Federated credentialing system and method
First Claim
1. A federated credentialing system in which a plurality of credential issuers interact with a plurality of relying parties to provide system users with access to protected resources within the system, the system being executed on a computer including a memory and a processor, the system comprising:
- a relying party federated domain server including means for identifying users and authenticating user access credentials using the processor;
a credential issuer domain server including means for verifying user identities and access credentials using the processor, wherein the access credentials comprise a single homeland security presidential directive 12(HSPD-12) compliant smart card that includes a signature panel to obtain an actual signature from a user, and wherein the single HSPD-12 compliant smart card are operative to provide user access to both logical and physical protected resources of the relying party; and
a federated trust broker in communication with the relying party and credential issuer federated domain servers, wherein the trust broker receives authorization requests from the relying party, routes the received requests to the credential issuer and receives in return authorization responses from the credential issuer and routes the responses to the relying party, and wherein the relying party grants users access to the physical and the logical protected resources based on information contained in the responses.
3 Assignments
0 Petitions
Accused Products
Abstract
A federated credentialing system, and a correspond method, includes credential issuers that interact with relying parties to provide system users with access to protected resources within the system. The system includes a relying party federated domain server including devices for identifying users and authenticating user access credentials and a credential issuer domain server including devices for verifying user identities and access credentials. The access credentials may be single smart cards. The single smart cards are operative to provide user access to both logical and physical protected resources of the relying party. The system also includes a federated trust broker in communication in communication with the relying party and credential issuer federated domain servers. The trust broker receives authorization requests from the relying party, routes the received requests to the credential issuer and receives in return authorization responses from the credential issuer and routes the responses to the relying party. The relying party grants users access to the physical and the logical protected resources based on information contained in the responses.
79 Citations
34 Claims
-
1. A federated credentialing system in which a plurality of credential issuers interact with a plurality of relying parties to provide system users with access to protected resources within the system, the system being executed on a computer including a memory and a processor, the system comprising:
-
a relying party federated domain server including means for identifying users and authenticating user access credentials using the processor; a credential issuer domain server including means for verifying user identities and access credentials using the processor, wherein the access credentials comprise a single homeland security presidential directive 12(HSPD-12) compliant smart card that includes a signature panel to obtain an actual signature from a user, and wherein the single HSPD-12 compliant smart card are operative to provide user access to both logical and physical protected resources of the relying party; and a federated trust broker in communication with the relying party and credential issuer federated domain servers, wherein the trust broker receives authorization requests from the relying party, routes the received requests to the credential issuer and receives in return authorization responses from the credential issuer and routes the responses to the relying party, and wherein the relying party grants users access to the physical and the logical protected resources based on information contained in the responses. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method for granting access to protected logical and physical resources in a federated credentialing network comprising a plurality of relying parties and a plurality of credential issuers, the method being executed on a computer including a memory and a processor, the method comprising:
-
at a relying party; receiving a request from a user to access a protected resource, the user providing a user access credential including digital data related to the user, wherein the user access credential is a single HSPD-12 compliant smart card that includes a signature panel to obtain an actual signature from a user, the single HSPD-12 compliant smart card operative to provide access to both the logical and the physical protected resources; identifying a credential issuer responsible for the user using the processor; formulating an authorization request using the processor; and sending the authorization request to a trust broker operating on the federated credentialing network; at the trust broker; translating the authorization request into a format required by the credential issuer; and sending the translated authorization request to the identified credential issuer; and at the credential issuer; providing information, according to agreed-upon operating rules, sufficient to verify an identity of the user and to authenticate the user access credential; and sending the information to the relying party through the trust broker in an authorization response, wherein the relying party grants access to the protected resource based on comparing information in the authorization response to information provided from the access credential. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A method for granting access to protected resources in a federated network of unrelated enterprises, the method being executed on a computer including a memory and a processor, the method comprising:
-
establishing a set of operating rules using the processor, wherein each enterprise agrees to conform to the operating rules; establishing a trust relationship among the enterprises using the processor, the trust relationship allowing the enterprises to communicate protected resource access authorization requests and corresponding responses according to the operating rules, wherein information supplied in the responses can be trusted for granting access to the protected resources; and presenting an access request to an enterprise, the access request specifying a logical or a physical protected resource, the access request presented in conjunction with presentation of a single HSPD-12 compliant smart card that conforms to the operating rules and that operates to allow access to both the physical and the logical protected resources, wherein the single HSPD-12 compliant smart card includes a signature panel to obtain an actual signature from a user. - View Dependent Claims (32, 33, 34)
-
Specification