Multi-domain authorization and authentication

US 20030023880A1
Filed: 07/25/2002
Published: 01/30/2003
Est. Priority Date: 07/27/2001
Status: Active Grant

First Claim

Patent Images

1. A method of multi-domain authorisation/authentication on a computer network comprises:

a user making a request to a policy enforcement point (PEP) of a computer for access to information or a service on the computer which requires authorisation for access;

providing a location address for a user'"'"'s authorisation and/or authentication information, at which address authorisation and/or authentication information and/or further personal information of the user has been pre-stored;

a policy decision point (PDP) of the service on the computer network then verifying the authorisation/authentication information or seeking authorisation/authentication from an address provided in the pre-stored authorisation/authentication/further information; and

the user being given access by the PEP to the information or the service requested, if the request is accepted, wherein the user'"'"'s authorisation/authentication and/or further information is located on a meta policy decision point (MPDP), and in which the MPDP is hosted by a party independent from the user.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of multi-domain authorisation/authentication on a computer network comprises: a user making a request to a policy enforcement point of a computer for access to information on the computer; providing a location address for a user'"'"'s authorisation and/or authentication information, a policy decision point of the service on the computer network then verifying the authorisation/authentication information; and the user being given access by the PEP to the information or the service requested, if the request is accepted, wherein the user'"'"'s authorisation/authentication and/or further information is located on a meta policy decision point (MPDP).

Citations

25 Claims

1. A method of multi-domain authorisation/authentication on a computer network comprises:
- a user making a request to a policy enforcement point (PEP) of a computer for access to information or a service on the computer which requires authorisation for access;
  
  providing a location address for a user'"'"'s authorisation and/or authentication information, at which address authorisation and/or authentication information and/or further personal information of the user has been pre-stored;
  
  a policy decision point (PDP) of the service on the computer network then verifying the authorisation/authentication information or seeking authorisation/authentication from an address provided in the pre-stored authorisation/authentication/further information; and
  
  the user being given access by the PEP to the information or the service requested, if the request is accepted, wherein the user'"'"'s authorisation/authentication and/or further information is located on a meta policy decision point (MPDP), and in which the MPDP is hosted by a party independent from the user.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 20, 21, 24)
- - 5. A method of multi-domain authorisation/authentication as claimed in claim 1, in which the location address for the user'"'"'s authorisation/authentication information and/or further information is the address of the MPDP.
  - 6. A method of multi-domain authorisation/authentication as claimed in claim 5, in which the location address is a sub-address of the MPDP that is unique to the user.
  - 7. A method of multi-domain authorisation/authentication as claimed in claim 1, in which the MPDP holds personal bank details and/or credit/charge card details of the user.
  - 8. A method of multi-domain authorisation/authentication as claimed in claim 1, in which the MPDP holds address details for a computer of a user'"'"'s bank, or medical information/other personal information of the user.
  - 9. A method of multi-domain authorisation/authentication as claimed in claim 1, in which the MPDP holds information concerning the location of another computer that can provide authorisation/authentication information or confirmation of authorisation/authentication information.
  - 10. A method of multi-domain authorisation/authentication as claimed in claim 1, in which the MPDP holds information concerning to which parties the user is willing to provide authorisation/authentication information.
  - 11. A method of multi-domain authorisation/authentication as claimed in claim 10, in which the MPDP is programmable by the user to specify said parties.
  - 12. A method of multi-domain authorisation/authentication as claimed in claim 1, in which the MPDP stores information as to which third parties have accessed information concerning the user from the MPDP.
  - 13. A method of multi-domain authorisation/authentication as claimed in any claim 1, which includes the MPDP being a certification authority (CA) which issues digital certificates to servers to confer membership of a market place so chose servers.
  - 14. A method of multi-domain authorisation/authentication as claimed in claim 1, in which the method includes the MPDP issuing credential revocation and revalidation of a user.
  - 15. A method of multi-domain authorisation/authentication as claimed in claim 1, in which the MPDP receives information for credential revocation from a service provider and uses that information to modify a user'"'"'s authorisation/authentication information on the MPDP.
  - 16. A computer programmed to perform the method of claim 1.
  - 17. A computer as claimed in claim 16, which is programmed to perform the function or the MPDP described in relation to claim 1.
  - 20. A recordable medium bearing a computer program operable to perform the method of claim 1.
  - 21. A recordable medium bearing a computer program operable to perform the functions of the MPDP described in relation to claim 1.
  - 24. A user interface fox a computer is operable to allow a user to update his authorisation/authentication/other information stored on an MPDP as described in relation to claim 1.

2. A method of multi-domain authorisation/authentication on a computer network comprises:
- a user making a request to a policy enforcement point (PEP) of a computer for access to information or a service on the computer which requires authorisation for access;
  
  providing a location address for a user'"'"'s authorisation and/or authentication information, at which address authorisation and/or authentication information and/or further personal information of the user has been pre-stored;
  
  a policy decision point (PDP) of the service on the computer network then verifying the authorisation/authentication information or seeking authorisation/authentication from an address provided in the pre-stored authorisation/authentication/further information; and
  
  the user being given access by the PEP to the information or the service requested, if the request is accepted, wherein the user'"'"'s authorisation/authentication information and/or further information is located on a meta policy decision point (MPDP), wherein a plurality of MPDPs are provided and are operable to communicate with one another.
- View Dependent Claims (3, 18, 22)
- - 3. A method as claimed in claim 2, wherein the plurality of MPDPs are controlled by a number of independent entities.
  - 18. A computer programmed to perform the method of claim 2.
  - 22. A recordable medium bearing a computer program operable to perform the method of claim 2.

4. A method of multi-domain authorisation/authentication on a computer network comprises:
- a user making a request to a policy enforcement point (PEP) of a computer for access to information or a service on the computer which requires authorisation for access;
  
  providing a location address for a user'"'"'s authorisation and/or authentication information, at which address authorisation and/or authentication information and/or further personal information of the user has been pre-stored;
  
  a policy decision point (PDP) of the service on the computer network then verifying the authorisation/authentication information or seeking authorisation/authentication from an address provided in the pre-stored authorisation/authentication/further information; and
  
  the user being given access by the PEP to the information or the service requested, if the request is accepted, wherein the user'"'"'s authorisation/authentication and/or further information is located on a meta policy decision point (MPDP), and in which the information held on the MPDP is amendable by the user, to update the information.
- View Dependent Claims (19, 23)
- - 19. A computer programmed to perform the method of claim 4.
  - 23. A recordable medium bearing a computer program operable to perform the method of claim 4.

25. A method of Enabling multi-domain authorisation/authentication on a computer network comprises:
- providing storage and a location address independent from a user for the user'"'"'s authorisation and/or authentication information, at which address said information has been pre-stored, the location address being given by a user when a request to access a service on a computer network is made for which service authorisation is required.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Edwards, Nigel John, Rouault, Jason

Granted Patent

US 7,444,666 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

H04L 63/102 Entity profiles

Multi-domain authorization and authentication

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-domain authorization and authentication

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links