Managing multiple user identities in authentication environments
First Claim
Patent Images
1. A method of managing a plurality of identities associated with a single user comprising:
- assigning an identity broker at a server and at a client to act on behalf of the single user;
receiving, at the server, user identity information from the single user from the client, the user identity information representing a plurality of user identities for authenticating the single user with one or more target services, said user identity information being different from the plurality of user identities, each of the user identities being different and being associated with the one or more target services;
sending, from the server, one or more requests to the target services to obtain additional user identity information, the additional user identity information comprising credential information for each of the user identities, each of the requests comprising a portion of the received user identity information;
receiving the additional user identity information from the target services in response to authentication of the single user by the target services via the sent requests;
synchronizing the received identity information and the received additional user identity information between the server and the client;
registering the received user identity information and the received additional user identity information for management of the plurality of user identities such that the single user is authenticated with the one or more target services based on the user identity information;
providing a linking relationship among the user identity information and the additional user identity information of the plurality of user identities at the server such that each user identity information of the single user corresponds to the additional user identity information of the single user, wherein the linking relationship enables the server to manage the plurality of user identities in groups; and
wherein the assigned identity brokers on the server and the client manage the identity of the single user as a function of the received identity information and the received additional user identity information without a party other than the single user to know about the received additional user identity information.
2 Assignments
0 Petitions
Accused Products
Abstract
Managing a plurality of identities associated with a user. The invention includes a system for managing multiple credentials within the same authentication system and across federated authentication systems in such a manner that signing in with one credential allows access to content, information or services that may be associated with another credential.
301 Citations
42 Claims
-
1. A method of managing a plurality of identities associated with a single user comprising:
-
assigning an identity broker at a server and at a client to act on behalf of the single user; receiving, at the server, user identity information from the single user from the client, the user identity information representing a plurality of user identities for authenticating the single user with one or more target services, said user identity information being different from the plurality of user identities, each of the user identities being different and being associated with the one or more target services; sending, from the server, one or more requests to the target services to obtain additional user identity information, the additional user identity information comprising credential information for each of the user identities, each of the requests comprising a portion of the received user identity information; receiving the additional user identity information from the target services in response to authentication of the single user by the target services via the sent requests; synchronizing the received identity information and the received additional user identity information between the server and the client; registering the received user identity information and the received additional user identity information for management of the plurality of user identities such that the single user is authenticated with the one or more target services based on the user identity information; providing a linking relationship among the user identity information and the additional user identity information of the plurality of user identities at the server such that each user identity information of the single user corresponds to the additional user identity information of the single user, wherein the linking relationship enables the server to manage the plurality of user identities in groups; and wherein the assigned identity brokers on the server and the client manage the identity of the single user as a function of the received identity information and the received additional user identity information without a party other than the single user to know about the received additional user identity information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method of managing user identity information corresponding to a plurality of identities associated with a user at a client, each of the user identities being associated with one or more target services, the identities being stored in a database, the method comprising:
-
interacting between an identity broker at a server and an identity broker at the client on behalf of the user in response to a request from the user; interacting between the server and one of the target services to provide the user identity information to said one of the target services in response to a request from said one of the target services for one or more of the identities associated therewith, said user identity information representing a plurality of user identities for authenticating the user with the one or more target services, said user identity information being different from the plurality of user identities, wherein the identity information is synchronized between the client and the server;
wherein interacting comprises;receiving, from said one of the target services, a request for one or more of the user identities associated therewith, the request comprising a list of requested identity types; retrieving the user identity information from the database accessible by the server corresponding to the list of requested identity types; providing the retrieved user identity information to said one of the target services in response to the received request, wherein the retrieved user identity information authenticates the user with the one or more target services, wherein the database provides a linking relationship among the user identity information of the one or more of the identities of the user, wherein the linking relationship enables the server to manage the plurality of user identities in groups; and wherein the identity brokers on the server and the client manage the user identity information as a function of the user identity information and the user identities without a party other than the user to know about the user identities. - View Dependent Claims (19, 20, 21, 22, 23, 24)
-
-
25. In a computer system having a graphical user interface including a display and a user interface selection device, a method of managing a plurality of identities associated with a user comprising:
-
assigning an identity broker at a server and at a client to act on behalf of the single user; displaying a registration user interface from the server to the user on the display, the registration user interface defining a user identity information field; receiving from the user at the client via the user interface selection device user identity information associated with the user identity information field, the user identity information representing a plurality of user identities for authenticating the user with one or more target services, said user identity information being different from the plurality of user identities, each of the user identities being different and being associated with the one or more target services;
