Digital identity management
First Claim
Patent Images
1. A method comprising:
- managing lifecycles of digital IDs for application programs; and
abstracting multiple types of credentials for application programs through a digital identity management service (DIMS) and a common application programming interface (API) layer.
2 Assignments
0 Petitions
Accused Products
Abstract
One aspect relates to a process and associated device for managing digital ID lifecycles for application programs, and abstracting application programs for multiple types of credentials through a common Digital Identity Management System (DIMS) and Application Programming Interface (API) layer.
272 Citations
115 Claims
-
1. A method comprising:
-
managing lifecycles of digital IDs for application programs; and
abstracting multiple types of credentials for application programs through a digital identity management service (DIMS) and a common application programming interface (API) layer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 34, 35)
-
-
33. The method of claim l, wherein the DIMS relies on central policies to establish a lifecycle management criteria.
-
36. An apparatus, comprising:
a non-domain joined computer portion including;
a lifecycle manager for managing digital ID lifecycles for application programs, and an abstraction layer portion for abstracting data from application programs for multiple types of credentials through a digital identity management system (DIMS) and a common Application Programming Interface (API) layer. - View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61)
-
62. A method, comprising:
-
enumerating data from a digital identity (ID) store(s);
reading properties of at least one of the digital IDs;
determining digital ID memberships, reading the policies for digital IDs, calculating housekeeping criterion for the digital ID; and
applying the policies and memberships to the store(s). - View Dependent Claims (63, 64)
-
-
65. An apparatus for authenticating a user of a non-domain joined computer connected to the Internet, comprising:
-
an application program attempting to access a Digital Identity Management System (DIMS);
the application program searching for credentials based on some attributes;
the application program returning results of the credential search to the DIMS;
the DIMS opening the credentials based on a cryptographic key;
the DIMS returning a handle to the application program; and
the application program using the handle to perform an operation. - View Dependent Claims (66, 67, 68, 69, 70)
-
-
71. An apparatus, comprising:
-
an application program attempting to access a Digital Identity Management System (DIMS);
the application program attempting to find credentials based on some attributes;
the DIMS returning results in response to the attempt to find credentials to the application program; and
the DIMS opening at least some of the credentials based on a cryptographic key. - View Dependent Claims (72, 73, 74, 75, 76, 77, 78, 79)
-
- 80. An apparatus, comprising a digital identity management system (DIMS) that views at least some of the credentials associated with the DIMS.
-
88. A method, comprising:
-
performing lifecycle management for a digital IDs within a non-domain joined computer, the lifecycle management including;
enumerating store(s) within the non-domain joined computer, reading the policies, and determining the membership of the digital IDs, applying rules to the store(s), and determining whether an action is necessary, if the action is necessary, determining whether the action involves interaction with a trusted security token service (STS), if the action involves interaction with the trusted STS, then interacting with the STS to perform the action, and if the action does not involves interaction with the trusted STS, providing a user interface for the user to provide input to perform the action. - View Dependent Claims (89, 90, 91, 92, 93, 94, 95)
-
-
96. An apparatus comprising:
a digital identity (ID) management system that is aware of its own state and is aware of policies that apply to it, and can act to ensure consistency for purposes of housekeeping. - View Dependent Claims (97, 98, 99)
-
100. A method comprising:
-
allowing a user to roam a digital identity (ID) using a Digital ID Management System (DIMS), comprising;
enumerating a data store(s), receiving user input at the DIMS indicating whether the user desires to roam the digital ID, if the user desires to roam the digital ID, determining a remote data storage location that corresponds to the user;
determining the policy relative to the user and the digital ID; and
based on the policy, synchronizing data relating to the digital ID to the remote data storage location. - View Dependent Claims (101, 102)
-
-
103. A computer readable medium having computer executable instructions for performing digital identity (ID) management within a non-domain joined computer, comprising:
-
performing lifecycle management for digital IDs, the lifecycle management including;
enumerating store(s) within the non-domain joined computer, reading the policies, and determining the membership of the digital IDs, applying lifecycle rules to the store(s), determining whether action is necessary based on the lifecycle rules, and if the action is necessary, interacting with a security token service (STS) to perform the action.
-
-
104. A system comprising:
-
a processor;
a memory containing instructions that when executed by the processor causes the processor to;
perform lifecycle management for the digital IDs within a non-domain joined computer, the lifecycle management including;
enumerate at least one store(s) within the non-domain joined computer, read policies, and determine the membership of the digital IDs, apply rules to the store(s), and determine whether an action is necessary, if the actions are necessary, determine whether the action involves interaction with a trusted security token service (STS), if the action involves interaction with the trusted STS, interact with the trusted STS to perform the action, and if the action does not involves interaction with the trusted STS, provide a user interface for the user to provide input to perform the action.
-
-
105. A Digital Identity Management System (DIMS) that is partially contained within a non-domain joined computer environment, the DIMS:
-
managing digital ID lifecycles for digital identities (IDs) running within the non-domain joined computer; and
abstracting application programs for multiple types of digital IDs through a common security token service (STS) and application programming interface (API) layer. - View Dependent Claims (106, 107, 109, 110, 111, 112, 113, 115)
-
-
108. A digital identity (ID) management system (DIMS) comprising:
-
a non-domain joined computer portion including a stand-alone computer connected to the Internet, the non-domain joined computer portion including a management lifecycle portion for managing digital ID lifecycles for application programs;
the non-domain joined computer portion including an abstraction layer for abstracting multiple types of credentials through a common security token service (STS) and Application Programming Interface (API) layer; and
a domain joined computer portion including at least one client computer and at least one server computer.
-
-
114. An auto-enrollment method, comprising:
-
submitting a digital ID request;
retrieving the disposition, last status, and identifier of a request;
retrieving the digital ID issued for the request;
retrieving pending digital IDs for previous requests; and
retrieving the digital IDs for the digital ID server.
-
Specification