Multi-domain authorization and authentication
First Claim
1. A method of multi-domain authorisation/authentication on a computer network comprises:
- a user making a request to a policy enforcement point (PEP) of a computer for access to information or a service on the computer which requires authorisation for access;
providing a location address for a user'"'"'s authorisation and/or authentication information, at which address authorisation and/or authentication information and/or further personal information of the user has been pre-stored;
a policy decision point (PDP) of the service on the computer network then verifying the authorisation/authentication information or seeking authorisation/authentication from an address provided in the pre-stored authorisation/authentication/further information; and
the user being given access by the PEP to the information or the service requested, if the request is accepted, wherein the user'"'"'s authorisation/authentication and/or further information is located on a meta policy decision point (MPDP), and in which the MPDP is hosted by a party independent from the user.
4 Assignments
0 Petitions
Accused Products
Abstract
A method of multi-domain authorisation/authentication on a computer network comprises: a user making a request to a policy enforcement point of a computer for access to information on the computer; providing a location address for a user'"'"'s authorisation and/or authentication information, a policy decision point of the service on the computer network then verifying the authorisation/authentication information; and the user being given access by the PEP to the information or the service requested, if the request is accepted, wherein the user'"'"'s authorisation/authentication and/or further information is located on a meta policy decision point (MPDP).
-
Citations
25 Claims
-
1. A method of multi-domain authorisation/authentication on a computer network comprises:
-
a user making a request to a policy enforcement point (PEP) of a computer for access to information or a service on the computer which requires authorisation for access;
providing a location address for a user'"'"'s authorisation and/or authentication information, at which address authorisation and/or authentication information and/or further personal information of the user has been pre-stored;
a policy decision point (PDP) of the service on the computer network then verifying the authorisation/authentication information or seeking authorisation/authentication from an address provided in the pre-stored authorisation/authentication/further information; and
the user being given access by the PEP to the information or the service requested, if the request is accepted, wherein the user'"'"'s authorisation/authentication and/or further information is located on a meta policy decision point (MPDP), and in which the MPDP is hosted by a party independent from the user. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 20, 21, 24)
-
-
2. A method of multi-domain authorisation/authentication on a computer network comprises:
-
a user making a request to a policy enforcement point (PEP) of a computer for access to information or a service on the computer which requires authorisation for access;
providing a location address for a user'"'"'s authorisation and/or authentication information, at which address authorisation and/or authentication information and/or further personal information of the user has been pre-stored;
a policy decision point (PDP) of the service on the computer network then verifying the authorisation/authentication information or seeking authorisation/authentication from an address provided in the pre-stored authorisation/authentication/further information; and
the user being given access by the PEP to the information or the service requested, if the request is accepted, wherein the user'"'"'s authorisation/authentication information and/or further information is located on a meta policy decision point (MPDP), wherein a plurality of MPDPs are provided and are operable to communicate with one another. - View Dependent Claims (3, 18, 22)
-
-
4. A method of multi-domain authorisation/authentication on a computer network comprises:
-
a user making a request to a policy enforcement point (PEP) of a computer for access to information or a service on the computer which requires authorisation for access;
providing a location address for a user'"'"'s authorisation and/or authentication information, at which address authorisation and/or authentication information and/or further personal information of the user has been pre-stored;
a policy decision point (PDP) of the service on the computer network then verifying the authorisation/authentication information or seeking authorisation/authentication from an address provided in the pre-stored authorisation/authentication/further information; and
the user being given access by the PEP to the information or the service requested, if the request is accepted, wherein the user'"'"'s authorisation/authentication and/or further information is located on a meta policy decision point (MPDP), and in which the information held on the MPDP is amendable by the user, to update the information. - View Dependent Claims (19, 23)
-
-
25. A method of Enabling multi-domain authorisation/authentication on a computer network comprises:
providing storage and a location address independent from a user for the user'"'"'s authorisation and/or authentication information, at which address said information has been pre-stored, the location address being given by a user when a request to access a service on a computer network is made for which service authorisation is required.
Specification