Methods and System for Storing and Retrieving Identity Mapping Information

US 20080089520A1
Filed: 09/20/2007
Published: 04/17/2008
Est. Priority Date: 10/17/2006
Status: Active Grant

First Claim

Patent Images

1. Method for storing identity mapping information in an identity management system for enabling a user authenticated at a first domain to access a second domain, the method comprising:

digitally signing the identity mapping information by the user;

providing the mapping information to the identity management system; and

storing the user-signed mapping information after being further digitally signed by the identity management system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

System and method for storing identity mapping information in an identity management system to enable a user authenticated at a first domain to access a second domain. The method may include digitally signing the identity mapping information by the user; providing the mapping information to an identity management system; and storing the user-signed mapping information after being further digitally signed by the identity management system.

Citations

20 Claims

1. Method for storing identity mapping information in an identity management system for enabling a user authenticated at a first domain to access a second domain, the method comprising:
- digitally signing the identity mapping information by the user;
  
  providing the mapping information to the identity management system; and
  
  storing the user-signed mapping information after being further digitally signed by the identity management system.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein said digitally signing comprising using a private key of the user.
  - 3. The method of claim 1, wherein said storing the user-signed mapping information comprises using a private key of the identity management system.
  - 4. The method of claim 1, wherein the mapping information further comprises a password required to access the second domain and wherein the method further comprises:
    - encrypting at least the password with an encryption key, wherein the encryption key can be divided into at least a first and a second part;
      
      encrypting the first part of the encryption key with a public key of the user;
      
      encrypting the second part of the encryption key with a public key obtained from a trust center, andstoring the encrypted password and the encrypted encryption key in the identity managing system.

5. A method for retrieving identity mapping information from an identity management system for enabling a user authenticated at a first domain to access a second domain, the method comprising:
- retrieving user-signed mapping information, which has further been digitally signed by the identity management system;
  
  validating the digital signature of the identity management system; and
  
  validating the digital signature of the user;
  
  wherein after said validating the digital signature of the identity management system and said validating the digital signature of the user, the user may be authenticated to access the second domain.
- View Dependent Claims (6, 7, 8, 9, 10)
- - 6. The method of claim 5, wherein said validating the digital signature of the identity management system comprises using a public key of the identity management system.
  - 7. The method of claim 5, wherein said validating the digital signature of the user comprises using a public key of the user.
  - 8. The method of claim 7, wherein said validating the digital signature of the user comprises using a certificate of the user comprising the public key of the user.
  - 9. The method of claim 8, wherein the user certificate is obtained from a trust center.
  - 10. The method of claim 5, wherein said retrieving further comprises retrieving a password, wherein the password is required to access the second domain and is encrypted by an encryption key comprising at least a first part encrypted by a public key of the user and a second part encrypted by a public key obtained from a trust center, wherein the method further comprises:
    - sending the first encrypted part of the encryption key to the user for decryption with his private key;
      
      sending the second encrypted part to the trust center for decryption; and
      
      decrypting the password with the encryption key assembled from the decrypted first and second part.

11. A computer accessible memory medium comprising program instructions for storing identity mapping information in an identity management system for enabling a user authenticated at a first domain to access a second domain, wherein the program instructions are executable by a processor to:
- digitally sign the identity mapping information by the user;
  
  provide the mapping information to the identity management system; and
  
  store the user-signed mapping information after being further digitally signed by the identity management system.
- View Dependent Claims (12, 13, 14)
- - 12. The memory medium of claim 11, wherein said digitally signing comprising using a private key of the user.
  - 13. The memory medium of claim 11, wherein said storing the user-signed mapping information comprises using a private key of the identity management system.
  - 14. The memory medium of claim 11, wherein the mapping information further comprises a password required to access the second domain and wherein the program instructions are further executable to:
    - encrypt at least the password with an encryption key, wherein the encryption key can be divided into at least a first and a second part;
      
      encrypt the first part of the encryption key with a public key of the user;
      
      encrypt the second part of the encryption key with a public key obtained from a trust center, andstore the encrypted password and the encrypted encryption key in the identity managing system.

15. A memory medium comprising program instructions for retrieving identity mapping information from an identity management system for enabling a user authenticated at a first domain to access a second domain, wherein the program instructions are executable by a processor to:
- retrieve user-signed mapping information, which has further been digitally signed by the identity management system;
  
  validate the digital signature of the identity management system; and
  
  validate the digital signature of the user;
  
  wherein after said validating the digital signature of the identity management system and said validating the digital signature of the user, the user may be authenticated to access the second domain.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The memory medium of claim 15, wherein said validating the digital signature of the identity management system comprises using a public key of the identity management system.
  - 17. The memory medium of claim 15, wherein said validating the digital signature of the user comprises using a public key of the user.
  - 18. The memory medium of claim 17, wherein said validating the digital signature of the user comprises using a certificate of the user comprising the public key of the user.
  - 19. The memory medium of claim 18, wherein the user certificate is obtained from a trust center.
  - 20. The memory medium of claim 15, wherein said retrieving further comprises retrieving a password, wherein the password is required to access the second domain and is encrypted by an encryption key comprising at least a first part encrypted by a public key of the user and a second part encrypted by a public key obtained from a trust center, and wherein the program instructions are further executable to:
    - send the first encrypted part of the encryption key to the user for decryption with his private key;
      
      send the second encrypted part to the trust center for decryption; and
      
      decrypt the password with the encryption key assembled from the decrypted first and second part.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Software AG
Original Assignee
Software AG
Inventors
Kessler, Dieter

Granted Patent

US 8,555,075 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/277
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

Methods and System for Storing and Retrieving Identity Mapping Information

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and System for Storing and Retrieving Identity Mapping Information

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links