Delegating digital credentials
First Claim
Patent Images
1. A method comprising:
- using a delegation service provider to;
receive, from a delegator, a designation of a role and a delegate to assume the role;
receive, from a credential service provider, an indication that the designation is valid;
generate a delegation credential in response to receiving the indication; and
provide the delegation credential to the delegator or delegate; and
using the credential service provider to;
receive the delegation credential as part of a process for accessing a service;
receive an access requirement for accessing the service, the access requirement being received from a relying party that provides the service;
determine if the delegation credential is valid for the access requirement, wherein determining if the delegation credential is valid comprises providing the delegation credential to a verification service that compares the delegation credential to pre-existing delegation credentials that correspond to the access requirement; and
enable access to the service if the delegation credential comprises a valid delegation credential for the delegate.
1 Assignment
0 Petitions
Accused Products
Abstract
The system includes receiving, from a delegator, a designation of a role and a delegate to assume the role, receiving, from a credential service provider, an indication that the designation is valid, issuing a delegation credential in response to receiving the indication, and issuing a confirmation to the delegator, which indicates that the delegation credential was issued.
43 Citations
18 Claims
-
1. A method comprising:
-
using a delegation service provider to; receive, from a delegator, a designation of a role and a delegate to assume the role; receive, from a credential service provider, an indication that the designation is valid; generate a delegation credential in response to receiving the indication; and provide the delegation credential to the delegator or delegate; and using the credential service provider to; receive the delegation credential as part of a process for accessing a service; receive an access requirement for accessing the service, the access requirement being received from a relying party that provides the service; determine if the delegation credential is valid for the access requirement, wherein determining if the delegation credential is valid comprises providing the delegation credential to a verification service that compares the delegation credential to pre-existing delegation credentials that correspond to the access requirement; and enable access to the service if the delegation credential comprises a valid delegation credential for the delegate. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
receiving a request for a delegate to access a service; obtaining delegation credentials for the delegate; determining which of the delegation credentials correspond to an access requirement for the service; providing, to the delegate, delegation credentials that correspond to the access requirement; receiving, from the delegate, an indication corresponding to a selected delegation credential; sending the selected delegation credential to a verification service that compares the selected delegation credential to permissible delegation credentials for the delegate; and using the selected delegation credential to access the service if the selected delegation credential comprises a permissible delegation credential for the delegate. - View Dependent Claims (9, 10)
-
-
11. An article comprising one or more machine-readable media that store executable instructions that cause one or more machines to:
-
receive, from a delegator, a designation of a role and a delegate to assume the role; receive, from a credential service provider, an indication that the designation is valid; generate a delegation credential in response to receiving the indication; provide the delegation credential to the delegator or delegate receive the delegation credential as part of a process for accessing a service; receive an access requirement for accessing the service, the access requirement being received from a relying party that provides the service; determine if the delegation credential is valid for the access requirement, wherein determining if the delegation credential is valid comprises providing the delegation credential to a verification service that compares the delegation credential to pre-existing delegation credentials that correspond to the access requirement; and enable access to the service if the delegation credential comprises a valid delegation credential for the delegate. - View Dependent Claims (12, 13, 14, 15)
-
-
16. An article comprising a machine-readable medium that stores executable instructions that cause a machine to:
-
receive a request for a delegate to access a service; obtain delegation credentials for the delegate; determine which of the delegation credentials correspond to an access requirement for the service; provide, to the delegate, delegation credentials that correspond to the access requirement; receive, from the delegate, an indication corresponding to a selected delegation credential; send a selected delegation credential to a verification service that compares the selected delegation credential to permissible delegation credentials for the delegate; and use the selected delegation credential to access the service if the selected delegation credential comprises a permissible delegation credential for the delegate. - View Dependent Claims (17, 18)
-
Specification