的結果的一些範例。在圖42中, 在4201,查詢4203藉由在SELECT指述中敘述除了 IsAllowed以外的 PolicySet、HasExpireTime、ExpireTime、 和Reason欄位,傳回有關策略評估的結果之詳細資訊。結 果,在4205,表示允許策略,允許它的策略屬於策略集 56 ’而那個策略沒有期滿時間,使ExpireTime中的數値無 意義。因爲允許存取,Reason中沒有數値。 在4207看到一查詢4209只傳回策略評估的結果和理由, 如在4211所顯示。在4213顯示一選擇列的所有欄位之查 詢’而因此傳回的數値包含那些欄位的所有數値,同時在 攔位有一内定數値而在WHERE子句中沒有供應數値時,提 供内定數値。因此,欄位IncludeQoS將有内定數値&quot;N,,。最 後,在4215,顯示一最小的查詢。WHERE子句只包含敘述 一使用者群組、和一資源集所需要的最少資訊。所有其他 爛位數値採用它們的内定數値。舉例來說,所使用的編密 演算法將是内定的3DES演算法。 圖4 3表示查詢可如何用來獲得有關被允許存取的使用者 之識別資訊。在4301,一最小組的WHERE子句使用在查詢 4303 中’但 SELECT 子句包括IdentType ' identGroup、和 經濟部智慧財產局員工消費合作社印製.5J -147- This paper size is applicable to China National Standard (CNS) A4 (210 X 297 mm) 464812 A7 B7 V. Description of the invention (145) WHERE or SELECT printed by the Consumer Cooperative of Intellectual Property Bureau of the Ministry of Economic Affairs State Description EncryptionAlg 4127 INTEGER is used in virtual private network (VPN) queries. If no algorithm is provided in the WHERE clause, it is set to 64 (3DES). AuthenticationAlg 4129 INTEGER is used in virtual private network (VPN) queries. If no algorithm is provided in the WHERE clause, the default value is 2 (DSS signature IPProtocol 4131 INTEGER is used in the virtual private network (VPN) query. If no agreement is provided in the WHERE clause, the default value is 6 (TCP). Resource 4135 VARCHAR (254) A string identifying which resource was requested. Identity 4117 VARCHAR (255) The number of identified real string encodings (Select) or identification information (WHERE) collected from the user. 〇IncludeQoS 4139 VARCHAR (1 ) Used by the network / VPN device. Does the evaluation include a QoS decision? Y'es or 'N'o »defaults to _N_ (improves efficiency). IncludeSchedules 4141 VARCHAR (1) Timetable is not included in the evaluation ? 'Y'es or W. The default is _N · (improves efficiency). IncludeldentityStore 4143 VARCHAR (l) The identification of the cache in the user's identification store (usually provided by UIC) will be used in the evaluation? Ύ 'or _Ν ·. The default is Ύ'. AskClientF orldentities 4145 VARCHAR (1) Does the identification client (UIC) require identification? Ves or 1Nb. The default is _N_. -148- This paper standard applies Chinese national standard ( CNS) A4 Regulation (210 X 297 public love) 4648 1 2 A7 B7 V. Description of the invention (146) Figures 42-44 show some examples of queries and their results. In Figure 42, at 4201, query 4203 by using the SELECT statement Describe the PolicySet, HasExpireTime, ExpireTime, and Reason fields other than IsAllowed, and return detailed information about the results of the policy evaluation. The result, at 4205, indicates that the policy is allowed, and the policy that allows it belongs to the policy set 56 'and that policy has no period The full time makes the numbers in ExpireTime meaningless. Because access is allowed, there are no numbers in Reason. At 4207 you see a query 4209 that only returns the results and reasons for the policy evaluation, as shown in 4211. It shows a Query for all fields in the selected row 'and the data returned therefore contains all the data for those fields, and at the same time when the block has a default number, and no number is supplied in the WHERE clause, the default number is provided. Therefore, the field IncludeQoS will have the default value 値 &quot; N ,,. Finally, at 4215, a minimal query is displayed. The WHERE clause contains only a description of a user group and a resource set The minimum information you need. All other bad numbers (take their defaults). For example, the encryption algorithm used will be the default 3DES algorithm. Figure 43 shows how queries can be used to obtain identifying information about users who are allowed access. In 4301, a minimal group of WHERE clauses is used in query 4303 ’but the SELECT clause includes IdentType 'identGroup, and printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs

IdentValue。如在4305所顯示,存取由三個不同的識別數 値對使用者允許。在4307,查詢4309在它的WHERE子句中 提供IdentType和IdentValue攔位的數値,而策略評估使用 那些數値進行,如結果43 11所顯示。在43 13,查詢43 15救 述將用來作使用者識別那些數値,將從保存在策略資料庫 • 149 - 本紙張尺度適用中國國家標準(CNS)A4規格&lt;210 X 297公釐) 464812 經濟部智慧財產局員工消費合作社印製 A7 B7 五、發明說明〇47 ) 3825中的使用者識別之一快取獲得。 要看見識別儲存對IdentType和IdentValue包含的是什麼, 查詢在SELECT子句中包括那些欄位。結果43 17表示包含 在識別儲存中那些欄位的數値。最後,43 19,展示一查詢 4321可如何用來敘述,當使用者的識別在策略評估期間決 疋時,排除在識別儲存中的某些資訊。 客户使用者資訊檢復的概觀:圖38和44 在實施本發明的存取控制系統可核准一使用者對一資訊 資源的存取之前,它必須做二件事: •認證使用者,也就是,判斷使用者是它所宣稱的實 體;和 •進行—使用者群组會員資格判斷,也就是,決定使用 者的使用者群組會員資格是否使得對資訊資源的存取 策略允許此使用者存取資訊資源。 這兩種操作都需要有關使用者的資訊。在本專利申請案 的母案之母案中描述的存取控制系統中,兩種資訊都能用 來做認證和使用者群组會員資格判斷,且資訊的來源是預 先定義的;在本專利申請案的母案中描述的存取控制系統 中,系統管理人能夠定義要用來判斷使用者群组會員資格 的資訊,但資訊的來源仍然是預先定義的。 在本專利申請案的存取控制系統中,這些限制已經由自 訂使用者資訊檢復的技術克服。這些技術允許實施本發明 的存取控制系統之管理人,定義當進行一存取請求時如何 及從哪個來源收集關於使用者的資訊,和此資訊如何與存 *150- 本紙張尺度過用1P國國豕標準(CNS)A4規格(210 X 297公爱) -----------^ I - ---I ---訂--------- t請先33^¾¾之注月頊寫本員} ^1648 1 2 A7 ____ ___B7___ 五、發明說明(148 ) 取請求關聯使用。在-較佳具體實施例中,標準化策略词 服器26Π可已三種方式中的任何一種使用所收集的資訊: • 認證一使用者; • 進行使用者群组會員資格判斷; *當成卷宗的一邵份,那是當核可存取請求時,標準化 策略伺服器2617提供到存取請求所來自的允許策略之 元件2609之資訊的清單。 由自叮使用者資訊檢復所獲得的資訊之一特定項目,可 能用作上述的一或更多目的。 自fT使用者資訊檢復可如何使用的一些範例如下:在 許多情況中,進行存取資訊資源的請求之使用者,有 可存取標準化策略伺服器2617的系統上的使用者名稱 和密碼·’標準化策略伺服器2617可藉由從使用者請求 使用者的使用者名稱和密碼來認證一使用者,應用 此使用者名稱和密碼到系統,並看看系統是否如使用 者名稱和密碼爲系統所知時應該回應一樣地回應。 經濟部智慧財產局員工消費合作社印製 •請求存取的使用者可能有存取控制系統可存取的標準 化策略伺服器26 Π外部、但其可存取的一資料庫上的 資訊;標準化策略伺服器2617可從此資料庫取回此資 訊,並使用它來決定使用者群組會員資格。 標準化策略伺服器2617可提供從如此的一資料庫系統取 回的任何資料到允許策略的元件26〇9當成卷宗的一部份。 自訂使用者資訊檢復如何完成在一較佳具體實施例中, 顯示在圖38和44的概要中。由圖44開始,圖44表示策略資 本紙張尺度適用中囤國家標準(CNS)A4規格(210 X 297公釐) 464812 A7 ___B7___ 五、發明說明(149 ) 料庫3825的MMFs由其编譯而成的策略資料庫44〇1。包含 在本申請案的母案和母案之母案所使用的策略資料庫中之 策略資料庫4401的元件,有它們在那些申請案中所用的參 考號碼。策略資料庫4401的新元件是自訂使用者資訊撿復 方法的定義4403。每一自訂使用者資訊檢復方法敘述當一 使用者請求對取回有關使用者資訊的一資訊資源存取時使 用的一種方法,並使用此資訊認證使用者、判斷在一使用 者群組中使用者的會員資格,或當成使用者的卷宗之一部 伤。所敘述的方法可能包括資料庫、或其他策略祠服器 2617外部的來源之查詢。以下,一自訂使用者資訊檢復方 法的一種定義稱爲一自訂認證型態。這種用辭是有歷史 的’且不應該視爲建議由一自訂認證型態所定義的方法取 回之資5¾只说用來作過證。成員全部或者部份藉由使用一 自訂認證型態中所定義的一種方法決定之使用者群组,將 在以下稱爲自訂認證的使用者群組。 經濟部智慧財產局員工消費合作社印製 策略伺服器2617 ’以像本申請案的母案之母案如何經由 使用者識別用户端收集使用者認證資訊的描述中之方法, 收集判斷一使用者是否屬於一自訂認證的使用者群组所需 要的屬性數値。當一允許策略之元件2609對伺服器2617作 一使用者和資源的存取請求時,伺服器2617進行如下的概 念:它從資料庫4401中的存取策略307決定什麼存取策略 適用於此資源,和由這些策略哪些使用者群組给予或回絕 對資源的存取。如果由元件2609提供的期間資訊不足以認 證使用者、和決定策略是否適用於資訊資源、和使用者的 -152- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐)IdentValue. As shown at 4305, access is permitted to the user by three different identification numbers. At 4307, query 4309 provides the numbers of the IdentType and IdentValue blocks in its WHERE clause, and the strategy evaluation uses those numbers as shown in result 43 11. In 43 13, query 43 15 will be used to identify those data, which will be stored in the strategy database. • 149-This paper size applies the Chinese National Standard (CNS) A4 specification &lt; 210 X 297 mm) 464812 Printed by the Consumer Property Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 B7 V. Invention Description 047) One of the user identifications in 3825 is obtained by cache. To see what the identification store contains for IdentType and IdentValue, the query includes those fields in the SELECT clause. Results 43 17 represent the numbers of those fields contained in the identification store. Finally, 43 19, shows how a query 4321 can be used to state that certain information is excluded from the identification store when the user's identification is determined during the strategy evaluation. Overview of customer user information review: Figures 38 and 44 Before implementing the access control system of the present invention to approve a user's access to an information resource, it must do two things: • Authenticate the user, that is, , Determine that the user is the entity it claims to be; and • perform—user group membership determination, that is, determine whether the user ’s user group membership allows the user ’s access to information resources to allow the user to save Access to information resources. Both actions require information about the user. In the access control system described in the parent case of this patent application, both types of information can be used for authentication and user group membership determination, and the source of the information is predefined; in this patent In the access control system described in the parent case of the application, the system administrator can define the information to be used to determine the membership of the user group, but the source of the information is still predefined. In the access control system of this patent application, these limitations have been overcome by the technology of custom user information review. These technologies allow the administrator implementing the access control system of the present invention to define how and from which source information about the user is collected when making an access request, and how this information is related to storage. National Standard (CNS) A4 Specification (210 X 297 Public Love) ----------- ^ I---- I --- Order --------- t Please first 33 ^ ¾¾ of the note of the month writer} ^ 1648 1 2 A7 ____ ___B7___ V. Description of the invention (148) Fetch request associated use. In a preferred embodiment, the standardized policy server 26Π may use the collected information in any of three ways: • authenticate a user; • perform user group membership determination; * Shao Fen, when the access request is approved, the standardized policy server 2617 provides a list of information about the allowed policy element 2609 from which the access request came. A specific item of information obtained from a self-check of user information may be used for one or more of the above purposes. Some examples of how fT user information review can be used are as follows: In many cases, users who make requests to access information resources have a username and password on a system that can access the standardized policy server 2617. 'The standardized policy server 2617 can authenticate a user by requesting the user's username and password from the user, apply this username and password to the system, and see if the system is the same as the username and password for the system When you know, you should respond the same way. Printed by the Intellectual Property Bureau of the Ministry of Economic Affairs, Consumer Cooperatives • Users requesting access may have a standardized policy server that can be accessed by the access control system 26 Π External but accessible information in a database; standardized policies Server 2617 can retrieve this information from this database and use it to determine user group membership. The standardized policy server 2617 can provide any data retrieved from such a database system to the components that allow policy 2609 as part of the dossier. How the custom user information review is accomplished in a preferred embodiment is shown in the summary of Figures 38 and 44. Starting from Figure 44, Figure 44 shows the application of the National Capital Standard (CNS) A4 specification (210 X 297 mm) of the strategic capital paper standard (464 X 297 mm) 464812 A7 ___B7___ V. Description of the invention (149) The MMFs of the library 3825 are compiled from it Strategy Database 44〇1. The components of the strategy database 4401 contained in the strategy database used in the parent case and the parent case of this application have their reference numbers used in those applications. The new component of the Strategy Database 4401 is a definition 4403 of a custom user information retrieval method. Each custom user information review method describes a method used when a user requests access to an information resource that retrieves user information, and uses this information to authenticate users and determine a user group. Membership in the user, or one of the user's files. The methods described may include queries from databases or other sources external to the strategic server 2617. Hereinafter, a definition of a custom user information checking method is called a custom authentication type. This term is historical 'and should not be regarded as suggesting that the funds recovered by a method defined by a custom certification scheme 5¾ should only be used as evidence. A user group whose members are wholly or partly determined by using a method defined in a custom authentication type will be referred to as a user group of custom authentication in the following. The Intellectual Property Bureau, the Ministry of Economic Affairs ’Employee Consumption Cooperative printed a policy server 2617 'In a way like the description of the parent case of the parent case of this application to collect user authentication information through the user identification client, collect and determine whether a user is The number of attributes required to belong to a user group for custom authentication. When a policy-allowed element 2609 makes a user and resource access request to the server 2617, the server 2617 performs the following concept: It determines from the access policy 307 in the database 4401 what access policy is applicable to this Resources, and which groups of users are given or return absolute resource access by these policies. If the period information provided by component 2609 is not sufficient to authenticate the user and determine whether the strategy is applicable to information resources and users

