Controlled access to credential information of delegators in delegation relationships
First Claim
Patent Images
1. A method for controlling access to credential information, the method comprising:
- requesting, by a delegate with a delegation from a delegator, a service from a relying party;
determining a credential requirement based on a type of the service requested;
requesting, by the relying party based on the determined credential requirement and the delegation, credential information from a delegate credential service provider;
sending, by the delegate credential service provider, the credential information to the relying party;
generating, by the relying party, a service response according to the credential information received from the delegate credential service provider; and
sending the service response to the delegate.
1 Assignment
0 Petitions
Accused Products
Abstract
An arrangement is provided for controlled access to identification and status information or delegated credentials. A delegation, formed between a delegator and a delegate, is registered with a delegate credential service provider. The delegate requests a service from a relying party that then requests, based on the requested service and the delegation, delegated credential from the delegate credential service provider. The delegate credential service provider sends the delegated credential to the relying party. According to the received delegated credential, the relying party generates a service response and sends the response to the delegate.
-
Citations
25 Claims
-
1. A method for controlling access to credential information, the method comprising:
-
requesting, by a delegate with a delegation from a delegator, a service from a relying party; determining a credential requirement based on a type of the service requested; requesting, by the relying party based on the determined credential requirement and the delegation, credential information from a delegate credential service provider; sending, by the delegate credential service provider, the credential information to the relying party; generating, by the relying party, a service response according to the credential information received from the delegate credential service provider; and
sending the service response to the delegate. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for verifying credential information by a relying party, the method comprising:
-
receiving, from a delegate, a request for a service; determining a credential requirement based on a type of the service requested; sending a credential information request based on the determined credential requirement to a delegate credential service provider; receiving requested credential information from the delegate credential service provider; verifying the credential information; generating a service response based on the results from the verifying and the request for the service; and
sending the service response to the delegate. - View Dependent Claims (9, 10, 11)
-
-
12. A method for controlling access to credential information by a delegate credential service provider, the method comprising:
-
receiving a service request; determining the service type based on the service request; determining a credential requirement based on the service type of the service request; registering, if the service type is for subscribing a digital credential service, a user'"'"'s credential information for requested digital credential service based on the determined credential requirement; registering, if the service type is for delegation service, a delegation between a delegator and a delegate, the delegation including delegation terms; changing, if the service type is for updating an existing delegation, the terms of an existing delegation; and providing, if the service request is a credential information request from a relying party for credential information required for a service requested by a delegate, credential information. - View Dependent Claims (13, 14, 15)
-
-
16. A system for verifying credential information by a relying party, comprising:
-
a service request processing mechanism for processing a service request for a service from a user; a credential determiner for determining, prior to obtaining credential information, a credential requirement based on a type of the service requested by the user; a credential information request mechanism for obtaining credential information based on the determined credential requirement from a delegation credential service provider; and a service response generation mechanism for generating a service response based on the service request and the required credential information. - View Dependent Claims (17)
-
-
18. A machine-accessible medium having encoded thereon, program code for verifying credential information by a relying party, the program code including instructions which when executed cause:
-
receiving, from a delegate, a request for a service;
determining a credential requirement based on a type of the service requested;sending a credential information request to a delegate credential service provider based on the determined credential requirement; receiving the requested credential information from the delegate credential service provider; verifying the credential information; generating a service response based on the results from the verifying and the request for the service; and sending the service response to the delegate. - View Dependent Claims (19, 20, 21)
-
-
22. A machine-accessible medium having encoded thereon, program code for controlling access to credential information by a delegate credential service provider, the program code including instructions which when executed cause;
-
receiving a service request; determining the service type based on the service request; determining a credential requirement based on the service type of the received service request; registering, if the service type is for subscribing a digital credential service, a user'"'"'s credential information based on the determined credential requirement for requested digital credential service; registering, if the service type is for delegation service, a delegation between a delegator and a delegate, the delegation including delegation terms; changing, if the service type is for updating an existing delegation, the terms of an existing delegation; and
providing, if the service request is a credential information request from a relying party for digital credential information required for a service requested by a delegate, required credential information. - View Dependent Claims (23, 24, 25)
-
Specification