Apparatus and method of identity and virtual object management and sharing among virtual worlds

US 8,424,065 B2
Filed: 11/25/2009
Issued: 04/16/2013
Est. Priority Date: 11/25/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A system for centrally managing credential information of one or more users and virtual properties of the one or more users across a plurality of virtual worlds, comprising:

an identity service module for receiving authentication requests and the credential information of the one or more users from the one or more users, the received authentication requests causing the identity service module to perform steps of;

evaluating whether the one or more users are on a list of users who have been denied one or more of;

a privilege, a service, an access to, or a recognition from one or more of the plurality of virtual worlds, anddetermining whether IP addresses associated with the one or more users were used to take the virtual properties in an unauthorized way from the one or more of the plurality of virtual worlds,the identity service module, based on the evaluating and determining, generating a result of each authentication request, the result indicating whether the one or more users are valid users or invalid users of the plurality of virtual worlds,the identity service module, upon the result indicating that the one or more users are invalid users of the plurality of virtual worlds, preventing a connection of the one or more users to the one or more of the plurality of virtual worlds if the one or more invalid users are on the list or the IP addresses were used to take the virtual properties in the unauthorized way,an inventory service module for receiving the result of the each authentication request from the identity service module and transmitting the virtual properties to at least one virtual world server associated with the plurality of virtual worlds if the results of the each authentication request indicates that the one or more users are valid users;

the at least one virtual world server communicating with the identity service and the inventory service to authorize logins of the one or more users and teleporting the virtual properties between the plurality of virtual worlds upon the authorization of the logins of the one or more users; and

a central storage device for communicating with the inventory service module and storing the virtual properties provided from the inventory service module and the credential information provided from the identity service module.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for centrally managing credential information of a user and a virtual object of a user across a plurality of virtual world (or corresponding virtual world servers) is disclosed. The system includes an identity service module for managing an authentication request (e.g., verifying credential information of a user) from a user and an inventory service module for managing virtual properties of a user. Furthermore, a method for logging in a virtual world by using the system is disclosed. A method for teleporting a virtual property from a virtual world to another virtual world by using the system is disclosed. A method for logging out from a virtual world by using the system is also disclosed.

Citations

17 Claims

1. A system for centrally managing credential information of one or more users and virtual properties of the one or more users across a plurality of virtual worlds, comprising:
- an identity service module for receiving authentication requests and the credential information of the one or more users from the one or more users, the received authentication requests causing the identity service module to perform steps of;
  
  evaluating whether the one or more users are on a list of users who have been denied one or more of;
  
  a privilege, a service, an access to, or a recognition from one or more of the plurality of virtual worlds, anddetermining whether IP addresses associated with the one or more users were used to take the virtual properties in an unauthorized way from the one or more of the plurality of virtual worlds,the identity service module, based on the evaluating and determining, generating a result of each authentication request, the result indicating whether the one or more users are valid users or invalid users of the plurality of virtual worlds,the identity service module, upon the result indicating that the one or more users are invalid users of the plurality of virtual worlds, preventing a connection of the one or more users to the one or more of the plurality of virtual worlds if the one or more invalid users are on the list or the IP addresses were used to take the virtual properties in the unauthorized way,an inventory service module for receiving the result of the each authentication request from the identity service module and transmitting the virtual properties to at least one virtual world server associated with the plurality of virtual worlds if the results of the each authentication request indicates that the one or more users are valid users;
  
  the at least one virtual world server communicating with the identity service and the inventory service to authorize logins of the one or more users and teleporting the virtual properties between the plurality of virtual worlds upon the authorization of the logins of the one or more users; and
  
  a central storage device for communicating with the inventory service module and storing the virtual properties provided from the inventory service module and the credential information provided from the identity service module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system according to claim 1, wherein the identity service module performs one or more of:
    - an identity creation, an identity enumeration, an identity query, an identity deletion, an identity modification and an identity authentication.
  - 3. The system according to claim 1, further comprising:
    - an identity management interface for centrally managing, editing, creating and deleting the credential information of the one or more users; and
      