6 經濟部智慧財產局員工消費合作社印製 4 五、發明說明(15〇 ) 使用者群組會員資格给予或回絕對使用者的存取,伺服器 26 17傳回那些結果中的一個到允許策略的元件2609 β 如果使用者群组有關於包括自訂認證的使用者群組之資 源的策略,和應用—自訂認證方法以便認證使用者、或判 斷尋求存取的使用者是否是一或更多自訂認證的使用者群 組之成員是必需的’伺服器2617傳回一可能結果到允許策 略的元件2609。可能結果指示伺服器26 17需要更多關於使 用者的資訊以決定使用者是否有對資源的存取權力。與可 能結果一起,伺服器26127傳回需要來自使用者的何種資 訊以便應用自灯認證方法的一指示。允許策略的元件2609 從使用者獲得此資訊並將它提供给策略伺服器元件2617, 然後它使用此資訊施行認證方法。此方法可能包括認證使 用者,查詢外部的資料庫以獲得決定使用者是否屬於自訂 認證的使用者群組所必需的那些屬性數値,及或查詢外部 的資料庫以獲得使用者的卷宗之資訊。然後策略伺服器 26 Π使用如本申請案的母案之母案中所描述自訂認證的結 果’決定使用者對資源是否有存取權力。如果允許存取且 有一卷宗,策略伺服器2617傳回卷宗到允許策略的元件 2609 « 如稍後將更詳細地解釋,策略資料庫4401的部分4403包 含策略伺服器2617對外部的資料庫執行的查詢之定義,以 至少郅份決定一使用者是否屬於一自訂認證的使用者群 組。自訂認證的型態通常以如使用者識別型態一樣的方式 定義在資料庫4401中,即透過屬於一策略製訂者策略306 -153- 本纸張尺度適用中國國家標準(CNS&gt;A4規格(210 X 297公釐) t)- i ft' tj t s_ 之 a. t n ψ $, 4 裝 訂 4648126 Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs 4 5. Invention Description (15) The user group membership grants or returns absolute user access, and the server 26 17 returns one of those results to the allow policy Element 2609 β if the user group has policies regarding the resources of the user group including custom authentication, and apply-custom authentication method to authenticate the user, or determine whether the user seeking access is one or more A member of the multi-customer authentication user group is required. The server 2617 returns a possible result to the element 2609 of the permission policy. The possible result indicates that the server 26 17 needs more information about the user to determine whether the user has access to the resource. Along with the possible results, the server 26127 returns an indication of what information is needed from the user in order to apply the self-lamp authentication method. The policy allowing component 2609 obtains this information from the user and provides it to the policy server component 2617, which then uses this information to perform the authentication method. This method may include authenticating users, querying an external database to obtain those attribute numbers necessary to determine whether a user belongs to a user group of custom authentication, or querying an external database to obtain a user's file Information. The policy server 26 then uses the result of the custom authentication as described in the parent case of the parent case of this application 'to determine whether the user has access to the resource. If access is allowed and there is a dossier, the policy server 2617 returns the dossier to the element 2609 that allows the policy The definition of the query determines whether a user belongs to a user group of a custom certification with at least one copy. The type of custom certification is usually defined in the database 4401 in the same way as the user identification type, that is, by belonging to a policy maker strategy 306 -153- This paper standard applies to Chinese national standards (CNS &gt; A4 specifications ( 210 X 297 mm) t)-i ft 'tj t s_ of a. Tn ψ $, 4 binding 464812

五、發明說明(151 ) 指示此管理的使用者群組可含羞 Γ疋義自訂e忍證的型態之管理的 使用者群組319之成員的任何使用者。 - 在一較佳具體實施例中的自訂認證:圖38和45 圖3 8表π其中可定義自訂認證的使用者群組並用來控制 存取的一存取控制系統的較佳具體實施例。圖38實施對策 略伺服器2617的查詢介面之元件已經討論過;下列元件實 施自訂認證的使用者群组: • 在允許策略的元件2609中: - 認證格式3807和 -區域的配置資訊3809 ;這些是用來從使用者獲得屬 性數値。 • 在標準化的策略伺服器2617中: -策略資料庫3825,其包括對自訂認證的型態之编譯 的定義4403 ; - 認證協調器3829,其從VDB服務3813接收由使用者 所提供的自訂認證型態之一指示和資訊,使用此資 訊如自訂認證型態所敘述認證使用者,並傳回認證 的結果到VDB服務3813。 經濟部智慧財產局員工消費合作社印製 - 認證模組3839( a.. η),對認證資訊的每一外部來源 至少有一個。一認證模組3839( i)從認證協調器 3 829接收一查詢規格,將查詢规格置入對授權資訊 來源的查詢適當的格式之内,並傳回查詢的結果到 認證協調器3829。 • 授權伺服器3 843( a. . η):這些是認證資訊的來源。 -154- 本纸張尺度適用中國國家標準(CNS)A4規格(210 χ 297公釐) A7V. Description of the invention (151) Any user who is a member of the user group 319 indicating that the managed user group can be shy. -Custom authentication in a preferred embodiment: Figs. 38 and 45 Fig. 38 Table π A preferred implementation of an access control system in which a user group for custom authentication can be defined and used to control access example. Figure 38 The elements of the query interface implementing the policy server 2617 have been discussed; the following elements implement a custom authentication user group: • In the element 2609 of the allowed policy:-authentication format 3807 and-zone configuration information 3809; These are used to get attribute numbers from the user. • In a standardized policy server 2617:-a policy database 3825, which includes a compiled definition 4403 of the type of custom authentication;-an authentication coordinator 3829, which receives from the VDB service 3813 the user-provided Instructions and information for one of the custom authentication types. Use this information to authenticate the user as described in the custom authentication type, and return the result of the authentication to the VDB service 3813. Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs-Certification Module 3839 (a .. η), at least one for each external source of certification information. An authentication module 3839 (i) receives an inquiry specification from the authentication coordinator 3 829, puts the inquiry specification into an appropriate format for the inquiry of the authorized information source, and returns the result of the inquiry to the authentication coordinator 3829. • Authorization server 3 843 (a.. Η): These are the sources of authentication information. -154- This paper size is applicable to Chinese National Standard (CNS) A4 (210 x 297 mm) A7

