최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0678910 (2003-10-02) |
등록번호 | US-7290278 (2007-10-30) |
발명자 / 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 | 피인용 횟수 : 44 인용 특허 : 339 |
An identity based service system is provided, in which an identity is created and managed for a user or principal, such that at least a portion of the identity is available to use between one or more system entities. A discovery service enables a system entity to discover a service descriptor, given
An identity based service system is provided, in which an identity is created and managed for a user or principal, such that at least a portion of the identity is available to use between one or more system entities. A discovery service enables a system entity to discover a service descriptor, given a service name and a name identifier of the user, whereby system entities can find and invoke the user's other personal web services. The discovery service preferably provides a translation between a plurality of namespaces, to prevent linkable identity information over time between system entities.
What is claimed is: 1. A system, comprising: a device; at least one first entity associated with the device, the first entity comprising any of a user, a user agent and a principal; a first user identifier in a first namespace associated with the first entity, the first user identifier comprising a
What is claimed is: 1. A system, comprising: a device; at least one first entity associated with the device, the first entity comprising any of a user, a user agent and a principal; a first user identifier in a first namespace associated with the first entity, the first user identifier comprising any of a name identifier and an identity assertion; a second user identifier in a second namespace associated with the first entity, the second user identifier known to a service provider, the second namespace disparate from the first namespace, wherein the first user identifier and the second user identifier are pseudonymous to each other; an authentication agency; means for sending a login request from the first entity to the authentication agency; means for receiving an assertion at the first entity from the authentication agency in response to the log in request; means for sending the received assertion and the first user identifier in the first namespace to a participant; means for authenticating the first entity at the participant with the received assertion; means for sending the first user identifier in the first namespace and a request for service on behalf of the first entity from a second entity comprising any of the participant and a service consumer associated with the participant to any of the authentication agency and a discovery service associated with the authentication agency, using the received assertion, the request for service comprising a request for a service descriptor for locating the service provider, and a request for a service assertion for accessing the service provider; means for translating the first user identifier in the first namespace to the second user identifier in the second namespace at the authentication agency; means for an sending the service descriptor, the service assertion, and the second user identifier from the authentication agency to the second entity in response to the sent request for service if the first entity is enabled for the requested service, wherein the sent second user identifier is sent in a format that the second entity is blinded to the second user identifier: means for sending the service assertion to the service provider; and means for providing the requested service for the second entity at the service provider in response to the received service assertion if the second entity is authorized for the requested service by the user. 2. The system of claim 1, further comprising: at least one identity associated with the first entity, and user information associated with at least one of the identities; and at least one core service associated with the system and related to at least a portion of the user information. 3. The system of claim 2, wherein the core service is accessible by the first entity. 4. The system of claim 2, wherein the core service is accessible by the participant. 5. The system of claim 2, wherein the core service is associated with one or more core service providers. 6. The system of claim 2, wherein the core service comprises any of an authentication service, a profile service, an alert service, a calendar service, an address book service and a wallet service. 7. The system of claim 1, wherein a user identity of the first entity in the first namespace is translatable to a user identity in the second namespace at the authentication agency. 8. The system of claim 7, wherein the user identity in the second namespace is encrypted. 9. The system of claim 7, wherein the user identity in the second namespace is time-bound. 10. The system of claim 1, wherein a user identity is associated with the first entity, and wherein the system further comprises: at least one core authentication record associated with the user identity, comprising any of services and links associated with the user identity. 11. The system of claim 1, further comprising: means for invoking the requested service through the second entity using the service descriptor, the service assertion, and the second user identifier. 12. The system of claim 1, wherein the participant comprises any of a network site, a service provider and a store. 13. The system of claim 1, wherein the service assertion comprises a credential to access the requested service. 14. The system of claim 1, wherein at least one identity is associated with the first entity, comprising any of a personal identity, a business identity and an anonymous identity. 15. A system, comprising: an authentication agency for authenticating a first entity comprising any of a user, a user agent and a principal, the first entity having a first user identifier in a first namespace and a second user identifier in a second namespace, the second user identifier known to a service provider, the first user identifier comprising any of a name identifier and an identity assertion, the second namespace disparate from the first namespace, wherein the first user identifier and the second user identifier are pseudonymous to each other, for sending an assertion to a device corresponding to the first entity, and for translating the first user identifier in the first namespace to the second user identifier in the second namespace; and at least one second entity comprising means for receiving the assertion and the first user identifier from the first entity, means for authenticating the first entity at the second entity with the received assertion, means for sending a request for service and the first user identifier on behalf of the first entity to any of the authentication agency and a discovery service associated with the authentication agency, means for receiving authorizations an authorization sent from the authentication agency in response to the sent request if the first entity is enabled for the requested service; means for receiving the second user identifier sent from the authenticating agency in a format that the second entity is blinded to the second user identifier; means for invoking the requested authorized service at the service provider with the received authorization and the received second user identifier, and means for receiving the invoked requested service from the service provider at the second entity if the second entity is authorized for the invoked requested service by the user. 16. The system of claim 15, further comprising: a discovery module associated with the authentication agency and adapted to receive a user identifier associated with the first entity and a service name known to the system. 17. The system of claim 15, further comprising: at least one core service associated with the system and related to the first entity. 18. The system of claim 17, wherein the core service is accessible by the first entity. 19. The system of claim 17, wherein the core service is accessible by the second entity. 