      a content management interface for centrally managing, editing, creating and deleting the virtual properties of the one or more users.
  - 4. The system according to claim 1, wherein the credential information of the one or more users comprises one or more of:
    - a username, password, fingerprint, iris scan, voice and facial scan.
  - 5. The system according to claim 1, wherein the identity service module comprises:
    - at least one identity storage device for storing the credential information of the one or more users;
      
      an aggregation module for aggregating the at least one identity storage device;
      
      a name mapping module for mapping the credential information to an ID (identity) used in the at least one identity storage device;
      
      an identity status management module for tracking status of the one or more users; and
      
      a registry service module for registering a new user.
  - 6. The system according to claim 5, wherein the aggregation module performs one or more of:
    - a data source level aggregation and a service level aggregation.
  - 7. The system according to claim 5, wherein the name mapping module comprises a name mapping table including one or more of:
    - a universal user name shared across the at least one virtual world server, an address of the at least one identity storage device, a user ID (identity) used in the at least one identity storage device and an aggregation attribute indicating constraints of the at least one identity storage device.
  - 8. The system according to claim 1, wherein the inventory service module comprises:
    - at least one virtual property storage device for storing the virtual properties of the one or more users;
      
      an aggregation module for aggregating the at least one virtual property storages;
      
      a format translation module for translating formats of the virtual properties to other formats;
      
      a content synchronization module for managing protocols to transmit data from the at least one virtual world server to a virtual world client device or from the virtual world client device to the at least one virtual world server; and
      
      a content management module for editing, creating and deleting the virtual properties.
  - 9. The system according to claim 1, further comprising:
    - at least one virtual world client device for receiving inputs from the one or more users, communicating with the at least one virtual world server, processing responses of the virtual world servers and providing the responses to the one or more users.
  - 10. The system according to claim 9, wherein the at least one virtual world client device comprises:
    - a rendering engine for processing a 2D (two dimensional) or 3D (three dimensional) web pages including the virtual properties;
      
      a single-sign-on (SSO) module for tracking an already authenticated user as not to require the already authenticated user to authenticate again for an access to the at least one virtual world server;
      
      a content uploading/downloading module for exchanging data between the at least one virtual world client device, the at least one virtual world server, the identity service module and the inventory service module;
      
      an authentication module for performing an authentication related function of the one or more users.
  - 11. The system according to claim 10, wherein the authentication related function comprises one or more of:
    - obtaining credential information from the one or more users and checking validity of the credential information from the one or more users, obtaining fingerprints of the one or more users and checking validity of the fingerprints, obtaining iris scans of the one or more users and checking validity of the iris scans, obtaining facial scans of the users and checking validity of the facial scans, obtaining voices of the one or more users and checking validity of the voices.
  - 12. The system according to claim 1, wherein the at least one virtual world server comprises:
    - a content management module for managing the virtual properties of the one or more users;
      
      a content transmission module for managing transmission of the virtual properties to at least one virtual world client device, the identity service module and the inventory service module.
  - 13. The system according to claim 1, wherein the central storage device aggregates the virtual properties and the credential information.

14. A method for accessing a virtual world server via a virtual world client device, the method comprising:
- receiving from the virtual world client device a request to log in to the virtual world server;
  
  establishing a communication link between the virtual world server and an identity service module that authenticates whether the request is valid or not and then to establish another communication link between the virtual world client device and the identity service module for the authentication;
  
  receiving, at the identity service module, credential information from the virtual world client device and mapping the credential information to an ID (identity) in the identity service module to authenticate the credential information with the identity service module, the authenticating the credential information including steps of;
  
  evaluating whether the credential information or the ID is on a list of users who have been denied one or more of;
  