4 6 4 8 1 2 五、發明說明(152 ) •網路使用者識別程式管理器3 8 Π和簽署者批、隹者 3819:這些使來自f訊的—網路使用者識別程式由 認證協調器3829傳回,並將一數位簽章附加到它之 上。網路使用者識別程式傳回到允許策略的元件 2609,且由允許策略的元件2609用來指示策略伺服 器26Π,已經對一使用者/資源組合進行—存取檢 查。 在圖45中,流程圖4501提供允許策略的元件26〇9和它的 元件如何與標準化的策略伺服器2617和它的元件互相作用 的概要’以收集認證使用者或判斷一使用者的會員資格在 一自訂認證的使用者群组中所需要的關於使用者之資訊, 或提供一卷宗給允許策略的元件2609。流程圖45〇1假定使 用者正請求一網頁;然而,以下描述的技術可與由標準化 的策略伺服器2617控制存取的任何資源一起使用。 在4503,使用者從一網路伺服器38〇3請求對資源的存 取,在此情沉,網頁,使用他或她的網路瀏覽器如此作。 當然’把存取請求送到允許策略的元件26〇9之任何其他方 法一樣可以使用。流程圖4501假定存取檢查由一策略插入 模組3805完成’但存取檢查可由任何在允許策略的元件 2609上執行之程式完成。因此,在4505,词服器3803與使 用者一起傳遞來自期間的資訊,對策略插入模組38〇5進行 要求。 策略插入模組3805與一可用的標準化策略伺服器(4507) 建立一連接。當連接建立時’插入模組3805將一查詢3811 -155- 本紙張尺度適用中國國家標準(CNS)A4規格(21〇 X 297公釐) f請先閱讀背面之注意事項再填寫本頁) -裝 l5J· 經濟部智慧財產局員工消費合作社印製 4648 12 A7 B7 五、發明說明(153 ) 送到VDB服務3 813。查詢將包括指示使用者尋 求的存取和 尋求存取的資訊資源的資訊。如果使用者先前已請求過, 查詞也可伴隨一網路使用者識別程式。網路使用者識別程 式是已由標準化的策略伺服器2617、或爲第一標準化的策 略词服器2617所信任的另一標準化策略伺服器26π認證過 之先前存取請求的結果之指示。 如果有一網路使用者識別程式,VDB服務3813讀取它並 將i與目蝻期間的期間資訊比較;如果它們相同,VDb服 務3813將網路使用者識別程式中的資訊提供給評估器 2036。如果沒有網路使用者識別程式,VDB服務3813處理 此查詢如先前所描述。如果評估器2〇36判斷識別使用者的 資訊足以進行一存取判定且允許存取(45〇9),採用分支 4511 ;如果評估器2036判斷應該回絕存取(4515) ’採取分 支45 17。否則,VDB服務3813傳回一可能結果和與對允許 策略的元件2609的存取判定有關的一自訂認證的型態之清 單(4520)。策略插入模组45〇7中的碼相當於藉由選擇自訂 認證型態清單中之-個,然後並選擇對應於所選擇的自訂 認證型態之認證格式3807( i),如區域的配置資訊38〇9中所 敘述配置它,並將它輸出到使用者的瀏覽器(4521)。 經濟部智慧財產局員工消費合作社印製 認證格式使用在所選擇的自訂認證型態中所敘述的方 法,從使用者請求認證使用者他或她自己所需要的資訊。 使用者填入那格式(4521),而插入模組採用使用者所提供 的資说並把它加入到查詢381丨。所附加的資訊在此稱爲認 證資訊,並包括對所選擇的自訂認證型態的一識別,和從 156- 本纸張尺度通周中國國豕知準(CNS)A4規格(210 X 297公釐) 6 4812 五、發明說明(彳54 ) 使用者所接收在 &lt; 屬性名稱,屬性數値 &gt; 對格式中的那些數 値的清單。然後查詢回到VDB服務3813 (4523&gt;。 經濟部智慧財產局員工消費合作社印製 在4525,VDB服務3813提供認證資訊給認證協調器 3829,其從策略DB 3805取回對所選擇的自訂認證型態的 定義,並將它提供給用來執行對認證所需要的那些查詢之 認證模組3839( i)。模組3839( i)將查詢置入要執行它的伺 服器3943(i)之適當的格式之内,並將它送到伺服器 3843(i)。當伺服器3843(i)傳回結果時,模组3839(i)使結 果’包括查詢是否成功’進入 &lt; 屬性名稱,屬性數値 &gt; 對的 清單之内’並將此清單傳回到認證協調器3829。認證協調 器3829使用自訂認證型態定義來判斷認證是否成功,和傳 回認證的結果給VDB服務3 813。包含查詢所取回的資訊之 &lt;屬性名稱’屬性數値 &gt; 對的清單,可能伴隨著認證結果且 可用來製造一卷宗3804。如果認證結果指示成功,vdB服 務3813增加自訂認證型態的識別和由模組3839(丨)傳回的資 訊到有關使用者的其他資訊和資訊資源,並將它重新提出 到評估器2036供在4509的評估,如之前以評估的結果分 支。代一可能結果,VDB服務3813傳回那個結果到插入模 组3805 ;自訂認證型態的清單當然不包括正在使用的那一 種。上述由迴路4526指示的程序,繼續直到評估器2〇36回 絕或核可存取,除非評估器2〇36未發現由使用者爲其成員 的使用者群組回絕對資源的存取之存取策略、且至少發現 一由使用者爲其成員的使用者群組准許對資源的存取之存 取策略,存取被回絕。 -157- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公爱) d648 1 2 A7 B7 五、發明說明(155 ) 如果回絕存取(分支4517) ’插入模组3805提供一存取回 絕螢幕到網路伺服器38(4541),其接著提供此螢幕給使用 者的ϊ劉覽器(4545)。如果允許存取(分支4511),VDB服務 3813判斷是否有一卷宗(4537);如果有,VDB服務3813把 卷宗加入到查詢結果(4539)並傳遞結果和任何卷宗到插入 模组3805( 4540) ’其傳遞期間,包括卷宗,回到網路词服 器3 803(4543),其接著允許使用者觀看所請求的網頁。 自訂認證的一詳細範例 接著的詳細範例將首先展示用以定義一自訂認證型態之 管理人的介面和所產生的自訂認證型態定義,然後將表示 自訂認證型態定義如何用來定義一自訂認證的使用者群 組,而最後將展示一可能屬於此自訂認證的使用者群組之 使用者如何認證,和如何獲得判斷自訂認證的使用者群組 中使用者的會員資格所必需的屬性數値。 定義自訂認證型態:圖46- 48 圖46顯示在一較佳具體實施例中用來定義一自訂認證型 態的視窗4601。在4603是一接收自訂認證型態的名稱之攔 位’在此是LDAP Bind。LDAP是在TCP/IP上執行來存取人 或其他實體的目錄之一眾所週知的協定。LDAP Bind定義 一自訂認證方法’其根據使用者在一經由LDAP可存取的 目錄中之一項目認證一使用者。在4605是自訂認證型態的 一説明。Cooke life span 4607決定由自訂協定指示認證的 一網路使用者識別程式應該維持多久,在此情況是2小 時。在此期間超過之後,使用LDAP Bind的認證必須重新 -158 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 診 it N. 言j % i a. 身 t η % 本 裝 訂 經濟部智慧財產局員工消費合作社印製 464812 A74 6 4 8 1 2 V. Description of the invention (152) • Network user identification program manager 3 8 Π and signatories, parties 3819: These make the network user identification program from the f news-authentication coordination Device 3829 returns and attaches a digital signature to it. The network user identification program returns to the allowed policy element 2609, and is used by the allowed policy element 2609 to instruct the policy server 26Π that a user / resource combination has been subjected to an access check. In FIG. 45, flowchart 4501 provides a summary of how policy element 2609 and its elements interact with standardized policy server 2617 and its elements to collect authenticated users or determine a user's membership Information about users in a user group of a custom authentication, or provide a dossier to the policy-allowing component 2609. Flowchart 4501 assumes that the user is requesting a web page; however, the techniques described below can be used with any resource whose access is controlled by a standardized policy server 2617. At 4503, the user requests access to resources from a web server 3803, in this case, the web page, using his or her web browser to do so. Of course, any other method of sending the access request to the element 2609 of the permission policy can be used as well. The flowchart 4501 assumes that the access check is performed by a policy insertion module 3805 ', but the access check can be performed by any program executed on the element 2609 that allows the policy. Therefore, at 4505, the word server 3803 passes the information from the period together with the user, and requests the policy insertion module 3805. The policy plug-in module 3805 establishes a connection with an available standardized policy server (4507). When the connection is established, the plug-in module 3805 will query 3811 -155- This paper size applies to the Chinese National Standard (CNS) A4 specification (21 × 297 mm) f Please read the precautions on the back before filling this page)- Equipment 155 · Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 4648 12 A7 B7 V. Description of the invention (153) Send to VDB service 3 813. The query will include information indicating the access sought by the user and the information resource sought to access. If the user has requested it before, the search term can also be accompanied by a web user identification program. The network user identification procedure is an indication of the results of a previous access request that has been authenticated by a standardized policy server 2617, or another standardized policy server 26π trusted by the first standardized policy server 2617. If there is a network user identification program, the VDB service 3813 reads it and compares the period information of i with the current period; if they are the same, the VDb service 3813 provides the information in the network user identification program to the evaluator 2036. If there is no internet user identification program, the VDB service 3813 processes this query as described previously. If the evaluator 2036 judges that the information identifying the user is sufficient to make an access decision and allow access (4509), branch 4511 is adopted; if the evaluator 2036 judges that access should be denied (4515) ', take branch 4517. Otherwise, the VDB service 3813 returns a list of possible results and a type of custom authentication related to the access decision to the element 2609 of the allowed policy (4520). The code in the policy insertion module 4507 is equivalent to selecting one of the custom authentication type list, and then selecting the authentication format 3807 (i) corresponding to the selected custom authentication type. Configure it as described in the configuration information 3809 and output it to the user's browser (4521). Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs The authentication format uses the method described in the selected custom authentication type to request the user to authenticate the user with the information he or she needs. The user fills in the format (4521), and the plug-in module uses the information provided by the user and adds it to query 381 丨. The additional information is referred to herein as certification information, and includes an identification of the selected custom certification type, and from the 156-paper standard that complies with China National Standards (CNS) A4 (210 X 297) (Mm) 6 4812 V. Description of the invention (彳 54) A list of those numbers received by the user in the &lt; attribute name, attribute number &gt; pair format. Then query back to VDB service 3813 (4523 &gt;. Printed on 4525 by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economy, VDB service 3813 provides authentication information to the authentication coordinator 3829, which retrieves the selected custom authentication from the policy DB 3805 Type definition and provide it to the authentication module 3839 (i) used to perform those queries required for authentication. Module 3839 (i) places the query in the server 3943 (i) where it is to be executed Within the appropriate format and send it to the server 3843 (i). When the server 3843 (i) returns the result, the module 3839 (i) causes the result 'including whether the query was successful' into the &lt; attribute name, Attribute number &gt; within the list of pairs' and pass this list back to the authentication coordinator 3829. The authentication coordinator 3829 uses a custom authentication type definition to determine whether the authentication was successful, and returns the result of the authentication to the VDB service 3 813. A list of &lt; attribute name'attribute number &gt; pairs containing the information retrieved by the query, which may accompany the authentication result and can be used to make a dossier 3804. If the authentication result indicates success, vdB service 3813 adds custom authentication Type The information returned by the module 3839 (丨) to other information and information resources related to the user and re-submitted it to the evaluator 2036 for evaluation at 4509, as previously branched on the results of the evaluation. It is possible to substitute As a result, the VDB service 3813 returns that result to the plug-in module 3805; of course, the list of custom authentication types does not include the one being used. The procedure indicated by the loop 4526 above continues until the evaluator 2036 rejects or approves Access unless the evaluator 2036 does not find an access policy that returns access to absolute resources for a user group whose user is a member, and at least one user group for which the user is a member grants permission to The access strategy of resource access, access is denied. -157- This paper size applies Chinese National Standard (CNS) A4 specification (210 X 297 public love) d648 1 2 A7 B7 V. Description of invention (155) If rejected Access (branch 4517) 'The plug-in module 3805 provides an access rejection screen to the web server 38 (4541), which then provides this screen to the user's browser (4545). If access is allowed (branch 4511), VDB service 3813 determines whether there is a dossier (4537); if so, VDB service 3813 adds the dossier to the query result (4539) and passes the result and any dossier to the insert module 3805 (4540) 'The delivery period, including the dossier, returns to the network Servor 3 803 (4543), which then allows the user to view the requested web page. A detailed example of custom authentication The next detailed example will first show the interface and management of a manager that defines a custom authentication type The generated custom certification type definition, then it will indicate how the custom certification type definition is used to define a user group of a custom certification, and finally will show the use of a user group that may belong to this custom certification How the user authenticates, and how to obtain the number of attributes necessary to determine the membership of the user in the user group of the custom authentication. Defining a Custom Authentication Type: Figure 46-48 Figure 46 shows a window 4601 for defining a custom authentication type in a preferred embodiment. At 4603 is a block for receiving the name of the custom authentication type ', here is LDAP Bind. LDAP is a well-known protocol implemented on TCP / IP to access directories of people or other entities. LDAP Bind defines a custom authentication method 'which authenticates a user based on an entry in a directory accessible to the user via LDAP. At 4605 is a description of the custom authentication type. Cooke life span 4607 decides how long an online user identification program should be authenticated as instructed by a custom agreement, in this case 2 hours. After this period has passed, the authentication using LDAP Bind must be re-158. This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm). Diagnosis it N. Language j% i a. Body t η% This binding Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs 464812 A7

五、發明說明(彳56 ) 進行。 在較佳具體實施例中,認證方法實施爲—或更多的函 數。在此方法中的第一個函數由認證協調器3829啓動。此 方法中的其他函數在那個函數的執行過程中啓動。那些函 數的程式碼’也就是’函數的認證模組3839之實施,包含 在—執行期間可載入模组例如與微軟公司所生產的作業系 統一起使用的 dl[檔案。在4609,管理人定義認證方法指 不他或她正以哪一函數運作;在46丨丨,管理人指示.du樓 案的名稱包含那些函數。在4613的那些設定和查詢參數 4615是對目前在4609所敘述的函數。在4613,管理人指示 函數的結果是否爲認證所需要,和VDR服務3813是否要將 此結果包括在它作的網路使用者識別程式中,以代表策略 評估。 參數的清單4615敘述如果要認證使用者' 和找出判斷使 用者是否爲一經由LDAP協定可存取的目綠中之—自訂認 證使用者群組的成員所必需的資訊,必須提供到函數的資 訊。清單上的每一參數有一名稱(4617),一數値(4619), 一資料型態(4621) ’和一説明(4623)。參數數値可以三種 方式救述: 經濟部智慧財產局員工消費合作社印製 •當成常數,舉例來説埠號碼”389” • 當成要由使用者提供用在認證使用者中的數値,由表 示法$ { &lt;變數名稱&gt; }敘述,舉例來説{ PWD},其爲一 由使用者提供的密碼; • 當成要比對的樣式,萬用字元以*指示。因此,參數 -159- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 4648 1 2 五、發明說明(157)5. Description of the invention (说明 56). In a preferred embodiment, the authentication method is implemented as a function or functions. The first function in this method is started by the authentication coordinator 3829. The other functions in this method are started during the execution of that function. The implementation of those function codes, that is, the authentication module 3839 of the function, includes modules that can be loaded during execution, such as the dl [file used in conjunction with the operating system produced by Microsoft Corporation. At 4609, the administrator defines the authentication method to which function he or she is operating; at 46, the administrator instructs the name of the .du building to include those functions. The settings and query parameters 4615 at 4613 are for the functions currently described at 4609. At 4613, the administrator indicates whether the result of the function is required for authentication, and whether the VDR service 3813 will include this result in its network user identification program to represent the policy evaluation. The list of parameters 4615 describes if the user is to be authenticated and to find out whether the user is one of the goals accessible through the LDAP protocol—the information necessary to customize the user group membership must be provided to the function Information. Each parameter on the list has a name (4617), a number (4619), a data type (4621) 'and a description (4623). The parameter number can be saved in three ways: Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs • As a constant, for example, the port number "389" $ {&Lt; variable name &gt;} description, for example {PWD}, which is a password provided by the user; • As a pattern to be compared, wildcard characters are indicated by *. Therefore, the parameter -159- This paper size applies to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) 4648 1 2 V. Description of the invention (157)

