Identity management for application access

US 8,042,160 B1
Filed: 06/22/2006
Issued: 10/18/2011
Est. Priority Date: 06/22/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A computer implemented method of identity management for application access, comprising:

identifying types of access enabling information needed for users of applications on a first enterprise network to access applications on a second enterprise network, wherein the first enterprise network is being integrated with the second enterprise network, wherein identifying the types of access enabling information for the users of the applications on the first enterprise network to access the applications on the second enterprise network comprises aggregating the types of access enabling information from each of the applications on the second enterprise network, and wherein the types of access enabling information needed to access a first application of the applications on the second enterprise network is different from the types of access enabling information needed to access a second application of the applications on the second enterprise network;

obtaining access enabling information for each of the identified types of access enabling information for the users in a one-time collection from the first enterprise network;

storing the access enabling information in an identity data store; and

provisioning the access enabling information from the identity data store to one or more applications on the second enterprise network to enable the users of the applications on the first enterprise network to access the one or more applications on the second enterprise network.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer implemented method of identity management for application access. The method includes identifying access enabling information for users. The access enabling information related to users of a first enterprise network to enable the users to access applications on a second enterprise network. The method includes obtaining the identified access enabling information from the first enterprise network, and storing the access enabling information in an identity data store. The method also includes provisioning the access enabling information from the identity data store to one or more applications on the second enterprise network to enable the users of the first enterprise network to access the one or more applications on the second enterprise network.

44 Citations

View as Search Results

18 Claims

1. A computer implemented method of identity management for application access, comprising:
- identifying types of access enabling information needed for users of applications on a first enterprise network to access applications on a second enterprise network, wherein the first enterprise network is being integrated with the second enterprise network, wherein identifying the types of access enabling information for the users of the applications on the first enterprise network to access the applications on the second enterprise network comprises aggregating the types of access enabling information from each of the applications on the second enterprise network, and wherein the types of access enabling information needed to access a first application of the applications on the second enterprise network is different from the types of access enabling information needed to access a second application of the applications on the second enterprise network;
  
  obtaining access enabling information for each of the identified types of access enabling information for the users in a one-time collection from the first enterprise network;
  
  storing the access enabling information in an identity data store; and
  
  provisioning the access enabling information from the identity data store to one or more applications on the second enterprise network to enable the users of the applications on the first enterprise network to access the one or more applications on the second enterprise network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 18)
- - 2. The computer implemented method of claim 1, further comprising bypassing an automated response on the second enterprise network when provisioning the access enabling information from the identity data store to the one or more applications on the second enterprise network.
  - 3. The computer implemented method of claim 1, wherein provisioning the access enabling information from the identity data store to the one or more applications on the second enterprise network includes multiple loading the access enabling information from the identity data store to the one or more applications on the second enterprise network.
  - 4. The computer implemented method of claim 3, wherein multiple loading the access enabling information from the identity data store to the one or more applications on the second enterprise network uses a scripting application program interface, the scripting application program interface operable to bypass an automated response for the multiple loading.
  - 5. The computer implemented method of claim 1, further comprising:
    - obtaining aggregated access enabling information from the first enterprise network for a user whose status changed.
  - 6. The computer implemented method of claim 1, wherein provisioning the access enabling information from the identity data store to the one or more applications on the second enterprise network is delayed for a delayed set of users for the one or more applications on the second enterprise network.
  - 7. The computer implemented method of claim 1, further comprising:
    - for the types of access enabling information, creating an access category for the one or more of the applications on the second enterprise network.
  - 18. The computer implemented method of claim 1 wherein subsequent to the provisioning, the users of the applications on the first enterprise network are able to directly access the applications on the second enterprise network.

8. A system of identity management for application access, comprising:
- a first enterprise network having a plurality of applications;
  
  a second enterprise network having a plurality of applications, wherein the first enterprise network is being integrated with the second enterprise network;
  
  an identity data store;
  
  an information manager operable to obtain in a one-time collection access enabling information for each type of access enabling information needed for a plurality of users of the plurality of applications on the first enterprise network to access the plurality of applications on the second enterprise network,the information manager further operable to store the access enabling information in the identity data store, and promote provisioning the access enabling information from the identity data store to at least some of the applications on the second enterprise network to enable each of the plurality of users of the plurality of applications on the first enterprise network to access the at least some applications on the second enterprise network, wherein the information manager is further operable to multiple load the access enabling information from the identity data store to the at least some applications on the second enterprise network.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The system of claim 8, further comprising:
    - a bypass component operable to bypass an automated response on the second enterprise network when provisioning the access enabling information from the identity data store to the at least some applications on the second enterprise network.
  - 10. The system of claim 9, wherein the information manager is further operable for individually loading the access enabling information from the identity data store to the applications.
  - 11. The system of claim 9, wherein the information manager is further operable for creating access enabling information.
  - 12. The system of claim 9, wherein the identity data store is further defined as a data store associated with one of the first and second enterprise networks.
  - 13. The system of claim 9, wherein the information manager is further operable to delay provisioning the access enabling information from the identity data store to the at least some applications on the second enterprise network to provide access for a delayed set of users for the at least some applications on the second enterprise network.
  - 14. The system of claim 9, wherein the information manager is further operable to create an access category for the at least some applications on the second enterprise network.
  - 15. The system of claim 8, wherein the information manager uses a scripting application program interface to multiple load the access enabling information from the identity data store to the at least some applications on the second enterprise network.
  - 16. The system of claim 15, wherein the information manager is further operable to create an additional scripting application program interface when a current scripting application program cannot bypass the automated response for the multiple load.

17. A computer implemented method of identity management for application access, comprising:
- identifying types of access enabling information needed for users of applications on a first enterprise network to access applications on a second enterprise network, wherein the first enterprise network is being integrated with the second enterprise network;
  
  obtaining access enabling information for each of the identified types of access enabling information for the users in a one-time collection from the first enterprise network;
  
  storing the obtained access enabling information in an identity data store;
  
  provisioning the access enabling information from the identity data store to one or more applications on the second enterprise network to provide access for the users of the applications on the first enterprise network to the one or more applications on the second enterprise network, wherein provisioning the access enabling information from the identity data store to the one or more applications on the second enterprise network includes multiple loading the access enabling information from the identity data store to the one or more applications on the second enterprise network;
  
  obtaining a usage history of the applications on the first enterprise network for each of the users from a first enterprise network data store;
  
  obtaining a usage history of the applications on the second enterprise network for each of the users from the identity data store;
  
  combining the obtained usage history of the applications on the first enterprise network for each of the users from the first enterprise network data store with the obtained usage history of the applications on the second enterprise network for each of the users from the identity data store to form a combined usage history for each of the users; and
  
  storing the combined usage history for each of the users in a second enterprise network data store.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Peters, Stephen M., Grimm, Stephen W., Boydstun, Kenneth C., Hentzen, Steven R.
Primary Examiner(s)
Flynn; Nathan
Assistant Examiner(s)
Almamun; Abdullah

Application Number

US11/473,184
Time in Patent Office

1,944 Days
Field of Search

726/6, 726/18, 709/217, 709/218, 707/9
US Class Current

726/6
CPC Class Codes

G06F 21/6218 to a system of files or obj...

H04L 63/102 Entity profiles

Identity management for application access

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Identity management for application access

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links