81 results about "Identity mapping" patented technology

A security architecture has been developed in which a single sign-on is provided for multiple information resources. Rather than specifying a single authentication scheme for all information resources, the security architecture associates trust-level requirements with information resources. Authentication schemes (e.g., those based on passwords, certificates, biometric techniques, smart cards, etc.) are employed depending on the trust-level requirement(s) of an information resource (or information resources) to be accessed. Once credentials have been obtained for an entity and the entity has been authenticated to a given trust level, access is granted, without the need for further credentials and authentication, to information resources for which the authenticated trust level is sufficient. The security architecture allows upgrade of credentials for a given session. This capability is particularly advantageous in the context of a single, enterprise-wide log-on. An entity (e.g., a user or an application) may initially log-on with a credential suitable for one or more resources in an initial resource set, but then require access to resource requiring authentication at higher trust level. In such case, the log-on service allows additional credentials to be provided to authenticate at the higher trust level. The log-on service allows upgrading and/or downgrading without loss of session continuity (i.e., without loss of identity mappings, authorizations, permissions, and environmental variables, etc.).

An integration services network is described which is operable to facilitate access to a composite service by a plurality of users having associated client machines. Each of the users is associated with one of a plurality of independent enterprises. At least one data store has a directory stored therein which maps an identity for each of the users to a policy framework which defines access information relating to a plurality of services. At least one computing device is operable to set up the composite service by integrating operation of the plurality of services. The plurality of services are associated with and controlled by a plurality of independent service providers. The at least one computing device is further operable to connect with the client machines and each of the services, and to selectively facilitate interaction among the client machines and the services with reference to the directory and the policy framework, thereby enabling each of the users to access the plurality of services as an integrated solution.

The invention provides a virtual subscriber identifier system and method of a communication network. According to one embodiment of the invention, a subscriber generates virtual subscriber identifiers by him/her self, generates a subscriber identity mapping data by which a identifier service provider can figure out the real identifier of the owner of the virtual subscriber identifier, and informs peers of the virtual subscriber identifiers. The subscriber identify mapping data may be a data in which a virtual subscriber identifier is associated to the real identifier of the subscriber, and be registered by the subscriber with the identifier service provider. A peer generates a communicating request including a virtual subscriber identifier as target, and sends the request to the identifier service provider, the identifier service provider determines the real identifier of the subscriber from the subscriber identity mapping data, and forwards the communication between the peer and the subscriber's terminal. In another embodiment, the subscriber identity mapping data may be a secret data of the subscriber, by which the virtual subscriber identifier can figure out the real identifier of the subscriber. When receiving the communication request, the identifier service provider decrypts the real identifier of the owner of the virtual subscriber identifier from the secret data received from the peer. In one embodiment, the virtual subscriber identifier is generated from the public key of the subscriber. The virtual subscriber identifier may be equipped with a certificate, or be associated with a magic word. With the invention, the use of the virtual subscriber identifiers is more flexible to the system and versatile to the subscriber.

A system for creating an identity mapping on a distributed ledger includes an interface and a processor. The interface is configured to receive a request to create an identity mapping on a distributed ledger. The processor is configured to generate an identity key pair; generate a mobile encryption key; encrypt a private identity key of the identity key pair using the mobile encryption key to create an encrypted private key; store the encrypted private key; create a mapping document; sign the mapping document with the private identity key of the identity key pair; and provide the signed mapping document to be stored in a distributed ledger.

The present disclosure extends to methods, systems, and computer program products for identity mapping between commerce customers and social media users. Aspects of the invention use inferred attributes and activity correlations from both commerce data and social media data to map identities. In one aspect, activity correlations are calculated between a commerce customer account and each of the one or more candidate social media user accounts. For each of the one or more candidate social media user accounts, a probability that the commerce customer account and the social media user account map to the same identity is calculated. In another aspect, the accuracy of a mapping between a commerce customer account and a social media user is evaluated using additional social media data.

Methods and systems for mapping user-defined identities in data communication networks. By mapping and translating identities based on a calling party identifier, a called party identifier, and the carrier instance, enhanced communication services are enabled. Enhanced communication services offer virtual private phone numbers, shared group numbers, and interconnection between different voice and messaging services and applications.

Techniques described herein enable parents to establish a child-protective “kids zone” on a DVR. According to one technique, a DVR receives, from a parent, identities of content items that the parent does not want children to view. The DVR maps the identities to a kids zone. During times that the DVR is set to operate in the kids zone operational mode, the DVR prevents itself from presenting any content items that are associated with the identities. However, during these times, the DVR still may obtain and store these content items. At other times, during which the DVR is not set to operate in the kids zone operational mode, the DVR may allow itself to present the content items that are associated with the identities, including content items that the DVR obtained and stored during times that the DVR was set to operate in the kids zone operational mode.