AtributeSearch可透過經由LDAP存取的目錄項目所傳回 的任何屬性比對。 圖47展示在4701 —自訂認證型態如何與一資訊集相關 聯,和一認證格式3807如何與一自訂認證型態相關聯。螢 幕4703表示需要特別認證的型態名爲Authenticated資訊集 的一階層架構;對一名爲Neptune的服務之型態中的一種是 LDAP Bind ’ 在 4705。項目 4705 代表對 Neptune 和 LDAP Bind的認證模組3839。在往下的下一層次(4707)是一由 WS//BindNeptune. html所敌述的資訊集。WS以哪一資訊集 可存取和BindNeptune. html資訊集本身指示應用程式。想 要存取這個資訊集的使用者必須被認證,且必須是經由 LDAP Bind自訂認證方法判斷可存取此資訊集的使用者群 组之成員。當然,如果這要運作,由正嘗試存取 BindNeptune.html的使用者所用的應用程式38〇3之插入模 組3805,必須有對認證使用者所必需的資訊之認證格式 3807,在此情況’判斷使用者的使用者識別和密碼是否允 許使用者存取BindNeptune. html。敘述在4709。最後,鸯 幕4711,敘述資訊可從應用程式WS取回的方式;再—次, 使用樣式比對;如除了 URL攔位以外的所有欄位中之那些 經濟部智慧財產局員工消費合作社印製 星號所指示,應用程式WS唯一的需求是使用者存取網頁 BindNeptune.html 〇 在圖47中看到的存取控制系統之其他特徵是 WS//BindNepUme.html定義一虚擬的網路词服器,也就 是,給對資訊集的存取之任何數目的此種應用程式可相同 -160- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) /16 4 8 1 2 A7 B7 五、發明說明(158 ) 的實體機器上執行,只要那些應用程式有不同的Ip位址、 埠號碼、及/或網際網路名稱。此外,如可從螢幕011中的 Action欄位看到’ 一資源定義可能包括—HTTP動詞,而對 資源的存取可能限制在由此動詞所提供的。最後,在SSL 協定中可敘述使用的鍵之長度。 經濟部智慧財產局員工消費合作社印製 圖4 8表示一使用者群組如何可與一自訂認證型態存取方 法相關聯,和如何可讓一存取策略使得與自訂認證型態相 關聯的使用者群組存取與自訂認證型態相關聯的資訊集。 表示那些使用者群組的視窗是在4805 ;使用者群组階層地 定義,且在此有認證的使用者群组,也就是,使用特別的 認證方法之使用者群组。在那個使用者群組之下是對 BindNeptune有存取權力的使用者群组,而在那個使用者群 組之下是其成員是使用由LDAP Bind自訂認證型態取回的 資訊判斷的使用者群組4807。樣式敘述對由LDAP Bind所 查詢的目錄有存取權力的使用者必須有的參數數値指示在 此項目中;在此,那些星號指示有一名稱和一電話號碼在 目錄中的任何人是使用者群組LDAP Bind的一成員。視窗 4809表示資訊集;在4709是BindNeptune. html資訊集的項 目,其需要對存取使用LDAP Bind。表示存取策略的視窗 是在4801 ;存取策略4803指示屬於LDAP Bind的資訊集(其 包括由應用程式WS所提供的資訊集)可由使用者群组LDAP Bind存取,其使用自訂認證型態LDAP Bind。 自訂認證型態定義的實施4403 :圖49- 50 爲了確保與其中實施了自訂認證的存取控制系統之現存 -161 - 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 4648 1 2 A7 B7_______ 五、發明說明(159 ) 版本的相容性’在一較佳具體實施例中的自訂認證型態定 義使用策略資料庫中先前存在的表列。那些表列是智慧卡 型態和智慧卡定義表列,顯示在圖13A中的1323,而那些 代理定義和代理參數表列,顯示在圖17B和17C中的1709。 每一自訂認證型態在SmartCard型態表列中有一列,如在 4 9 01所顯示。此列敘述自訂認證型態的—型態識別4 9 〇 3、 它的名稱4905、和一註解4907指示它的目的。認證型態的 έ忍澄方法使用一列定義在代理定義表列中,如在4909所顯 示’而代理參數定義表列中的列’如在5〇〇 1所顯示。在 SmartCard型態表列中的列和型態的方法之定義間的關係, 是由列4909的欄位4913中LDAPBind、和列4901的糊位4805 中LDAPBind的使用建立。列4909的其他欄位包括欄位 4911 ’其爲方法的一識別號碼,欄位4915,其爲那方法的 —説明’和攔位4917 ’其敘述代理參數定義表列5〇〇1中用 來定義認證方法的列之數目。 經濟部智慧財產局員工消費合作社印製 以代理參數定義表列5001繼續,所顯示的那些列定義 LDAPBind自可認證型態的方法。列5〇〇丨敘述使用在認證協 調器3829和那些相關的認證模组3839及/或側窝掏取介面 3841中的一組參數5002。每一列在欄位5〇〇3中有它自己的 識別號碼’列4909的識別號碼在欄位5005中,其使此列和 它的代理定義相關聯,一名稱襴位5〇〇7,其指示在方法中 參數的使用,一説明欄位其描述參數,和—數値爛位其包 含參數的數値。在此應該注意在參數5〇〇2中的參數之重要 性,完全依據那些使用它們的模組而定。 -162- 本紙張尺度適用中國國家標準(CNS)A4規輅(210 χ&quot;^97公釐) 5 4 8 1 2 A7 ____B7__ 五、發明說明(16〇 ) -組參數可能包括參數的許多子集。在大部份情形下, 參數的一子集描述對一外部資料來源的一查詢,其由一認 證模組3830或一側寫擷取介面3841提出。在一參數子集的 參數中所傳回的數値’可能當成以下參數子集的參數使 用。參數集5002有二個如此的子集,稱爲,顯示在 训7,和Step2,顯示在5{)25。將只詳細解釋以咖。從參 數集5002的頂端開始,列5〇13指示代表提供參數集5〇〇2到 一認證模組、或侧窝擷取模組的存取請求之網路使用者識 別程式,將有效2580秒;列5015指示有二個參數子集,稱 爲Stepl和SteP2。Stepl中的所有列在欄位5〇〇7中都有 Step 1 /&lt;步騍名稱 &gt; 格式的名稱。 經濟部智慧財產局員工消費合作社印製 以Stepl詳細地繼續,stepi的參數定義對[][^1&gt;目錄的一 查珣,假使userlD和密碼由正在進行存取請求的使用者提 供,將傳回職員的房間號碼、工作電路、和電子郵件地 址。使用者經由LDAP Bind的認證格式3S07提供userID和 密碼’且如果user〗D和密碼給使用者對目錄的存取權力, 使用者已經被認證。由在5〇16的那些列開始,這些列敘述 將執行此步骑和它的dll之函數的名稱。在5〇丨9的列指示由 Stepl所執行的查詢之結果,應該包含在代表存取請求的網 路使用者識別程式中。下一列指示在副程式傳回—結果指 不失敗之前,查詢的執行應採取的最長時間。帶有名稱 Stepl\port、Server、UserDN、和 UserPWD的那些列,包含 找出和存取LDAP目錄所需要的參數數値。應該注意最後 二列的那些數値,是由使用者經由認證格式3807提供的那 -163- 本紙張尺度適用中國國家標準(CNS)A4規格&lt;210 X 297公《 ) G 經濟部智慧財產局員工消費合作社印製 4 ιε Α7 Β7 五、發明說明 些。在502 1的那些列指示將由對LDAP目綠的查詢所傳回 的那些參數數値;就是這些所傳回的數値將用來判斷進行 請求的使用者是否是有存取權力的使用者群組之一部份。 最後,在Smartcard定義表列中的列5025,負貴定義屬於 其會員資格至少部份由LDAP Bind自訂認證型態決定的一 使用者群组之使用者。在5027看到列的識別號碼;在5029 發現使用者的名稱;攔位503 1包含列4091的識別而因此指 示使用者是由LDAP Bind認證。在5033是如果一使用者要 認證爲使用者湯尼Μ,指示必須與由LDAP Bind方法從目 錄所獲得的屬性數値相符之樣式的 &lt; 屬性,數値 &gt; 對清單。 對標準化的策略伺服器之自訂使用者資訊檢復和查詢介 面:圖4 1 虛擬的?〇二1€丫丑¥八乙表列中列4101的欄位4117和4151到 4167,提供自訂使用者資訊檢復的較佳具體實施例中之一 查詢介面。這些攔位的内容在上面圖41的討論中詳細地解 釋。除了 Identity 4117和Cookie 4157以外的所有欄位都是 只有選擇的:Cookie糊位不是Where就是Select。在此,只 有下列有關那些攔位會被指出: • Identity 4117,當用在一個SELECT子句中時,傳回使 用者的身分之眞實數値到允許策略之元件2609 ;當用 在一 WHERE子句中時,它與它本身型態的一描述元一 起提供由允許策略之元件2609對一特定的自訂認證型 態所收集的使用者識別資訊到VDB服務3 8 13,其接著 把它傳遞到認證協調器3829。 請 先 閱 讀 背 面 之 注 意 事 項 再 填 % 本 頁 裝 訂 -164- 本紙張又度適用中國國家標準(CNS)A4規格(210 x 297公釐) 五 經濟部智慧財產局員工消費合作社印製 發明說明(162) • MaybeList 4151是當評估器2036發現判斷一使用者對 一資源是否有存取權力需要一或更多自訂認證的群组 中使用者的會員資格已決定時,它所傳回的自訂認證 型態之清單。 • AttributeName 4153和 AttributeValue 4155是由執行一自AtributeSearch can match any attribute returned by a directory entry accessed via LDAP. Figure 47 shows how at 4701-a custom authentication type is associated with a set of information, and how an authentication format 3807 is associated with a custom authentication type. A screen 4703 indicates a type of hierarchical structure called Authenticated Information Set that requires special authentication; one of the types of a service that is Neptune is LDAP Bind ′ at 4705. Item 4705 represents the authentication module 3839 for Neptune and LDAP Bind. At the next level down (4707) is a set of information hosted by WS // BindNeptune.html. The information set that WS can access and the BindNeptune.html information set itself indicates the application. Users who want to access this information set must be authenticated, and they must be members of a user group determined by LDAP Bind's custom authentication method to have access to this information set. Of course, if this is to work, the plug-in module 3805 of the application 3803 used by users who are trying to access BindNeptune.html must have the authentication format 3807 for the information necessary to authenticate users, in this case ' Determine if the user ’s user ID and password allow the user to access BindNeptune. Html. Narrated at 4709. Finally, curtain 4711 describes the way in which information can be retrieved from the application WS; once again, using style comparisons; such as those printed by the Ministry of Economic Affairs ’Intellectual Property Bureau employees’ consumer cooperatives in all fields except URL blocks The asterisk indicates that the only requirement of the application WS is that the user accesses the webpage BindNeptune.html. 〇 Another feature of the access control system seen in Figure 47 is that WS // BindNepUme.html defines a virtual network servlet , That is, any number of such applications giving access to the information set may be the same -160- This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) / 16 4 8 1 2 A7 B7 5. Invention description (158) is executed on a physical machine as long as those applications have different IP addresses, port numbers, and / or Internet names. In addition, as can be seen from the Action field on screen 011-a resource definition may include-HTTP verbs, and access to resources may be limited to what is provided by this verb. Finally, the length of the keys used can be stated in the SSL protocol. Printed by the Intellectual Property Bureau Employee Consumer Cooperative of the Ministry of Economic Affairs Figure 4 8 shows how a user group can be associated with a custom authentication type access method, and how an access policy can be related to a custom authentication type Associated user groups access the collection of information associated with the custom authentication type. The windows representing those user groups are defined in 4805; user groups are hierarchically defined, and there are authenticated user groups, that is, user groups that use special authentication methods. Under that user group is a user group that has access to BindNeptune, and under that user group is a member whose use is judged by the information retrieved by the LDAP Bind custom authentication type Group 4807. The parameter stating that the user who has access to the directory queried by LDAP Bind must have is indicated in this entry; here, those asterisks indicate that a person with a name and a phone number in the directory is the user A member of the group LDAP Bind. Window 4809 represents the information set; at 4709 is the BindNeptune. Html information set item, which requires LDAP Bind for access. The window representing the access policy is at 4801; the access policy 4803 indicates that the information set belonging to the LDAP Bind (which includes the information set provided by the application WS) can be accessed by the user group LDAP Bind, which uses a custom authentication type LDAP Bind. Implementation of Custom Authentication Type Definition 4403: Figure 49- 50 In order to ensure the existence of the existing access control system with custom authentication implemented in it -161-This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 public) (Centi) 4648 1 2 A7 B7_______ 5. Compatibility of the Version of the Invention (159) The definition of the custom authentication type in a preferred embodiment uses a list that previously exists in the policy database. Those lists are smart card type and smart card definition lists, shown in 1323 in FIG. 13A, and those agent definition and agent parameter lists are shown in 1709 in FIGS. 17B and 17C. Each custom certification type has a column in the SmartCard type table, as shown in 4 9 01. This column describes the type of custom authentication—type recognition 4 903, its name 4905, and a note 4907 indicating its purpose. The authentication method uses a column defined in the proxy definition list, as shown in 4909, and the column in the proxy parameter definition list, as shown in 501. The relationship between the column and type method definitions in the SmartCard type table is established by the use of LDAPBind in column 4913 of column 4909 and LDAPBind in paste 4805 of column 4901. The other fields of column 4909 include field 4911 'which is an identification number for the method, field 4915, which is the method-description', and block 4917 'which describes the proxy parameter definition table used in column 5001. The number of columns that define the authentication method. Printed by the Employees' Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs. Continue with the proxy parameter definition table column 5001. The columns shown define the LDAPBind self-authenticated method. Column 5OO describes a set of parameters 5002 used in the authentication coordinator 3829 and those related authentication modules 3839 and / or side socket extraction interface 3841. Each column has its own identification number in field 5003. The identification number of column 4909 is in field 5005, which correlates this column with its proxy definition. A name is field 5000, which Indicate the use of parameters in the method, a description field describing the parameters, and-the number of bits containing the number of parameters. It should be noted here that the importance of the parameters in parameter 50002 depends entirely on those modules that use them. -162- This paper size applies the Chinese National Standard (CNS) A4 regulations (210 χ &quot; ^ 97 mm) 5 4 8 1 2 A7 ____B7__ 5. Description of the invention (16〇)-The group parameters may include many subsets of the parameters . In most cases, a subset of the parameters describes a query to an external data source, which is proposed by an authentication module 3830 or a write-on-write interface 3841. The number 値 ′ returned in the parameters of a parameter subset may be used as the parameters of the following parameter subset. Parameter set 5002 has two such subsets, called, shown in training 7, and Step2, shown in 5 {) 25. Only the coffee will be explained in detail. Starting from the top of the parameter set 5002, the column 5013 indicates the network user identification program that provides the access request for the parameter set 502 to an authentication module or side socket extraction module, which will be valid for 2580 seconds. Column 5015 indicates that there are two parameter subsets, called Stepl and SteP2. All the columns in Stepl are listed in the field 5007. Step 1 / &lt; Step name &gt; The name of the format. The Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs printed the details in Stepl. The parameter definition of stepi is a check of the [] [^ 1 &gt; Return the employee's room number, working circuit, and email address. The user provides userID and password ’via the LDAP Bind authentication format 3S07 and if user [D] and password give the user access to the directory, the user has been authenticated. Beginning with the columns at 5016, these columns describe the names of the functions that will perform this step and its dlls. The column 5〇 丨 9 indicates that the results of the query performed by Stepl should be included in the network user identification program representing the access request. The next column indicates the maximum time the query should take to execute before the subroutine returns—results indicate no failure. The columns with the names Stepl \ port, Server, UserDN, and UserPWD contain the number of parameters needed to find and access the LDAP directory. It should be noted that those numbers in the last two columns are those provided by the user via the authentication format 3807. -163- This paper size is applicable to the Chinese National Standard (CNS) A4 specification &lt; 210 X 297 public ") G Intellectual Property Bureau, Ministry of Economic Affairs Printed by employee consumer cooperatives 4 ιε Α7 Β7 5. Some explanations of the invention. The columns at 5021 indicate the number of parameters that will be returned by the LDAP query; these numbers will be used to determine whether the requesting user is a user group with access rights Part of the group. Finally, in the Smartcard definition list, column 5025 defines the user belonging to a user group whose membership is at least partially determined by the LDAP Bind custom authentication type. The column's identification number is seen at 5027; the user's name is found at 5029; block 5031 contains the identification of column 4091 and thus indicates that the user is authenticated by LDAP Bind. At 5033, if a user is to be authenticated as the user Tony M, a list of &lt; attributes, numbers &gt; indicating a pattern that must match the number of attributes obtained from the directory by the LDAP Bind method. Custom user information review and query interface for standardized policy server: Figure 4 1 Virtual? 〇21 € Aug ¥¥ B The columns 4101 and 4151 to 4167 in column 4101 provide one of the preferred embodiments for customizing user information review and query interface. The contents of these stops are explained in detail in the discussion of Figure 41 above. All fields except Identity 4117 and Cookie 4157 are only selectable: Cookie paste is either Where or Select. Here, only the following relevant barriers will be indicated: • Identity 4117, when used in a SELECT clause, returns the user's identity from the real number to the allowed policy element 2609; when used in a WHERE sub In the sentence, it together with a descriptor of its own type provides the user identification information collected by the allowable policy element 2609 to a specific custom authentication type to the VDB service 3 8 13 which then passes it Go to Authentication Coordinator 3829. Please read the notes on the back first and then fill in%. Binding on this page -164- This paper is again applicable to the Chinese National Standard (CNS) A4 (210 x 297 mm). 5. Inventory Statements printed by the Consumers ’Cooperative of Intellectual Property Bureau of the Ministry of Economy 162) • MaybeList 4151 is the self-evaluation returned by the evaluator 2036 when it finds that the membership of a user in a group that requires one or more custom authentications to determine whether a user has access to a resource Order a list of certification types. • AttributeName 4153 and AttributeValue 4155 are implemented by