receiving an execution signal from the user via the user interface selection device;synchronizing the received user identity information between the server and the client; registering, in response to the received execution signal, the received user identity information for management of the user identities such that the user is authenticated with the one or more target services based on the user identity information; and providing a linking relationship among the user identity information of the plurality of user identities at the server such that each user identity information of the user corresponds to the additional user identity information of the single user, wherein the linking relationship enables the identity broker at the server and the identity broker at the client to manage the plurality of user identities in groups without a party other than the user to know about the additional user identity information. - View Dependent Claims (26, 27, 28, 29, 30)
-
-
31. A computer storage medium having stored thereon a data structure representing a plurality of identities associated with a user associated with a client, each of the user identities being associated with one or more target services, the data structure comprising:
-
a first field representing user identity information corresponding to the user identities, said user identity information representing a plurality of user identities for authenticating the single user with one or more target services, said user identity information being different from the plurality of user identities; a second field representing additional user identity information to provide authentication for each of the user identities stored in the first field, wherein the first field and the second field enable authentication of the user based on the user identity information and the additional user identity information for authenticating with the one or more target services; wherein the first field and the second field are executed on a client a server and the one or more target services said the first field and the second field are synchronized; and a table, maintained by an identity broker at the server or at the client, providing a linking relationship among the user identity information and the additional user identity information of the plurality of user identities at the server such that each user identity information of the single user corresponds to the additional user identity information of the single user, wherein the linking relationship enables the identity broker at the server and the identity broker at the client to manage the plurality of user identities in groups without a party other than the user to know about the additional user identity information and wherein the table stores an additional flag to indicate whether or not one of the plurality of user identities is linked to some other identity. - View Dependent Claims (32, 33)
-
-
34. One or more computer storage media having computer-executable components executable at a server for managing a plurality of identities associated with a user, the components comprising:
-
an interface module for receiving user identity information from the user from a client, the user identity information representing a plurality of user identities for authenticating the single user with one or more target services, said user identity information being different from the plurality of user identities, each of the user identities being different and being associated with the one or more target services; a synchronization component for synchronizing the identity information between the client and the server; a validation module for sending one or more requests to the target services to obtain additional user identity information, the additional user identity information comprising credential information for each of the user identities, each of the requests comprising a portion of the received user identity information, the validation module receiving the additional user identity information from the target services in response to authentication of the user by the target services via the sent requests; a database module for registering the received user identity information and received additional user identity information for management of the user identities, said database module providing a linking relationship among the user identity information and the additional user identity information of the plurality of user identities at the server such that each user identity information of the single user corresponds to the additional user identity information of the single user, wherein the linking relationship enables the server to manage the plurality of user identities in groups; and a broker module for interacting with one of the target services to provide registered user identity information to said one of the target services in response to a request from said one of the target services for one or more of the user identities associated therewith, wherein the broker module enable authentication of the user with the one or more target services based on the user identity information without a party other than the single user to know about the received additional user identity information. - View Dependent Claims (35, 36, 37, 38, 39, 40)
-
-
41. An account management system at a server for managing a plurality of identities associated with a user, the account management system comprising:
-
an identity broker at the server to act on behalf of the user; an identity broker at a client to act on behalf of the user; a user interface for receiving user identity information from the user from the client, the user identity information representing a plurality of user identities for authenticating the single user with one or more target services, said user identity information being different from the plurality of user identities, each of the user identities being associated with one or more target services; a validation component for sending one or more requests to the target services to obtain additional user identity information, the additional user identity information comprising credential information for each of the user identities, each of the requests comprising a portion of the received user identity information, the validation component receiving the additional user identity information from the target services in response to authentication of the user by the target services; a synchronization component for synchronizing the received identity information and the received additional user identity information between the server and the client; a database storing the user identity information received by the user interface and the additional user identity information received by the validation component, said data base providing a linking relationship among the user identity information and the additional user identity information of the plurality of user identities at the server such that each user identity information of the single user corresponds to the additional user identity information of the single user, wherein the linking relationship enables the identity broker at the server and the identity broker at the client to manage the plurality of user identities in groups without a party other than the user to know about the additional user identity information; and computer-executable instructions which, when executed on a data processing system having a processor and access to the database, manage the user identities by performing; receiving, from said one of the target services, a request for one or more of the user identities associated therewith, the request comprising a list of requested identity types; retrieving the registered user identity information from the database corresponding to the list of requested identity types; and providing the retrieved user identity information to said one of the target services in response to the received request, wherein that the retrieved user identity information authenticates the user with the one or more target services. - View Dependent Claims (42)
-
Specification