Digital identity management

US 8,151,332 B2
Filed: 10/25/2006
Issued: 04/03/2012
Est. Priority Date: 02/13/2003
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

determining whether activity pertaining to a digital identity (ID) takes place on a domain-joined computer or a non-domain-joined computer;

enumerating data from a digital ID store;

reading properties of the data of the digital ID from the digital ID store;

determining a membership of the digital ID;

receiving input indicating a desire to roam the digital ID, wherein to roam the digital ID includes using the digital ID from a remote computer;

reading an applicable one of;

a local a life cycle management policy of the digital ID that exists on the computer when the computer is a non-domain-joined computer, ora central life cycle management policy of the digital ID that exists on a server when the computer is a domain-joined computer;

calculating housekeeping criterion for the digital ID, wherein the housekeeping criterion comprises at least one of expiration of a digital ID, matters of membership of a digital ID, policy of a digital ID, or end of life of a digital ID;

applying the life cycle management policy of the digital ID read and the membership of the digital ID to the digital ID store in accordance with the housekeeping criterion to reconfigure the digital ID; and

roaming the digital ID such that a consistent user interface is presented in accordance with the life cycle management policy and the housekeeping criterion.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One aspect relates to a process and associated device for managing digital ID lifecycles for application programs, and abstracting application programs for multiple types of credentials through a common Digital Identity Management System (DIMS) and Application Programming Interface (API) layer.

64 Citations

View as Search Results

19 Claims

1. A method, comprising:
- determining whether activity pertaining to a digital identity (ID) takes place on a domain-joined computer or a non-domain-joined computer;
  
  enumerating data from a digital ID store;
  
  reading properties of the data of the digital ID from the digital ID store;
  
  determining a membership of the digital ID;
  
  receiving input indicating a desire to roam the digital ID, wherein to roam the digital ID includes using the digital ID from a remote computer;
  
  reading an applicable one of;
  
  a local a life cycle management policy of the digital ID that exists on the computer when the computer is a non-domain-joined computer, ora central life cycle management policy of the digital ID that exists on a server when the computer is a domain-joined computer;
  
  calculating housekeeping criterion for the digital ID, wherein the housekeeping criterion comprises at least one of expiration of a digital ID, matters of membership of a digital ID, policy of a digital ID, or end of life of a digital ID;
  
  applying the life cycle management policy of the digital ID read and the membership of the digital ID to the digital ID store in accordance with the housekeeping criterion to reconfigure the digital ID; and
  
  roaming the digital ID such that a consistent user interface is presented in accordance with the life cycle management policy and the housekeeping criterion.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1 further comprising:
    - determining whether a housekeeping action involves interaction with other services;
      
      when the housekeeping action involves interaction with other services, then interfacing with a trusted digital ID source, and logging housekeeping changes based on the interfacing as part of the housekeeping action; and
      
      when the housekeeping action does not involve interaction with other services, then prompting for user input, receiving the user input, and logging the housekeeping changes relative to the user input received as part of the housekeeping action.
  - 3. The method of claim 1, wherein the determining digital ID memberships includes determining digital ID subscriptions.

4. A method, comprising:
- performing lifecycle management for digital IDs within a non-domain joined computer, the lifecycle management comprising;
  
  enumerating a store within the non-domain joined computer;
  
  reading, from the store within the non-domain joined computer, policies of the digital IDs;
  
  determining, from the store within the non-domain joined computer, membership of the digital IDs;
  
  applying rules to the store, the rules based at least on the policies read and the membership determined;
  
  determining whether an action is in accordance with application of the rules;
  
  when the action is in accordance with application of the rules, determining whether the action involves interaction with a trusted security token service (STS);
  
  when the action involves interaction with the trusted STS, then interacting with the STS to perform the action; and
  
  when the action does not involves interaction with the trusted STS, providing a user interface for the user to provide input to perform the action; and
  
  when no action is in accordance with application of the rules, refraining from performing the action.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11)
- - 5. The method of claim 4, wherein the action includes digital ID enrollment.
  - 6. The method of claim 4, wherein the action includes digital ID renewal.
  - 7. The method of claim 4, wherein the action includes digital ID end of life.
  - 8. The method of claim 4, wherein the action includes exchanging a credential.
  - 9. The method of claim 4, wherein the digital ID provides a mechanism for content protection.
  - 10. The method of claim 4, wherein the digital ID provides a mechanism for media and content management.
  - 11. The method of claim 4, further comprising managing licenses for a user or application program for a digital rights management (DRM) system.

12. An apparatus comprising:
- a memory;
  
  a processor; and
  
  a digital identity management system (DIMS) comprising a life cycle management component, and the DIMS being;
  
  aware of a state of the DIMS as domain-joined or non-domain-joined, wherein when domain-joined the DIMS is embodied in a computer connected to an enterprise network, wide area network (WAN) or local area network (LAN), and when non-domain-joined the DIMS is embodied in a stand-alone computer;
  
  aware of different policies that apply to the DIMS as domain-joined or non-domain-joined, wherein;
  
  when the DIMS is domain-joined, a central life cycle management policy that exists on a server connected to the computer via the enterprise network, WAN, or LAN applies, andwhen the DIMS is non-domain-joined, a local life cycle management policy that exists on the stand-alone computer applies; and
  
  configured to act to ensure consistency for purposes of housekeeping, wherein housekeeping criterion includes at least one of expiration of a digital ID, membership of the digital ID, policy of the digital ID, or end of life of the digital ID;
  
