×

Techniques for securing electronic identities

  • US 7,770,204 B2
  • Filed: 09/30/2003
  • Issued: 08/03/2010
  • Est. Priority Date: 09/30/2003
  • Status: Active Grant
First Claim
Patent Images

1. A method for generating temporarily assigned identity information implemented in a computer-readable medium and executed on a proxy service to perform the method, comprising:

  • authenticating, by a proxy server, identity information associated with a request received from a requestor for accessing a service, the request is sent from the requestor to the service and intercepted for processing;

    generating, by a proxy server, temporarily assigned identity information for the requestor, the temporarily assigned identity information is in a syntax and format recognized by the service,and the temporary assigned identity information is unique to each of the requests and expires when the requestor terminates communication sessions associated with the services, and the temporarily assigned identity information includes a combination of, a password, a certificate, a token, a biometric value, a hardware value, a network connection value, and a time value, and the temporarily assigned identity information is used to impersonate the requestors,and the original identity information consists of a first subset, which reflects only those portions of the original identity information needed by the services to process the requests, and a second subset, which reflects all the information in the original identity information excluding the first subset,and the temporary assigned identity information includes the first subset of original identity information for the requestors, and excludes the second subset,updating, by a proxy server, a protected identity directory with the temporarily assigned identity information; and

    directly transmitting, by a proxy server, the request and the temporarily assigned identity information to the service on behalf of the requestor, the service accesses the protected identity directory with the temporarily assigned identity information to authenticate the requestor for access,and the temporarily assigned identity information is monitored and removed from the protected identity directory and the local identity mapping store when terminating events are detected, and the proxy server detects and denies multiple login events that use the temporary assigned identity information.

View all claims
  • 11 Assignments
Timeline View
Assignment View
    ×
    ×