What technology area does this patent fall under?

Primary CPC classification H04L63/101. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Apr 26 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Consolidated identity

US11316860B2 · US · B2

Patent metadata
Field	Value
Publication number	US-11316860-B2
Application number	US-201816221376-A
Country	US
Kind code	B2
Filing date	Dec 14, 2018
Priority date	Dec 21, 2017
Publication date	Apr 26, 2022
Grant date	Apr 26, 2022

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

According to various embodiments, a consolidated identity system and method are implemented to provide improved identity management and resource access management, particularly in the context of an enterprise system that requires a tight trust model. In at least one embodiment, the described system and method provide mechanisms for mapping identities among resources. The system and method are able to extract information relevant to a particular entity, such as an employee or user, and to consolidate and/or personalize such information as needed.

First claim

Opening claim text (preview).

What is claimed is: 1. A computer-implemented method for consolidating identity information across an enterprise comprising a plurality of enterprise systems, comprising: storing in a repository a subset of data associated with a user obtained from one or more service providers providing one or more enterprise systems, the subset of data comprising a plurality of entitlements specifying who is authorized to do what to each record in the subset of data from each of the one or more enterprise systems; authenticating the user at an identity provider; receiving a request from the user to access a resource associated with one of the enterprise systems; determining, based on at least one of the plurality of entitlements in the repository, whether the user is authorized to access the requested resource; responsive to the determination indicating that the user is authorized to access the requested resource, providing access to the requested resource; responsive to detecting an action causing a writeback to a service provider of the one or more services providers, authenticating an identified account of the user at the service provider; and causing the writeback to be performed at the service provider using the identified account of the user. 2. The method of claim 1 , wherein: each entitlement is associated with a group of users; and determining whether the user is authorized to access the requested re-source comprises determining whether the user belongs to a group that is indicated, in the at least one copy of at least one entitlement, to be authorized to access the requested resource. 3. The method of claim 1 , wherein determining whether the user is authorized to access the requested resource comprises: matching the user to an account on the identity provider; retrieving at least one identity provider authorization for the user; and determining, based on the retrieved at least one identity provider authorization, whether the user is authorized to access the requested resource. 4. The method of claim 1 , wherein determining whether the user is authorized to access the requested resource comprises: mapping the user identity on the identity provider to a second user identity on a service provider; determining at least one entitlement for the user at a service provider; and importing the at least one entitlement from the service provider so as to authorize access to the requested resource. 5. The method of claim 4 , wherein importing the at least one entitlement from the service provider comprises copying the at least one entitlement into the repository. 6. The method of claim 1 , wherein determining whether the user is authorized to access the requested resource comprises: mapping the user identity on the identity provider to a second user identity on a service provider; at the service provider, determining that the user is a member of a cached service provider group; at the service provider, based on the membership of the user in the cached service provider group, determining at least one entitlement for the user; and importing the at least one entitlement from the service provider so as to authorize access to the requested resource. 7. The method of claim 6 , wherein importing the at least one entitlement from the service provider comprises copying the at least one entitlement into the repository. 8. The method of claim 6 , wherein determining at least one entitlement for the user comprises issuing a call to service provider to request permission information, and receiving the requested permission information. 9. The method of claim 1 , further comprising: detecting the action requiring a writeback to the service provider; identifying the account of the user at the service provider; authenticating the user in connection with the identified account of the user; and performing the writeback using the identified account of the user. 10. The method of claim 9 , wherein authenticating the user in connection with the identified account comprises authenticating the user based on single-sign-on at the identity provider. 11. The method of claim 9 , wherein performing the writeback using the identified account comprises: presenting the user with a link to a service provider page; and receiving user input via the service provider page to perform the writeback. 12. A non-transitory computer-readable medium for consolidating identity information across an enterprise comprising a plurality of enterprise systems, comprising instructions stored thereon, that when executed by at least one processor, perform the steps of: storing in a repository a subset of data associated with a user obtained from one or more service providers providing one or more enterprise systems, the subset of data comprising a plurality of entitlements specifying who is authorized to do what to each record in the subset of data from each of the one or more enterprise systems; authenticating the user at an identity provider; receiving a request from the user to access a resource associated with one of the enterprise systems; determining, based on at least one of the plurality of entitlements in the repository, whether the user is authorized to access the requested resource; responsive to the determination indicating that the user is authorized to access the requested resource, providing access to the requested resource; responsive to detecting an action causing a writeback to a service provider of the one or more services providers, authenticating an identified account of the user at the service provider; and causing the writeback to be performed at the service provider using the identified account of the user. 13. The non-transitory computer-readable medium of claim 12 , wherein: each entitlement is associated with a group of users; and determining whether the user is authorized to access the requested resource comprises determining whether the user belongs to a group that is indicated, in the at least one copy of at least one entitlement, to be authorized to access the requested resource. 14. The non-transitory computer-readable medium of claim 12 , wherein determining whether the user is authorized to access the requested resource comprises: matching the user to an account on the identity provider; retrieving at least one identity provider authorization for the user; and determining, based on the retrieved at least one identity provider authorization, whether the user is authorized to access the requested resource. 15. The non-transitory computer-readable medium of claim 12 , wherein determining whether the user is authorized to access the requested resource comprises: mapping the user identity on the identity provider to a second user identity on a service provider; determining at least one entitlement for the user at a service provider; and copying the at least one entitlement from the service provider to the repository, so as to authorize access to the requested resource. 16. The non-transitory computer-readable medium of claim 12 , wherein determining whether the user is authorized to access the requested resource comprises: mapping the user identity on the identity provider to a second user identity on a service provider; at the service provider, determining that the user is a member of a cached service provider group; at the service provider, based on the membership of the user in the cached service provider group, determining at least one entitlement for the user; and copying the at least one entitlement from the service provider to the repository, so as to authorize acc

Assignees

Citrix Systems Inc

Inventors

Classifications

H04L63/101Primary
Access control lists [ACL] · CPC title
H04L63/104
Grouping of entities · CPC title
H04L63/0815
providing single-sign-on or federations · CPC title
H04L63/105
Multiple levels of security · CPC title
H04L63/102Primary
Entity profiles · CPC title

Patent family

Related publications grouped by family.

View patent family 66950806

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US11316860B2 cover?: According to various embodiments, a consolidated identity system and method are implemented to provide improved identity management and resource access management, particularly in the context of an enterprise system that requires a tight trust model. In at least one embodiment, the described system and method provide mechanisms for mapping identities among resources. The system and method are a…
Who is the assignee on this patent?: Citrix Systems Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/101. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Apr 26 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).

How to read this patent

Abstract

First claim

Assignees

Inventors

Classifications

Patent family

External sources

Related patents

Application management for a multi-tenant identity cloud service

Data migration system

Digital code server

Systems and methods for normalizing identity claims across disparate identity directories

Identity-to-account correlation and synchronization

Dynamic authorization of users in a multi-tenant environment using tenant authorization profiles

Identity management, authorization and entitlement framework

Frequently asked questions