  configured to;
  
  enumerate data from a digital ID store;
  
  read properties of the data associated with the digital ID from the digital ID store;
  
  determine membership of the digital ID;
  
  receive input indicating intent to roam the digital ID, wherein to roam the digital ID includes using the digital ID from a remote location;
  
  apply the applicable life cycle management policy based at least on whether the DIMS is domain-joined or non-domain-joined and the membership of the digital ID to the digital ID store; and
  
  wherein the DIMS performs lifecycle management when roaming the digital ID such that a consistent user interface is presented in accordance with the applicable life cycle management policy and the housekeeping criterion.
- View Dependent Claims (13, 14)
- - 13. The apparatus of claim 12, wherein the DIMS performs lifecycle management for non-domain joined computers, wherein non-domain joined computers rely on a life cycle management policy that exists in that computer.
  - 14. The apparatus of claim 12, wherein the DIMS performs lifecycle management for domain joined computers, wherein domain-joined computers are configured as clients that employ a life cycle management policy that exists in a server.

15. A method of allowing a user to roam a digital identity (ID) using a Digital ID Management System (DIMS), the method comprising:
- enumerating data from a data store;
  
  receiving user input at the DIMS indicating whether the user desires to roam the digital ID, wherein to roam the digital ID includes using the digital ID from a remote data storage location;
  
  when the user desires to roam the digital ID, determining the remote data storage location that corresponds to the user;
  
  determining a policy relative to the user and the digital ID;
  
  calculating housekeeping criterion for the digital ID, wherein the housekeeping criterion comprises at least one of expiration of the digital ID, matters of membership of the digital ID, the policy relative to the digital ID, or end of life of the digital ID;
  
  applying a life cycle management policy of the digital ID to the data store in accordance with the housekeeping criterion to reconfigure the digital ID; and
  
  based on the policy, roaming the digital ID such that a consistent user interface is associated to roam with the digital ID in accordance with the life cycle management policy and the housekeeping criterion.
- View Dependent Claims (16, 17)
- - 16. The method of claim 15, wherein the roaming comprises replicating data relating to the digital ID to the remote data storage location.
  - 17. The method of claim 15, wherein the roaming comprises synchronizing data relating to the digital ID to the remote data storage location.

18. One or more computer-readable media comprising computer storage media having at least one physical component encoded with computer-executable instructions that, when executed, cause a computing system to perform digital identity (ID) management within a non-domain joined computer, by:
- providing operations comprising;
  
  superseding digital IDs, andimplementing multiple signature requirements;
  
  performing lifecycle management for the digital IDs, the lifecycle management including;
  
  enumerating data from a store within the non-domain joined computer;
  
  reading lifecycle rules, and determining membership of the digital IDs;
  
  receiving input indicating a desire to use a digital ID of the digital IDs from the non-domain joined computer;
  
  calculating housekeeping criterion for the digital ID, wherein the housekeeping criterion comprises at least one of expiration of the digital ID, matters of membership of the digital ID, the lifecycle rules for the digital ID, or end of life of the digital ID;
  
  applying the lifecycle rules for the digital ID and the membership of the digital ID to the store in accordance with the housekeeping criterion to reconfigure the digital ID;
  
  determining whether an action is indicated based on the lifecycle rules;
  
  when the action is indicated, interacting with a security token service (STS) to perform the action; and
  
  when the action is not indicated, not interacting with the STS.

19. A system comprising:
- a processor;
  
  a memory containing instructions that when executed by the processor cause the processor to;
  
  provide operations comprising;
  
  superseding digital IDs, andimplementing multiple signature requirements;
  
  perform lifecycle management for digital IDs within a non-domain joined computer by;
  
  enumerating a store within the non-domain joined computer;
  
  reading policies from the store within the non-domain joined computer, and determining membership of the digital IDs based at least on the store being enumerated and the policies being read;
  
  receiving input indicating a desire to use a digital ID of the digital IDs from the non-domain joined computer;
  
  calculating housekeeping criterion for the digital ID, wherein the housekeeping criterion comprises at least one of expiration of the digital ID, matters of membership of the digital ID, rules for the digital ID, or end of life of the digital ID;
  
  applying the rules for the digital ID and the membership of the digital ID to the store in accordance with the housekeeping criterion;
  
  determining that an action is warranted based at least on the policies and membership;
  
  determining whether the action involves interaction with a trusted security token service (STS);
  
  when the action involves interaction with the trusted STS, interacting with the trusted STS to perform the action; and
  
  when the action does not involve interaction with the trusted STS, providing a user interface for the user to provide input to perform the action.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Cross, David B., Hallin, Philip J., Thomlinson, Matthew W., Jones, Thomas C.
Primary Examiner(s)
Vu, Kim
Assistant Examiner(s)
Schwartz, Darren B

Application Number

US11/552,736
Publication Number

US 20070055887A1
Time in Patent Office

1,987 Days
Field of Search

713/1, 713/150, 713155-159, 713164-167, 726 1- 10, 726 16- 21
US Class Current

726/7
CPC Class Codes

G06F 21/33   using certificates

G06F 21/45   Structures or tools for the...

H04L 2209/603   Digital right managament [DRM]

H04L 63/06   for supporting key manageme...

H04L 9/006   involving public key infras...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3234   involving additional secure...

H04L 9/3263   involving certificates, e.g...

Digital identity management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

64 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Digital identity management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others