Common authorization management service

US 10,637,868 B2
Filed: 11/16/2016
Issued: 04/28/2020
Est. Priority Date: 11/16/2016
Status: Active Grant

First Claim

Patent Images

1. A method (700) for authorizing individuals of a plurality of enterprises to access one or more services provided by a plurality of service providers, the method comprising:

creating, by an administrator (801) of each of the plurality of enterprises and via a Common Authorized Management (CAM) service (150), a plurality of groups to contain one or more individuals at one of the plurality of enterprises (701);

receiving security data in the CAM service from each of the plurality of service providers, wherein the security data is defined and provided by an associated service provider administrator at each of the plurality of service providers and the security data identifies which of the one or more services provided by each of the plurality of service providers is available to each of the plurality of enterprises (702);

determining, by the administrator of each of the plurality of enterprises, a subset of the security data that is available for access by a subset of the plurality of groups (703);

receiving associating data in the CAM service from the administrator of each of the plurality of enterprises, the associating data associating individuals in the subset of the plurality of groups with the capability to access the one or more services provided by each of the plurality of service providers based on the subset of security data (704);

receiving a request to access a service of a target service provider from a computing device, the request comprising data including a user identifier of an individual of an enterprise of the plurality of enterprises and information regarding a target service provider in a common authorization management (CAM) service;

in response to the received request, providing information indicative of whether the individual has an access right to the service of the target service provider; and

redirecting the computing device to the target service provider with the information indicative of whether the individual has an access right to the service of the target service provider.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An improved method in a computing environment for establishing access for individuals in at least one enterprise with one or more services provided by a plurality of service providers through the use of a Common Authorization Management (CAM) service is described herein. Through the CAM service, an enterprise administrator can group together one or more individuals at one enterprise, identify access rights to one or more services in the plurality of service providers for each group of individuals based on security data defined by a service provider administrator, and associate individuals from the subset of the plurality of groups at each enterprise with access rights to one or more services provided by the plurality of service providers.

Citations

16 Claims

1. A method (700) for authorizing individuals of a plurality of enterprises to access one or more services provided by a plurality of service providers, the method comprising:
- creating, by an administrator (801) of each of the plurality of enterprises and via a Common Authorized Management (CAM) service (150), a plurality of groups to contain one or more individuals at one of the plurality of enterprises (701);
  
  receiving security data in the CAM service from each of the plurality of service providers, wherein the security data is defined and provided by an associated service provider administrator at each of the plurality of service providers and the security data identifies which of the one or more services provided by each of the plurality of service providers is available to each of the plurality of enterprises (702);
  
  determining, by the administrator of each of the plurality of enterprises, a subset of the security data that is available for access by a subset of the plurality of groups (703);
  
  receiving associating data in the CAM service from the administrator of each of the plurality of enterprises, the associating data associating individuals in the subset of the plurality of groups with the capability to access the one or more services provided by each of the plurality of service providers based on the subset of security data (704);
  
  receiving a request to access a service of a target service provider from a computing device, the request comprising data including a user identifier of an individual of an enterprise of the plurality of enterprises and information regarding a target service provider in a common authorization management (CAM) service;
  
  in response to the received request, providing information indicative of whether the individual has an access right to the service of the target service provider; and
  
  redirecting the computing device to the target service provider with the information indicative of whether the individual has an access right to the service of the target service provider.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, wherein the security data comprises at least one of:
    - access rights, privileges, authorizations, claims, Security Assertion Markup Language (SAML) assertions, and entitlements.
  - 3. The method according to claim 2, wherein the security data is accessible by the CAM service.
  - 4. The method according to claim 3, wherein the CAM service is configured with a web interface for user interaction.
  - 5. The method according to claim 1, wherein creating a plurality of groups (205-207, 212-214, 219-221) to contain one or more individuals (202-204, 209-211, 216-218) at an enterprise (201, 208, 215) includes:
    - adding or removing one or more individuals from the plurality of groups.
  - 6. The method of claim 1, wherein:
    - the request to access the service of a target service provider is provided via a browser executing on the computing device;
      
      the information indicative of whether the individual has an access right to the service of the target service provider comprises a security assertion markup language (SAML) assertion;
      
      redirecting the computing device to the target service provider with the indicative of whether the individual has an access right to the service of the target service provider comprises redirecting the browser with the SAML assertion.
  - 7. The method of claim 1, wherein the CAM pushes further security data for the associated individuals to each of the plurality of service providers.