20. The system of claim 17, wherein the core service is associated with one or more core service providers. 21. The system of claim 17, wherein the core service comprises any of an authentication service, a profile service, an alert service, a calendar service, an address book service and a wallet service. 22. The system of claim 15, wherein a user identity of the first entity in the first namespace is translatable to a user identity in the second namespace at the authentication agency. 23. The system of claim 22, wherein the user identity in the second namespace is encrypted. 24. The system of claim 22, wherein the user identity in the second namespace is time-bound. 25. The system of claim 15, wherein an identity is associated with the first entity, and wherein the system further comprises: at least one core authentication record associated with the identity, comprising any of services and links associated with the identity. 26. The system of claim 15, wherein the device is linked to the system. 27. The system of claim 15, wherein the second entity comprises any of a network site, a service provider and a store. 28. The system of claim 15, wherein the authorizations comprise a service descriptor and a service assertion, wherein the service descriptor comprises means for locating the requested service, and wherein the service assertion comprises a credential to access the requested service. 29. The system of claim 15, wherein at least one identity is associated with the first entity, comprising any of a personal identity, a business identity and an anonymous identity. 30. A process, comprising the steps of: sending a login request from a first entity associated with a device to an authentication agency, the first entity comprising any of a user, a user agent and a principal, the first entity having a first user identifier in a first namespace and a second user identifier in a second namespace, the second user identifier known to a service provider, the first user identifier comprising any of a name identifier and an identity assertion, the second namespace disparate from the first namespace, wherein the first user identifier and the second user identifier are pseudonymous to each other; receiving an assertion at the first entity from the authentication agency in response to the log in request; sending the received assertion and the first user identifier to a participant; authenticating the first entity at the participant with the received assertion; sending the first user identifier in the first namespace and a request for a service on behalf of the first entity from a second entity comprising any of the participant and a service consumer associated with the participant to any of the authentication agency and a discovery service associated with the authentication agency, using the assertion; translating the first user identifier in the first namespace to the second user identifier in the second namespace at the authentication agency; sending an authorization and the translated second user identifier from the authentication agency to the second entity for the requested service in response to the sent request if the first entity is enabled for the requested service, wherein the translated second user identifier is sent in a format that the second entity is blinded to the second user identifier; sending the authorization from the second entity and to the service provider; and providing the requested service for the second entity at the service provider in response to the sent authorization if the second entity is authorized for the requested service by the user. 31. The process of claim 30, further comprising the step of: establishing at least one core service associated with the system and related to the first entity. 32. The process of claim 31, wherein the core service is accessible by the first entity. 33. The process of claim 31, wherein the core service is accessible by the participant. 34. The process of claim 31, wherein the core service is associated with one or more core service providers. 35. The process of claim 30, wherein the core service comprises any of an authentication service, a profile service, an alert service, a calendar service, an address book service and a wallet service. 36. The process of claim 30, further comprising the step of: translating namespaces for user identities, such that a user identity of a first entity in the first namespace is translated to a user identity in the second namespace. 37. The process of claim 36, further comprising the step of: encrypting the user identity in the second namespace. 38. The process of claim 36, wherein the user identity in the second namespace is time-bound. 39. The process of claim 30, further comprising the steps of: establishing at least one identity associated with the first entity; and associating at least one core authentication record with the established identity, comprising any of services and links associated with the established identity. 40. The process of claim 30, further comprising the step of: invoking the requested service through the second entity using the authorization. 41. The process of claim 30, wherein the participant comprises any of a network site, a service provider and a store. 42. The process of claim 30, wherein the authorization comprises a service descriptor and a service assertion, wherein the service descriptor comprises means for locating the requested service and wherein the service assertion comprises a credential to invoke the requested service. 43. The process of claim 30, wherein at least one identity is associated with the first entity, comprising any of a personal identity, a business identity and an anonymous identity. 44. A process, comprising the steps of: providing an authentication agency networked to a service; establishing an identity at the authentication agency for a first entity associated with a device, the first entity comprising any of a user, a user agent and a principal, the first entity having a first user identifier in a first namespace and a second user identifier in a second namespace, the second user identifier known to a service provider, the first user identifier comprising any of a name identifier and an identity assertion, the second namespace disparate from the first namespace, wherein the first user identifier and the second user identifier are pseudonymous to each other; sending authentication information from the authentication agency to the device; sending the authentication information and the first user identifier from the device to a participant; authenticating the first entity at the participant with the authentication information; sending the first user identifier in the first namespace and a request for a service on behalf of the first entity from a second entity comprising any of the participant and a service consumer associated with the participant to any of the authentication agency and a discovery service associated with the authentication agency; translating the received first user identifier in the first namespace to the second user identifier in the second namespace at the authentication agency; sending an authorization and the translated second user identifier from the authentication agency to the second entity to access the service on behalf of the first entity if the first entity is enabled for the service by the authentication agency; establishing a link between the second entity and the service provider, based upon the authorization and the translated second user identifier; and providing the requested service for the second entity at the service provider in response to the sent authorization and the translated second user identifier, if the second entity is authorized for the requested service by the user. 45. The process of claim 44, wherein the second entity comprises any of a network site, a service provider and a store. 46. The process of claim 44, wherein the authorization comprises a service descriptor and a service assertion, wherein the service descriptor comprises means for locating the requested service and wherein the service assertion comprises a credential to establish the link.
Copyright KISTI. All Rights Reserved.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.