Digital identity management

US 7,703,128 B2
Filed: 02/13/2003
Issued: 04/20/2010
Est. Priority Date: 02/13/2003
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

storing, in a memory, instructions for performing the method;

executing the instructions on a processor;

according to the instructions being executed;

managing lifecycles of multiple types of digital IDs and credentials assigned to a user, wherein the digital IDs and credentials are issued by a combination of issuers comprising;

a key distribution authority, a key distribution center, and a license server; and

abstracting the multiple types of digital IDs and credentials through a common application programming interface (API) layer of a digital identity management service (DIMS), enabling the multiple types of digital IDs and credentials to be uniformly configured, wherein a digital ID or credential abstracted by the common API layer includes opaque data, wherein the opaque data comprises a hash of a user password assigned to the user,whereby the DIMS is independent of any of a plurality of applications that utilize the multiple types of digital IDs and credentials, and wherein the DIMS relies on local policies to establish lifecycle management criteria.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One aspect relates to a process and associated device for managing digital ID lifecycles for application programs, and abstracting application programs for multiple types of credentials through a common Digital Identity Management System (DIMS) and Application Programming Interface (API) layer.

149 Citations

19 Claims

1. A method comprising:
- storing, in a memory, instructions for performing the method;
  
  executing the instructions on a processor;
  
  according to the instructions being executed;
  
  managing lifecycles of multiple types of digital IDs and credentials assigned to a user, wherein the digital IDs and credentials are issued by a combination of issuers comprising;
  
  a key distribution authority, a key distribution center, and a license server; and
  
  abstracting the multiple types of digital IDs and credentials through a common application programming interface (API) layer of a digital identity management service (DIMS), enabling the multiple types of digital IDs and credentials to be uniformly configured, wherein a digital ID or credential abstracted by the common API layer includes opaque data, wherein the opaque data comprises a hash of a user password assigned to the user,whereby the DIMS is independent of any of a plurality of applications that utilize the multiple types of digital IDs and credentials, and wherein the DIMS relies on local policies to establish lifecycle management criteria.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, wherein the managing lifecycles is performed by a life cycle management process that includes an auto-enrollment process.
  - 3. The method of claim 1, further comprising unifying credential management retrieval and storage through an application programming interface.
  - 4. The method of claim 1, further comprising operating on behalf of a system, the user, and the plurality of applications to perform the lifecycle management.
  - 5. The method of claim 1, wherein the credentials include a data object associated with a digital identity (ID) or proof of possession.
  - 6. The method of claim 5, wherein the digital ID or proof of possession is for the purpose of authentication.
  - 7. The method of claim 5, wherein the digital ID or proof of possession is for the purpose of authorization.
  - 8. The method of claim 5, wherein the digital ID or proof of possession is for the purpose of digital signature.
  - 9. The method of claim 5, wherein the digital ID or proof of possession is for the purpose of encryption.
  - 10. The method of claim 1, wherein the credentials include possession of a physical token.
  - 11. The method of claim 10, wherein the credentials are included on a smartcard.
  - 12. The method of claim 1, wherein the method further comprises maintaining the multiple digital IDs in at least one digital ID store.
  - 13. The method of claim 1, wherein the managing lifecycles is performed at least partially on a non-domain joined computer.
  - 14. The method of claim 1, wherein the multiple types of credentials are abstracted through the common API layer at least partially on a non-domain joined computer.
  - 15. The method of claim 1, wherein a particular one of the digital IDs includes a public/private key pair.
  - 16. The method of claim 1, wherein a particular one of the digital IDs includes an eXtensible Markup Language (XML) assertion.
  - 17. The method of claim 1, wherein the DIMS provides the lifecycle management for the multiple types of digital IDs and credentials without user interaction or application program interaction.
  - 18. The method of claim 1, wherein the DIMS relies on central policies to establish a lifecycle management criteria.
  - 19. The method of claim 1, further comprising managing licenses associated with a Digital Rights Management (DRM) system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Hallin, Philip J., Jones, Thomas C., Thomlinson, Matthew W., Cross, David B.
Primary Examiner(s)
Orgad; Edan
Assistant Examiner(s)
SHAW, YIN CHEN

Application Number

US10/365,878
Publication Number

US 20040162786A1
Time in Patent Office

2,623 Days
Field of Search

726 1- 10, 726/18, 713/156, 713/167, 713/168, 713182-185, 713/172
US Class Current

726/6
CPC Class Codes

G06F 21/33   using certificates

G06F 21/45   Structures or tools for the...

H04L 2209/603   Digital right managament [DRM]

H04L 63/06   for supporting key manageme...

H04L 9/006   involving public key infras...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3234   involving additional secure...

H04L 9/3263   involving certificates, e.g...

Digital identity management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

149 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Digital identity management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

149 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others