Identity experience framework

US 10,609,082 B2
Filed: 11/10/2017
Issued: 03/31/2020
Est. Priority Date: 11/10/2017
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

at least one memory configured to store program logic for an application; and

at least one processor configured to access the at least one memory and to execute the program logic, the program logic comprising;

user interface (UI) logic configured to;

display a verification UI associated with an identity policy;

policy logic configured to;

generate a call to an identity policy host, the call indicating the identity policy, that is one of a plurality of identity policies, for dynamic deployment of the verification UI for the application; and

identity claim and token logic configured to;

generate a token request and an identity claim of a user responsive to a first user interaction that is with the verification UI; and

consume a token from the identity policy host subsequent to generating the token request to allow access by the user to at least one feature of the application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods for composable user journeys for user authentication via an identity experience framework are performed by systems and apparatuses. Initiating a user authentication process for an application triggers application calls for dynamic invocation of a specific identity policy, required by the application, of a number of identity policies managed by a host of the identity experience framework. User interfaces defined by the identity policies are provided from the host to the application for interaction by the user and entry of identity information needed to authenticate the user according to specified verification providers. Identity claims and token requests are provided from the application to the host which then authenticates the identity claims via the verification providers and mints a token that includes the claims required by the application, according to the identity policy. The application consumes the token to complete the token request and allow the user access to the application.

Citations

20 Claims

1. A system comprising:
- at least one memory configured to store program logic for an application; and
  
  at least one processor configured to access the at least one memory and to execute the program logic, the program logic comprising;
  
  user interface (UI) logic configured to;
  
  display a verification UI associated with an identity policy;
  
  policy logic configured to;
  
  generate a call to an identity policy host, the call indicating the identity policy, that is one of a plurality of identity policies, for dynamic deployment of the verification UI for the application; and
  
  identity claim and token logic configured to;
  
  generate a token request and an identity claim of a user responsive to a first user interaction that is with the verification UI; and
  
  consume a token from the identity policy host subsequent to generating the token request to allow access by the user to at least one feature of the application.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the identity policy is:
    - a child identity policy comprising a base parent identity policy and one or more changes thereto specified by an application service provider that provides the application;
      
      ora base parent identity policy of the identity policy host.
  - 3. The system of claim 2, wherein the identity policy is the child identity policy, and wherein the one or more changes include:
    - a content definition;
      
      identity claims allowed;
      
      a verification provider type;
      
      ora relying party attribute.
  - 4. The system of claim 1, wherein the verification UI is defined by the identity policy that is called by the application and is configured in accordance with one or more verification providers specified by the identity policy.
  - 5. The system of claim 4, wherein the identity claim and token logic, to generate the token request and the identity claim, is configured to:
    - include in the token request claims required by the application and the identity policy; and
      
      receive identity claim information related to the first user interaction that is with the verification UI for the identity claim, the identity claim information being associated with the one or more verification providers specified by the identity policy.
  - 6. The system of claim 1, wherein the UI logic is configured to generate and display an application UI;
    - andwherein the policy logic is executed by the application to generate the call responsive to a second user interaction that is with the application UI.
  - 7. The system of claim 1, wherein the UI logic, to modify the verification UI, is configured to perform one or more of:
    - pass in a first parameter with a universal resource identifier (URI) of the verification UI;
      
      extend a content definition;
      
      ormodify a content definition.

8. A method implemented by a computing system of an application service provider of an application, the method comprising:
- generating and providing a call to an identity policy host, the call indicating an identity policy, that is one of a plurality of identity policies, for dynamic deployment of a verification user interface (UI) for the application;
  
  displaying the verification UI associated with the identity policy;
  
  generating and providing a token request and an identity claim of a user responsive to a first user interaction that is with the verification UI; and
  
  consuming a token from the identity policy host subsequent to generating the token request to allow access by the user to at least one feature of the application.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The method of claim 8, wherein the identity policy is:
    - a child identity policy comprising a base parent identity policy and one or more changes thereto specified by the application service provider that provides the application;
      
      ora base parent identity policy of the identity policy host.
  - 10. The method of claim 9, wherein the identity policy is the child identity policy, and wherein the one or more changes include:
    - a content definition;
      
      identity claims allowed;
      
      a verification provider type;
      
      ora relying party attribute.
  - 11. The method of claim 8, wherein the verification UI is defined by the identity policy that is called by the application and is configured in accordance with one or more verification providers specified by the identity policy.
  - 12. The method of claim 11, wherein generating the token request and the identity claim, comprises:
    - including in the token request claims required by the application and the identity policy; and
      
      receiving identity claim information related to the first user interaction that is with the verification UI for the identity claim, the identity claim information being associated with the one or more verification providers specified by the identity policy.
  - 13. The method of claim 8, further comprising:
    - generating and displaying an application UI; and
      
      generating the call responsive to a second user interaction that is with the application UI.
  - 14. The method of claim 8, further comprising modifying the verification UI according to one or more of:
    - passing in a first parameter with a universal resource identifier (URI) of the verification UI;
      
      extending a content definition;
      
      ormodifying a content definition.
  - 15. The method of claim 8, further comprising:
    - receiving the verification UI responsive to the call; and
      
      receiving the token responsive to providing to the token request.

16. A computer-readable storage medium comprising computer-executable instructions that, when executed by at least one processor, perform a method implemented by a computing system that interacts with a multi-sided identity experience framework system configured to support a plurality of remote identity operators, a plurality of remote verification providers, and a plurality of remote application service providers for user authentication to applications, the method comprising:
- generating and providing a call to an identity policy host, the call indicating an identity policy, that is one of a plurality of identity policies, for dynamic deployment of a verification user interface (UI) for the application;
  
  receiving the verification UI or an identifier thereof responsive to the call;
  
  displaying the verification UI associated with the identity policy;
  
  generating and providing a token request and an identity claim of a user responsive to a first user interaction that is with the verification UI;
  
  receiving the token responsive to providing to the token request; and
  
  consuming a token from the identity policy host subsequent to generating the token request to allow access by the user to at least one feature of the application.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer-readable storage medium of claim 16, wherein the identity policy is:
    - a child identity policy comprising a base parent identity policy and one or more changes thereto specified by the application service provider that provides the application, and wherein the one or more changes include a content definition, identity claims allowed, a verification provider type, or a relying party attribute;
      
      ora base parent identity policy of the identity policy host.
  - 18. The computer-readable storage medium of claim 16, wherein the verification UI is defined by the identity policy that is called by the application and is configured in accordance with one or more verification providers specified by the identity policy.
  - 19. The computer-readable storage medium of claim 18, wherein generating the token request and the identity claim, comprises:
    - including in the token request claims required by the application and the identity policy; and
      
      receiving identity claim information related to the first user interaction that is with the verification UI for the identity claim, the identity claim information being associated with the one or more verification providers specified by the identity policy.
  - 20. The computer-readable storage medium of claim 16, wherein the method further comprises modifying the verification UI according to one or more of:
    - passing in a first parameter with a universal resource identifier (URI) of the verification UI;
      
      extending a content definition;
      
      ormodifying a content definition.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Kakumani, Raja Charu Vikram, Murdoch, Brandon, Bjones, Ronald, Iqbal, Muhammad O., Cameron, Kim
Primary Examiner(s)
Pich, Ponnoreay

Application Number

US15/809,651
Publication Number

US 20190149579A1
Time in Patent Office

872 Days
Field of Search
US Class Current
CPC Class Codes

G06F 3/0481   based on specific propertie...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/0876   based on the identity of th...

H04L 63/20   for managing network securi...

Identity experience framework

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Identity experience framework

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links