  a privilege, a service, an access to, or a recognition from the virtual world server, anddetermining whether IP address associated with the virtual world client device was used to take virtual properties in an unauthorized way;
  
  generating, at the identity service module, based on the evaluating and the determining, a result of authenticating the credential information;
  
  receiving, at the virtual world server, the generated result of authenticating the credential information;
  
  providing the generated result from the virtual world server to the virtual world client device;
  
  determining whether the generated result indicates log in success or failure;
  
  displaying an error message on the virtual world client device, if the generated result indicates a login failure;
  
  disconnecting the established communication link with the virtual world client device if the login failure is due to that the credential information or the ID is on the list or the IP address associated with the virtual world client device is used to take the virtual properties in the unauthorized way;
  
  communicating with the identity service to authorize a login of the virtual client device and to authorize teleporting of virtual properties associated with the virtual client device between a plurality of virtual worlds if the generated result indicates a login success;
  
  providing a token from the virtual world server to the virtual world client device,if the generated result indicates the login success;
  
  requesting, at the virtual world server, data transmission from the inventory service module to the virtual world server;
  
  verifying, at the inventory service module, whether the generated result was the login success;
  
  transmitting virtual object data from the inventory service module to the virtual world server upon verifying that the generated result was the login success; and
  
  providing the transmitted data from the virtual world server to the virtual world client device for presentation and display thereof.

15. A method for teleporting a virtual property of a user from a first virtual world to a second virtual world by using an identity service module, the first virtual world being associated with a first virtual world server, the second virtual world being associated with a second virtual world server, the method comprising:
- accessing the first virtual world via a virtual world client device;
  
  requesting a teleportation of the virtual property from the first virtual world server to the second virtual world server;
  
  upon receiving the teleportation request at the second virtual world server, propagating the teleportation request from the second virtual world server to the identity service module;
  
  establishing a link between the virtual world client device and the identity service module for an authentication of the virtual world client device;
  
  evaluating whether the virtual world client device has a valid token by communicating between the virtual world client device and the identity service module via the link, the evaluating including steps of;
  
  evaluating whether the virtual world client is on a list of users who have been denied one or more of;
  
  a privilege, a service, an access to, or a recognition from the first virtual world server or the second virtual world server, anddetermining whether IP address associated with the virtual world client device was used to take other virtual properties in an unauthorized way;
  
  determining that the virtual world client device does not have the valid token in response to determining that the virtual world client is on the list or the IP address associated with the virtual world client device was used to take the other virtual properties in the unauthorized way;
  
  if the virtual world client device does not have the valid token, sending an error message from the identity service module to the second virtual world server;
  
  upon receiving the error message at the second virtual world server, rejecting the teleportation request at the second virtual world server;
  
  if the virtual world client has the valid token, communicating with the identity service to authorize a login of the virtual client device and to authorize teleporting of the virtual property between the first virtual world server and the second virtual world server;
  
  if the virtual world client device has the valid token, transmitting the virtual property from the first virtual world server to the second virtual world server;
  
  transferring the transmitted virtual property from the second virtual world to the virtual world client device;
  
  exiting the first virtual world server via the virtual world client device;
  
  updating the identity service module to reflect the transmitting, the transferring and the exiting; and
  
  displaying the transmitted virtual property in the second virtual world via the virtual world client device.

16. A non-transitory computer readable medium embodying computer program instructions being executed by a processor for causing a computer to perform method steps for logging in to a virtual world server by using an identity service module and an inventory service module, said method steps comprising:
- receiving from the virtual world client device a request to log in to the virtual world server;
  
  establishing a communication link between the virtual world server and the identity service module that authenticates whether the request is valid or not and then to establish another communication link between the virtual world client device and the identity service module for the authentication;
  
  receiving, at the identity service module, credential information from the virtual world client device and mapping the credential information to an ID (identity) in the identity service module to authenticate the credential information with the identity service module, the authenticating the credential information including steps of;
  
