TRANSFORMING CLAIM BASED IDENTITIES TO CREDENTIAL BASED IDENTITIES
First Claim
Patent Images
1. A method to be executed at least in part in a computing device for transforming a claim based identity to a credential based identity, the method comprising:
- receiving a claim token issued by a trusted authority in response to a user request at a secure store service;
mapping a credential to a claim based on the token;
storing the credential in a secure manner;
in response to receiving the claim token for each request to access a resource associated with the secure store service, retrieving the credential; and
returning the credential to an originator of the request.
2 Assignments
0 Petitions
Accused Products
Abstract
Claim based identities are transformed to a set of credentials and securely stored in a secure data store using a number of encryption schemes. The credentials are then used to authenticate applications requiring specific credential types. For each call to the secure store system, a client application may provide a claims token issued by a trusted source, which is used to search for corresponding credentials in the secure data store if the credentials have been created previously for the user.
-
Citations
20 Claims
-
1. A method to be executed at least in part in a computing device for transforming a claim based identity to a credential based identity, the method comprising:
-
receiving a claim token issued by a trusted authority in response to a user request at a secure store service; mapping a credential to a claim based on the token; storing the credential in a secure manner; in response to receiving the claim token for each request to access a resource associated with the secure store service, retrieving the credential; and returning the credential to an originator of the request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-readable storage medium with instructions stored thereon for transforming a claim based identity to a credential based identity, the instructions comprising:
-
receiving a claim at a Secure Token Service (STS); providing a token upon authenticating the claim; receiving the token at a Secure Store Service (SSS), wherein the SSS has a trust relationship with the STS established based on a claim specification; mapping a credential to the claim based on the token; encrypting the credential using a master key; and storing the encrypted credential for use in authorization of subsequent requests for access by a user associated with the claim through providing the credential mapped to the claim. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A system for transforming a claim based identity to a credential based identity, the system comprising:
-
a Security Token Service (STS) executed on a web server for receiving a request for a claim token from a client application and providing the claim token to the client application upon authentication of a user associated with the claim; an application server including a memory and a processor coupled to the memory, the processor configured to execute a Secure Store Service (SSS) that includes; an SSS application for; mapping credentials to the claim based on received claim tokens; in response to receiving a request for access to a resource, searching for stored credentials corresponding to a claim token associated with a user submitting the request and providing the stored credentials to the user; a credential manager for; receiving and associating the credentials mapped to the claim with applications; a key manager for; encrypting the credentials for storing using a master key; encrypting the master key using an administrator provided pass phrase, wherein the encrypted master key is stored along with the encrypted credentials; and a secure data store for storing the encrypted credentials and the master key, wherein the secure data store is managed by the application server. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification