229 results about "Identity management system" patented technology

The invention describes an identity management system (IDMS) based on the concept of peer-to-peer protocols and the public identities ledger. The system manages digital identities, which are digital objects that contain attributes used for the identification of persons and other entities in an IT system and for making identity claims. The identity objects are encoded and cryptographically encapsulated. Identity management protocols include the creation of identities, the validation of their binding to real-world entities, and their secure and reliable storage, protection, distribution, verification, updates, and use. The identities are included in a specially constructed global, distributed, append-only public identities ledger. They are forward- and backward-linked using the mechanism of digital signatures. The linking of objects and their chaining in the ledger is based on and reflect their mutual validation relationships. The identities of individual members are organized in the form of linked structures called the personal identities chains. Identities of groups of users that validated identities of other users in a group are organized in community identities chains. The ledger and its chains support accurate and reliable validation of identities by other members of the system and by application services providers without the assistance of third parties. The ledger designed in this invention may be either permissioned or unpermissioned. Permissioned ledgers have special entities, called BIX Security Policy Providers, which validate the binding of digital identities to real-world entities based on the rules of a given security policy. In unpermissioned ledgers, community members mutually validate their identities. The identity management system provides security, privacy, and anonymity for digital identities and satisfies the requirements for decentralized, anonymous identities management systems.

A method and apparatus to provide identity management deployment interoperability and compliance verification. In one embodiment, the system also provides on-demand services including automated certification, monitoring, alerting, routing, and translation of tokens for federated identity related interactions between multi-domain identity management systems is provided.

A computer implemented method, data processing system, and computer program product for logical management and provisioning of business applications within the framework of an identity management system. The illustrative embodiments providing an interface layer to map respective attributes, permissions, and resource accounts in a data repository needed to represent access to business applications via a managed service in the identity management system. The illustrative embodiments define user entitlements on a user account associated with the managed service. The illustrative embodiments provision user access to the business applications via the managed service in the identity management system upon user request.

This disclosure describes a method of and system for provisioning of shared account credentials to provide authorized access to shared or delegated accounts. Preferably, an enterprise single sign-on (E-SSO) system is used to manage the shared account or control delegation of account access, and preferably the shared or delegated account credential is not exposed to the end user. The described technique enables temporary delegation of account privileges to a member of a shared role. Using the described approach, an information technology (IT) account may be shared so that a user who needs to perform a shared duty can do so in the context of a shared role and without having control over the account itself. The approach facilitates delegating the use of a single account to one of a member of the shared role.

An electronic wallet system that protects payment accounts, identification and other personal information found within a typical wallet with a secure electronic vault (first) device that can be part of a physical wallet, insert to a wallet, or in other embodiments, wearable/portable devices. A unique biometrically enabled multi-factor authentication process ensures only owners of the information can copy the information to the device or retrieve it thereafter. Authenticated users may then select payment, identification, medical or virtually any private information via touch display or voice command on the vault or on another (second) device that operates in conjunction with the vault. The second device comprises, for example, a programmable card with dynamic magnetic stripe, cell phone, or other wearable technology, that initiates and processes a payment and/or transfer of private information.

A client-side user agent operates in conjunction with an identity selector to institute and exercise privacy control management over user identities managed by the identity selector. The user agent includes the combination of a privacy enforcement engine, a storage of rulesets expressing user privacy preferences, and a preference editor. The editor enables the user to direct the composition of privacy preferences relative to user identities. The preferences can be applied to individual cards and to categorized groups of attributes. The engine evaluates the proper rulesets against the privacy policy of a service provider. The privacy preferences used by the engine are determined on the basis of specifications in a security policy indicating the attribute requirements for claims that purport to satisfy the security policy.