8. A system (100) for authorizing individuals of a plurality of enterprises to access one or more services (223-225, 232-234, 241-243) provided by a plurality of service providers (230, 239, 248), the system comprising at least one processor (802) and memory (804), the at least one memory communicatively coupled to the at least one processer, the at least one memory comprising computer-readable instructions that, when executed by the at least one processor, cause the system to:
- create, via an administrator (801) of each of the plurality of enterprises and using a Common Authorized Management (CAM) service (150), a plurality of groups to contain one or more individuals at one of the plurality of enterprises;
  
  receive security data in the CAM service from each of the plurality of service providers, wherein the security data is defined and provided by an associated service provider administrator at each of the plurality of service providers and the security data identifies which of the one or more services provided by each of the plurality of service providers is available to each of the plurality of enterprises;
  
  determine, by an administrator (801) of each of the plurality of enterprises a subset of the security data that is available for access by a subset of the plurality of groups;
  
  receive associating data in the CAM service from the administrator of each of the plurality of enterprises, the associating data associating individuals in the subset of the plurality of groups with the capability to access the one or more services provided by each of the plurality of service providers based on the subset of security data;
  
  receive a request to access a service of a target service provider from a computing device, the request comprising data including a user identifier of an individual of an enterprise of the plurality of enterprises and information regarding a target service provider in the common authorization management (CAM) service;
  
  in response to the received request, provide information indicative of whether the individual has an access right to the service of the target service provider; and
  
  redirect the computing device to the target service provider with the information indicative of whether the individual has an access right to the service of the target service provider.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The system according to claim 8, wherein the security data comprises at least one of:
    - access rights, privileges, authorizations, claims, Security Assertion Markup Language (SAML) assertions, and entitlements.
  - 10. The system according to claim 9, wherein the security data is accessible by the CAM service.
  - 11. The system of according to claim 10, wherein the CAM service is configured with a web interface for user interaction.
  - 12. The system according to claim 8, wherein the creation of a plurality of groups to contain one or more individuals at an enterprise includes:
    - adding or removing one or more individuals from the plurality of groups.

13. A non-transitory computer-readable medium for authorizing individuals of a plurality of enterprises to access one or more services provided by a plurality of service providers, bearing computer-executable instructions that, when executed upon a computer, cause the computer to perform operations comprising:
- creating, via an administrator (801) of each of the plurality of enterprises and using a Common Authorized Management (CAM) service (150), a plurality of groups to contain one or more individuals at one of the plurality of enterprises;
  
  receiving security data in the CAM service from each of the plurality of service providers, wherein the security data is defined and provided by an associated service provider administrator at each of the plurality of service providers and the security data identifies which of the one or more services provided by each of the plurality of service providers is available to each of the plurality of enterprises;
  
  determining, by an administrator (801) of each of the plurality of enterprises, a subset of the security data that is available for access by a subset of the plurality of groups;
  
  receiving association data in the CAM service from the administrator of each of the plurality of enterprises, the association data associating individuals in the subset of the plurality of groups with the capability to access the one or more services provided by each of the plurality of service providers based on the subset of security data;
  
  receiving a request to access a service of a target service provider from a computing device, the request comprising data including a user identifier of an individual of an enterprise of the plurality of enterprises and information regarding a target service provider in the common authorization management (CAM) service;
  
  in response to the received request, providing information indicative of whether the individual has an access right to the service of the target service provider; and
  
  redirecting the computing device to the target service provider with the information indicative of whether the individual has an access right to the service of the target service provider.
- View Dependent Claims (14, 15, 16)
- - 14. The computer-readable medium according to claim 13, wherein the security data comprises at least one of:
    - access rights, privileges, authorizations, claims, Security Assertion Markup Language (SAML) assertions, and entitlements.
  - 15. The computer-readable medium according to claim 14, wherein the security data is accessible by the CAM service.
  - 16. The computer-readable medium according to claim 13, wherein creating a plurality of groups to contain one or more individuals at an enterprise includes:
    - adding or removing one or more individuals from the plurality of groups.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Schleiff, Martin, Kloba, III, Anthony Andrew
Primary Examiner(s)
Abedin, Shanto

Application Number

US15/353,122
Publication Number

US 20180139209A1
Time in Patent Office

1,259 Days
Field of Search

726 2- 4, 726 26- 27
US Class Current
CPC Class Codes

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/0815   providing single-sign-on or...

H04L 63/104   Grouping of entities

H04W 12/06   Authentication

Common authorization management service

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Common authorization management service

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links