訂認證型態的方法所傳回的 &lt; 屬性名稱,數値 &gt; 對中的 單獨一個。如果那些方法傳回超過一個此種對,將會 有每一此種對的一列4 1 〇 1傳回。如果那方法如此敘 述,此對將包含在卷宗中D • Cookie 4157是由VDB服務3813所作、且在一使用者對 一資源第一次存取時傳回到允許策略的元件26〇9之網 路使用者識別程式,且由允許策略的元件26〇9在後續 的存取時提供到VDB服務3 813 ; —自訂認證型態的方 法可能敘述要包含在網路使用者識別程式中的資訊。 • IdentityNumber4159是一順序號碼,當多於一個使用 者的身分需要認證時讓認證協調器3829能追跋一使用 者的身分。 • IdentitylsValid 4163指示使用者的認證對一特定自訂認 證型態成功是否是必需的。如果它是,敘述在自訂認 證型態的方法中用來包含在網路使用者識別程式及/或 卷宗中的那些數値,將會進入使用者的網路使用者識 別程式及/或卷宗。 自訂使用者資訊檢復的範例:圖5卜53 在下列範例中,一使用者請求對資訊資源WS : -165- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐〉 -----------ί 裝 --------訂--------- (請先閱讀背面之注意事項再填寫本頁) 46 4 b A7 __ B7 五、發明說明(163) //BindNeptune.html的存取。允許Bind Neptune使用者群组 的成員對此資訊資源的存取,如策略48〇3所示。Bind Neptune中的會貝資格經由對LDAP Bind自訂認證型態所定 義的方法判斷。如圖5〇中的代理參數定義表列5〇〇1所示, 那個方法執行一查詢,其使用想要進行存取的使用者之使 用者識別和密碼。如果使用者識別和密碼給與對LDAp目 綠資料庫的存取權力,查詢傳回使用者的房間號碼、工作 電4f、和電子郵件地址。任何或所有這些數値可用來定義 一使用者群組中的會員資格;如在4807顯示,只有工作電 話用來定義Bind Neptune中的會員資格,對有一電話號碼 在LDAP目錄資料庫中的任何使用者成爲此使用者群组的 一成貝。對WS ·· &quot;BindNeptune. html有存取權力的一使用 者可因此定義如下: UG : Bind Neptune UG Membership : telephoneNumber= * (在所查詢的資料 庫/目錄之一個當中所定義的任何telephoneNumber屬性) 使Bind Neptune使用者群组的一成員之使用者存取ws : //BindNeptune.html包括下列步驟: 經濟部智慧財產局員工消費合作社印製 1. 使用者在使用者的Web瀏覽器中輸入資源的 URL(http* //pluto. interdyn. com/BindNeptune. html); 2. 網路伺服器3803接收請求並呼叫ppi 3805 : 3. PPI 3805對PS 2617進行查詢,提供資源説明等; 4. VDB服務3813接收查詢並呼叫評估器2036。評估器 2036以可能允許使用者存取所請求的資源之MAYBE回 -166- 本纸張尺度適用中國國家標準(CNS)A4規格(210 X 297公鏟) d6 4b A7 B7 五、發明說明(164) 應、和自訂認證型態回應; 5. VDB服務 3813送回 MAYBE和 auth型態到 ρρι 3805 ; 6. PPI 3805從3807( i)載入對這個自訂認證型態配置的 HTML,並在使用者的瀏覽器中顯示此格式; 7. 使用者談入所請求的資訊並送出格式; 8. 伺服器3 803接收帶有所請求的資訊之派任,並呼叫ρρι 3805以處理; 裝 9. PPI 3805以所請求的資訊查詢VDB服務38 1 3 ; 10. VDB服務3813提供自訂認證型態和資訊給認證協調器 3 829,其呼叫LDAP Bind自訂認證型態的認證模組 3 839( a),並提供模組配置的/傳遞的資訊; 訂 11 _認證模組3839( a)以所供應的使用者名稱/密碼限制 LDAP目綠3843(a),並對目綠查詢那個使用者的屬 性。認證成功碼和屬性的清單送回到認證協調器 2839 ’其接著將它們傳回給VDB服務3813 ; 12. VDB服務3813以使用者名稱和屬性呼叫評估器2036。 汗估'器2〇36根據〖〇16011〇1161^11111匕61:屬性和割覽器上對&quot;設 定”的網路使用者識別程式傳回ALLOW ; 經濟部智慧財產局員工消費合作社印製 13. VDB服務3 8 13傳回允許到ΡΡΙ 3 805,其顯示本來所請 求的頁面。 在上述範例中,由自訂認證型態所定義的方法,只使用 對LDAP資料庫查詢所傳回的那些屬性來判斷使用者群組 會員資格;在其他自訂認證型態中所敌述的那些方法,可 將其他查詢所傳回這些屬性的—些或所有與其他屬性放置 ___ -167- 本紙張尺度適用中國國家標準(CNS)A4規格⑽χ 297公笼) 4848 1 2 A7 B7 經濟部智慧財產局員工消費合作社印製 五、發明說明(165) 在一卷宗3803中,以傳回到應用程式3803。在此處應進— 步指出的是,本發明的一較佳具體實施例實施在一價値 3000美元的NT伺服器成上,且一秒可對50- 100個使用者執 行上面描述的那些步驟。那些步驟可以此速度執行之主要 理由是,策略資料庫3 825中编譯過的MMFs 2301的使用, 如本專利申請案的母案之母案中所描述。 繼續更多細節,當PPI 3805接收URL,並進行上述第3步 驟中的查詢時,查詢看起來就像: select Cookie, IdentitylsValid, IsAllowed, reasoncode, maybelist, cookiemodified from policyeval where sourceip= ' 192. 168, 36.215' and application=' WS' and resource= 1 BindNeptune. html&amp;GET&amp; 192.168.36. 217&amp; pluto. interdyn. com&amp; 80&amp; 0' and includeeval= 1Y1 and includeidentitystore=' Y' and askclientforidentities='N' 在上述查詢中使用者可由其認證、且他或她的使用者群 組會員資格可由其判斷的資訊,只是S〇UrCeip中的使用者 之IP位址。使用者對其請求存取的資源是由請求存取的應 用程式,WS所定義’ URL由使用者提供,而來自WS的説 明由URL所敌述對網頁所請求的運作是HTTP GET運作。 168- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公爱) n 失 閱 背 之 注 項 再 填 寫 頁 裝 訂 織 A7 464812 __B7____ 五、發明說明(166 ) 策略插入模組3805以它可查詢的標準化策略伺服器2617之 一清單配置;策略插入模组3805以平衡清單上那些策略伺 月艮器的負載之方式選擇一標準化的策略伺服器2617,並把 查詢送到那個策略伺服器。 如果允許存取,對查詢的回應將包含一網路使用者識別 程式,將指示使用者的身分是否有效,對有效的身分給一 理由,且如果取得存取變成包括一自訂認證型態將包括一 也許清單。事實上包括了一自訂認證型態,所以回應看起 來像:The &lt; attribute name, number &gt; pair returned by the method that specifies the authentication type is a single one. If those methods return more than one such pair, there will be a row of 4101 for each such pair. If the method is described as such, the pair will be included in the dossier. D • Cookie 4157 is made by VDB service 3813 and is returned to the element of permission policy 2609 when a user first accesses a resource. User identification program, and provided to the VDB service 3813 by subsequent policy access elements 2609;-a method of customizing the authentication type may describe the information to be included in the network user identification program . • IdentityNumber4159 is a sequential number that allows authentication coordinator 3829 to trace the identity of a user when the identity of more than one user requires authentication. • IdentitylsValid 4163 indicates whether user authentication is required for the success of a particular custom authentication type. If it is, describe those data that are included in the network user identification program and / or file in the method of custom authentication type, and will enter the user's network user identification program and / or file . Example of custom user information review: Figure 5b53 In the following example, a user requests information resources WS: -165- This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm> ----------- ί Install -------- Order --------- (Please read the notes on the back before filling this page) 46 4 b A7 __ B7 V. Description of the invention (163) // Access to BindNeptune.html. Allow members of the Bind Neptune user group to access this information resource, as shown in policy 4803. The qualification of Bind Neptune through LDAP Bind defines the method defined by the custom authentication type. As shown in the proxy parameter definition table 501 in Figure 50, that method executes a query that uses the user of the user who wants to access Identification and password. If the user identification and password give access to the LDAp green database, the query returns the user's room number, work code, and email address. Any or all of these data can be used to define Membership in a user group; as shown in 4807, only work phone is used to define Bind Neptune Membership in the LDAP directory database for any user who has a phone number becomes 10% of this user group. A user who has access to WS ·· &quot; BindNeptune. Html can be defined accordingly As follows: UG: Bind Neptune UG Membership: telephoneNumber = * (any telephoneNumber attribute defined in one of the queried databases / directories) enables users of a member of the Bind Neptune user group to access ws: // BindNeptune.html includes the following steps: Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs 1. The user enters the URL of the resource in the user's web browser (http * // pluto. Interdyn. Com / BindNeptune. Html); 2 The web server 3803 receives the request and calls ppi 3805: 3. PPI 3805 queries the PS 2617, provides resource descriptions, etc. 4. VDB service 3813 receives the query and calls the evaluator 2036. The evaluator 2036 may allow the user to save Take the requested resource MAYBE back to -166- This paper size applies Chinese National Standard (CNS) A4 (210 X 297 male shovel) d6 4b A7 B7 V. Description of the invention (164) And custom authentication type response; 5. VDB service 3813 returns MAYBE and auth types to ρρι 3805; 6. PPI 3805 loads the HTML configured for this custom authentication type from 3807 (i), and This format is displayed in the browser; 7. The user talks in the requested information and sends the format; 8. The server 3 803 receives the assignment with the requested information, and calls ρρι 3805 for processing; Install 9. PPI 3805 Query the VDB service 38 1 3 with the requested information; 10. The VDB service 3813 provides a custom authentication type and information to the authentication coordinator 3 829, which calls the LDAP Bind authentication module 3 839 with a custom authentication type (a) , And provide the module configuration / delivery information; order 11 _authentication module 3839 (a) to restrict the LDAP target green 3843 (a) with the supplied username / password, and query the user's attributes for the target green . The list of authentication success codes and attributes is sent back to the authentication coordinator 2839 'which then passes them back to the VDB service 3813; 12. The VDB service 3813 calls the evaluator 2036 with the username and attributes. Khan estimate device 〇36 is returned to ALLOW according to 『〇16011〇1161 ^ 11111 匕 61: Attributes and browser settings &quot; settings &quot; Internet user identification program; Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs 13. VDB service 3 8 13 returns permission to PPI 3 805, which displays the originally requested page. In the above example, the method defined by the custom authentication type uses only the information returned by querying the LDAP database Those attributes to determine user group membership; those methods described in other custom authentication types can return some or all of these attributes returned by other queries ___ -167- this Paper size applies Chinese National Standard (CNS) A4 specification ⑽χ 297 male cage) 4848 1 2 A7 B7 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 5. Description of the invention (165) In a file 3803 to be returned to the application 3803. It should be further pointed out here that a preferred embodiment of the present invention is implemented on an NT server priced at $ 3,000, and one second can perform the above-mentioned operation for 50-100 users Those steps. The main reason that these steps can be performed at this speed is the use of the compiled MMFs 2301 in the Strategy Database 3 825, as described in the parent case of the parent case of this patent application. Continue more details when PPI 3805 receives URL and the query in step 3 above, the query looks like: select Cookie, IdentitylsValid, IsAllowed, reasoncode, maybelist, cookie modified from policyeval where sourceip = '192. 168, 36.215' and application = 'WS' and resource = 1 BindNeptune. html &amp; GET &amp; 192.168.36. 217 &amp; pluto. interdyn.com &amp; 80 &amp; 0 'and includeeval = 1Y1 and includeidentitystore =' Y 'and askclientforidentities =' N ' And the information that can be judged by his or her user group membership is only the IP address of the user in S0UrCeip. The resource that the user requested to access is the application that requested the access, WS The 'defined URL' is provided by the user, and the description from the WS is hosted by the URL. The operation requested by the webpage is an HTTP GET operation. 168- This paper size is in accordance with Chinese National Standard (CNS) A4 (210 X 297 public love) n Missing the back note and fill in the page binding weaving A7 464812 __B7____ 5. Description of the invention (166) Strategy inserting module 3805 uses it List configuration of one of the queryable standardized policy servers 2617; the policy insertion module 3805 selects a standardized policy server 2617 by balancing the load of those policy servers on the list, and sends the query to that policy server . If access is allowed, the response to the query will include a web user identification program that will indicate whether the user's identity is valid, give a reason for a valid identity, and if access is changed to include a custom authentication type, Includes a possible list. In fact a custom authentication type is included, so the response looks like:

