Method and system for secure binding register name identifier profile

US 20060129816A1
Filed: 12/10/2004
Published: 06/15/2006
Est. Priority Date: 12/10/2004
Status: Active Grant

First Claim

Patent Images

1. A method for performing an operation within a federated computing environment, the method comprising:

receiving a register name identifier request for a principal from a first federated entity at a second federated entity within the federated computing environment;

in response to receiving the register name identifier request for the principal, performing an authentication operation at the second federated entity for the principal;

in response to successfully completing the authentication operation, registering or modifying a name identifier from the received register name identifier request at the second federated entity; and

sending a register name identifier response from the second federated entity to the first federated entity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, a system, an apparatus, and a computer program product are presented for improving a register name identifier profile within a federated computing environment such that the register name identifier profile is enhanced to be more securely binding between two federated entities within the federated computing environment, such as an identity provider and a service provider. After the first federated entity sends a register name identifier request for a principal to the second federated entity, the second federated entity performs an authentication operation for the principal. In response to successfully completing the authentication operation, the second federated entity registers or modifies a name identifier for the principal that has been extracted from the received register name identifier request.

98 Citations

View as Search Results

27 Claims

1. A method for performing an operation within a federated computing environment, the method comprising:
- receiving a register name identifier request for a principal from a first federated entity at a second federated entity within the federated computing environment;
  
  in response to receiving the register name identifier request for the principal, performing an authentication operation at the second federated entity for the principal;
  
  in response to successfully completing the authentication operation, registering or modifying a name identifier from the received register name identifier request at the second federated entity; and
  
  sending a register name identifier response from the second federated entity to the first federated entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein the first federated entity is an identity provider and the second federated entity is a service provider.
  - 3. The method of claim 1 wherein the first federated entity is a service provider and the second federated entity is an identity provider.
  - 4. The method of claim 1 further comprising:
    - linking a first account for the principal at the first federated entity with a second account for the principal at the second federated entity such that information about the first federated entity can be offered to the principal by the second federated entity.
  - 5. The method of claim 1 further comprising:
    - linking a first account for the principal at the first federated entity with a second account for the principal at the second federated entity such that the first federated entity and the second federated entity can perform a single-sign-on operation on behalf of the principal.
  - 6. The method of claim 1 further comprising:
    - interacting directly with the principal by the second federated entity in order to perform the authentication operation.
  - 7. The method of claim 1 further comprising:
    - performing a single-sign-on operation as the authentication operation at the second federated entity based on single-sign-on information that has been received from the first federated entity along with the register name identifier request.
  - 8. The method of claim 1 further comprising:
    - requesting single-sign-on information by the second federated entity from the first federated entity in order to perform the authentication operation.
  - 9. The method of claim 1 further comprising:
    - receiving a single-sign-on request at the second federated entity from the first federated entity prior to receiving the register name identifier request for the principal at the second federated entity.

10. An apparatus for performing an operation within a federated computing environment, the apparatus comprising:
- means for receiving a register name identifier request for a principal from a first federated entity at a second federated entity within the federated computing environment;
  
  means for performing, in response to receiving the register name identifier request for the principal, an authentication operation at the second federated entity for the principal;
  
  means for registering or modifying, in response to successfully completing the authentication operation, a name identifier from the received register name identifier request at the second federated entity; and
  
  means for sending a register name identifier response from the second federated entity to the first federated entity.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The apparatus of claim 10 wherein the first federated entity is an identity provider and the second federated entity is a service provider.
  - 12. The apparatus of claim 10 wherein the first federated entity is a service provider and the second federated entity is an identity provider.
  - 13. The apparatus of claim 10 further comprising:
    - means for linking a first account for the principal at the first federated entity with a second account for the principal at the second federated entity such that information about the first federated entity can be offered to the principal by the second federated entity.
  - 14. The apparatus of claim 10 further comprising:
    - means for linking a first account for the principal at the first federated entity with a second account for the principal at the second federated entity such that the first federated entity and the second federated entity can perform a single-sign-on operation on behalf of the principal.
  - 15. The apparatus of claim 10 further comprising:
    - means for interacting directly with the principal by the second federated entity in order to perform the authentication operation.
  - 16. The apparatus of claim 10 further comprising:
    - means for performing a single-sign-on operation as the authentication operation at the second federated entity based on single-sign-on information that has been received from the first federated entity along with the register name identifier request.
  - 17. The apparatus of claim 10 further comprising:
    - means for requesting single-sign-on information by the second federated entity from the first federated-entity in order to perform the authentication operation.
  - 18. The apparatus of claim 10 further comprising:
    - means for receiving a single-sign-on request at the second federated entity from the first federated entity prior to receiving the register name identifier request for the principal at the second federated entity.

19. A computer program product on a computer readable medium for performing an operation within a federated computing environment, the computer program product comprising:
- means for receiving a register name identifier request for a principal from a first federated entity at a second federated entity within the federated computing environment;
  
  means for performing, in response to receiving the register name identifier request for the principal, an authentication operation at the second federated entity for the principal;
  
  means for registering or modifying, in response to successfully completing the authentication operation, a name identifier from the received register name identifier request at the second federated entity; and
  
  means for sending a register name identifier response from the second federated entity to the first federated entity.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The computer program product of claim 19 wherein the first federated entity is an identity provider and the second federated entity is a service provider.
  - 21. The computer program product of claim 19 wherein the first federated entity is a service provider and the second federated entity is an identity provider.
  - 22. The computer program product of claim 19 further comprising:
    - means for linking a first account for the principal at the first federated entity with a second account for the principal at the second federated entity such that information about the first federated entity can be offered to the principal by the second federated entity.
  - 23. The computer program product of claim 19 further comprising:
    - means for linking a first account for the principal at the first federated entity with a second account for the principal at the second federated entity such that the first federated entity and the second federated entity can perform a single-sign-on operation on behalf of the principal.
  - 24. The computer program product of claim 19 further comprising:
    - means for interacting directly with the principal by the second federated entity in order to perform the authentication operation.
  - 25. The computer program product of claim 19 further comprising:
    - means for performing a single-sign-on operation as the authentication operation at the second federated entity based on single-sign-on information that has been received from the first federated entity along with the register name identifier request.
  - 26. The computer program product of claim 19 further comprising:
    - means for requesting single-sign-on information by the second federated entity from the first federated entity in order to perform the authentication operation.
  - 27. The computer program product of claim 19 further comprising:
    - means for receiving a single-sign-on request at the second federated entity from the first federated entity prior to receiving the register name identifier request for the principal at the second federated entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hinton, Heather Maria

Granted Patent

US 9,143,502 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/169
CPC Class Codes

G06F 21/41 where a single sign-on prov...

H04L 63/0815 providing single-sign-on or...

Method and system for secure binding register name identifier profile

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

98 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for secure binding register name identifier profile

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

98 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links