Controlled access to credential information of delegators in delegation relationships

US 7,073,195 B2
Filed: 01/28/2002
Issued: 07/04/2006
Est. Priority Date: 01/28/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method for controlling access to credential information, the method comprising:

requesting, by a delegate with a delegation from a delegator, a service from a relying party;

determining a credential requirement based on a type of the service requested;

requesting, by the relying party based on the determined credential requirement and the delegation, credential information from a delegate credential service provider;

sending, by the delegate credential service provider, the credential information to the relying party;

generating, by the relying party, a service response according to the credential information received from the delegate credential service provider; and

sending the service response to the delegate.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An arrangement is provided for controlled access to identification and status information or delegated credentials. A delegation, formed between a delegator and a delegate, is registered with a delegate credential service provider. The delegate requests a service from a relying party that then requests, based on the requested service and the delegation, delegated credential from the delegate credential service provider. The delegate credential service provider sends the delegated credential to the relying party. According to the received delegated credential, the relying party generates a service response and sends the response to the delegate.

Citations

25 Claims

1. A method for controlling access to credential information, the method comprising:
- requesting, by a delegate with a delegation from a delegator, a service from a relying party;
  
  determining a credential requirement based on a type of the service requested;
  
  requesting, by the relying party based on the determined credential requirement and the delegation, credential information from a delegate credential service provider;
  
  sending, by the delegate credential service provider, the credential information to the relying party;
  
  generating, by the relying party, a service response according to the credential information received from the delegate credential service provider; and
  
  sending the service response to the delegate.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, wherein said credential information contains credential information for the delegator.
  - 3. The method according to claim 2, wherein said requesting delegated credential includes:
    - generating a credential information request based on the service requested and the delegation;
      
      sending the credential information request to the delegate for an approval that authorizes the credential information request;
      
      receiving the approval from the delegate; and
      
      sending the approved delegated credential request to the delegate credential service provider.
  - 4. The method according to claim 3, wherein:
    - sending the credential information request to the delegate includes sending a request for information related to an appropriate delegation; and
      
      receiving the approval from the delegate includes receiving the information related to an appropriate delegation.
  - 5. The method according to claim 1, wherein said sending the credential information includes:
    - verifying the delegation registered by the delegate and delegator;
      
      retrieving credential information associated with the delegation; and
      
      forwarding the retrieved credential information to the relying party.
  - 6. The method according to claim 1, further including:
    - subscribing, by the delegate and the delegator, a digital credential service from a credential service provider.
  - 7. The method according to claim 5, further including registering, by the delegator, the conditions under which pieces of the credential information can be released to relying parties.

8. A method for verifying credential information by a relying party, the method comprising:
- receiving, from a delegate, a request for a service;
  
  determining a credential requirement based on a type of the service requested;
  
  sending a credential information request based on the determined credential requirement to a delegate credential service provider;
  
  receiving requested credential information from the delegate credential service provider;
  
  verifying the credential information;
  
  generating a service response based on the results from the verifying and the request for the service; and
  
  sending the service response to the delegate.
- View Dependent Claims (9, 10, 11)
- - 9. The method according to claim 8, wherein said sending the credential information request includes:
    - sending the credential information request to the delegate to obtain an approval;
      
      receiving the approval from the delegate; and
      
      sending the credential information request to the delegate credential service provider.
  - 10. The method according to claim 8, further including:
    - determining, using the credential required, an appropriate delegation.
  - 11. The method according to claim 10, wherein said determining the appropriate delegation includes one of:
    - obtaining the appropriate delegation specified in the request for service sent by the delegate;
      
      selecting the appropriate delegation by the delegate upon receiving the credential information request;
      
      orverifying the appropriate delegation by the delegate credential service provider.

12. A method for controlling access to credential information by a delegate credential service provider, the method comprising:
- receiving a service request;
  
  determining the service type based on the service request;
  
  determining a credential requirement based on the service type of the service request;
  
  registering, if the service type is for subscribing a digital credential service, a user'"'"'s credential information for requested digital credential service based on the determined credential requirement;
  
  registering, if the service type is for delegation service, a delegation between a delegator and a delegate, the delegation including delegation terms;
  
  changing, if the service type is for updating an existing delegation, the terms of an existing delegation; and
  
  providing, if the service request is a credential information request from a relying party for credential information required for a service requested by a delegate, credential information.
- View Dependent Claims (13, 14, 15)
- - 13. The method according to claim 12, wherein said changing the terms of a delegation includes:
    - receiving, from a user, revised delegation terms; and
      
      updating the terms of the existing delegation using the revised delegation terms.
  - 14. The method according to claim 12, wherein said providing delegated credential includes:
    - retrieving the requested delegated credential; and
      
      sending the retrieved delegated credential to the relying party.
  - 15. The method according to claim 12, further comprising:
    - registering by the delegator the conditions under which a portion of the credential information can be released to relying parties; and
      
      determining, prior to the retrieving, a delegation, between the delegate, who requests the service from the relying party, and a delegator, wherein the digital credential information of the delegator corresponds to the delegated credential required for the service requested by the delegate.