The invention discloses a self-certified digital identity management system and method based on a smart contract. An identity terminal sends a public key and associated digital information to a cloudserver via the Internet, and accomplishes registration and login of digital identity, and the authorization, operation and verification of digital information depending on the smart contract on a block chain and a distributed database under the block chain. A unique identity of the whole network can be provided, passwordless login is achieved by scanning a two-dimensional code, the login mode of the traditional username and password is broken through, and a user entirety can securely and effectively manage the digital identity and the associated digital information, on-demand authorization, operation and verification of information are achieved, thus realizing a decentralized, self-certified digital identity management system.

A redundant multifactor identity authentication system provides users with a secure mechanism for providing identity information through the use of redundant independent identity providers in concert with each other so that resources are accessed only through a combination of providers. By eliminating reliance on a single provider, security is increased as is reliability. Similarly, redundant credentials can be provided to relying parties to ensure that the relying party receives proof of a credential without requiring a specific credential.

A payment transfer method for transferring funds from a payer to payee is provided, including designating a payee and specifying a payment amount and an account; debiting the funds from the account and crediting a first trust account; and identifying the payee by verifying responses received in response to one or more challenge-response questions defined by the payer. If the one or more responses are verified, a second trust account may be debited and a payee account credited with the payment amount. The first and second trust accounts may then be reconciled. There is also provided a payment transfer facility for transferring funds., comprising an application server for storing payment data relating to a transfer of funds and a notification server for providing a notification of the transfer of funds.

The invention discloses a multi-chain management method and system based on a block chain. The method comprises the following steps: constructing a virtual node for each mechanism node, wherein the virtual nodes comprise node groups generated based on the block chain which is participated in by each mechanism node for processing different matters and/or flows; constructing a block chain identity management module and a block chain transaction agent module for each constructed virtual node; through the block chain identity management modules, connecting identity information of each mechanism node to a block chain identity management system corresponding to the block chain in each virtual node; and the block chain transaction agent module obtaining the identity information corresponding to each transaction through the block chain identity management module, packaging the obtained identity information and corresponding transaction parameters to generate packaging information, and sending the packaging information to a target block chain executing the corresponding transaction for transaction execution. According to the invention, effective automatic management of multiple block chain nodes is realized.

A system for authorizing access to a resource associated with a tenancy in an identity management system that includes a plurality of tenancies receives an access token request for an access token that corresponds to the resource, the request including user information and application information, the user information including roles of a user and the application information including roles of the application. The system evaluates the access token request by computing dynamic roles and corresponding dynamic scopes for the access token including a second intersection between the dynamic roles of the user and the dynamic roles of the application. The system then provides the access token that includes the computed static scopes, where the scopes are based at least on the roles of the user and the roles of the application, and further including the computed dynamic roles and corresponding dynamic scopes.

An enterprise network has a plurality of applications or resources and an identity management (IDM) system for provisioning of users at those resources. The IDM system uses handlers and rules libraries for provisioning. The handlers organize provisioning tasks that are common to all the resources. The rules libraries have a library for each resource, within each library a rule set for each handler, and within each rule set a rule subset for each provisioning transaction type. Any number of different transactions types are permitted, such create a new employee account, terminate an account, disable an account, and create a new contractor account.

The invention discloses an identity authentication method. The method comprises the following steps: transmitting a registration request to an identity management system by a transaction member; verifying by the identity management system according to the registration request; and when the registration request passes the verification, generating registration information and sending the registration information to a block chain node by the identity management system, so as to enable the block chain node to write the registration information into a block chain. The invention further discloses anidentity authentication system and a computer readable storage medium. The invention can simplify the design of the identity authentication system and an identity authentication process.

The present disclosure relates generally to techniques for automatically associating one or more access policies with an account. Specifically, these techniques enable one or more access policies to retroactively be associated with an account that is not associated with at least one access policy. By associating an access policy with an account, managing access to one or more resources provided by the account may be automated based on the associated access policy. An identity management system (IDM) system may manage access policies for determining access to resources of target systems. Accounts that are not associated with an access policies may be associated with the access policies governing access to resources identified by those accounts. Access to the resource(s) associated with those accounts may be updated based on the access granted by the access policies which are associated with those accounts.