  evaluating whether the credential information or the ID is on a list of users who have been denied one or more of;
  
  a privilege, a service, an access to, or a recognition from the virtual world server, anddetermining whether IP address associated with the virtual world client device was used to take virtual properties in an unauthorized way;
  
  generating, at the identity service module, based on the evaluating and the determining, a result of authenticating the credential information;
  
  receiving, at the virtual world server, the generated result of authenticating the credential information;
  
  providing the generated result from the virtual world server to the virtual world client device;
  
  determining whether the generated result indicates log in success or failure;
  
  displaying an error message on the virtual world client device, if the generated result indicates a login failure;
  
  disconnecting the established communication link with the virtual world client device if the login failure is due to that the credential information or the ID is on the list or the IP address associated with the virtual world client device is used to take the virtual properties in the unauthorized way;
  
  communicating with the identity service and the inventory service to authorize a login of the virtual client device and to authorize teleporting of virtual properties associated with the virtual client device between a plurality of virtual worlds if the generated result indicates a login success;
  
  providing a token from the virtual world server to the virtual world client device, if the generated result indicates the login success;
  
  requesting, at the virtual world server, data transmission from the inventory service module to the virtual world server;
  
  verifying, at the inventory service module, whether the generated result was the login success;
  
  transmitting virtual object data from the inventory service module to the virtual world server upon verifying that the generated result was the login success; and
  
  providing the transmitted data from the virtual world server to the virtual world client device for presentation and display thereof.

17. A non-transitory computer readable medium embodying computer program instructions being executed by a processor for causing a computer to perform method step, the method steps comprising:
- accessing a first virtual world via a virtual world client device, the first virtual world being associated with a first virtual world server;
  
  requesting a teleportation of the virtual property from the first virtual world server to a second virtual world server, the second virtual world server being associated with a second virtual world;
  
  upon receiving the teleportation request at the second virtual world server, propagating the teleportation request from the second virtual world server to an identity service module;
  
  establishing a link between the virtual world client device and the identity service module for an authentication of the virtual world client device;
  
  evaluating whether the virtual world client device has a valid token by communicating between the virtual world client device and the identity service module via the link, the evaluating including steps of;
  
  evaluating whether the virtual world client is on a list of users who have been denied one or more of;
  
  a privilege, a service, an access to, or a recognition from the first virtual world server or the second virtual world server, anddetermining whether IP address associated with the virtual world client device was used to take other virtual properties in an unauthorized way;
  
  determining that the virtual world client device does not have the valid token in response to determining that the virtual world client is on the list or the IP address associated with the virtual world client device was used to take the other virtual properties in the unauthorized way;
  
  if the virtual world client device does not have the valid token, sending an error message from the identity service module to the second virtual world server;
  
  upon receiving the error message at the second virtual world server, rejecting the teleportation request at the second virtual world server;
  
  if the virtual world client device has the valid token, teleporting the virtual property from the first virtual world server to the second virtual world server;
  
  transferring the teleported virtual property from the second virtual world to the virtual world client device;
  
  exiting the first virtual world server via the virtual world client device;
  
  updating the identity service module to reflect the transmitting, the teleporting and the exiting; and
  
  displaying the transmitted virtual property in the second virtual world via the virtual world client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Betzler, Boas, Katz, Neil A., Wang, Gang, Ye, Meng, Zhu, Zi Yu
Primary Examiner(s)
Mehedi, Morshed

Application Number

US12/626,367
Publication Number

US 20110126272A1
Time in Patent Office

1,238 Days
Field of Search

726/6, 726/28, 726/4
US Class Current

726/4
CPC Class Codes

G06F 21/41 where a single sign-on prov...

H04L 63/0815 providing single-sign-on or...

Apparatus and method of identity and virtual object management and sharing among virtual worlds

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method of identity and virtual object management and sharing among virtual worlds

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links