FEDERATED SMART USER IDENTIFICATION WITH EMBEDDED COMPUTING SYSTEM ENTITLEMENTS

US 20200134203A1
Filed: 10/30/2018
Published: 04/30/2020
Est. Priority Date: 10/30/2018
Status: Active Grant

First Claim

Patent Images

1. A system for providing federated user identification and hierarchical computing system entitlement, the system comprising:

a plurality of computing systems, wherein each of the computing systems are defined by one or more entitlement zones; and

a computing device having a memory and at least one processor in communication with the memory, wherein the memory of the computing device stores a federated identification (ID) key having a plurality of keys strings, each key string configured to identify at least one of (i) one of the computing systems and (ii) one or more of the entitlement zones associated with the computing system that a user is authorized to access,wherein the federated ID key is configured to, in response to deciphering, (i) identify the user, and (ii) provide at least a portion of an authorization required for the user to access at least one of (a) one of the computing systems, and (b) one or more entitlement zones associated with the one of the computing systems.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A federated smart user identification (ID) having embedded tiered/hierarchical entitlements. The federated smart user ID comprises an encrypted key having multiple key strings that create sub-zones/barriers within the key. Each key string includes logical code and is attached/associated with at least one of (i) a computing system, service, application or the like, and (ii) an entitlement zone of the system, service, application or the like. Thus, the individual key strings define which systems, services, applications and the like the user has access to and the entitlements/authorizations within those systems, services, applications that the user has. In addition, key strings can dynamically be added to or deleted from the key to thereby change system/service access authorization and/or system/service-level entitlement.

1 Citation

20 Claims

1. A system for providing federated user identification and hierarchical computing system entitlement, the system comprising:
- a plurality of computing systems, wherein each of the computing systems are defined by one or more entitlement zones; and
  
  a computing device having a memory and at least one processor in communication with the memory, wherein the memory of the computing device stores a federated identification (ID) key having a plurality of keys strings, each key string configured to identify at least one of (i) one of the computing systems and (ii) one or more of the entitlement zones associated with the computing system that a user is authorized to access,wherein the federated ID key is configured to, in response to deciphering, (i) identify the user, and (ii) provide at least a portion of an authorization required for the user to access at least one of (a) one of the computing systems, and (b) one or more entitlement zones associated with the one of the computing systems.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1, wherein the entitlement zones are configured to provide an authorized user at least one of (i) access to predetermined data associated with a corresponding computing system, and (ii) predetermined functionality within the corresponding computing system.
  - 3. The system of claim 1, wherein the key strings are further configured to identify one or more entitlement sub-zones associated with the one of the entitlement zones, wherein the entitlement sub-zones are configured to provide an authorized user at least one of (i) access to predetermined data associated with a corresponding entitlement zone, and (ii) predetermined functionality within the corresponding entitlement zone.
  - 4. The system of claim 1, wherein the federated ID key further comprises first logic configured to capture and store, as metadata, user authorization credentials required for authorization of the user to access at least one of (i) the one of the computing systems, and (ii) the one of more entitlement zones associated with the one of the computing systems.
  - 5. The system of claim 4, wherein the federated ID key further comprises second logic configured to complete the authorization by comparing and matching the user authorization credentials in the metadata to currently inputted user authentication credentials.
  - 6. The system of claim 1, wherein the federated ID key further comprises logic configured to provide for dynamic changes to the federated ID key by adding, deleting, deleting or reconfiguring key strings to (i) add user authorization of at least one of one or more additional computing systems, and one or more additional entitlement zones, and (ii) delete user authorization of at least one of one or more of the computing systems, and one or more of the entitlement zones.
  - 7. The system of claim 6, wherein the system further comprises a monitoring module executable by a processor and configured to monitor at least one of (i) a physical location of the user and (ii) a usage time of the user using the one or more computing systems, wherein the dynamic changes to the federated ID key occur in response to monitoring at least one of the physical location of the user and the usage time of the user.
  - 8. The system of claim 7, wherein the dynamic changes to the federated ID key occur in response monitoring the physical location of the user to determine that the user is inside or outside of a predetermined boundary area within one or more predetermined time periods.
  - 9. The system of claim 7, wherein the monitoring module is further configured to monitor a physical location of one or more predetermined other users, wherein the dynamic changes to the federated ID key occur based on the physical location of at least one of the one or more predetermined other users in relation to the physical location of the user.
  - 10. The system of claim 1, wherein one or more of the key strings include logic that is configured delete or deactivate the key string in response to (i) expiration of a predetermined time period, (ii) meeting or exceeding a predetermined number of accesses, or (iii) meeting or exceeding a predetermined number of specified accesses over a predetermined time period.
  - 11. The system of claim 6, wherein the federated ID key is initially deployed to the computing device and dynamic updates to the federated ID key are performed in response to the user verifying identity.

