Methods and system for storing and retrieving identity mapping information
First Claim
Patent Images
1. A method for retrieving identity mapping information from a trusted identity management system for enabling a user authenticated at a first domain to access a second domain, the method comprising:
- utilizing a computer system to perform;
retrieving, by an application, user-signed identity mapping information for the user, wherein the identity mapping information was digitally signed by the user using a private key of the user, and where the identity mapping information has further been digitally signed by the identity management system using a private key of the identity management system, wherein the identity management system is trusted by at least the first domain, wherein the identity mapping information comprises a mapping of the user'"'"'s user identification (ID) in the first domain to the user'"'"'s user ID in the second domain, and wherein the user ID in the first domain is different from the user ID in the second domain;
validating, by the application, the digital signature of the identity management system using a public key of the identity management system; and
validating, by the application, the digital signature of the user using a public key of the user;
wherein after said validating the digital signature of the identity management system and said validating the digital signature of the user, the user can be authenticated to access the second domain, and wherein either the user or any authorized party can revoke authentication of the identity mapping information for the user, wherein control of the user'"'"'s identity mapping information is shared between the user and the identity management system; and
wherein the method is operable regardless of whether the first and second domains have a trusted or untrusted relationship.
1 Assignment
0 Petitions
Accused Products
Abstract
System and method for storing identity mapping information in an identity management system to enable a user authenticated at a first domain to access a second domain. The method may include digitally signing the identity mapping information by the user; providing the mapping information to an identity management system; and storing the user-signed mapping information after being further digitally signed by the identity management system.
-
Citations
8 Claims
-
1. A method for retrieving identity mapping information from a trusted identity management system for enabling a user authenticated at a first domain to access a second domain, the method comprising:
utilizing a computer system to perform; retrieving, by an application, user-signed identity mapping information for the user, wherein the identity mapping information was digitally signed by the user using a private key of the user, and where the identity mapping information has further been digitally signed by the identity management system using a private key of the identity management system, wherein the identity management system is trusted by at least the first domain, wherein the identity mapping information comprises a mapping of the user'"'"'s user identification (ID) in the first domain to the user'"'"'s user ID in the second domain, and wherein the user ID in the first domain is different from the user ID in the second domain; validating, by the application, the digital signature of the identity management system using a public key of the identity management system; and validating, by the application, the digital signature of the user using a public key of the user; wherein after said validating the digital signature of the identity management system and said validating the digital signature of the user, the user can be authenticated to access the second domain, and wherein either the user or any authorized party can revoke authentication of the identity mapping information for the user, wherein control of the user'"'"'s identity mapping information is shared between the user and the identity management system; and wherein the method is operable regardless of whether the first and second domains have a trusted or untrusted relationship. - View Dependent Claims (2, 3, 4)
-
5. A non-transitory computer accessible memory medium comprising program instructions for retrieving identity mapping information from an identity management system for enabling a user authenticated at a first domain to access a second domain, wherein the program instructions are executable by a processor to:
-
retrieve, by an application, user-signed identity mapping information for the user, wherein the identity mapping information was digitally signed by the user using a private key of the user, and where the identity mapping information has further been digitally signed by the identity management system using a private key of the identity management system, wherein the identity management system is trusted by at least the first domain, wherein the identity mapping information comprises a mapping of the user'"'"'s user identification (ID) in the first domain to the user'"'"'s user ID in the second domain, and wherein the user ID in the first domain is different from the user ID in the second domain; validate, by the application, the digital signature of the identity management system using a public key of the identity management system; and validate, by the application, the digital signature of the user using a public key of the user; wherein after said validating the digital signature of the identity management system and said validating the digital signature of the user, the user may be authenticated to access the second domain, and wherein either the user or any other authorized party can revoke authentication of the identity mapping information for the user, wherein control of the user'"'"'s identity mapping information is shared between the user and the identity management system; and wherein the method is operable regardless of whether the first and second domains have a trusted or untrusted relationship. - View Dependent Claims (6, 7, 8)
-
Specification