The AccessMatrix hierarchical model allows organizations to designate security administrators at different levels of the organization. The administration rights of the security administrators can be defined to improve security, decentralize security administration and ensure a high level of accountability. The framework allows external organizations such as customers and business partners to manage IDs and user rights by their own security administrators. AccessMatrix further streamlines user management by integrating with existing user registries, such as LDAP or Microsoft Active Directory. Enterprise-wide security policies are defined and managed by AccessMatrix in a segmented hierarchy that closely mirrors a company's existing organization structure. An enterprise-wide security policy can be controlled and enforced from a company's headquarters. AccessMatrix supports the principles of dual control, least privilege and segregation of duties. These security principles are important to financial institutions and other industries. Security administrators are assigned granular administration rights appropriately to their job functions and within their organizations. Maker-Checker or dual control can be used to further ensure that modifications submitted by one administrator must be checked and approved by another administrator before the proposed changes become effective. In addition, AccessMatrix checks that the same user is not assigned to multiple roles within an application, thus avoiding a conflict of interest. Roles defined within the applications are application-specific. The AccessMatrix security server is built using Java technology and standards and therefore can be deployed on any platform that supports the Java Run-time Environment.

Different authentication methods can be defined depending on the risk level and registry - e.g. static passwords, one-time passwords, biometrics or certificates. Users could be re-authenticated using stronger authentication before they can conduct high value transactions. Audit trails are digitally signed. They may be sent to a dedicated audit server (optional). The crypto software package used by the implementation can be specified by the customer based on their security standards and / or regulatory requirements. If required, Hardware Security Modules (HSMs) from various vendors could be supported. Selected security and system events are delivered to system management utilities, via SNMP, if required. Each segment can be interfaced to either different registries or the same registry. An existing user registry can be leveraged for rapid deployment and management. Security policies, applications and users are defined in a central server, based on the organization's structure. The corporate security policy can be enforced automatically throughout the enterprise in real-time for all applications running on heterogeneous platforms. The user credentials, privileges and attributes of a large user population can be easily managed via the Policy Editor GUI. Administration-related change requests submitted by one security administrator (maker) must be approved by another administrator (checker). The AccessMatrix security server can be integrated with multiple external registries e.g. Microsoft Active Directory, LDAP and databases. An administrator can be given the option to delegate administration rights to other administrators. Multiple instances of the AccessMatrix security server components can be configured to support fail-over. The AccessMatrix security server can be configured to support load balancing to ensure superior performance for large user populations. The AccessMatrix UAM Web Security Agents are provided for Microsoft IIS, SunOne/Netscape Web Server, Apache, Lotus Dominoes and any application servers that support Java Servlet specification 2.3 Any JDBC compliant database e.g. IBM DB2, Microsoft SQL Server, Oracle. Microsoft Windows 2000, Sun Solaris 8 and 9, IBM AIX 4.3/5.1 and other platforms that support Java Run-time Environment 1.3 and above.