Shared credential store

US 20050289644A1
Filed: 06/28/2004
Published: 12/29/2005
Est. Priority Date: 06/28/2004
Status: Active Grant

First Claim

Patent Images

1. A personal credential store for a networked computer system user, comprising:

an application programming interface operable to accept a plurality of search tags and, wherein each of said plurality of search tags represents a corresponding one of a plurality of functional purposes; and

search logic, operable to search a plurality of physical credential stores responsive to a received one of said plurality of search tags to obtain at least one credential from a plurality of physical credential stores, wherein said obtained credential is associated with said functional purpose corresponding to said received one of said plurality of search tags.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A personal credential store that aggregates a number of physical credential stores beneath an application programming interface (API) and offers tag-based credential look-up. The API of the disclosed system runs on the user'"'"'s client system, and effectively hides the underlying credential store types from applications using it. The tags used to look up credentials through the API may advantageously include or consist of unique identifiers indicating the functional purpose of the desired credential. The types of physical credential store aggregated together under the disclosed API may include a local credential store, a network-resident private credential store that may be shared across multiple client systems operated by a single user, and a network-resident shareable credential store, that may be used by processes acting on behalf of the user, and/or shared by multiple users.

76 Citations

View as Search Results

31 Claims

1. A personal credential store for a networked computer system user, comprising:
- an application programming interface operable to accept a plurality of search tags and, wherein each of said plurality of search tags represents a corresponding one of a plurality of functional purposes; and
  
  search logic, operable to search a plurality of physical credential stores responsive to a received one of said plurality of search tags to obtain at least one credential from a plurality of physical credential stores, wherein said obtained credential is associated with said functional purpose corresponding to said received one of said plurality of search tags.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The personal credential store of claim 1, wherein said plurality of physical credential stores comprises a local credential store for storing local credentials, wherein said local credential store is located on a first client computer system associated with said user, and wherein said local credential store is not accessible to systems other than said first client computer system.
  - 3. The personal credential store of claim 2, wherein said plurality of physical credential stores further comprises at least one network resident private credential store that is shared only across a plurality of client computer systems associated with said user, wherein said plurality of client computer systems includes said first client computer system, and wherein said at least one network resident private credential store is stored on at least one remote server computer system.
  - 4. The personal credential store of claim 3, wherein said local credential store comprises a password-encrypted file, and wherein said local credential store cannot be accessed without a password associated with said user.
  - 5. The personal credential store of claim 3, wherein said network resident private credential store comprises password-encrypted data, and wherein said password-encrypted data cannot be accessed without a password associated with said user.
  - 6. The personal credential store of claim 3, wherein said plurality of physical credential stores further comprises at least one network-resident shareable credential store that is accessible to at least one process acting on behalf of said user that does not know said user'"'"'s password.
  - 7. The personal credential store of claim 3, wherein said plurality of physical credential stores further comprises at least one network resident shareable credential store that is accessible to multiple users including said user.
  - 8. The personal credential store of claim 7, wherein said at least one network resident shareable credential store is further accessible by an administration software tool through an application programming interface.
  - 9. The personal credential store of claim 7, wherein said network resident shareable credential store comprises a set of rows in a database stored on a remote server system.
  - 10. The personal credential store of claim 1, further comprising:
    - replication logic for copying the contents of at least one of said plurality of physical credential stores from a remote server system to a local copy on a client computer system.
  - 11. The personal credential store of claim 10, further comprising:
    - credential migration logic operable to detect at least one credential marked for migration in said local copy, and further operable to copy said credential marked for migration from a first one of said plurality of physical credential stores to a second one of said plurality of physical credential stores.
  - 12. The personal credential store of claim 11, wherein said first one of said plurality of physical credential stores comprises a network resident shareable credential store that is accessible to multiple users, and wherein said second one of said plurality of physical credential stores comprises a private credential store only accessible to a user of said client computer system.
  - 13. The personal credential store of claim 11, wherein said credential migration logic is further operable to detect that said credential marked for migration in said local copy is further marked for merging with another credential in said second one of said plurality of physical credential stores, and to combine said credential marked for migration into said credential in said second one of said plurality of physical credential stores.
  - 14. The personal credential store of claim 1, further comprising:
    - credential associating logic, wherein said credential associating logic is operable to locate a first credential and a second credential responsive to a search tag and associated value, wherein said associated value is based on a portion of each of said first credential that is also contained in said second credential.
  - 15. The personal credential store of claim 14, wherein said first credential comprises a digital certificate, and said second credential comprises a public key—
    - private key pair credential, and wherein said portion of said first credential that is also contained in said second credential comprises a public key.