Cookie = ; IdentitylsValid = ;Cookie =; IdentitylsValid =;

IsAllowed = N : ReasonCode = 118 ;IsAllowed = N: ReasonCode = 118;

MaybeList = LDAP Bind ; CookieModified = N 對IdentitylsValid的無效數値指示使用者的認證沒有成 功;結果,沒有網路使用者識別程式傳回且沒有允許存取 權力。認證沒有成功的理由是包括了一自訂認證型態, LDAP Bind,而此自訂認證型態的名稱在也許清單中傳回。 經濟部智慧財產局員工消費合作社印製 策略插入模組3 805藉由送出型態LDAP Bind的認證格式 3 807( 1)到使用者’回應第一查詢的結果。格式38〇7( i)格 式化成如區域配置資訊38〇9所敘述。在一較佳具體實施例 中所使用的結果螢幕51 〇 1顯示在圖5 1中。從一遵循LDAP 協定的目錄請求關於一使用者的資訊,必須包括使用者的 使用者名稱和密碼;在5丨〇3和5丨〇5此格式收集資訊;當使 用者按下登入按鈕5 1 07時,此資訊送到PPI 3 805。 要處理在也許清單上有超過一個自訂認證型態名稱的情 ____ -169- 本紙張尺度適用中國國家標準(CNS)A4規格(210 χ 297公釐) 46^812 A7 B7 五、發明說明(167 ) 請 先 閱 讀 背 面 之 注 意 事 項 再 填 寫 本 頁 Λ ’ PPI 38〇5以自訂認證型態一排序過的清單配置;來自 也許清單的自訂認證型態由ΡΡΙ 3805依照它們出現在排序 過的清單上之順序一次處理一個。 ΡΡΙ 3805使用來自使用者的資訊對VDB服務3813進行一 新的查詢5201 ;那個查詢顯示在圖52中,而它的結果在圖 53中。査詢5201不同於對VDB服務3813的第一個查詢在於 增加了一新的攔位,即identity攔位5203。這個欄位的内容 包含VDB服務需要使認證協調器3829引起一認證模组3839 收集認證使用者所需要的使用者資訊、和允許評估器2〇36 判斷使用者是否屬於一其成員可存取資訊資源的使用者群 组的資訊。特別地,identity攔位5203包含在5204所尋找的 存取之資源的URL,將使用其方法的自訂認證型態的名稱 在5205,由使用者所提供的使用者名稱52〇7在認證視窗 5101中的5103,密碼5209提供在視窗5101中的51〇5,而使 待使用者名稱和密碼送出之動作的指示在5 211,即,使用 者按下螢幕上的按鈕5107。 VDB服務3813藉由處理WHERE子句欄位sourceip到 askclientforidenties回應查詢5201,然後並傳遞identity欄位 5203的内谷到過證協調器3829,其接著從策略資料庫3825 經濟部智慧財產局員工消費合作社印製 取來LDAP Bind自訂認證型態的代理參數定義5〇〇1,並使 用在襴位5207和5209中所敘述的使用者識別和密碼啓動其 中敘述的認證模組3839( i)。如參數定義5〇〇丨中所敌述,認 證模組3839(i)對LDAP伺服器執行一查詢,其傳回使用者 的房間號碼、工作電話號碼、和電子郵件地址。如在5〇23 -170- 本紙張尺度適用中國國家標準(CNS)A4規格(2W X 297公釐) A7 4648 1 2 B7 五、發明說明(168) 所敘述在參數集5002中,如果要認證使用者,查拘必須成 功。認證模組3839( i)對認證協調器3829指示查詢已經成 功,並傳回由查詢所傳回的資料到認證協調器3829。認證 模組3 839傳遞結果和所傳回的資料到vdB服務38 13,其提 供所傳回的資料給評估器2 〇 3 6,以使用在判斷使用者是否 屬於Bind Neptune使用者群組。在此,所傳回的資料包括 使用者的電話號碼,其是建立Bind Neptune中的會員資格 需要的所有資料’所以評估器2036對VDB服務381 3指示允 許存取= 經濟部智慧財產局員工消費合作社印製 現在VDB服務3813有進行查詢5201和傳回一結果需要的 所有資訊。結果5 301顯示在圖53中。大部份結果由Cookie 53〇3組成’其只有當存取請求成功時傳回。c〇〇kie 5303包 含存取請求的一説明’含有由使用者提供 '和由自訂認證方 法取回的使用者資訊。Cookie 5303進一步在5305包含一摘要 和標準化策略伺服器2617的數位簽章。這些元件使Cookie 5303的内容之變更可以發現,且使一策略伺服器2617可能 接受來自它承認其簽章的另一策略伺服器之一網路使用者 識別程式。在5309,結果指示已認證了使用者,在53 11已允 許存取,而由於已允許存取,MaybeList是空的,如在53 13所 指示。當策略插入模組3805接收上述結果時,它允許應用 程式 3803顯示頁面 http : //pluto. interdyn.com/BindNeptune.html。 卷宗 如從前面詳細的範例將可立刻顯而易見的,自訂認證方 法可定義來收集一使用者可經由一輸入裝置提供、或可從 -171 - 1本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公爱Γ A7 五、發明說明(169 ) 標準化策略飼服器2617可存取的—資訊㈣ 訊。在此範例中,從使用者所收集的資訊用來作〇 從LDAP目錄所獲得的資訊用來判斷一使用者群^使 者的會員資格,但沒有必要—定是這種情況。_自^$ 方法-樣可以只用來在使用者請求對一資源的存取時:集 關於-使用者的資訊’並把資訊提供給允許策略的元件 2_。此資訊可以來自-認證模组則或_侧寫擴取模組 3 841可進行查詢的任何資訊來源。 VDB服務38 13藉其將由一自訂認證模组所取回的資訊提 供到允許策略的元件2609之機制是卷宗38〇4。—卷宗只是 在查詢的欄位4153和4157中所傳回的屬性_數値^的^ 單。當由自訂認證方法所傳回的那些數値要包含在傳回到 允許策略的元件2609之卷宗中時,那事實以類似在5〇19的 指示之内容指示在對此方法的代理參數定義5〇〇丨中,由查 詢所傳回定義在Stepl 5017中的那些數値將成爲由查詢所 傳回的網路使用者識別程式的一部份。 積極的存取控制 經濟部智慧財產局負工消費合作社印製 到目前爲止的存取控制通常有一消極的目的一確定系統 的使用者只存取允許他或她看的那些資訊來源。然而,當 自訂使用者資訊檢復與標準化的策略伺服器結合時,結果 是存取控制的定義之延伸,以包括有積極目的之存取控制 ••也就是,不但確定使用者只存取允許他或她看的那些資 訊來源,而且也確定使用者存取對他或她最有可能有用或 喜好的那些資訊來源。 -172- 本紙張尺度適用中國國家標準(CNS)A4規格(210x297公釐) ^64812 A7 B7 五、發明說明(170) 一些範例將足以説明此原則: •在一多國公司中—職員資料庫可包括對每位職員此職 員最舒適的語τ ;當此職員請求存取一資訊來源時可 取回這個資訊,並當成此職員的卷宗3804之一部份傳 回到允許策略的7L件2609,然後它可使用那個資訊來 以適當的語言和在可能的地方提供—瀏覽器介面,以 提供資訊來源在較佳語言中的—個版本。 •網路商人可使用在此處描述的技術,使閒逛成爲網際 網路的同義語,並提升對經常飛行的人提供的航線。 當一客户存取商人的網站時,商人可檢查商人的資料 庫以判斷在最近六個月以來客户已完成多少生意,並 傳回總數到商人的網路伺服器。網路伺服器可使用此 總數來決定網頁外觀,決定價格折扣和其他的特價 品,以及移動活動到一即使在擁擠時間期間將保証使 用者快速回應的伺服器。 經濟部智慧財產局員工消費合作社印製 一最後的範例將顯示自訂使用者資訊檢復、和標準化策 略伺服器延伸認證和存取控制的概念之完整延伸。藉由— 標準化的策略伺服器和自訂使用者資訊檢復,人們可像這 樣實施一彩券:一存取策略定義在標準化策略伺服器中, 其給屬於lottery winner使用者群组的使用者對1〇Uery wirniing^#源的存取權力,其爲包含彩券獎金的一銀行帳 户如果與此使用者有關的won lottery屬性有數値,,γπ, 一使用者是lottery Winner使用者群组的一成員。對—特定 使用者此屬性的數値是由一 i〇ttery winner type自訂認證型 -173- 本紙張尺度適用+國园家標準(CNS)A4規格(210 X 297公釐) 4 6 4 8 12 A7 B7 五、發明說明(171 ) 態所定義之方法決定的。 一使用者藉由輸入lottery winnings資源的URL到他或她 的網路瀏覽器玩彩券遊戲;接收URL的彩券應用程式對 VDB服務3813進行一如上面描述的查詢;評估器2036判斷 其爲lottery winner使用者群組的一成員之某人可能有存取 權力且傳回lottery winner type名稱到彩券應用程式’其對 使用者輸出一視窗’要求使用者輸入一號碼。然後彩券應 用程式如上面所描述進行一第二查詢,其包括1〇ttery winner type名稱和從使用者所接收的號碼。vdb服務3813 傳遞lottery winner type名稱和此號碼到認證協調器3829,MaybeList = LDAP Bind; CookieModified = N. The invalid number of IdentitylsValid indicates that the user's authentication was unsuccessful; as a result, no network user identifier was returned and no access permission was granted. The reason for the unsuccessful authentication is to include a custom authentication type, LDAP Bind, and the name of this custom authentication type is returned in the maybe list. Printed by the Intellectual Property Bureau of the Ministry of Economic Affairs, Consumer Cooperatives, and inserts a policy inserting module 3 805 by sending an authentication format 3 807 (1) of type LDAP Bind to the user ’in response to the result of the first query. The format 3807 (i) is formatted as described in the area configuration information 3809. The resulting screen 5101 used in a preferred embodiment is shown in FIG. Request information about a user from a directory that complies with the LDAP protocol, which must include the user's username and password; collect information in the format 5 丨 03 and 5 丨 05; when the user presses the login button 5 1 At 0700, this information was sent to PPI 3 805. To deal with the case where there may be more than one custom certification type name on the list ____ -169- This paper size applies the Chinese National Standard (CNS) A4 specification (210 χ 297 mm) 46 ^ 812 A7 B7 V. Description of the invention (167) Please read the notes on the back before filling in this page Λ 'PPI 38〇5 is a list configuration sorted by custom certification type; custom certification types from the list may be sorted by PPI 3805 according to their appearance Processed lists are processed one at a time. PPI 3805 uses the information from the user to make a new query 5201 for VDB service 3813; that query is shown in Figure 52, and its results are shown in Figure 53. Query 5201 differs from the first query to VDB service 3813 in that a new stop, the identity stop 5203, was added. The content of this field contains the information that the VDB service needs to cause the authentication coordinator 3829 to cause an authentication module 3839 to collect the user information required by the authentication user, and to allow the evaluator 2036 to determine whether the user belongs to a member whose information is accessible. Information for the user group of the property. In particular, the identity block 5203 contains the URL of the access resource found in 5204. The name of the custom authentication type using its method is 5205, and the user name provided by the user is 5207 in the authentication window. 5103 in 5101, password 5209 is provided in 5105 in window 5101, and the instruction for the action to be sent by the user name and password is 5 211, that is, the user presses the button 5107 on the screen. The VDB service 3813 responds to the query 5201 by processing the WHERE clause field sourceip to askclientforidenties, and then passes the inner valley of the identity field 5203 to the certificate coordinator 3829, which then goes from the strategy database 3825 to the Intellectual Property Bureau employee consumption cooperative Print the proxy parameter definition 501 from the LDAP Bind custom authentication type, and use the user identification and password described in niches 5207 and 5209 to activate the authentication module 3839 (i) described therein. As described in the parameter definition 500, the authentication module 3839 (i) performs a query to the LDAP server, which returns the user's room number, work phone number, and email address. For example, in the 5023-170- this paper size applies the Chinese National Standard (CNS) A4 specification (2W X 297 mm) A7 4648 1 2 B7 5. The description of the invention (168) is described in the parameter set 5002. User, check must be successful. The authentication module 3839 (i) indicates to the authentication coordinator 3829 that the query has been successful, and returns the data returned by the query to the authentication coordinator 3829. The authentication module 3 839 transmits the results and the returned data to the vdB service 38 13, which provides the returned data to the evaluator 2 306 for determining whether the user belongs to the Bind Neptune user group. Here, the information returned includes the user's phone number, which is all the information needed to establish membership in Bind Neptune '. So the evaluator 2036 instructs VDB service 381 3 to allow access = the Intellectual Property Bureau of the Ministry of Economic Affairs employee consumption The cooperative prints that the VDB service 3813 now has all the information needed to perform a query 5201 and return a result. Results 5 301 are shown in FIG. 53. Most of the results consist of Cookie 53 03 'which is only returned when the access request is successful. 〇〇kie 5303 contains a description of the access request ‘contains user information’ and user information retrieved by a custom authentication method. Cookie 5303 further contains a digest and digital signature of standardized policy server 2617 at 5305. These components make changes to the content of Cookie 5303 discoverable and make it possible for a policy server 2617 to accept a web user identification program from one of the other policy servers that it acknowledges its signature. At 5309, the result indicates that the user has been authenticated, access has been allowed at 53 11, and MaybeList is empty because access is allowed, as indicated at 53 13. When the policy insertion module 3805 receives the above result, it allows the application 3803 to display the page http: // pluto. Interdyn.com/BindNeptune.html. The dossiers will be immediately obvious from the detailed example above. The custom authentication method can be defined to collect a user that can be provided via an input device, or can be from -171-1 This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 public love Γ A7 V. Description of the invention (169) Standardization strategy feeder 2617 can access—information information. In this example, the information collected from the user is used to make it from the LDAP directory. The information obtained is used to judge the membership of a user group ^ messenger, but it is not necessary-this must be the case. _ Since ^ $ method-this can only be used when a user requests access to a resource: set About-user information 'and provide the information to the allowed component 2_. This information can come from-authentication module or _ profile extension module 3 841 any information source that can be queried. VDB service 38 13 borrow Its mechanism for providing the information retrieved by a custom authentication module to the allowed policy element 2609 is dossier 3804.—The dossier is only the attribute _ 数 値 ^ returned in the fields 4153 and 4157 of the query ^ Single. When recognized by a custom When the data returned by the method are to be included in the dossier of the element 2609 that is returned to the allowed policy, the fact is indicated in the proxy parameter definition of this method with a content similar to that indicated in 5019. The data returned by the query as defined in Stepl 5017 will become part of the network user identification program returned by the query. Active Access Control Printed by the Consumers ’Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs Access control so far usually has a negative purpose-to make sure that the user of the system only accesses those sources of information that he or she is allowed to see. However, when custom user information review is combined with a standardized policy server, The result is an extension of the definition of access control to include access control with a positive purpose. That is, not only to make sure that the user only accesses those sources of information that he or she is allowed to see, but also that the user has access to him Or those sources of information that she is most likely to use or like. -172- This paper size applies to China National Standard (CNS) A4 (210x297 mm) ^ 64812 A7 B7 V. Invention (170) Some examples will suffice to illustrate this principle: • In a multinational company-the staff database may include the most comfortable language for each employee, τ; it can be retrieved when the employee requests access to a source of information This information is passed back as part of the staff's dossier 3804 to the 7L 2609 that allows the policy, and then it can use that information to provide it in the appropriate language and where possible—browser interface to provide the source of the information A version in a better language. • Internet merchants can use the techniques described here to make loitering synonymous with the Internet and improve routes offered to people who fly frequently. When a client accesses a merchant On the website, the merchant can check the merchant's database to determine how much business the customer has completed in the last six months, and return the total to the merchant's web server. Web servers can use this total to determine the look of the webpage, determine price discounts and other special offers, and move events to a server that will ensure a fast response from the user even during times of congestion. Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs A final example will show the complete extension of the concepts of custom user information review and standardized policy server extended authentication and access control. With — standardized policy server and custom user information review, people can implement a lottery ticket like this: An access policy is defined in the standardized policy server, which is given to users who belong to the lottery winner user group. 1〇Uery wirniing ^ # The access right of the source, which is a bank account that contains lottery bonuses. If the won lottery attribute associated with this user has a number ,, γπ, a user is a member of the lottery Winner user group. member. Yes—the number of this attribute for a specific user is a customized certification type of 〇ttery winner type -173- This paper size applies + National Garden Standard (CNS) A4 specification (210 X 297 mm) 4 6 4 8 12 A7 B7 5. It is determined by the method defined in the invention description (171) state. A user plays a lottery game by entering the URL of the lottery winnings resource into his or her web browser; the lottery application receiving the URL performs a query as described above on the VDB service 3813; the evaluator 2036 determines that it is a lottery winner Someone who is a member of the user group may have access and return the lottery winner type name to the lottery application 'It outputs a window to the user' and asks the user to enter a number. The lottery application then performs a second query as described above, which includes the 10ttery winner type name and the number received from the user. vdb service 3813 passes lottery winner type name and this number to authentication coordinator 3829,