16. A system for verifying credential information by a relying party, comprising:
- a service request processing mechanism for processing a service request for a service from a user;
  
  a credential determiner for determining, prior to obtaining credential information, a credential requirement based on a type of the service requested by the user;
  
  a credential information request mechanism for obtaining credential information based on the determined credential requirement from a delegation credential service provider; and
  
  a service response generation mechanism for generating a service response based on the service request and the required credential information.
- View Dependent Claims (17)
- - 17. The system according to claim 16, further including:
    - a credential verification mechanism for verifying the required credential information obtained from the delegation credential service provider before the service response is generated.

18. A machine-accessible medium having encoded thereon, program code for verifying credential information by a relying party, the program code including instructions which when executed cause:
- receiving, from a delegate, a request for a service;
  
  determining a credential requirement based on a type of the service requested;
  
  sending a credential information request to a delegate credential service provider based on the determined credential requirement;
  
  receiving the requested credential information from the delegate credential service provider;
  
  verifying the credential information;
  
  generating a service response based on the results from the verifying and the request for the service; and
  
  sending the service response to the delegate.
- View Dependent Claims (19, 20, 21)
- - 19. The medium according to claim 18, wherein said sending the credential information request includes:
    - sending the credential information request to the delegate to obtain an approval;
      
      receiving the approval from the delegate; and
      
      sending the credential information request to the delegate credential service provider.
  - 20. The medium according to claim 19, including program code having instructions which when executed, further cause:
    - determining, using the determined credential requirement, an appropriate delegation based on which the credential information request is constructed.
  - 21. The medium according to claim 20, wherein the determining the appropriate delegation includes one of:
    - obtaining the appropriate delegation specified in the request for service sent by the delegate;
      
      selecting the appropriate delegation by the delegate upon receiving the credential information request for approval;
      
      or verifying the appropriate delegation by the delegate credential service provider.

22. A machine-accessible medium having encoded thereon, program code for controlling access to credential information by a delegate credential service provider, the program code including instructions which when executed cause;
- receiving a service request;
  
  determining the service type based on the service request;
  
  determining a credential requirement based on the service type of the received service request;
  
  registering, if the service type is for subscribing a digital credential service, a user'"'"'s credential information based on the determined credential requirement for requested digital credential service;
  
  registering, if the service type is for delegation service, a delegation between a delegator and a delegate, the delegation including delegation terms;
  
  changing, if the service type is for updating an existing delegation, the terms of an existing delegation; and
  
  providing, if the service request is a credential information request from a relying party for digital credential information required for a service requested by a delegate, required credential information.
- View Dependent Claims (23, 24, 25)
- - 23. The medium according to claim 22, wherein said updating a delegation includes:
    - receiving, from a user, revised delegation terms; and
      
      updating the terms of the existing delegation using the revised delegation terms.
  - 24. The medium according to claim 22, wherein said providing delegate credential information includes:
    - retrieving the required delegated credential; and
      
      sending the retrieved credential information to the relying party.
  - 25. The medium according to claim 24, including program code having instructions which when executed, further cause:
    - determining, prior to the retrieving, a delegation between the delegate, who requests the service from the relying party, and a delegator, wherein the digital credential information of the delegator corresponds to the credential information required for the service requested by the delegate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Brickell, Ernie F., Wood, Matthew D., Deklotz, Wesley, Shimoda, Marion H., Premi, Michael R., Glover, Jeff U.
Primary Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US10/055,923
Publication Number

US 20030145223A1
Time in Patent Office

1,618 Days
Field of Search

None
US Class Current

726/5
CPC Class Codes

G06F 21/33   using certificates

G06Q 20/3821   Electronic credentials

H04L 63/0823   using certificates cryptogr...

Controlled access to credential information of delegators in delegation relationships

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Controlled access to credential information of delegators in delegation relationships

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links