Distributed Hierarchical Identity Management

US 20100306830A1
Filed: 08/05/2010
Published: 12/02/2010
Est. Priority Date: 06/06/2002
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

maintaining, by a root, an information schema that includes one or more fields used to store information for a plurality of homesites, the information schema allowing one or more membersites to request the information from one or more of the plurality of homesites;

updating the information schema by adding one or more new fields to the information schema for storing additional information for the plurality of homesites; and

responsive to receiving, by the root, a schema-compliant request for information from the one or more membersites, sending requested information to the one or more membersites.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and methods for identity management and authentication are provided herein. The present invention employs shadow domains to prove entity membership in an identity management system where responsibility for trust relationships is devolved to the user. The present invention additionally teaches doubly signed certificate transmission for authentication of assertions made by third parties in the identity management network.

127 Citations

View as Search Results

20 Claims

1. A method comprising:
- maintaining, by a root, an information schema that includes one or more fields used to store information for a plurality of homesites, the information schema allowing one or more membersites to request the information from one or more of the plurality of homesites;
  
  updating the information schema by adding one or more new fields to the information schema for storing additional information for the plurality of homesites; and
  
  responsive to receiving, by the root, a schema-compliant request for information from the one or more membersites, sending requested information to the one or more membersites.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method as recited in claim 1, further comprising assigning, by the root, a globally unique identifier (GUID) to the one or more of the plurality of homesites for subsequent association with user identity information.
  - 3. The method as recited in claim 2, further comprising enabling, by the root, transfer of data associated with a first homesite to a second homesite by using the GUID and the information schema maintained by the root.
  - 4. The method as recited in claim 3, wherein the enabling is performed, at least in part by the root, by issuing a challenge and, responsive to successful completion of a challenge response, issuing a directive to the first homesite to transfer schema-related information to the second homesite.
  - 5. The method as recited in claim 1, further comprising administering a shadow domain that allows the one or more of the plurality of homesites to cause information exchange with the one or more membersites.
  - 6. The method as recited in claim 5, wherein administering the shadow domain further comprises administering a shadow domain that is created under a namespace of the root.

7. A tangible computer-readable medium having instructions stored thereon that, responsive to execution by a computing device, cause the computing device to perform operations comprising:
- maintaining, by a root, an information schema that includes one or more fields used to store information for a plurality of homesites, the information schema allowing one or more membersites to request the information from one or more of the plurality of homesites;
  
  updating the information schema by adding one or more new fields to the information schema for storing additional information for the plurality of homesites; and
  
  responsive to receiving, by the root, a schema-compliant request for information from the one or more membersites, sending requested information to the one or more membersites.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The tangible computer-readable medium as recited in claim 7, wherein the operations further comprise enabling the one or more membersites to obtain encryption certificates for respective homesites.
  - 9. The tangible computer-readable medium as recited in claim 7, wherein the operations further comprise providing a signed assertion to the one or more of the plurality of homesites, the signed assertion being configured to be used to indicate that an associated homesite is authorized to authenticate a user.
  - 10. The tangible computer-readable medium as recited in claim 7, wherein the operations further comprise:
    - receiving a request for a shadow domain name resolution from a membersite for a shadow domain associated with a homesite; and
      
      resolving a shadow domain name associated with the homesite to allow redirection from the membersite to the homesite.
  - 11. The tangible computer-readable medium as recited in claim 7, wherein the operations further comprise:
    - receiving a request for a shadow domain name resolution from a homesite for a shadow domain associated with a membersite; and
      
      resolving a shadow domain name associated with the membersite to allow redirection from the homesite to the membersite.

12. A method comprising:
- communicating, by a root server, one or more globally unique identifiers (GUIDs) to one or more homesites for association with identity information of users, the one or more GUIDs being configured to be used in an authentication process in a hierarchical distributed identity management network;
  
  administering a shadow domain that is configured to communicatively couple one or more homesites with one or more membersites, said one or more homesites and one or more membersites being accessible in the shadow domain, the shadow domain configured to be used to redirect between the one or more homesites and the one or more membersites responsive to successful completion of the authentication process using the one or more GUIDs; and
  
  defining and administering an information schema that allows the one or more membersites to request information in a standardized manner from a plurality of homesites.
- View Dependent Claims (13, 14, 15)
- - 13. The method of claim 12, further comprising enabling the one or more membersites to obtain an encryption certificate associated with a homesite.
  - 14. The method of claim 12, further comprising providing the one or more homesites with a signed assertion that can be provided to a membersite to represent that a respective homesite is authorized to authenticate one or more of the users.
  - 15. The method of claim 12, wherein administering the shadow domain further comprises administering the shadow domain including a domain that resides under a namespace associated with the root server.

16. A system comprising:
- a root server configured to comprise part of a hierarchical distributed identity management network, the root server comprising a tangible computer-readable medium having instructions stored thereon, the instructions comprising;
  
  instructions to communicate one or more globally unique identifiers (GUIDs) to one or more homesites for association with identity information of users, the one or more GUIDs being configured to be used in an authentication process in the hierarchical distributed identity management network;
  
  instructions to administer a shadow domain that is configured to communicatively couple one or more homesites with one or more membersites, said one or more homesites and one or more membersites being accessible in the shadow domain, the shadow domain being configured to be used to redirect between the one or more homesites and the one or more membersites in response to successful completion of the authentication process using the one or more GUIDs; and
  
  instructions to define and administer an information schema that allows the one or more membersites to request information from a plurality of homesites.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, wherein the instructions further comprise instructions to enable the one or more membersites to obtain an encryption certificate associated with a homesite.
  - 18. The system of claim 16, wherein the instructions further comprise instructions to provide the one or more homesites with a signed assertion that can be provided to a membersite to represent that a respective homesite is authorized to authenticate various users.
  - 19. The system of claim 16, wherein the shadow domain comprises a domain that resides under a namespace associated with the root server.
  - 20. The system of claim 16, wherein the instructions further comprise instructions to enable a single sign in and a single sign out of a plurality of membersites.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Callahan Cellular LLC (Intellectual Ventures LLC)
Original Assignee
Dormarke Assets LLC (Intellectual Ventures LLC)
Inventors
Hardt, Dick C.

Granted Patent

US 8,117,649 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/33   using certificates

G06F 21/41   where a single sign-on prov...

H04L 63/0815   providing single-sign-on or...

H04L 63/102   Entity profiles

Distributed Hierarchical Identity Management

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

127 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed Hierarchical Identity Management

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

127 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links