Identity management system and method

US 7,571,473 B1
Filed: 06/10/2005
Issued: 08/04/2009
Est. Priority Date: 06/10/2005
Status: Active Grant

First Claim

Patent Images

1. A system for identity management comprising:

an identity management data store configured to store identity-related information for a user of an application, the identity-related information mapped within the identity management data store to role information for the user of the application;

a human resources input configured to provision the identity management data store with the identity-related information;

an application registration component stored as a set of computer readable instructions on a computer readable medium and executable by a processor to facilitate the application to provision the identity management data store with the role information for the user of the application; and

a security component stored as a set of computer readable instructions on a computer readable medium and executable by a processor to authenticate the user and authorize the user for access to the application based on the identity-related information, the security component further configured to retrieve the role information mapped to the identity-related information and deliver the role information to the application.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is for identity management is provided. The system includes an identity management data store, a human resources input, an application registration component, and a security component. The identity management data store stores identity-related information for a user of an application. The identity-related information is mapped within the identity management data store to role information for the user of the application. The human resources input provisions the identity management data store with the identity-related information. The application registration component facilitates the application to provision the identity management data store with the role information for the user of the application. The security component authenticates the user and authorizes the user for access to the application based on the identity-related information. The security component retrieves the role information mapped to the identity-related information and delivers the role information to the application.

147 Citations

20 Claims

1. A system for identity management comprising:
- an identity management data store configured to store identity-related information for a user of an application, the identity-related information mapped within the identity management data store to role information for the user of the application;
  
  a human resources input configured to provision the identity management data store with the identity-related information;
  
  an application registration component stored as a set of computer readable instructions on a computer readable medium and executable by a processor to facilitate the application to provision the identity management data store with the role information for the user of the application; and
  
  a security component stored as a set of computer readable instructions on a computer readable medium and executable by a processor to authenticate the user and authorize the user for access to the application based on the identity-related information, the security component further configured to retrieve the role information mapped to the identity-related information and deliver the role information to the application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1, further comprising an application data store coupled to the application, the application data store containing no identity-related information.
  - 3. The system of claim 1, further comprising an application data store coupled to the application, the application data store maintaining rule information related to access to the application by users, the application associating the role information with the rule information to determine the user'"'"'s access to the application.
  - 4. The system of claim 1, further comprising a lifecycle management component configured to allow the user to modify a portion of the identity-related information in the identity management data store.
  - 5. The system of claim 4, further comprising a graphical user interface displayed by the application and customized for the user based on the user'"'"'s role-related information.
  - 6. The system of claim 1, further comprising a default roles component configured to provision the identity management data store with a set of default roles for associated with one or more applications for a specific user.
  - 7. The system of claim 1, wherein the security component is further defined as Siteminder.
  - 8. The system of claim 7, wherein Siteminder maintains an authorization and authentication data store to authenticate users.
  - 9. The system of claim 8, wherein the authentication data store maintains user name and passwords.
  - 10. The system of claim 8, wherein the authorization data store identifies at least some areas of an enterprise system that the users are authorized to access.
  - 11. The system of claim 10, wherein the areas of the enterprise system are further defined as Universal Resources Locator.

12. A method for providing a user access to an application comprising:
- registering role-related information via an application registration component stored as a set of computer readable instructions on a computer readable media and executed by a processor, by the application, wherein the application is stored as a set of computer readable instructions on a computer readable media that are executed by a processor;
  
  storing the role-related information in an identity management data store;
  
  provisioning the identity management data store with identity-related information for the user from a human resources system;
  
  mapping in the identity management data store the identity-related information to the role-related information;
  
  authenticating the user by an authentication interface, wherein the authentication interface is stored on a computer readable media and executed by a processor;
  
  consulting, using the authentication interface, the identity management data store to determine if the user is authorized to access the application;
  
  the user attempting to access the application through the authentication interface;
  
  retrieving with the authentication interface the role-related information from the identity management data store based on the mapping to the users'"'"' identity-related information;
  
  providing the role-related information related to the application for which the user attempts to access;
  
  the application associating the role-related information with rules related to access to the application by users; and
  
  the application using the rules associated with role-related information of the user to determine the user'"'"'s access to the application.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The method of claim 12, further comprising a security component operable to maintain user authentication information.
  - 14. The method of claim 13, wherein the security component is further defined as Siteminder.
  - 15. The method of claim 14, wherein Siteminder maintains an authorization and authentication data store to authenticate users.
  - 16. The method of claim 15, wherein the authentication data store maintains user name and passwords.
  - 17. The method of claim 15, wherein the authorization data store identifies at least some areas of an enterprise system that the users are authorized to access.
  - 18. The method of claim 17, wherein the areas of the enterprise system are further defined as Universal Resources Locator.
  - 19. The method of claim 12, wherein the application maintains a separate data store that maintains at least some of the role-related information and rule related information and does not maintain the identity-related information.
  - 20. The method of claim 12, further comprising:
    - selecting a default role for a specific user; and
      
      propagating the default role to a plurality of the role-related information maintained in the identity management data store related to the specific user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Grimm, Stephen W, Boydstun, Kenneth C., Hentzen, Steven R.
Primary Examiner(s)
JUNG, DAVID YIUK

Application Number

US11/149,923
Time in Patent Office

1,516 Days
Field of Search

726/21, 726/4, 726/3
US Class Current

726/21
CPC Class Codes

G06F 21/41 where a single sign-on prov...

Identity management system and method

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

147 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Identity management system and method

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

147 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links