Digital identity creation and coalescence for service authorization
First Claim
Patent Images
1. A method comprising:
- generating a user identity from a message digest algorithm that uses as input a user credential associated with a particular user and a user credential identifier identifying a class to which the user credential belongs;
generating a service authorization identity from a hashed message authentication coding algorithm that uses as input a service authentication key, a user identity and a service identity;
permuting each of the service authorization identity, the user identity and the service identity; and
storing the permuted user identity, the permuted service identity and the permuted service authorization identity in a directory;
wherein generating the user identity comprises a) generating a first hash value from a message digest algorithm using as input the user credential identifier, b) forming a first linear vector of the user credential identifier and the first hash value, c) generating a second hash value from a message digest algorithm using as input the first linear vector, d) forming a second linear vector of the second hash value and an organization identity, and e) generating the user identity from a message digest algorithm using as input the second linear vector.
3 Assignments
0 Petitions
Accused Products
Abstract
A system is disclosed to provide service authorization. The system provides authorized access to services using various identity tokens that represent authorized users, services, servers or other devices, as well as specific instances of users authorized for a service and specific instances of users authorized for a service on a particular server or other device.
-
Citations
55 Claims
-
1. A method comprising:
-
generating a user identity from a message digest algorithm that uses as input a user credential associated with a particular user and a user credential identifier identifying a class to which the user credential belongs; generating a service authorization identity from a hashed message authentication coding algorithm that uses as input a service authentication key, a user identity and a service identity; permuting each of the service authorization identity, the user identity and the service identity; and storing the permuted user identity, the permuted service identity and the permuted service authorization identity in a directory; wherein generating the user identity comprises a) generating a first hash value from a message digest algorithm using as input the user credential identifier, b) forming a first linear vector of the user credential identifier and the first hash value, c) generating a second hash value from a message digest algorithm using as input the first linear vector, d) forming a second linear vector of the second hash value and an organization identity, and e) generating the user identity from a message digest algorithm using as input the second linear vector. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An article comprising a machine-readable medium storing machine-readable instructions that, when applied to the machine, cause the machine to:
-
generate a user identity from a message digest algorithm that uses as input a first user credential associated with a particular user and a second user credential identifying a class to which the first user credential belongs; generate a service authorization identity from a hashed message authentication coding algorithm that uses as input a service authentication key, the user identity and a service identity; permute the service authorization identity, the user identity and the service identity; and store the permuted user identity, permuted service identity, and the permuted service authorization identity in a directory; wherein generating the user identity comprises a) generating a first hash value from a message digest algorithm using as input the first user credential, b) forming a first linear vector of the first user credential identifier and the first hash value, c) generating a second hash value from a message digest algorithm using as input the first linear vector, d) forming a second linear vector of the second hash value and an organization identity, and d) generating the user identity from a message digest algorithm using as input the second linear vector. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. A system comprising:
-
an identity repository and a directory; a server coupled to the identity repository and the directory, the server adapted to; generate a service authorization identity from a hashed message authentication coding algorithm that uses as input a service authentication key, a user identity that corresponds to a specific user, and a service identity that corresponds to a specific service to which the user has access; and generate a server authorization identity from a hashed message authentication coding algorithm that uses as input a service authentication key, the user identity, the service identity and a server identity; generate the server identity from a message digest algorithm that uses as input a server credential associated with a particular server and a server credential identifier identifying a class to which the server credential belongs;
generate a first hash value from a message digest algorithm using as input the server credential;
form a first linear vector of the server credential identifier and the first hash value;
generate a second hash value from a message digest algorithm using as input the first linear vector;
form a second linear vector of the second hash value and an organization identity; and
generate the server identity from a message digest algorithm using as input the second linear vector;permute the user identity, the service identity, the server identity, the service authorization identity and the server authorization identity; store the user identity, service identity, server identity, service authorization identity, server authorization identity, permuted user identity, permuted service identity, permuted server identity, permuted service authorization identity and permuted server authorization identity in the identity repository; and store the permuted user identity, permuted service identity, permuted server identity, permuted service authorization identity and permuted server authorization identity in the directory. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55)
-
Specification