Abstract: The present invention relates to the field of sharing encrypted content. In one form, the invention relates to multiple user access and management of encrypted content. In one particular aspect, the present invention is suitable for use in community controlled encryption of shared content using indirect keys. The present invention relates to the use of encrypted intermediate key(s), such as an encrypted community key and/or workspace key. A changeable group of users is associated with a community key. Changeable set of content is associated with a workspace key. The present invention also uses permits in association with encrypted keys.

Abstract: A system and method are provided for processing directory service operations. The system includes a client device communicatively coupled to one or more directory servers. Each directory server includes a communications interface, a storage mechanism, and an evaluation module. According to an exemplary embodiment, the storage mechanism is a non-persistent storage mechanism which increases read and write performance. When a directory server receives a directory service operation, it determines whether it is capable of processing the operation, and if so, processes it with respect to its non-persistent storage mechanism.

Abstract: A method of enabling a user to access a website using overlay authentication. The method comprises initiating a login to a website by a user, the website providing a login page having a front end agent. The front end agent enables the user to logon to an authentication server using certificate based credentials. The authentication server communicates to a back-end agent to provide a user with a temporary website credential. The temporary website provides a credential to the front-end agent to facilitate the login to the website.

Abstract: In the field of security for electronic data and/or communications, a method of providing data security and/or privacy in a distributed and/or decentralised network environment. Private collaboration and/or information sharing between users, agents and/or applications is enabled, as well as the sharing of key(s) and/or content between a first user and/or agent and a second user and/or agent. The sharing may be of encrypted information via information sharing services.

Abstract: The present invention relates to the field of sharing encrypted content. In one form, the invention relates to multiple user access and management of encrypted content. In one particular aspect, the present invention is suitable for use in community controlled encryption of shared content using indirect keys. The present invention relates to the use of encrypted intermediate key(s), such as an encrypted community key and/or workspace key. A changeable group of users is associated with a community key. Changeable set of content is associated with a workspace key. The present invention also uses permits in association with encrypted keys.

Abstract: The present invention relates to the field of security of electronic data and/or communications. In one form, the invention relates to data security and/or privacy in a distributed and/or decentralised network environment. In another form, the invention relates to enabling private collaboration and/or information sharing between users, agents and/or applications. Embodiment(s) of the present invention enable the sharing of key(s) and/or content between a first user and/or agent and a second user and/or agent. Furthermore, embodiment(s) of the present invention have application in sharing encrypted information via information sharing services. A number of inventions, aspects and embodiments are disclosed herein.

Abstract: The present invention relates to the field of security of electronic data and/or communications. In one form, the invention relates to data security and/or privacy in a distributed and/or decentralised network environment. In another form, the invention relates to enabling private collaboration and/or information sharing between users, agents and/or applications. Embodiment(s) of the present invention enable the sharing of key(s) and/or content between a first user and/or agent and a second user and/or agent. Furthermore, embodiment(s) of the present invention have application in sharing encrypted information via information sharing services. A number of inventions, aspects and embodiments are disclosed herein.

Abstract: A system and method are provided for efficiently evaluating directory service operations in a directory service network. The directory service network may comprise a plurality of directory servers. Each of the directory servers may maintain information about the other servers in the network. The directory servers may share information received in a directory service update using a mutual updating process. Additionally, a new directory server joining a directory service network may be initialized with the directory data stored at one or more of the other network servers.

Abstract: A system and method are provided for routing directory service operations in a directory service network. A router may be included in a directory service network. The router may include a server knowledge list that maintains information about one or more directory servers in the directory service network. Directory service operations may be received by the router and may be routed to an appropriate directory server based on availability one or more of the directory servers.

Abstract: The present invention relates to the filed of computer access and in particular remote authentication. In one form, the invention relates to one time passwords used in computer or web-based systems. In one particular aspect, the present invention is suitable for use with certificate based credentials.

Abstract: The present invention relates to the field of sharing encrypted content. In one form, the invention relates to multiple user access and management of encrypted content. In one particular aspect, the present invention is suitable for use in community controlled encryption of shared content using indirect keys. The present invention relates to the use of encrypted intermediate key(s), such as an encrypted community key and/or workspace key. A changeable group of users is associated with a community key. Changeable set of content is associated with a workspace key. The present invention also uses permits in association with encrypted keys.

