Distributed hierarchical identity management
First Claim
Patent Images
1. An identity management system for providing authentication of a user to a membersite, the identity management system comprising:
- a root server having a user database for storing a globally unique identifier associated with the user, the root server having means for providing the globally unique identifier to the user, for maintaining a list of network addresses associated with names in a shadow domain for providing to a domain name server, each name associated with either the membersite or a homesite in an identity management network, to permit the homesite to authenticate an entity accessing the membersite as the user associated with the globally unique identifier, upon user redirection to the name associated with the homesite in the shadow domain.
5 Assignments
0 Petitions
Accused Products
Abstract
A system and methods for identity management and authentication are provided herein. The present invention employs shadow domains to prove entity membership in an identity management system where responsibility for trust relationships is devolved to the user. The present invention additionally teaches doubly signed certificate transmission for authentication of assertions made by third parties in the identity management network.
144 Citations
25 Claims
-
1. An identity management system for providing authentication of a user to a membersite, the identity management system comprising:
a root server having a user database for storing a globally unique identifier associated with the user, the root server having means for providing the globally unique identifier to the user, for maintaining a list of network addresses associated with names in a shadow domain for providing to a domain name server, each name associated with either the membersite or a homesite in an identity management network, to permit the homesite to authenticate an entity accessing the membersite as the user associated with the globally unique identifier, upon user redirection to the name associated with the homesite in the shadow domain. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
9. A method of obtaining user authentication from a homesite in an identity management network, the method including:
-
obtaining from the user the name of a homesite that can provide user authentication based on user authentication information known to the homesite;
providing the homesite with an authentication request by redirecting the user to the homesite in a shadow domain associated with the identity management network; and
obtaining the authentication of the user from the homesite in response to the homesite receiving the known authentication information from the user, the authentication including a globally unique identifier associated with the user. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method of performing a user authentication at a homesite in an identity management network, the method comprising:
-
receiving from a user, having a globally unique identifier and known authentication information, a request to provide authentication for a membersite; and
providing authentication of the user to the membersite in response to receiving known authentication information by redirecting the user to the membersite in a shadow domain associated with the identity management network. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
-
25. A method of obtaining a globally unique identifier associated with a user having an email address, the method comprising:
-
receiving a request from the user to associate a globally unique identifier with the email address;
requesting, from a root server that associates globally unique identifiers with email address, the assignment of a globally unique identifier associated with the user email address; and
obtaining the globally unique identifier associated with the email address in response to the user providing the root with a response to a challenge transmitted to the email address.
-
Specification