|
Physical Security
Each user who accesses Decipher is uniquely authenticated and logged. For stand-alone and hosted accounts, the user ID and password are managed within the Decipher security framework, and can be created by properly authorized Decipher administrators. When Decipher is installed on a client's network, an interface to Active Directory is available allowing centralized administration of passwords. A single Decipher installation can contain a mix of both locally authenticated and Active Directory managed passwords, allowing external users who are not in the Active Directory forest to have access to Decipher. When managed locally, passwords are stored in an industry standard non-reversible hash, preventing any system administrator from divining a user's password. Additionally, password hashes contain installation specific salt components so that even identical passwords on different installation will have different hashes - preventing a brute force password discovery attack.
Database Security
Each Decipher user gains authorization to perform specific tasks from their membership in one or more member groups, as well as any specific permissions that have been granted to their account. Decipher permissions are additive, so an administrator can craft member groups that represent both specific functional roles, such as 'Add Patent' or 'Change Status', as well as organizational roles, like 'Sales' or 'Engineering'. Membership in groups is managed from within the Decipher application, and the permission to grant membership into a group can even be granted to sub-administrators within the specific group. This allows individual business owners to control which users can access their specific data without having to rely on a centralized IT help desk for ongoing administration.
Within Decipher, access can be granted to the ability to create and/or view specific types of assets such as patents, trademarks, trade secrets, etc. Access can also be restricted to individual fields, both for the ability to change and view the data. This is particularly useful to prevent data from being changed by unauthorized users, and to restrict access to fields used for approval and workflows to specifically authorized managers. The use and/or visibility of specific relationships (such as 'Internal Manager' or 'Outside Attorney') can be restricted to a particular group of users, allowing only certain aspects of certain types of relationships to be modified. Furthermore, individual statuses used in workflow lifecycle management can be restricted, requiring multi-group collaboration to escalate a work item along a work flow.
Redundancy
All changes to data within Decipher are captured to a time-stamped audit log. Properly authorized users can view change history at the field and record levels. To assist with identifying changes within large volumes of data, a word-based change display tool is available when viewing change history on large fields, such as the text of multiple revisions of a contract.
|
