Digital identity management

US 9,477,832 B2
Filed: 08/25/2014
Issued: 10/25/2016
Est. Priority Date: 02/13/2003
Status: Expired due to Term

First Claim

Patent Images

1. A stand-alone computer outside of a domain defined by a plurality of clients, the stand-alone computer comprising:

at least one processing device;

memory coupled to the at least one processor; and

an application program stored in the memory that, based on execution by the at least one processing device, configures the at least one processing device to;

access a Digital Identity Management System (DIMS), the DIMS including an abstraction layer configured to abstract a digital ID associated with the application program as an abstracted digital ID;

search for credentials based on one or more attributes;

return results of the credential search to the DIMS, the DIMS being configured to open the credentials based on a cryptographic key and to return an object reference to the application program; and

use the object reference to perform an operation on the stand-alone computer.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One aspect relates to a process and associated device for managing digital ID lifecycles for application programs, and abstracting application programs for multiple types of credentials through a common Digital Identity Management System (DIMS) and Application Programming Interface (API) layer.

Citations

20 Claims

1. A stand-alone computer outside of a domain defined by a plurality of clients, the stand-alone computer comprising:
- at least one processing device;
  
  memory coupled to the at least one processor; and
  
  an application program stored in the memory that, based on execution by the at least one processing device, configures the at least one processing device to;
  
  access a Digital Identity Management System (DIMS), the DIMS including an abstraction layer configured to abstract a digital ID associated with the application program as an abstracted digital ID;
  
  search for credentials based on one or more attributes;
  
  return results of the credential search to the DIMS, the DIMS being configured to open the credentials based on a cryptographic key and to return an object reference to the application program; and
  
  use the object reference to perform an operation on the stand-alone computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The stand-alone computer of claim 1, wherein the application program further configures the stand-alone computer to use the result of the operation to present the object reference to a security token service (STS).
  - 3. The stand-alone computer of claim 2, wherein the application program further configures the stand-alone computer to expand the result of the operation.
  - 4. The stand-alone computer of claim 1, wherein the application program further configures the stand-alone computer to find the credentials based on some attributes, and the DIMS being configured to return the results to the application program within an Application Programming Interface (API).
  - 5. The stand-alone computer of claim 1, the DIMS being further configured to open the credentials based on the cryptographic key and to return the object reference to the application program within an Application Programming Interface (API).
  - 6. The stand-alone computer of claim 1, the DIMS being further configured to view all credentials associated with the DIMS.
  - 7. The stand-alone computer of claim 1, the abstraction layer being further configured to provide common storage, retrieval, and management of the abstracted digital ID associated with the application program.
  - 8. The stand-alone computer of claim 1, wherein the trusted data is excluded from the abstracted digital ID provided from the application program.

9. An apparatus outside of a domain defined by a plurality of clients, the apparatus comprising:
- at least one processing device;
  
  memory coupled to the at least one processing device; and
  
  an application program stored in the memory that, based on execution by the at least one processing device, configures the at least one processing device to;
  
  access a Digital Identity Management System (DIMS), the DIMS including an abstraction layer configured to abstract a digital ID associated with the application program as an abstracted digital ID;
  
  find credentials based on one or more attributes, the DIMS being configured to;
  
  return results to the application program based at least on finding credentials; and
  
  return an object reference to the application program;
  
  open at least one or more of the found credentials based at least on a cryptographic key; and
  
  use the object reference to perform an operation on the apparatus.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 10. The apparatus of claim 9, wherein:
    - the application program further configures the apparatus to present the object reference to a security token service (STS).
  - 11. The apparatus of claim 9, wherein the application program further configures the apparatus to perform an operation of authentication.
  - 12. The apparatus of claim 9, wherein the application program further configures the apparatus to perform an operation of digitally signing.
  - 13. The apparatus of claim 9, wherein the application program further configures the apparatus to perform an operation of encryption.
  - 14. The apparatus of claim 9, wherein the application program further configures the apparatus to perform an operation of decryption.
  - 15. The apparatus of claim 9, the DIMS being further configured to find the credentials based on one or more attributes and to return the results to the application program within an Application Programming Interface.
  - 16. The apparatus of claim 9, the DIMS being further configured to return an object reference to the application program within an Application Programming Interface.
  - 17. The apparatus of claim 9, wherein the application program further configures the apparatus to view those credentials associated with the DIMS.
  - 18. The apparatus of claim 9, the abstraction layer being further configured to provide common storage, retrieval, and management of the abstracted digital ID associated with the application program.

19. An apparatus outside of a domain defined by a plurality of clients, the apparatus comprising:
- at least one processing device;
  
  memory coupled to the at least one processing device;
  
  an application program stored in the memory that, based on execution by the at least one processing device, configures the at least one processing device to;
  
  access a Digital Identity Management System (DIMS) including an abstraction layer configured to abstract a digital ID associated with the application program as an abstracted digital ID;
  
  the DIMS being configured to return results in response to the application program finding credentials based at least on attributes, open at least one or more of the credentials based on a cryptographic key, and return an object reference to the application program; and
  
  use the object reference to perform an operation on the apparatus.
- View Dependent Claims (20)
- - 20. The apparatus as set forth in claim 19, the abstraction layer being configured to provide common storage, retrieval, and management of the abstracted digital ID associated with the application program.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Cross, David B., Thomlinson, Matthew W., Hallin, Philip J., Jones, Thomas C.
Primary Examiner(s)
Schwartz, Darren B

Application Number

US14/467,615
Publication Number

US 20140366108A1
Time in Patent Office

792 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/33   using certificates

G06F 21/45   Structures or tools for the...

H04L 2209/603   Digital right managament [DRM]

H04L 63/06   for supporting key manageme...

H04L 9/006   involving public key infras...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3234   involving additional secure...

H04L 9/3263   involving certificates, e.g...

Digital identity management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Digital identity management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links