12. An apparatus for providing federated user identification and hierarchical computing system entitlement, the apparatus comprising:
- a computing platform including;
  
  a memory;
  
  a processor in communication with the memory; and
  
  a federated identification (ID) key stored in the memory, executable by the processor and including a plurality of key strings, each key string configured to identify at least one of a computing system, and one or more entitlement zones associated with the computing system that a user is authorized to access,wherein the federated ID key is configured to, in response to deciphering, (i) identify the user, and (ii) provide at least a portion of an authorization required for the user to access at least one of (a) one of the computing systems, and (b) one or more entitlement zones associated with the one of the computing systems.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The apparatus of claim 12, wherein the entitlement zones are configured to provide an authorized user at least one of (i) access to predetermined data associated with a corresponding computing system, or (ii) predetermined functionality within the corresponding computing system.
  - 14. The apparatus of claim 12, wherein the key strings are further configured to identify one or more entitlement sub-zones associated with the one of the entitlement zones, wherein the entitlement sub-zones are configured to provide an authorized user at least one of (i) access to predetermined data associated with a corresponding entitlement zone, and (ii) predetermined functionality within the corresponding entitlement zone.
  - 15. The apparatus of claim 12, wherein the federated ID key further comprises:
    - first logic configured to capture and store, as metadata, user authorization credentials required for authorization of the user to access at least one of (i) the one of the computing systems, and (ii) the one or more entitlement zones associated with one of the computing systems, andsecond logic configured to complete the authorization by comparing and matching the user authorization credentials in the metadata to currently inputted user authentication credentials.
  - 16. The apparatus of claim 12, wherein the federated ID key further comprises logic configured to provide for dynamic changes to the federated ID key by adding, deleting, deactivating or reconfiguring key strings to (i) add user authorization of at least one of one or more additional computing systems and one or more additional entitlement zones and (ii) remove user authorization from at least one of one or more of the computing systems and one or more of the entitlement zones.
  - 17. The apparatus of claim 16, wherein the dynamic changes to the federated ID key occur in response to monitoring at least one of (1) a physical location of the user to determine that the user is (i) inside or outside of a predetermined boundary area, or (ii) inside or outside of a predetermined boundary area during a predetermined time period, and (2) usage of the computing system or entitlement zones of the computing system by the user.
  - 18. The apparatus of claim 16, wherein the dynamic changes to the federated ID key occur in response to monitoring a physical location of (i) the user and (ii) at least one predetermined other users and comparing the physical location of at least one of the predetermined other users to the physical location of the user.
  - 19. The apparatus of claim 12, wherein one or more of the key strings include logic configured to provide for the key string to be deleted from the key or deactivated in response to (i) expiration of a predetermined time period, (ii) meeting or exceeding a predetermined number of computing system uses, or (iii) meeting or exceeding a predetermined number of specified computing system uses over a predetermined time period.

20. A computer-implemented method for providing federated user identification and hierarchical computing system entitlement, the computer-implemented method is implemented by one or more processing devices and comprising:
- deploying a digital token on a computing device, wherein the digital token comprises a federated identification (ID) key having a plurality of key strings, each key string configured to identify at least one of a computing system and an entitlement zone associated with the computing system;
  
  in response to receiving a request to access the computing system, receiving the digital token; and
  
  deciphering the federated ID key to (i) identify a holder of the digital token and (ii) provide at least a portion of an authorization required for the holder of the digital token to access at least one of the computing system and the entitlement zone.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Kurian, Manu Jacob

Granted Patent

US 11,244,060 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/335   for accessing specific reso...

G06F 21/602   Providing cryptographic fac...

G06F 21/62   Protecting access to data v...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2141   Access rights, e.g. capabil...

FEDERATED SMART USER IDENTIFICATION WITH EMBEDDED COMPUTING SYSTEM ENTITLEMENTS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

1 Citation

20 Claims

Specification

Solutions

Use Cases

Quick Links

FEDERATED SMART USER IDENTIFICATION WITH EMBEDDED COMPUTING SYSTEM ENTITLEMENTS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

1 Citation

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links