The embodiment of the present application discloses an identity authentication method,an identity authentication device and a computer-readable medium. The method comprises the following steps: the second user node obtains the first identity mapping information corresponding to the first user address identification from the block chain according to the first user address identification of the first user, the first identity mapping information including the first user address identification, the first public key and the first identity fingerprint; the second user node obtains the first identitymapping information corresponding to the first user address identification from the block chain according to the first user address identification. Encrypting the second public key of the second userby using the first public key, obtaining an authentication request, and broadcasting the authentication request to the whole network; receiving identity feedback information; the feedback informationis verified according to the second user private key and the first identity fingerprint, and if the verification is passed, it is determined that the first user address identification is the user address identification of the first user. As shown in the embodiment of the present application, the user's public key can be distributed securely, efficiently and inexpensively, and the user's identitycan be effectively verified.

The invention discloses a face retrieval method and apparatus as well as a storage medium and device, which belongs to the technical field of deep learning. The method comprises the following steps: acquiring a target face image to be retrieved; extracting features of the target face image according to each residual block connected successively in a deep residual network to obtain target face feature information, wherein any one residual block comprises an identity mapping and at least two convolution layers, and the identity mapping of any one residual block points, from an input end of anyone residual block, to an output end of any one residual block; and performing the face retrieval in a face database according to the target face feature information to obtain a face retrieval result, wherein the face retrieval result at least comprises an identity marker matched with the target face feature information. By adopting the face retrieval method and apparatus, the face retrieval is realized on the basis of the deep residual network, the retrieval accuracy of the deep residual network is not prone to influence by external factors, the face retrieval method is excellent in stability, and the face retrieval accuracy is also ensured.

A gateway, system, and method for providing seamless communications to Public Safety and Security (PSS) users operating between a PSS communication network and a cellular communication network irrespective of access technology or switching method. The gateway includes a presence and identity mapping unit for mapping a PSS user identity utilized in the PSS network to a cellular user identity utilized in the cellular network. The gateway provides an interface and establishes a session between the PSS network and a PSS user operating in the cellular network utilizing the mapped cellular user identity. A transcoder converts between PSS and cellular voice coding protocols. A data gateway converts between PSS and cellular data protocols. The gateway dynamically switches between voice and data, and provides group calling, call forwarding, and message replay services across the network interface.

The invention belongs to the technical field of network safety, relates to the technologies of network identity authentication, identity mapping, network identity management and information protection, and aims to design a set of controllable real-name certification mechanism which is used for an internet and has high safety on the premise that the safety of user real identity is ensured. The mechanism is characterized in that a web server and a real-name register server which is used for judging whether the user identity is true or false are connected through a network, the real-name register server is used for recording user real-name information, the web server does not save true original personal identity information, and encrypted information processing is carried out in both a real-name register process and an identity tracing process. The mechanism disclosed by the invention has the advantages that abuse on the personal identity information is effectively and completely eradicated, controllability and searchability on an anonymous network behavior of an internet user can be realized, and valuable reference is provided for internet supervision.

The invention discloses a noise robust face recognition method based on a cascade deep convolutional neural network, and relates to a computer vision technology. The method comprises the following steps: firstly, designing a denoising sub-network and a face recognition sub-network, and in the denoising sub-network, connecting feature maps generated by all layers in front six layers of the networklayer by layer from front to back by using a dense connection method so as to fully utilize face features generated by a shallow-layer network. A residual network structure is adopted in the face recognition sub-network, and an identity mapping method is used for performing shortcut connection between different layers of the network, so that a gradient vanishing phenomenon in a deep network structure can be effectively reduced; and then, joint training is carried out on the de-noising sub-network and the face recognition sub-network by adopting a cascade method to obtain noise robust face representation, and a joint loss function is designed for weight updating of the two sub-networks. And finally, a final noise face recognition result is obtained according to the trained network model.

A resource management infrastructure (200) is proposed, wherein every resource may be represented by multiple (specialized) objects (B1,C1,D1;C2), which instantiate corresponding (specialized) classes (315) modeling different aspects of the resources. In the proposed solution, an edge class (310) is associated with the specialized classes; each resource is associated with a corresponding edge object (A1; A2) instantiating the edge class (which object is identified by a corresponding edge name). More specifically, the classes are organized into a specialization tree (300); the edge classes directly depend on abstract classes, while the specialized classes in turn depend on the edge classes. Each specialized object is then associated with the edge name of the corresponding edge object. In this way, the specialized objects associated with each edge name represent the same corresponding resource. An optimized structure of a relational database (225,230) implementing the proposed solution is also proposed.

A method for identity mapping across web services uses a delegated authorization protocol, such as OAuth. In response to a request from a first user at a first web service, a connection to a second web service is established using the protocol. The second web service responds by sending information associated with a second user of the first web service who previously logged into the second web service from the first web service using the protocol. The second user may be a “contact” of the first user. The information received from the second web service is a access token that was obtained by the second user during that prior login. The access token is provided in lieu of data associated with the second user's account at the second web service. Thereafter, the first web service uses the access token it received to map to an identity of the second user.

A system performs authentication for real-time communications (RTC). The system receives a request from a browser application for web authentication of a user. The system then performs the web authentication by a security provider by reaching a first resource, where the security provider determines a security principal for the user. Subsequently, the system executes a security Groovy script to obtain an identity mapping from a second resource different than the first resource, where the identity mapping maps the security principal to an Internet Protocol (IP) Multimedia Subsystem (IMS) identity. The system then provides the identity mapping to a runtime Groovy script.

