Abstract: Using a method for controlling access to information resources, a single secure sign-on gives the user access to authorized resources, based on the user's role in the organization. The information resources are stored on a protected server. A user of a client or browser logs in to the system. A runtime module on the protected server receives the login request and intercepts all other request by the client to use a resource. The runtime module connects to an access server that can determine whether a particular user is authentic and which resources the user is authorized to access. User information is associated with roles and functional groups of an organization to which the user belongs; the roles are associated with access privileges. The access server connects to a registry server that stores information about users, roles, functional groups, resources, and associations among them. The access server and registry server exchange encrypted information that authorized the user to use the resource.

Abstract: In one aspect, a method for activating, installing, and regulating use of a licensed product is disclosed. A customer licenses or buys a licensed product from a distributor. The distributor registers information describing the customer, the licensed product, and other information about the transaction at a database maintained by the licensor, manufacturer, or developer of the licensed product. The licensor communicates information describing the transaction to the customer, and the distributor ships media containing the licensed product to the customer. The customer connects to the database through a server and requests the licensed product to be activated, providing the information that describes the transaction in its request. In response, the server of the licensor generates encrypted key information that uniquely identifies the customer, the licensed product, and a license level or other information about the maximum permitted extent of use of the licensed product.

Abstract: Described is a method that comprises storing information that defines administration roles, that associates a user with one or more of the administrative roles, and that associates each administration role with one or more administrative privileges. An administrative privilege authorizes at least one administrative function. When the user requests the execution of an administrative function, the requests is honored only when one of the user's administrative roles includes an administrative privilege that authorizes the requested administrative function. In addition, information is stored that associates each of a plurality of users with one or more administrative roles. At least two users administer the access control computer system from different locations, or from computers connected to two different local area networks. Information associating a user with one or more administrative roles may be stored in a cookie, which may be encrypted.