Digital identity creation and coalescence for service authorization
First Claim
Patent Images
1. A method comprising:
- generating a service authorization identity from a hashed message authentication coding algorithm that uses as input an service authentication key, a user identity and a service identity;
permuting the service authorization identity, the user identity and the service identity; and
storing the permuted user identity, the permuted service identity and the permuted service authorization identity in a directory.
3 Assignments
0 Petitions
Accused Products
Abstract
A system is disclosed to provide service authorization. The system provides authorized access to services using various identity tokens that represent authorized users, services, servers or other devices, as well as specific instances of users authorized for a service and specific instances of users authorized for a service on a particular server or other device.
39 Citations
101 Claims
-
1. A method comprising:
-
generating a service authorization identity from a hashed message authentication coding algorithm that uses as input an service authentication key, a user identity and a service identity;
permuting the service authorization identity, the user identity and the service identity; and
storing the permuted user identity, the permuted service identity and the permuted service authorization identity in a directory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method comprising:
-
receiving a request for a service;
obtaining from a directory a user identity and a service identity;
computing a service authorization identity from a hashed message authentication coding algorithm using as input a service authentication key, the user identity and the service identity;
comparing the computed service authorization identity to a service authorization identity stored in the directory; and
determining whether to grant the request for service based on the comparison. - View Dependent Claims (22, 23, 24, 25, 26)
-
-
27. A method comprising:
-
receiving a request for a service; and
obtaining from a directory a user identity, a service identity and a server identity;
computing a server authorization identity from a hashed message authentication coding algorithm using as input a service authentication key, the user identity, the service identity and the server identity;
comparing the computed server authorization identity to a server authorization identity stored in the directory; and
determining whether to grant the request for service based on the comparison. - View Dependent Claims (28, 29, 30, 31, 32, 33)
-
-
34. An article comprising a machine-readable medium storing machine-readable instructions that, when applied to the machine, cause the machine to:
-
generate a service authorization identity from a hashed message authentication coding algorithm that uses as input an service authentication key, a user identity and a service identity;
permute the service authorization identity, the user identity and the service identity; and
store the permuted user identity, permuted service identity, and the permuted service authorization identity in a directory. - View Dependent Claims (35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53)
-
-
54. An article comprising a machine-readable medium storing machine-readable instructions that, when applied to the machine, cause the machine to:
-
obtain from a directory a user identity and a service identity in response to receiving a request for service;
compute a service authorization identity from a hashed message authentication coding algorithm using as input a service authentication key, the user identity and the service identity;
compare the computed service authorization identity to a service authorization identity stored in the directory; and
determine whether to grant the request for service based on the comparison. - View Dependent Claims (55, 56, 57, 58, 59)
-
-
60. An article comprising a machine-readable medium storing machine-readable instructions that, when applied to the machine, cause the machine to:
-
obtain from a directory a user identity, a service identity and a server identity in response to receiving a request for service;
compute a server authorization identity from a hashed message authentication coding algorithm using as input a service authentication key, the user identity, the service identity and the server identity;
compare the computed server authorization identity to a server authorization identity stored in the directory; and
determine whether to grant the request for service based on the comparison. - View Dependent Claims (61, 62, 63, 64, 65, 66)
-
-
67. A system comprising:
-
a computer network;
a directory coupled to the network, the directory storing a user identity, a service identity and a service authorization identity;
a service delivery device coupled to the network, the service delivery device including a processor and memory storing instructions that, in response to receiving a first type of request for access to a service, cause the processor to;
obtain the user identity and the service identity from the directory;
compute a service authorization identity from a hashed message authentication coding algorithm using as input a service authentication key, the user identity and the service identity;
compare the computed service authorization identity to the service authorization identity stored in the directory; and
determine whether to grant the request for service based on the comparison. - View Dependent Claims (68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79)
-
-
80. A system comprising:
-
an identity repository and a directory;
a server coupled to the identity repository and the directory, the server adapted to;
generate a service authorization identity from a hashed message authentication coding algorithm that uses as input a service authentication key, a user identity, and a service identity; and
generate a server authorization identity from a hashed message authentication coding algorithm that uses as input a service authentication key, the user identity, the service identity and a server identity;
permute the user identity, the service identity, the server identity, the service authorization identity and the server authorization identity;
store the user identity, service identity, server identity, service authorization identity, server authorization identity, permuted user identity, permuted service identity, permuted server identity, permuted service authorization identity and permuted server authorization identity in the identity repository; and
store the permuted user identity, permuted service identity, permuted server identity, permuted service authorization identity and permuted server authorization identity in the directory. - View Dependent Claims (81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100)
-
-
101. A system comprising:
-
an identity repository and a directory;
a server coupled to the identity repository and the directory, the server adapted to;
generate a service authorization identity from a hashed message authentication coding algorithm that uses as input a service authentication key, a user identity and a service identity;
generate a server authorization identity from a hashed message authentication coding algorithm that uses as input a service authentication key, a user identity, a service identity and a server identity;
permute the user identity, the service identity, the server identity, the service authorization identity and the server authorization identity;
store the user identity, service identity, server identity, service authorization identity, server authorization identity, permuted user identity, permuted service identity, permuted server identity, permuted service authorization identity and permuted server authorization identity in the identity repository; and
store the permuted user identity, permuted service identity, permuted server identity, permuted service authorization identity and permuted server authorization identity in the directory; and
a service delivery device coupled to the network, the user device including a processor and memory storing instructions that, in response to receiving a first type of request for access to a service, cause the processor to;
obtain from the directory the permuted user identity, the permuted service identity and the permuted service authorization identity;
compute a service authorization identity from a hashed message authentication code algorithm using as input a service authentication key, the permuted user identity and the permuted service identity;
compare the computed service authorization identity to a service authorization identity stored in the directory; and
determine whether to grant the request for service based on the comparison; and
wherein the memory further stores instructions that, in response to a second type of request for access to a service, cause the processor to;
obtain from the directory the permuted user identity, permuted service identity, permuted server identity and permuted server authorization identity;
compute a server authorization identity from a hashed message authentication codes algorithm that uses as input a service authentication key, the permuted user identity, the permuted service identity and the permuted server identity;
compare the computed server authorization identity to a server authorization identity stored in the directory; and
determine whether to grant the request for service based on the comparison.
-
Specification