其提供此號碼到此型態的認證模組3839。認證模组使用一 隨機數產生器來產生一號碼;如果它與使用者所輸入的相 同,認證模組3839對won lottery屬性傳回&quot;Yes&quot;的數値;否 則它傳回_,No”的數値。VDB服務3813提供此w〇n 1〇ttery屬 性的數値到評估器203 6,其使用它來判斷此使用者是否是 lottery Winner使用者群組的一成員。如果使用者是,vdB 服務3813傳回一結果指示此使用者有對1〇Uery winnings的 存取權力’且此使用者可轉移1〇ttery winnings中的總額到 他或她的個人銀行帳户。 經濟部智慧財產局員工消費合作社印製 結論 前面的詳細描述對與熟知詳細描述有關的該項技藝之人 士揭露,如何建構一存取控制系統,其中存取是藉由一 SQL查辞]對一虛擬的關聯式資料庫表列檢查,此表列對每 一潛在使用者/資訊資源组合包含—列,和如何提供存取控 -174- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 4648 1 2 A7 B7 五、發明說明(172: 經濟部智慧財產局員工消費合作社印製 =統LT里人用以定義存取控制系統如何與在哪裡收集 從尋求存取的使用者'和從内部或外部來源收集上: 來使使用者的身分有效’決定使用者在一使用者群组中的 會員資格,或提供關於使用者的任意額外資訊給允許策略 明人已進一步揭露目前他們所知道建構存取控 制系統的最佳模態。 =然在此處所揭露用以提出—中請案,彳—虚擬的資料 庫表列的技術在存取控制中特別地有利,纟中可能的使用 者&quot;資訊來源组合之集合可能非常大且時常是不可定義的, 它們可使用在別處讀供簡單和容易了解的介面给㈣ 器θ特别地,匕們可用來讓不使用存取策略的存取控制系 統得到益處,丨〃使用者群组和資訊集的彳式定義存取。 而雖用&amp;疋義存取控制系統如何與從哪裡收集和使 用資訊的技術與較佳具體實施例中所用的sql查詢介面良 好地運作,此技術也可應用在其他種類的存取控制系統 中。所必需的是將使用者關聯到方法定義的方法。 在此處所揭露本發明的眞實具體實施例,進一步爲本發 明實施,必須與此系統的較舊版本相容的現存系統之改^ 中的事實冰刻地影響。本發明的其他實施將同樣地爲那些 限制或缺乏所影響阻礙了那些設計者。而且,Sql當成查 询浯δ的選擇是有利的,因爲它的寬泛散佈,但並不是必 而的。其他的具體實施例可使用其他的查詢語言,且可模 擬其他的協定來存取遠端的資料庫。 H Λ U a 劳 &amp; 之 4 % 本 裝 訂 -175- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 464812 A7 B7 五、發明說明(173) 因此,在此處所揭露的原理之無數其他具體實施例是可 能的,而爲了那個原因,詳細説明應視爲所有可仿效的方 向而非限制’且本發明在此處所揭露的廣度不應從詳細説 明決定’而是從申請專利範圍以專利權法律所允許的完整 廣度解釋。 k u 誚 背 面 之 3 意 濘 填 寫 裝 訂 經濟部智慧財產局員工消費合作社印製 -176- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐)It provides this number to this type of authentication module 3839. The authentication module uses a random number generator to generate a number; if it is the same as that entered by the user, the authentication module 3839 returns the number "Yes" to the won lottery attribute; otherwise it returns _, No " The VDB service 3813 provides the number of this WON 1〇ttery attribute to the evaluator 2036, which uses it to determine whether this user is a member of the lottery Winner user group. If the user is, The vdB service 3813 returns a result indicating that the user has access to 10Uery winnings' and that the user can transfer the total amount of 10ttery winnings to his or her personal bank account. Bureau of Intellectual Property, Ministry of Economic Affairs Employee Consumer Cooperatives printed conclusions. The previous detailed description revealed to those who are familiar with the technology in detail. How to build an access control system, where access is through a SQL lookup.] On a virtual relational data Library list check, this list contains-columns for each potential user / information resource combination, and how to provide access control -174- This paper size applies to China National Standard (CNS) A4 specification (210 X 297 Mm) 4648 1 2 A7 B7 V. Description of the invention (172: Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs = used by people in the LT to define how and where the access control system is collected from users seeking access. And collecting from internal or external sources: to validate the user ’s identity 'determine the user's membership in a user group, or provide any additional information about the user to the allowance strategy, who has further disclosed that they currently have Know the best modalities for constructing an access control system. = Then the techniques disclosed in this article for filing—please,… —virtual database listing are particularly advantageous in access control. The set of user &quot; information source combinations can be very large and often undefinable. They can use a simple and easy-to-understand interface for the reader θ. In particular, daggers can be used to The access control system benefits, with user groups and information sets defining access in the same way. However, it does not matter how and where the access control system is collected and used. The information technology and the sql query interface used in the preferred embodiment work well. This technology can also be applied to other types of access control systems. All that is necessary is to associate the user with the method definition method. Here The actual embodiments of the present invention disclosed herein, further to the implementation of the present invention, are affected by the fact that the modification of the existing system which must be compatible with the older version of this system is scrupulously affected. Other implementations of the present invention will be equally for those Restrictions or lack of influence hinder those designers. Moreover, Sql is advantageous as a choice for querying 因为 δ, because it is widely distributed, but not necessary. Other embodiments may use other query languages, and may simulate other protocols to access remote databases. H Λ U a 4% of this binding -175- This paper size is applicable to Chinese National Standard (CNS) A4 (210 X 297 mm) 464812 A7 B7 V. Description of the invention (173) Therefore, it is disclosed here Countless other specific embodiments of the principle are possible, and for that reason, the detailed description should be regarded as all possible directions rather than limitations 'and the breadth of the invention disclosed herein should not be determined from the detailed description' but from the application The scope of patents is interpreted in the full breadth permitted by patent law. k u 之 3 of the back side Filling and binding Binding Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economy

