Distributed Network Identity
First Claim
Patent Images
1. A method for providing user authentication to a service provider, the method comprising:
- receiving, at an identity provider, an identifier that indicates the service provider, wherein the identifier includes an assertion of an identity of a user;
requesting an identity credential from the user;
authenticating the identity credential to produce an authenticated credential; and
passing the authenticated credential to the service provider.
0 Assignments
0 Petitions
Accused Products
Abstract
A distributed network identity is provided. An identity provider stores a portion of a user'"'"'s personal information. A service provider accesses user information from one or more identity providers. System entities such as identity providers and service providers can be linked to enable information sharing and aggregation. User policies and privacy preferences are provided to control how information is shared. A single sign-on architecture is provided where an identity provider is used to facilitate cross-domain authentication and to enhance user convenience. Service delegation features are also provided.
-
Citations
11 Claims
-
1. A method for providing user authentication to a service provider, the method comprising:
-
receiving, at an identity provider, an identifier that indicates the service provider, wherein the identifier includes an assertion of an identity of a user;
requesting an identity credential from the user;
authenticating the identity credential to produce an authenticated credential; and
passing the authenticated credential to the service provider. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for delegating a service, the method comprising:
-
authenticating a user with an identity provider;
requesting, by a first service provider a ticket from the identity provider for the delegated service, wherein the delegated service is performed by a second service provider;
receiving the ticket at the first service provider, the ticket for authorizing the second service provider to perform the delegated service on behalf of the user; and
presenting the ticket at the second service provider to use the delegated service. - View Dependent Claims (9, 10, 11)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeAravindan Ranganathan, Gary Ellison, Hal Stern, John Beatty, Larry Abrahams, Mark Hapner, Peter Yared, Sai Allavarpu, Sheldon Finkelstein
-
Original AssigneeAravindan Ranganathan, Gary Ellison, Hal Stern, John Beatty, Larry Abrahams, Mark Hapner, Peter Yared, Sai Allavarpu, Sheldon Finkelstein
-
InventorsFinkelstein, Sheldon, Beatty, John, Hapner, Mark, Ellison, Gary, Yared, Peter, Stern, Hal, Ranganathan, Aravindan, Abrahams, Larry, Allavarpu, Sai
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current709/229
-
CPC Class CodesG06F 21/41 where a single sign-on prov...H04L 61/4547 for personal communications...H04L 63/0807 using tickets, e.g. Kerbero...H04L 63/0815 providing single-sign-on or...H04L 63/102 Entity profilesH04L 63/105 Multiple levels of securityH04L 67/02 based on web technology, e....