The invention discloses a method for realizing an intelligent home based on RFID (radio frequency identification devices) labels and identity mapping of hash functions. The method specifically comprises the following steps: deploying an active RFID label for each home sensor, and putting active RFID label readers in corresponding intelligent home gateways; collecting real-time state index data by the sensors; encapsulating the collected real-time state index data and sensor parameters into the corresponding active RFID labels in the form of an electronic data table of a transmitter with the standard of IEEE1451.7; accessing the RFID labels by the active RFID label readers, performing normalized mapping transformation on the accessed RFID labels and the numbers of the intelligent home gateways through different hash functions, and generating identity symbols with unified lengths and formats; analyzing the numbers of the intelligent home gateways, the real-time state index data of various home detecting targets and the sensor parameters by an intelligent home monitoring and managing platform according to the corresponding hash functions. According to the invention, the wiring limitation of a wired network is solved, standard signal collecting interfaces and unified data formats of the sensors are realized, the safety is high, and the management is efficient and unified.

The invention discloses a method, a system and an access gateway for intercommunication between local equipment and an IMS (IP Multimedia Subsystem) network. The method comprises the steps that an IMS network host identity field is added in the SIP (Session Initiation Protocol); the collaborative fusion access gateway generates IMS network host identities and host names for the local equipment, then a mapping relationship between the IMS network host identities and the host names is registered in a DNS (Domain Name Server) in the IMS network; IMS users inquire to obtain the host identifies of the local equipment and write the host names and the host identities of the local equipment in the host identity field in SIP session requests; and the collaborative fusion access gateway performs addressing for the local equipment according to the host identity field to realize the adaptation and the forwarding of signaling protocols and data protocols between the local equipment and the IMS users. The collaborative fusion access gateway comprises a bottom layer interface management module, a local registration management module, a local session management module, a data transceiver module, an SIP signaling management module and an identity mapping management module. The method, the system and the access gateway for intercommunication between the local equipment and the IMS network have the advantages that the communication between the IMS users and the designated local equipment is realized and the application prospect is wide.

A method, system and computer program for business process automation facilitates transforming a user's identity/credentials as part of the enablement of transaction fulfillment, e.g., within a SOA environment. In one embodiment, identity and attribute information is added to one or more business process models that each represents a sub-transaction within an overall transaction fulfillment business process flow. As the business model is mapped to an execution environment, the identity and attribute information in the model is used to configure appropriate tooling to define the identity/attribute transformation required to complete the particular portion of the transaction represented by the model. In a representative implementation, the business process models conform to BPEL4WS, and one or more of these models are extended with identity mapping information such that, during transaction fulfillment, local identity mapping transformations provide the identity/credential propagation required to support the business process.

A method of establishing connectivity between a mobile network operator (MNO) and a machine type communications (MTC) service provider. A machine type communications interworking function (MTC-IWF) Proxy is hosted on an IPX network service. MTC-IWF Proxy is connected to a MTC-IWF of the MNO and is also connected to a Service Capacities Center (SCS) of the MTC service provider. MTC-IWF Proxy connects to the MNO and the MTC service providers via trigger-service provider (Tsp) interface. Identity mapping services are provided between a first set of subscriber identifiers used by the MNO and a second set of subscriber identities used by the MTC service provider. The MTC-IWF Proxy hides the internal topology and relays signaling protocols used over a Tsp interface, thus enabling the MTC service providers and MNOs communicate without modifying their internal signaling protocols.

The invention discloses a lattice-based multi-identity fully homomorphic encryption method. The method comprises the following steps: initializing a system; extracting a user key: mapping the first user identity and the second user identity into a reversible matrix by using a full-rank function, and generating a first private key corresponding to the first user identity and a second private key corresponding to the second user identity through vector operation; performing ciphertext generation: obtaining encryption selection of a first user identity, selecting a plaintext message to be encrypted, and performing encrypting to obtain a first ciphertext; decrypting the single identity: decrypting the first user identity through a first private key to obtain a plaintext message; identity conversion: converting the first ciphertext of the first user identity into a second ciphertext corresponding to a second user identity through an identity conversion algorithm; and performing fully homomorphic evaluation: carrying out fully homomorphic operation on the ciphertext after identity conversion and then decrypting the ciphertext. Encryption and decryption of a ciphertext with a single identity are converted into encryption and decryption of a ciphertext with multiple identities, and correct fully homomorphic operation can be realized.

The invention provides a user identity mapping method and a user identity mapping device based on an operator gateway log. The method comprises the following steps: receiving a service request sent by a second system platform when a user accesses the second system platform, wherein the service request at least includes a first user identity of the user corresponding to the second system platform and first access information of the user's access to the second system platform; determining a second user identity corresponding to a first system platform according to the first user identity or the first access information; and getting user data of the user corresponding to the second user identity according to the second user identity, and returning the user data to the second system platform. The problem that the data of an operator system platform has a limited range of use and can be hardly used for external service as the operator system platform and an external system platform provide inconsistent user identity is solved, and the problem that user privacy is easy to leak is solved effectively.