Claims (1)

88008 ABaD 申請專利範圍 1. 一種用以在一查詢之後提供資訊的裝置,其中查詢和 回應有已經定義好的格式,查詢定址到至少具有一列 的一資料庫表列’每一列至少具有—且 具名的櫚位,查 詢至少包括一欄位名稱以敘述在回庙士 * t q應中要提供的資 訊、和從資料庫表列選取含有此資訊的 只成的—列又方式的 指示,此裝置包含: —虛擬資料庫服務;和 —要提供的資訊之資訊來源,其不你m H # +使用具名稱的欄 位來識別要提供的資訊, 虛擬資料庫服務接收查詢,使用in战 , _ 艰擇—列的方式之 指示以從資訊來源獲得要提供的資邙 與风,並在回應中提 供資訊, 裝置藉以提出由查詢所定址的格汰&gt; ^—虛擬資料庫 表列到查詢的一來源。 2. 如申請專利範圍第1項之裝置,其中: 選擇一列的方式之指示包括一選擇數値;和 資訊來源提供要提供在回應中的資訊之—元件,给 與多個數値相符、且可存取資訊來源的選擇數値和^ 式之間的一個。 經濟部智慧財產局員Η消費合作社印製 3. 如申請專利範圍第1項之裝置,其中: 查為疋足址資料庫表列的一 SQL查詢; 襴位名稱包含在查詢中的一 SELECT子句;和 選擇一列的方式之指示包含在查詢中的—where子 句0 -177- 本紙張尺錢@準(CNS)A4祕咖χ 00 8825 ABCD 4648 1 2 六、申請專利範圍 4. 如申請專利範圍第1項之裝置,其中: 資訊來源是一存取評估器,其決定一使用者是否可 存取一資訊資源; 選擇列的方式包括從哪一列可決定使用者和資訊資 源的資訊;和 所提供的資訊包括從資訊決定的使用者是否可存取 從其中決定的資訊資源之一指示Q 5. 如申請專利範圍第4項之裝置,其中: 存取評估器藉由考慮一或更多存取策略決定使用者 是否可存取資訊資源’每一存取策略指示一使用者群 組是否可存取一組資訊資源,當使用者所屬的使用者 群组之存取策略、且資訊資源所屬的資訊資源集合指 示是時,允許使用者對資訊資源的存取;和 選擇列的方式包含使用者在一使用者群組中的會員 資格可從其決定之關於使用者的會員資格資訊。 6. 如申請專利範圍第5項之裝置,其中: 存取評估器使用會員資格資訊來決定使用者在一使 用者群组中的會員資格。 7. 如申請專利範圍第6項之裝置,其中: 經濟部智慧財產局員工消费合作社印製 存取評估器判斷可能有一使用者群組,使得在此使 用者群組中的會員資格將給使用者對資訊資源的存取 權力;和 所提供的資訊指示在一進一步查詢中提供關於使用 者的進一步資訊之方法,從進一步查詢可決定在使用 -178- 本紙張尺度適用中固國家標準(CNS)A4規格(2扣x 297公釐) 4648 1 2 B8 C8 D888008 ABaD patent application scope 1. A device for providing information after a query, wherein the query and response have a defined format, the query is addressed to a database table with at least one column 'each column has at least-and named The query includes at least one field name to describe the information to be provided in the returning temple * tq response, and the only-row-to-row instructions from the database table that contain this information. This device contains : — Virtual database service; and — the source of the information to be provided, which you do not use. H # + use a field with a name to identify the information to be provided, the virtual database service receives the query, uses in war, _ difficult Optional—listing instructions to obtain the resources and wind to be provided from the information source, and provide information in the response, the device is used to propose the designation of the address specified by the query &gt; ^ —the virtual database is listed to the query source. 2. For the device in the scope of patent application, item 1, where: the instructions for selecting a row include a selection number; and the information source provides the information to be provided in the response—the component, which matches multiple numbers, and One of the choices 値 and ^ for accessing information sources. Printed by a member of the Intellectual Property Bureau of the Ministry of Economic Affairs and a Consumer Cooperative. 3. If the device of the scope of patent application is the first, where: a SQL query that looks up the database table of the full address database; a SELECT clause that contains the bit name in the query ; And the way of selecting a column of instructions included in the query — where clause 0 -177- this paper rule @ ((CNS) A4 秘 Coffee χ 00 8825 ABCD 4648 1 2 6. scope of patent application 4. such as patent application The device of scope item 1, wherein: the information source is an access evaluator that determines whether a user can access an information resource; the method of selecting a row includes from which row the user and the information resource can be determined; and The information provided includes whether the user, who is determined from the information, has access to one of the information resources determined from the indication Q 5. As for the device under the scope of patent application item 4, wherein: The access evaluator considers one or more Access policies determine whether users can access information resources. Each access policy indicates whether a group of users can access a set of information resources. Strategy, and the information resource collection to which the information resource belongs indicates that the user is allowed to access the information resource; and the method of selecting a row includes the user's membership in a user group from which the user can decide about the user Membership information for. 6. The device as claimed in claim 5 wherein: The access evaluator uses the membership information to determine the user's membership in a user group. 7. If the device of the scope of patent application is No. 6, among them: The printed access evaluator of the consumer cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs judges that there may be a user group, so that membership in this user group will be used And access to information resources; and the information provided provides instructions on how to provide further information about the user in a further inquiry. From further inquiry, it can be determined that the use of this paper standard applies to the China National Standard (CNS). ) A4 size (2 buckles x 297 mm) 4648 1 2 B8 C8 D8 經濟部智慧財產局員工消費合作社印製 六、申請專利範圍 者群組中使用者的會員資格。 8. 如申請專利範圍第7項之裝置,其中: — 進一步的資訊包括可用來使使用者的身分有效的認 證資訊。 9. 如申請專利範圍第8項之裝置,進一步包含: 其爲一認證器的一額外資訊來源,認證器使用認證 資訊來使使用者的身分有效。 10. 如申請專利範圍第9項之裝置,其中: 對進一步查詢的回應提供使用者的身分是否有效的 指示0 11. 如申請專利範圍第5項之裝置,進一步包含: 其爲一使用者側寫資訊來源的一額外資訊來源,其 提供關於使用者的額外資訊; 關於使用者的資訊包括敘述使用者側寫資訊來源如 何提供額外資訊的一使用者資訊檢復方法説明;和 存取評估器使用至少某些額外資訊來決定使用者在 使用者群組中的會員資格。 12. 如申請專利範圍第5項之裝置,進一步包含: 其爲一認證器的一額外資訊來源,其使使用者的身 分有效; 認證器使用會員資格資訊使使用者的身分有效;和 只有在認證器已使使用者的身分有效之後,存取評 估器才判斷使用者在一使用者群組中的會員資格。 13 ·如申請專利範圍第4項之裝置,進一步包含: -179- 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) ------------ !裝--------訂---------線 (請先閱讀背面之注意事項再填寫本頁) A8 B8 C8 D8 六、申請專利範圍 其爲一認證器的一額外資訊來源,其使使用者的 分有效; — 選擇列的方式包括認證器用來使使用者的身分有效 之認證資訊;和 &gt; 所提供的資訊至少部份從認證器獲得,且包括使用 者的身分是否有效的一指示。 14.如申請專利範圍第4項之裝置,進一步包含: 其爲一使用者側寫資訊來源的一額外資訊來源,其 提供關於使用者的額外資訊; 選擇列的方式包括指示側寫資訊來源如何聚集側寫 資訊的側窝資訊聚集資訊;和 所提供的資訊至少部份從側寫資訊來源獲得,且包 括側寫資訊。 (請先閱讀背面之注意事項再填寫本頁) 裝 訂- 經濟部智慧財產局員工消費合作社印製 -180 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐〉Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs. 6. Membership of users in the patent application group. 8. For a device in the scope of patent application item 7, where:-further information includes authentication information that can be used to validate the identity of the user. 9. The device of claim 8 further includes: It is an additional source of information for an authenticator, and the authenticator uses the authentication information to validate the identity of the user. 10. If the device in the scope of patent application is applied for item 9, which: In response to further inquiry, provides an indication of whether the identity of the user is valid. 11. If the device in the scope of patent application is applied, it further includes: It is a user side A source of additional information that provides additional information about the user; information about the user includes a description of the user information review method that describes how the source of the user profile provides additional information; and an access evaluator Use at least some additional information to determine a user's membership in a user group. 12. The device in the scope of patent application, further comprising: it is an additional source of information for the authenticator, which validates the identity of the user; the authenticator uses membership information to validate the identity of the user; and only if After the authenticator has validated the user's identity, the access evaluator determines the user's membership in a user group. 13 · If the device in the scope of the patent application, the item 4 further includes: -179- This paper size applies to China National Standard (CNS) A4 (210 X 297 mm) ------------! Install -------- order --------- line (please read the precautions on the back before filling this page) A8 B8 C8 D8 VI. The scope of patent application is an extra of an authenticator Source of information that enables the user ’s identity to be valid;-the method of selecting rows includes the authentication information used by the authenticator to validate the identity of the user; and &gt; the information provided is obtained at least in part from the authenticator and includes the user's An indication of whether the identity is valid. 14. The device according to item 4 of the scope of patent application, further comprising: it is an additional information source of a user profile information source, which provides additional information about the user; the method of selecting a row includes indicating how the profile information source is Aggregate profile information that aggregates profile information; and the information provided is obtained at least in part from the profile information source and includes profile information. (Please read the precautions on the back before filling this page) Binding-Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs -180 This paper size applies to China National Standard (CNS) A4 (210 X 297 mm)
TW89112284A 1999-06-22 2000-06-22 Query interface to policy server TW464812B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US14041799P 1999-06-22 1999-06-22

Publications (1)

Publication Number Publication Date
TW464812B true TW464812B (en) 2001-11-21

Family

ID=22491128

Family Applications (1)

Application Number Title Priority Date Filing Date
TW89112284A TW464812B (en) 1999-06-22 2000-06-22 Query interface to policy server

Country Status (2)

Country Link
AU (1) AU5755300A (en)
TW (1) TW464812B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI650659B (en) * 2017-05-10 2019-02-11 平安科技(深圳)有限公司 Related information query method, terminal and device

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116861474B (en) * 2023-05-26 2024-02-20 东莞市铁石文档科技有限公司 Online archive security assessment system and method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI650659B (en) * 2017-05-10 2019-02-11 平安科技(深圳)有限公司 Related information query method, terminal and device

Also Published As

Publication number Publication date
AU5755300A (en) 2001-01-09

Similar Documents

Publication Publication Date Title
US9438577B2 (en) Query interface to policy server
US7912856B2 (en) Adaptive encryption
US7580919B1 (en) Query interface to policy server
US8935311B2 (en) Generalized policy server
US7272625B1 (en) Generalized policy server
JP5231665B2 (en) System, method and computer program product for enabling access to corporate resources using a biometric device
ES2299665T3 (en) A SYSTEM OF INFORMATION MANAGEMENT.
US20030023880A1 (en) Multi-domain authorization and authentication
CN116250210A (en) Methods, apparatus, and computer readable media for authentication and authorization of networked data transactions
EP0966822A2 (en) Methods and apparatus for controlling access to information
WO2000000879A2 (en) Generalized policy server
WO2000079434A1 (en) Query interface to policy server
Estrin Controls for interorganization networks
Borselius Multi-agent system security for mobile communication
TW464812B (en) Query interface to policy server
WO2002049311A2 (en) Pseudonym credentialing system
TW448387B (en) Generalized policy server
Krutz et al. The CISM prep Guide: Mastering the five Domains of Information security management
Rosenhamer What AMANDA offers
Rosenhamer What AMANDA offers: A comparative case study describing a flexible and decentralised approach for Authorisation Management
Rastogi et al. Anonymous User Authentication and Implicit Background Checks in Cloud Environment
Nitschke et al. Mobile agent security
Seigneur et al. User-centric identity, trust and privacy
Samson Alternative Java Security Policy Model
Ismail et al. RIVISIT GRID COMPUTING SECURITY

Legal Events

Date Code Title Description
GD4A Issue of patent certificate for granted invention patent
MM4A Annulment or lapse of patent due to non-payment of fees