Abstract: A vault controller manages resources in a secure environment or vault dedicated to an authorized user(s) for conducting electronic business in a distributed information system, e.g., the Internet. The controller includes a web server and a supervisor in a shared object library which runs as part of an HTTP daemon. The supervisor runs as a multi-threaded process and includes multiple service supervisor (SS) threads; a communication supervisor (CS) thread; a request supervisor (RS) thread; state and data tables and a vault daemon to support launching secure processes mapped to users through digital certificates included in user requests to the controller.

Abstract: When an electronic document is made available for review by other entities, it is often convenient to store the document in a repository or database managed by a third party. A system is provided in which the originator of the document is able to ensure the integrity and security of its document filed with a third party repository without having to trust the administrator of the repository. Both the document originator and the repository administrator have vault environments which are secure extensions of their respective work spaces. The vault of the document originator encrypts a document that it receives from the originator, prior to forwarding it on to the vault of the repository. On receipt of the encrypted document, the repository's vault signs the encrypted document itself before storing the document in the electronic repository and returning to the originator's vault proof of deposit of the encrypted document.

Abstract: A vault controller manages resources in a secure environment or vault dedicated to an authorized user(s) for conducting electronic business in a distributed information system. The controller includes a web server and a supervisor in a shared object library, which runs as part of an HTTP daemon. The supervisor runs as a multi-threaded process with state and data tables and a vault daemon to support launching secure processes mapped to users through digital certificates. The vault daemon generates a password for a user request based on the user ID. The vault daemon launches a vault process (VP) running in a vault mapped to the user ID. After launching, the VP returns a message to the supervisor including a token identifying the thread. The supervisor sends the user request through a socket to the secure VP mapped to the user ID. The VP receives the request and launches a VP thread to handle the request.

Abstract: A secure end-to-end communications system provides end users access to vault-based custom applications of an organization for purposes of conducting electronic commerce. The system includes a web-based vault controller running an application, e.g. a registrations application in a vault cryptographically linked to a database and a Certificate Management System (CMS) for generating digital certificates, and at least one remote vault agent coupled to the vault controller for providing vault-based custom applications to end users. An X.500 directory is coupled to the CMS and cryptographically linked to the remote vault agents for storing end user data. The remote vault agent is an application which comprises a collection of Application Programming Interfaces (APIs) which provide a secure interface to the vault controller; a Lightweight Data Access Protocol (LDAP) used to access the X.500 directory; a secure depositor coupled to vault-based custom applications of an organization.

Abstract: A secure-end-to-end communication system for conducting electronic business includes a web server—vault controller having personal storage vaults for users, registration and certification authorities. Each personal vault runs programs on the controller under a unique platform ID, e.g. a UNIX user ID. Data storage is provided by the controller wherein the storage is owned by the same user ID assigned to the vault. User processes running in dedicated vaults are able to communicate with other User processes running in different vaults using a secure depositor running as a module in a vault process in each vault. Messages are sent from a vault process to a specific vault rather than another vault process. There is no direct communication between vault processes. In operation, if a vault process intends for a message to go to another vault, e.g. Vault V, the sending secure depositor performs the mapping from the DN of the owner of Vault V to the DN of Vault V.

Abstract: A secure-end-to-end communication system for electronic business system and method of operation, e.g., the Internet, includes a web server—vault controller having personal storage vaults in the controller for users, registration and certification authorities. Each personal vault runs programs on the controller under a unique UNIX user ID. Data storage is provided by the controller wherein the storage is owned by the same user ID assigned to the vault. A registration authority running as a software application in the controller processes requests to issue, renew and revoke digital certificates issued by a certification authority using two pairs of public-private keys. The registration authority interacts with the vault controller to decide whether an applicant qualifies to receive a digital certificate.

Abstract: A vault controller manages resources in a secure environment or vault dedicated to an authorized user(s) for conducting electronic business in a distributed information system, e.g., the Internet. The controller includes a web server and a supervisor in a shared object library which runs as part of an HTTP daemon. The supervisor runs as a multi-threaded process and includes multiple service supervisor (SS) threads; a communication supervisor (CS) thread; a request supervisor (RS) thread; state and data tables and a vault daemon to support launching secure processes mapped to users through digital certificates included in user requests to the controller.

Abstract: A secure end-to-end communications system provides end users access to vault-based custom applications of an organization for purposes of conducting electronic commerce. The system includes a web-based vault controller running an application, e.g. a registrations application in a vault cryptographically linked to a database and a Certificate Management System (CMS) for generating digital certificates, and at least one remote vault agent coupled to the vault controller for providing vault-based custom applications to end users. An X.500 directory is coupled to the CMS and cryptographically linked to the remote vault agents for storing end user data. The remote vault agent is an application which comprises a collection of Application Programming Interfaces (APIs) which provide a secure interface to the vault controller; a Lightweight Data Access Protocol (LDAP) used to access the X.500 directory; a secure depositor coupled to vault-based custom applications of an organization.