Delegating digital credentials

US 7,395,246 B2
Filed: 11/28/2001
Issued: 07/01/2008
Est. Priority Date: 06/30/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

using a delegation service provider to;

receive, from a delegator, a designation of a role and a delegate to assume the role;

receive, from a credential service provider, an indication that the designation is valid;

generate a delegation credential in response to receiving the indication; and

provide the delegation credential to the delegator or delegate; and

using the credential service provider to;

receive the delegation credential as part of a process for accessing a service;

receive an access requirement for accessing the service, the access requirement being received from a relying party that provides the service;

determine if the delegation credential is valid for the access requirement, wherein determining if the delegation credential is valid comprises providing the delegation credential to a verification service that compares the delegation credential to pre-existing delegation credentials that correspond to the access requirement; and

enable access to the service if the delegation credential comprises a valid delegation credential for the delegate.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The system includes receiving, from a delegator, a designation of a role and a delegate to assume the role, receiving, from a credential service provider, an indication that the designation is valid, issuing a delegation credential in response to receiving the indication, and issuing a confirmation to the delegator, which indicates that the delegation credential was issued.

43 Citations

View as Search Results

18 Claims

1. A method comprising:
- using a delegation service provider to;
  
  receive, from a delegator, a designation of a role and a delegate to assume the role;
  
  receive, from a credential service provider, an indication that the designation is valid;
  
  generate a delegation credential in response to receiving the indication; and
  
  provide the delegation credential to the delegator or delegate; and
  
  using the credential service provider to;
  
  receive the delegation credential as part of a process for accessing a service;
  
  receive an access requirement for accessing the service, the access requirement being received from a relying party that provides the service;
  
  determine if the delegation credential is valid for the access requirement, wherein determining if the delegation credential is valid comprises providing the delegation credential to a verification service that compares the delegation credential to pre-existing delegation credentials that correspond to the access requirement; and
  
  enable access to the service if the delegation credential comprises a valid delegation credential for the delegate.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the delegation credential allows the delegate to access the service.
  - 3. The method of claim 1, wherein the delegation service provider issues a confirmation to the delegator which indicates that the delegation credential was generated.
  - 4. The method of claim 1, wherein the delegator can delegate multiple functions, the role comprising one of the multiple functions.
  - 5. The method of claim 1, wherein the delegation credential is provided from the delegation service provide to, and stored by, at least one of the delegate and the credential service provider.
  - 6. The method of claim 1, wherein multiple delegation credentials correspond to the access requirement and the credential service provider provides the multiple delegation credentials to the delegate.
  - 7. The method of claim 6, wherein the delegate selects the delegation credential from among the multiple delegation credentials for use by the credential serviced provider.

8. A method comprising:
- receiving a request for a delegate to access a service;
  
  obtaining delegation credentials for the delegate;
  
  determining which of the delegation credentials correspond to an access requirement for the service;
  
  providing, to the delegate, delegation credentials that correspond to the access requirement;
  
  receiving, from the delegate, an indication corresponding to a selected delegation credential;
  
  sending the selected delegation credential to a verification service that compares the selected delegation credential to permissible delegation credentials for the delegate; and
  
  using the selected delegation credential to access the service if the selected delegation credential comprises a permissible delegation credential for the delegate.
- View Dependent Claims (9, 10)
- - 9. The method of claim 8, wherein sending is performed prior to using the selected delegation credential to access the service.
  - 10. The method of claim 8, further comprising:
    - receiving an indication that the selected delegation credential is valid prior to using the selected delegation credential to access the service.

11. An article comprising one or more machine-readable media that store executable instructions that cause one or more machines to:
- receive, from a delegator, a designation of a role and a delegate to assume the role;
  
  receive, from a credential service provider, an indication that the designation is valid;
  
  generate a delegation credential in response to receiving the indication;
  
  provide the delegation credential to the delegator or delegatereceive the delegation credential as part of a process for accessing a service;
  
  receive an access requirement for accessing the service, the access requirement being received from a relying party that provides the service;
  
  determine if the delegation credential is valid for the access requirement, wherein determining if the delegation credential is valid comprises providing the delegation credential to a verification service that compares the delegation credential to pre-existing delegation credentials that correspond to the access requirement; and
  
  enable access to the service if the delegation credential comprises a valid delegation credential for the delegate.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The article of claim 11, wherein the delegation credential allows the delegate to access the service.
  - 13. The article of claim 11, further comprising instructions that cause the one or more machines to:
    - issue a confirmation to the delegator which indicates that the delegation credential was generated.
  - 14. The article of claim 11, wherein the delegator can delegate multiple functions, the role comprising one of the multiple functions.
  - 15. The article of claim 11, wherein the delegation credential is issued to, and stored by, at least one of the delegate and a credential service provider.

16. An article comprising a machine-readable medium that stores executable instructions that cause a machine to:
- receive a request for a delegate to access a service;
  
  obtain delegation credentials for the delegate;
  
  determine which of the delegation credentials correspond to an access requirement for the service;
  
  provide, to the delegate, delegation credentials that correspond to the access requirement;
  
  receive, from the delegate, an indication corresponding to a selected delegation credential;
  
  send a selected delegation credential to a verification service that compares the selected delegation credential to permissible delegation credentials for the delegate; and
  
  use the selected delegation credential to access the service if the selected delegation credential comprises a permissible delegation credential for the delegate.
- View Dependent Claims (17, 18)
- - 17. The article of claim 16, wherein sending is performed prior to using the selected delegation credential to access the service.
  - 18. The article of claim 16, further comprising instructions that cause the machine to:
    - receive an indication that the selected delegation credential is valid prior to using the selected delegation credential to access the service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Deklotz, Wesley, Shimoda, Marion H., Premi, Michael R., Glover, Jeff U., Brickell, Ernie F., Wood, Matthew D.
Primary Examiner(s)
ELISCA, PIERRE E

Application Number

US09/998,549
Publication Number

US 20020083014A1
Time in Patent Office

2,407 Days
Field of Search

713/157, 380/30, 380/23, 380/25, 340/825.31, 340/825.34, 705/76, 705/75, 705/18, 705/44
US Class Current

705/76
CPC Class Codes

G06Q 10/10   Office automation; Time man...

G06Q 20/3821   Electronic credentials

G06Q 20/40   Authorisation, e.g. identif...

G06Q 30/02   Marketing; Price estimation...

Delegating digital credentials

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

43 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Delegating digital credentials

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links