The Security Associates Compliance Authorization Gateway (SAC-CAG) allows an organization to use their existing business processing rules, financial authorization limits, and vendor and partner identity infrastructures to automate the process of regulating and verifying high-volume, inter-business transactions.
These transactions could include simple data access requests by customers and suppliers, collaborative design transactions by partnering firms, materials and component purchasing, and other business-to-business activities. Replacing paper-based and error prone, visual “review/compare” database systems, the SAC-CAG automates trading partner registration, authentication of credentials and enforceable review of a business’s “rules” expedites and ensures the quality of individual transactions. By utilizing the SAC-CAG, the client organization can achieve a higher degree of assurance that the partner is indeed authorized to arrange and place transactions, and therefore achieve a measurable improvement in the efficiency and per unit cost of their supply chain networks.
SAC-CAG incorporates cryptographic processes to provide robust authentication and authorization services. This Compliance Authorization Gateway works in step with today’s current “perimeter” security components, such as VPN’s and firewalls, by providing authentication and authorization services “inside” and throughout the security perimeter. The technology allows SAC to provide a complete security infrastructure solution that can be customized to a client company’s unique business policies across its individual markets. This technology and service model layers directly into an organization’s application and process infrastructure to enforce user and message authentication policies, and authorization requests for data access and collaborative design transactions. The process includes the development, management and operation of any PKI or other identity framework to support digital certificates, secure ID tokens, smart card tokens, and even user-name password solutions that can also leverage any existing identity framework the organization has already deployed. Organizations can now access a single-provider solution to deploy an identity, authentication, and authorization infrastructure to support authenticated and authorized messages throughout an enterprise.
SAC-CAG is deployed as the primary technology throughout the transaction authorization model, and is embedded at each of the trading partner and intranet sites that wish to utilize the services. Each of the gateways encapsulate the current transaction, including user login information and a hash value of the requested transaction and through any standard transmission protocol submit the transaction as a complete package. The Compliance Authorization Gateway receives and begins to process the incoming transaction; users and messages are authenticated and validated, and are processed against the business policies that are created and managed by the organization. These business policies dictate the authorization privileges and entitlements that the user has for the requested transaction.