Digital identity management

US 8,819,797 B2
Filed: 03/01/2012
Issued: 08/26/2014
Est. Priority Date: 02/13/2003
Status: Expired due to Term

First Claim

Patent Images

1. An apparatus comprising:

a stand-alone computer, outside of a domain defined by a plurality of clients, the stand-alone computer including;

a lifecycle manager for managing digital ID lifecycles for application programs, andan abstraction layer portion for abstracting digital IDs associated with the application programs as abstracted digital IDs, wherein trusted data is not included with the abstracted digital IDs provided from the application programs, and the abstraction layer portion providing common storage, retrieval, and management of the abstracted digital IDs associated with the application programs through a digital identity management system (DIMS) and a common Application Programming Interface (API) layer; and

the lifecycle manager and the abstraction layer portion on the stand-alone computer forming at least a part of a trust model.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One aspect relates to a process and associated device for managing digital ID lifecycles for application programs, and abstracting application programs for multiple types of credentials through a common Digital Identity Management System (DIMS) and Application Programming Interface (API) layer.

Citations

19 Claims

1. An apparatus comprising:
- a stand-alone computer, outside of a domain defined by a plurality of clients, the stand-alone computer including;
  
  a lifecycle manager for managing digital ID lifecycles for application programs, andan abstraction layer portion for abstracting digital IDs associated with the application programs as abstracted digital IDs, wherein trusted data is not included with the abstracted digital IDs provided from the application programs, and the abstraction layer portion providing common storage, retrieval, and management of the abstracted digital IDs associated with the application programs through a digital identity management system (DIMS) and a common Application Programming Interface (API) layer; and
  
  the lifecycle manager and the abstraction layer portion on the stand-alone computer forming at least a part of a trust model.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The apparatus of claim 1, wherein the DIMS is configured as a simple trust that applies to home users that are not connected to any managed services.
  - 3. The apparatus of claim 1, wherein the DIMS is configured as an enterprise trust that applies to a corporate or business user operating a computer that belongs to an active directory environment.
  - 4. The apparatus of claim 1, wherein the DIMS causes the application program to perform an authentication process using digital IDs.
  - 5. The apparatus of claim 1, wherein the DIMS can provide lifecycle management for digital IDs without user interaction or application program interaction.
  - 6. The apparatus of claim 1, wherein the DIMS relies on local policies to define lifecycle management criteria.
  - 7. The apparatus of claim 1, wherein the DIMS relies on central policies to define lifecycle management criteria.
  - 8. The apparatus of claim 1, wherein the DIMS interacts with a central service to obtain a digital ID.
  - 9. The apparatus of claim 1, wherein the DIMS includes an underlying trust store structure, and wherein the digital IDs associated with the application programs are abstracted from an underlying trust store structure.
  - 10. The apparatus of claim 1, wherein the abstracted digital IDs associated with the application programs indicate where the digital IDs originated so that the DIMS can manage the digital IDs on behalf of the application programs.

11. A Digital Identity Management System (DIMS) that is at least partially contained within a stand-alone computer, outside of a domain defined by a plurality of clients, the DIMS performing operations comprising:
- managing digital ID lifecycles for application programs running within the stand-alone computer; and
  
  abstracting digital identities (IDs) associated with the application programs, wherein trusted data is not included with the abstracted digital IDs provided from the application programs, for multiple types of digital IDs through a common security token service (STS) and application programming interface (API) layer.
- View Dependent Claims (12, 13)
- - 12. The DIMS of claim 11, wherein the digital IDs associated with the application programs are abstracted at least partially using an Application Programming Interface (API) that includes the API layer.
  - 13. The DIMS of claim 11, wherein identity management includes credential management.

14. A digital identity management system (DIMS) comprising:
- a stand-alone computer outside of a domain defined by a plurality of clients, the stand-alone computer including;
  
  a management lifecycle portion for managing digital ID lifecycles for application programs; and
  
  an abstraction layer for abstracting digital IDs associated with the application programs, wherein trusted data is not included with the abstracted digital IDs provided from the application programs, and the abstraction layer portion providing common storage and retrieval of multiple types of credentials through a common security token service (STS) and Application Programming Interface (API) layer.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The DIMS of claim 14, wherein the DIMS can manage licenses for a user or application program for a digital rights management (DRM) system.
  - 16. The DIMS of claim 14, wherein the DIMS can manage digital ID lifecycles without user interaction.
  - 17. The DIMS of claim 14, wherein the DIMS can manage digital ID lifecycles without application program interaction.
  - 18. The DIMS of claim 14, wherein the DIMS relies on central services to manage digital ID lifecycles.
  - 19. The DIMS of claim 14, wherein the DIMS relies on local services to manage digital ID lifecycles.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Cross, David B., Thomlinson, Matthew W., Hallin, Philip J., Jones, Thomas C.
Primary Examiner(s)
Schwartz, Darren B

Application Number

US13/410,173
Publication Number

US 20120174200A1
Time in Patent Office

908 Days
Field of Search

726 1- 10, 726 16- 20, 726 26- 30, 713/150, 713164-167, 713/189, 713/193
US Class Current

726/6
CPC Class Codes

G06F 21/33   using certificates

G06F 21/45   Structures or tools for the...

H04L 2209/603   Digital right managament [DRM]

H04L 63/06   for supporting key manageme...

H04L 9/006   involving public key infras...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3234   involving additional secure...

H04L 9/3263   involving certificates, e.g...

Digital identity management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Digital identity management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links