16. A method of providing a personal credential store for a networked computer system user, comprising:
- accepting a plurality of search tags, through an application programming interface, wherein each of said plurality of search tags represents a corresponding one of a plurality of functional purposes; and
  
  searching a plurality of physical credential stores responsive to a received one of said plurality of search tags to obtain at least one credential from a plurality of physical credential stores, wherein said obtained credential is associated with said functional purpose corresponding to said received one of said plurality of search tags.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 17. The method of providing a personal credential store of claim 16, wherein said plurality of physical credential stores comprises a local credential store for storing local credentials, wherein said local credential store is located on a first client computer system associated with said user, and wherein said local credential store is not accessible to systems other than said first client computer system.
  - 18. The method of providing a personal credential store of claim 17, wherein said plurality of physical credential stores further comprises at least one network resident private credential store that is shared only across a plurality of client computer systems associated with said user, wherein said plurality of client computer systems includes said first client computer system, and wherein said at least one network resident private credential store is stored on at least one remote server computer system.
  - 19. The method of claim 18, wherein said local credential store comprises a password-encrypted file, and wherein said local credential store cannot be accessed without a password associated with said user.
  - 20. The method of claim 18, wherein said network resident private credential store comprises password-encrypted data, and wherein said password-encrypted data cannot be accessed without a password associated with said user.
  - 21. The method of providing a personal credential store of claim 18, wherein said plurality of physical credential stores further comprises at least one network-resident shareable credential store that is accessible to at least one process acting on behalf of said user that does not know said user'"'"'s password.
  - 22. The method of providing a personal credential store of claim 18, wherein said plurality of physical credential stores further comprises at least one network resident shareable credential store that is accessible to multiple users including said user.
  - 23. The method of providing a personal credential store of claim 22, wherein said at least one network resident shareable credential store is further accessible by an administration software tool through an application programming interface.
  - 24. The method of providing a personal credential store of claim 22, wherein said network resident shareable credential store comprises a set of rows in a database stored on a remote server system.
  - 25. The method of providing a personal credential store of claim 16, further comprising:
    - copying the contents of at least one of said plurality of physical credential stores from a remote server system to a local copy on a client computer system.
  - 26. The method of providing a personal credential store of claim 25, further comprising:
    - detecting at least one credential marked for migration in said local copy, and copying said credential marked for migration from a first one of said plurality of physical credential stores to a second one of said plurality of physical credential stores.
  - 27. The method of providing a personal credential store of claim 26, wherein said first one of said plurality of physical credential stores comprises a network resident shareable credential store that is accessible to multiple users, and wherein said second one of said plurality of physical credential stores comprises a private credential store only accessible to a user of said client computer system.
  - 28. The method of providing a personal credential store of claim 26, further comprising detecting that said credential marked for migration in said local copy is further marked for merging with another credential in said second one of said plurality of physical credential stores, and combining said credential marked for migration into said credential in said second one of said plurality of physical credential stores.

29. A computer program product, wherein said computer program product includes a computer readable medium, said computer readable medium having a computer program for providing a personal credential store for a networked computer system user stored thereon, said computer program comprising:
- program code for accepting a plurality of search tags, through an application programming interface, wherein each of said plurality of search tags represents a corresponding one of a plurality of functional purposes; and
  
  program code for searching a plurality of physical credential stores responsive to a received one of said plurality of search tags to obtain at least one credential from a plurality of physical credential stores, wherein said obtained credential is associated with said functional purpose corresponding to said received one of said plurality of search tags.

30. A computer data signal embodied in a carrier wave, said computer data signal including at least one computer program for providing a personal credential store for a networked computer system user, said computer program comprising:
- program code for accepting a plurality of search tags, through an application programming interface, wherein each of said plurality of search tags represents a corresponding one of a plurality of functional purposes; and
  
  program code for searching a plurality of physical credential stores responsive to a received one of said plurality of search tags to obtain at least one credential from a plurality of physical credential stores, wherein said obtained credential is associated with said functional purpose corresponding to said received one of said plurality of search tags.

31. A system for providing a personal credential store for a networked computer system user, comprising:
- means for accepting a plurality of search tags, through an application programming interface, wherein each of said plurality of search tags represents a corresponding one of a plurality of functional purposes; and
  
  means for searching a plurality of physical credential stores responsive to a received one of said plurality of search tags to obtain at least one credential from a plurality of physical credential stores, wherein said obtained credential is associated with said functional purpose corresponding to said received one of said plurality of search tags.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Wray, John C.

Granted Patent

US 8,015,596 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

G06F 21/41   where a single sign-on prov...

G06F 21/6218   to a system of files or obj...

H04L 63/0815   providing single-sign-on or...

Shared credential store

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

76 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Shared credential store

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

76 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links