System and method using globally unique identities
First Claim
Patent Images
1. A method of establishing a global unique identifier for access control, comprising:
- obtaining, by an identity server, a plurality of identifiers each used individually for identity-based access control and correspondingly obtained from a disparate data source, the plurality of identifiers being associated with a user of a network and each individually uniquely identifying the user;
resolving a conflict between the plurality of identifiers; and
establishing a global unique identifier for access control by generating a join of the plurality of identifiers, wherein the global unique identifier consolidates disparate forms of identification associated with the user from the plurality of data sources.
9 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are described for creating a globally unique identity for a user or user-container by performing an iterative join where each participating back-end data source. The systems and methods include an ID-Unify (IDU) that performs identity virtualization and creates or generates a globally unique identifier for a user in operational environments in which there is a pre-existing conflict caused by the existence of different identities for a user in different authentication data sources.
-
Citations
23 Claims
-
1. A method of establishing a global unique identifier for access control, comprising:
-
obtaining, by an identity server, a plurality of identifiers each used individually for identity-based access control and correspondingly obtained from a disparate data source, the plurality of identifiers being associated with a user of a network and each individually uniquely identifying the user; resolving a conflict between the plurality of identifiers; and establishing a global unique identifier for access control by generating a join of the plurality of identifiers, wherein the global unique identifier consolidates disparate forms of identification associated with the user from the plurality of data sources. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 19)
-
-
18. An identity server configured to communicate with an access server and a plurality of identity storage devices for generating a unique global identifier, the identity server comprising:
-
an identity virtualization client configured for querying a plurality of identifiers associated with a user of the network, each of the plurality of identifiers used individually for identity-based access control and correspondingly obtained from a disparate identity storage device, and individually uniquely identifying the user; an identity consolidation engine configured for resolving a conflict between the plurality of identifiers and generating a unique global identifier for access control by generating a join of the plurality of identifiers, wherein the unique global identifier consolidates disparate forms of identification associated with the user from the plurality of identity storage devices.
-
-
20. An identity server configured for generating a unique global identifier for accessing secured resources on a network, the identity server comprising:
-
an identity virtualization server configured for receiving an access request to access one or more secured resources on the network, the access request including a user identifier indicating a user requesting access to the one or more secured resources; an identity virtualization client configured for querying a plurality of devices for a plurality of identifiers associated with the user responsive to reception of the access request, each of the plurality of identifiers used individually for identity-based access control and correspondingly obtained from a disparate device, and individually uniquely identifying the user; an identity consolidation engine configured for resolving a conflict between the plurality of identifiers, for generating a unique global identifier for access control by generating a join of the plurality of identifiers, and for identifying one or more access policies associated with the unique global identifier, wherein the unique global identifier consolidates disparate forms of identification associated with the user from the plurality of devices; and a policy virtualization engine configured for permitting access to the one or more secured resources when the user is allowed to access the one or more secured resources based on the identified access policies. - View Dependent Claims (21)
-
-
22. A method of establishing a global unique identifier for access control, comprising:
-
receiving a request from a user at a first computing environment for access to a resource located in a second computing environment separate from the first computing environment; obtaining, by an identity server in the second computing environment, a plurality of identifiers from a plurality of data sources, the plurality of identifiers being associated with the user and each used individually for identity-based access control and correspondingly obtained from a disparate data source, and individually uniquely identifying the user; resolving a conflict between the plurality of identifiers; establishing, by the server in the second computing environment, the global unique identifier for access control by generating a join of the plurality of identifiers, wherein the global unique identifier consolidates disparate forms of identification associated with the user from the plurality of data sources; and permitting access to the resource via the first computing environment based on the global unique identifier from the second computing environment.
-
-
23. A non-transitory computer readable storage medium for storing program code for executing a method of securing access to a resource on a network using a global identifier, comprising:
-
obtaining a plurality of identifiers associated with a user of the network, each of the plurality of identifiers used individually for identity-based access control and correspondingly obtained from a disparate data source, and individually uniquely identifying the user; resolving a conflict between the plurality of identifiers; generating a global identifier for access control by generating a join of the plurality of identifiers, wherein the global identifier consolidates disparate forms of identification associated with the user from the plurality of data sources; establishing one or more policies associated with the global identifier of the user; and restricting access to the resource on the network by the user based on the one or more policies associated with the global identifier.
-
Specification