Digital identity management
First Claim
Patent Images
1. A method, comprising:
- determining whether activity pertaining to a digital identity (ID) takes place on a domain-joined computer or a non-domain-joined computer;
enumerating data from a digital ID store;
reading properties of the data of the digital ID from the digital ID store;
determining a membership of the digital ID;
receiving input indicating a desire to roam the digital ID, wherein to roam the digital ID includes using the digital ID from a remote computer;
reading an applicable one of;
a local a life cycle management policy of the digital ID that exists on the computer when the computer is a non-domain-joined computer, ora central life cycle management policy of the digital ID that exists on a server when the computer is a domain-joined computer;
calculating housekeeping criterion for the digital ID, wherein the housekeeping criterion comprises at least one of expiration of a digital ID, matters of membership of a digital ID, policy of a digital ID, or end of life of a digital ID;
applying the life cycle management policy of the digital ID read and the membership of the digital ID to the digital ID store in accordance with the housekeeping criterion to reconfigure the digital ID; and
roaming the digital ID such that a consistent user interface is presented in accordance with the life cycle management policy and the housekeeping criterion.
2 Assignments
0 Petitions
Accused Products
Abstract
One aspect relates to a process and associated device for managing digital ID lifecycles for application programs, and abstracting application programs for multiple types of credentials through a common Digital Identity Management System (DIMS) and Application Programming Interface (API) layer.
64 Citations
19 Claims
-
1. A method, comprising:
-
determining whether activity pertaining to a digital identity (ID) takes place on a domain-joined computer or a non-domain-joined computer; enumerating data from a digital ID store; reading properties of the data of the digital ID from the digital ID store; determining a membership of the digital ID; receiving input indicating a desire to roam the digital ID, wherein to roam the digital ID includes using the digital ID from a remote computer; reading an applicable one of; a local a life cycle management policy of the digital ID that exists on the computer when the computer is a non-domain-joined computer, or a central life cycle management policy of the digital ID that exists on a server when the computer is a domain-joined computer; calculating housekeeping criterion for the digital ID, wherein the housekeeping criterion comprises at least one of expiration of a digital ID, matters of membership of a digital ID, policy of a digital ID, or end of life of a digital ID; applying the life cycle management policy of the digital ID read and the membership of the digital ID to the digital ID store in accordance with the housekeeping criterion to reconfigure the digital ID; and roaming the digital ID such that a consistent user interface is presented in accordance with the life cycle management policy and the housekeeping criterion. - View Dependent Claims (2, 3)
-
-
4. A method, comprising:
performing lifecycle management for digital IDs within a non-domain joined computer, the lifecycle management comprising; enumerating a store within the non-domain joined computer; reading, from the store within the non-domain joined computer, policies of the digital IDs; determining, from the store within the non-domain joined computer, membership of the digital IDs; applying rules to the store, the rules based at least on the policies read and the membership determined; determining whether an action is in accordance with application of the rules; when the action is in accordance with application of the rules, determining whether the action involves interaction with a trusted security token service (STS); when the action involves interaction with the trusted STS, then interacting with the STS to perform the action; and when the action does not involves interaction with the trusted STS, providing a user interface for the user to provide input to perform the action; and when no action is in accordance with application of the rules, refraining from performing the action. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11)
-
12. An apparatus comprising:
-
a memory; a processor; and a digital identity management system (DIMS) comprising a life cycle management component, and the DIMS being; aware of a state of the DIMS as domain-joined or non-domain-joined, wherein when domain-joined the DIMS is embodied in a computer connected to an enterprise network, wide area network (WAN) or local area network (LAN), and when non-domain-joined the DIMS is embodied in a stand-alone computer; aware of different policies that apply to the DIMS as domain-joined or non-domain-joined, wherein; when the DIMS is domain-joined, a central life cycle management policy that exists on a server connected to the computer via the enterprise network, WAN, or LAN applies, and when the DIMS is non-domain-joined, a local life cycle management policy that exists on the