Abstract: Methods for arranging data in relational databases and for searching directory service databases and systems are provided. In particular, but not exclusively, systems and directories which implement or perform X.500 or LDAP services in a relational database are provided. The present application includes a database arrangement that stores data types in a table as components and searches the components for desired data entries.

Abstract: A method and apparatus for addressing problems associated with the implementation of directory services, such as X.500 and LDAP, in a SQL environment, particularly problems associated with interrogating database provided to implement directory services in the SQL environment. According to the disclosed method and apparatus, the system is based on the use of tables that may be arranged to have a plurality of columns, so that they support a variety of functions in order to implement directory services, such as X.500 and LDAP. In one aspect, the present invention provides a method of creating one or more SQL commands corresponding to a directory service. In another aspect, the present invention provides a many examples of tables and their function. Many examples of an implementation of directory services using SQL based technology are disclosed.

Abstract: A method and apparatus for implementing directory services, such as X.500 and LDAP in a SQL environment, and for providing a desired level of indexing, extensibility and scalability. In the directory service system, a plurality of objects are defined to be hierarchical, and the relationships among objects follow a tree structure where each object has a parent object and except for a root, each parent can have zero or more children. The database comprises at least one table having a plurality of rows and columns and stores a plurality of data items, each having a value, each being related to one of a plurality of data types and each having attributes defined by the directory. The attributes of the directory are arranged in a row-per-data type and value format, resulting in a representation identified as meta-data, wherein values are represented per row by data type: identifying one of said plurality of data types, syntax: identifying the nature of the data type, and value: identifying the data value.

Abstract: A method of processing a database service query that results in improved service query performance is provided. In one embodiment, the method includes receiving a service query that includes a filter having one or more filter items, expanding the filter, and applying at least one condition test to each filter item. An example of a test condition includes determining if each filter item includes a NOT connective and is either of first form or a second form of filter item. The first form may be a type only filter item and the second form may be a type and value filter item.

Abstract: A method and database system for improving the operational performance of a database are provided. The method includes determining whether an instruction or operation adds information to or removes information from the database. For an add operation, information is first added to an ‘out’ table used to retrieve objects (or entries) before the database is actually updated. For a remove operation, information is first removed from an ‘in’ table used to find objects in the database. Preferably, for an add operation, the information is added to the ‘in’ table after the ‘out’ table, and for a remove operation, information is preferably removed from the ‘out’ table after the ‘in’ table.

Abstract: A method and apparatus for applying an application of a database service, such as X.500 or LDAP, to a relational database, a database design and use of the database to perform such services. Specifically addressed is the problem of database searching, particularly search speed and complexity of search. The method and apparatus concern searching a directory service database, in which the scope of search area is initially prescribed and/or in which a filter is applied over the search area. Moreover, in dealing with an alias during a search, a unique set of areas is found which define areas of a search tree that need to be searched. A FLAG column is used to indicate if an alias points inside a subtree. The method and apparatus also enable single pass resolution in any one of a search, filter or subtree search of a directory service, the method and apparatus including the use of a path column to simultaneously apply an arbitrary filter over an arbitrary subtree.

Abstract: A method of processing a database service query is provided. In one embodiment, the method includes receiving a service query, applying principles of logic to the service query to obtain a sum of terms, evaluating each term as one or more separate SQL instructions, and executing each separate SQL instruction. Preferably, the sum of terms is additionally expanded to remove NOT operators, using for example Boolean logic.

Abstract: A method and apparatus for applying an application of a data service, such as X.500 and LDAP, to a relational database, a database design and use of the database to perform such directory services. Specifically addressed is the problem of achieving efficient searching of a directory service database coupled with effective input or output of data from the database. The disclosed method and apparatus, which provide end efficiency and data tolerance in the provision of a variety of database services, is based upon the concurrent storage in a database of both a normalised (syntax normalised) form and a raw (protocol encoded) form of the data. The raw form of data may be in ASN.1. A further feature of the disclosed method and apparatus concerns the transfer of data in and out of a database, where, in finding data in the database, a normalised form is used, and, in transferring data out of the database, a raw form is used.

Abstract: A directory services system, such as one providing a X.500 or LDAP directory service, having a design and a method of operation which facilitates queries in and out of the directory, table organisation/layout and clustering. In the arrangement of the directory service, tables are organized corresponding to their function, thereby permitting an arrangement based on service modeling and functional organisation that permits clustering. A preferred layout design incorporates principal, conceptual, logical and/or physical designs.