Credential mapping

US 7,735,122 B1
Filed: 08/29/2003
Issued: 06/08/2010
Est. Priority Date: 08/29/2003
Status: Expired due to Fees

First Claim

Patent Images

1. An apparatus for mapping credentials, comprising:

a processor configured to;

create a master credential that is used to identify and to authenticate a requestor in an electronic environment, the master credential is later acquired from a browser cookie and the master credential initially authenticates the requestor;

generate a new service credential for a service, and wherein the service credential is used to authenticate the requestor via an alias for the requestor for access to the service according to rules defined by the service and the service credential is different from the master credential and includes the alias to prevent the service from discovering the master credential, and the new service credential is generated by the method interacting with the service using the rules to establish the new service credential with that service for the alias;

generate a mapping from the master credential to the service credential thereby permitting the mapping to be used to acquire the service credential from the master credential when the requestor attempts to access the service and the service credential identifies and authenticates the requestor via the alias to the service according to the rules defined by the service, and the master credential is only transmitted between the requestor and the method, and in a first configuration the service credential is generated in a manner that permits the service credential to be dynamically reconstituted when requested; and

synchronize, in a second configuration, changes made to the service credential by an administrator of the service without knowledge or intervention being required by the requestor, the second configuration occurring when the first configuration is not present.

View all claims

15 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and data structures map credentials. A master credential is established for a user or an application. The master credential is mapped to one or more service credentials associated with one or more services. When a request for a service is received from a requestor, the request is authenticated using the master credential. If the master credential is authenticated, then an appropriate service credential associated with the appropriate requested service is acquired and sent directly (via proxy) to the service on behalf of the requestor.

Citations

12 Claims

1. An apparatus for mapping credentials, comprising:
- a processor configured to;
  
  create a master credential that is used to identify and to authenticate a requestor in an electronic environment, the master credential is later acquired from a browser cookie and the master credential initially authenticates the requestor;
  
  generate a new service credential for a service, and wherein the service credential is used to authenticate the requestor via an alias for the requestor for access to the service according to rules defined by the service and the service credential is different from the master credential and includes the alias to prevent the service from discovering the master credential, and the new service credential is generated by the method interacting with the service using the rules to establish the new service credential with that service for the alias;
  
  generate a mapping from the master credential to the service credential thereby permitting the mapping to be used to acquire the service credential from the master credential when the requestor attempts to access the service and the service credential identifies and authenticates the requestor via the alias to the service according to the rules defined by the service, and the master credential is only transmitted between the requestor and the method, and in a first configuration the service credential is generated in a manner that permits the service credential to be dynamically reconstituted when requested; and
  
  synchronize, in a second configuration, changes made to the service credential by an administrator of the service without knowledge or intervention being required by the requestor, the second configuration occurring when the first configuration is not present.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The apparatus of claim 1 further comprising, pushing the service credential to the service when a request for the service is made if the request is authenticated by the master credential.
  - 3. The apparatus of claim 1 further comprising, pulling the service credential by the service when needed by the service, if a request for the service is made and if the request is authenticated by the master credential.
  - 4. The apparatus of claim 1 wherein the creating further includes, identifying the master credential as an identification and password associated with at least one of a user and an application.
  - 5. The apparatus of claim 1 wherein the generating of the service credential further includes, using access service policies and the rules defined by the service in order to generate the service credential.
  - 6. The apparatus of claim 5 wherein the generating of the service credential further includes, randomly generating the service credential.

7. A method for mapping credentials implemented in a computer-readable medium and adapted to be processed by a computer, comprising:
- receiving, by a computer, a master credential with a request to access a service the request is associated with a requestor that is attempting to access the service, and the master credential is only transmitted between the requestor and the method;
  
  authenticating, by the computer, the master credential and thereby authenticating and identifying the requestor;
  
  mapping, by the computer, the master credential to a new service credential, when the master credential is authenticated, and the service credential is subsequently acquired from the mapping in response to access to the master credential and the service credential authenticates the requestor via an alias for access to the service according to syntactic and semantic rules defined by the service, and the service credential was previously acquired by the method interacting with the service using the syntactic and semantic rules to establish the alias;
  
  providing, by the computer, the service credential via the mapping to the service, when the master credential is authenticated for purposes of authenticating the requestor for access to the service, the requestor is authenticated for access as the alias and the service cannot discover the master credential;
  
  subsequently altering the service credential by an administrator of the service; and
  
  synchronizing, by the computer, the changes to the service credential with the mapping, and the synchronization of the changes occurring without knowledge or intervention being required by the requestor.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7 wherein the receiving further includes, receiving the request directly from at least one of a user and an application associated with the master credential.
  - 9. The method of claim 7 wherein the receiving further includes, receiving the request directly from the service on behalf of at least one of a user and an application associated with the master credential.
  - 10. The method of claim 9 wherein the receiving further includes, redirecting, by the service, the request when the service receives the request.
  - 11. The method of claim 7 wherein the receiving further includes, receiving at least a portion of the master credential and the request as a Uniform Resource Locator (URL) data structure.
  - 12. The method of claim 7 wherein the receiving further includes, receiving the request wherein the request is made to access the service, and the service is at least one of a trusted and non trusted World-Wide Web (WWW) service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Nielson, Dustin Lance, Cook, Michael William, Griffis, Jerry E. Jr., Sherman, Paul Erik, Johnson, David Nephi, Beus, David Kent, Jensen, Nathan Blaine, Carter, Stephen R, Street, William
Primary Examiner(s)
Dinh; Minh

Application Number

US10/652,710
Time in Patent Office

2,475 Days
Field of Search

726/6, 726/19, 726/18, 726/8, 726/5, 726/7, 705/51, 713/153
US Class Current

726/6
CPC Class Codes

G06Q 20/383   Anonymous user system

H04L 63/0815   providing single-sign-on or...

H04L 63/20   for managing network securi...

H04L 67/02   based on web technology, e....

Credential mapping

First Claim

15 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Credential mapping

First Claim

15 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links