Method for secured and tokenized hitlist exchange between data repositories, federated search server, access manager and client
Publication Date: 2010-Aug-17
The IP.com Prior Art Database
Disclosed is a method for secured and tokenized hitlist exchange between data repositories, federated search server, access manager and client. The method solves the problem of searching federated repositories with excellent response time without comprimising complex document security models. The method explains how the entitlement layer can be used just for hitlist reduction while secure access to documents in the repositories can be done directly without any performance reducing layers between client and repository.
Method for secured and tokenized hitlist exchange between data repositories , federated search server, access manager and client
Today the complexity and demands of compliance searches with hitlist sizes in the millions make it impossible to merge demands for complex document security and fast search/retrieval response times. This is especially true for federated repositories. The reason for this limitation is a lack of trusted exchanges of hitlists between the solution components - especially to and from the client. This results in today's repositories and search servers either being organized in silos or access control to documents is not granular (all or nothing). The method described solves this problem and combines tight document security and fast response time.
The method integrates the following components:
CLIENT: allows an authenticated user to submit queries
FEDERATED SEARCH SERVER: receives queries from CLIENT and forwards it to multiple repositories. Combines results from multiple repositories into one. Interacts with ACCESS MANAGER for security filtering.
ACCESS MANAGER: knows which documents may be accessed by what users. REPOSITORY: contains documents, meta data and a full text index.
The fine granular security required and the low latency for search results is achieved by using an access manager. The access manager is the entitlement layer which is optimized for filtering/reduction of a hitlist and is only returning the hitlist for documents the user is entitled to access. Using a central access managers and federated search server unifies security and access to any number of repositories. This centralization eases security administration and reduces complexity.
The difference to other methods is that the entitlement layer is only required during the query and no further security authorization is required when the documents are eventually retrieved from the r...