stand-alone computer applies; and configured to act to ensure consistency for purposes of housekeeping, wherein housekeeping criterion includes at least one of expiration of a digital ID, membership of the digital ID, policy of the digital ID, or end of life of the digital ID; configured to; enumerate data from a digital ID store; read properties of the data associated with the digital ID from the digital ID store; determine membership of the digital ID; receive input indicating intent to roam the digital ID, wherein to roam the digital ID includes using the digital ID from a remote location; apply the applicable life cycle management policy based at least on whether the DIMS is domain-joined or non-domain-joined and the membership of the digital ID to the digital ID store; and wherein the DIMS performs lifecycle management when roaming the digital ID such that a consistent user interface is presented in accordance with the applicable life cycle management policy and the housekeeping criterion. - View Dependent Claims (13, 14)
-
-
15. A method of allowing a user to roam a digital identity (ID) using a Digital ID Management System (DIMS), the method comprising:
-
enumerating data from a data store; receiving user input at the DIMS indicating whether the user desires to roam the digital ID, wherein to roam the digital ID includes using the digital ID from a remote data storage location; when the user desires to roam the digital ID, determining the remote data storage location that corresponds to the user; determining a policy relative to the user and the digital ID; calculating housekeeping criterion for the digital ID, wherein the housekeeping criterion comprises at least one of expiration of the digital ID, matters of membership of the digital ID, the policy relative to the digital ID, or end of life of the digital ID; applying a life cycle management policy of the digital ID to the data store in accordance with the housekeeping criterion to reconfigure the digital ID; and based on the policy, roaming the digital ID such that a consistent user interface is associated to roam with the digital ID in accordance with the life cycle management policy and the housekeeping criterion. - View Dependent Claims (16, 17)
-
-
18. One or more computer-readable media comprising computer storage media having at least one physical component encoded with computer-executable instructions that, when executed, cause a computing system to perform digital identity (ID) management within a non-domain joined computer, by:
-
providing operations comprising; superseding digital IDs, and implementing multiple signature requirements; performing lifecycle management for the digital IDs, the lifecycle management including; enumerating data from a store within the non-domain joined computer; reading lifecycle rules, and determining membership of the digital IDs; receiving input indicating a desire to use a digital ID of the digital IDs from the non-domain joined computer; calculating housekeeping criterion for the digital ID, wherein the housekeeping criterion comprises at least one of expiration of the digital ID, matters of membership of the digital ID, the lifecycle rules for the digital ID, or end of life of the digital ID; applying the lifecycle rules for the digital ID and the membership of the digital ID to the store in accordance with the housekeeping criterion to reconfigure the digital ID; determining whether an action is indicated based on the lifecycle rules; when the action is indicated, interacting with a security token service (STS) to perform the action; and when the action is not indicated, not interacting with the STS.
-
-
19. A system comprising:
-
a processor; a memory containing instructions that when executed by the processor cause the processor to; provide operations comprising; superseding digital IDs, and implementing multiple signature requirements; perform lifecycle management for digital IDs within a non-domain joined computer by; enumerating a store within the non-domain joined computer; reading policies from the store within the non-domain joined computer, and determining membership of the digital IDs based at least on the store being enumerated and the policies being read; receiving input indicating a desire to use a digital ID of the digital IDs from the non-domain joined computer; calculating housekeeping criterion for the digital ID, wherein the housekeeping criterion comprises at least one of expiration of the digital ID, matters of membership of the digital ID, rules for the digital ID, or end of life of the digital ID; applying the rules for the digital ID and the membership of the digital ID to the store in accordance with the housekeeping criterion; determining that an action is warranted based at least on the policies and membership; determining whether the action involves interaction with a trusted security token service (STS); when the action involves interaction with the trusted STS, interacting with the trusted STS to perform the action; and when the action does not involve interaction with the trusted STS, providing a user interface for the user to provide input to perform the action.
-
Specification