SYSTEM AND METHOD USING GLOBALLY UNIQUE IDENTITIES
First Claim
Patent Images
1. A method of securing access to a resource on a network using a global identifier, comprising:
- obtaining a plurality of identifiers associated with a user of the network, each of the plurality of identifiers individually identifying the user;
generating a superset of the plurality of identifiers, as the global identifier;
establishing one or more policies associated with the global identifier of the user; and
restricting access to the resource on the network by the user based on the one or more policies associated with the global identifier.
8 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are described for creating a globally unique identity for a user or user-container by performing an iterative join where each participating back-end data source. The systems and methods include an ID-Unify (IDU) that performs identity virtualization and creates or generates a globally unique identifier for a user in operational environments in which there is a pre-existing conflict caused by the existence of different identities for a user in different authentication data sources.
145 Citations
23 Claims
-
1. A method of securing access to a resource on a network using a global identifier, comprising:
-
obtaining a plurality of identifiers associated with a user of the network, each of the plurality of identifiers individually identifying the user; generating a superset of the plurality of identifiers, as the global identifier; establishing one or more policies associated with the global identifier of the user; and restricting access to the resource on the network by the user based on the one or more policies associated with the global identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of establishing a global unique identifier for access control, comprising:
-
obtaining, by an identity server, a plurality of identifiers from a plurality of data sources, the plurality of identifiers being associated with a user of the network and each individually identifying the user; and establishing the global unique identifier for access control by generating a join of the plurality of identifiers, wherein the global unique identifier consolidates disparate forms of identification associated with the user from the plurality of data sources. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. An identity server configured to communication with an access server and a plurality of identity storage devices for generating a unique global identifier, the identity server comprising:
-
an identity virtualization client for querying a plurality of identifiers associated with a user of the network, each of the plurality of identifiers individually identifying the user; an identity consolidation engine for generating a superset of the plurality of identifiers, as the unique global identifier; and an identity virtualization server for outputting the global identifier to global identify user devices.
-
-
17. An identity server for generating a unique global identifier for accessing secured resources on a network, the identity server comprising:
-
an identity virtualization server for receiving an access request to access one or more secured resources on the network, the access request including a user identifier indicating a user requesting access to the one or more secured resources; an identity virtualization client for querying a plurality of devices for a plurality of identifiers associated with the user responsive to reception of the access request, each of the plurality of identifiers individually identifying the user; an identity consolidation engine for generating a superset of the plurality of identifiers, as the unique global identifier and for identifying one or more access policies associated with the unique global identifier; and a policy virtualization engine for permitting access to the one or more secured resources when the user is allowed to access the one or more secured resources based on the identified access policies. - View Dependent Claims (18)
-
-
19. An identity authority configured to communicate identity certificates to identity requesting devices, comprising:
-
an identity virtualization server for receiving an identity certification request including a user identifier from one device of the identity requesting devices; an identity virtualization client for querying a plurality of devices for a plurality of identifiers associated with the user responsive to reception of the identity certification request from the one device of the identity requesting devices; an identity consolidation engine for matching the received user identifier to at least one portion of a generated superset of the plurality of identifiers; and a policy virtualization engine for transmitting a certification to the one device of the identity requesting devices when the received user identifier matches to the at least one portion of the generated superset of the plurality of identifiers. - View Dependent Claims (20, 21)
-
-
22. A method of establishing a global unique identifier for access control, comprising:
-
receiving a request from a user at a first computing environment for access to a resource located in a second computing environment separate from the first computing environment; obtaining, by an identity server in the second computing environment, a plurality of identifiers from a plurality of data sources, the plurality of identifiers being associated with the user and each individually identifying the user; establishing, by the server in the second computing environment, the global unique identifier for access control by generating a join of the plurality of identifiers, wherein the global unique identifier consolidates disparate forms of identification associated with the user from the plurality of data sources; and permitting access to the resource via the first computing environment based on the global unique identifier from the second computing environment.
-
-
23. A computer readable storage medium for storing program code for executing the method of securing access to a resource on a network using a global identifier, comprising:
-
obtaining a plurality of identifiers associated with a user of the network, each of the plurality of identifiers individually identifying the user; generating a superset of the plurality of identifiers, as the global identifier; establishing one or more policies associated with the global identifier of the user; and restricting access to the resource on the network by the user based on the one or more policies associated with the global identifier.
-
Specification