| 摘要 |
<p>#CMT# #/CMT# The method involves verifying that an identity level relative to an earlier authentication of a user (33) is stored with an identity provider (32), and granting a service access authorization to the user if an required identity level is less than the stored level. An authentication of the user having the required level is requested and the stored level is replaced with the required level if the user is authenticated by the identity provider in order to grant the authorization to the user if the required level is less than the stored level or if no user authentication is available. #CMT# : #/CMT# Independent claims are also included for the following: (1) a tree architecture for organizing in hierarchy a set of identity levels of an entity among a group of entities (2) a device authenticating a user for accessing a service from a service provider (3) a device for requesting authentication by a service provider (4) a computer program product comprising program code instructions for implementing steps of a user authentication method (5) a signal for asserting authentication intended for exchanging an access request for a service between an identity provider and a service provider (6) a signal for requesting authentication intended for exchanging an access request for a service between an identity provider and a service provider. #CMT#USE : #/CMT# Used for authenticating a user e.g. individual user, user group such as family, organization entity, pupil in class, employee of an enterprise, machine in a computing equipment, and distributed computing application, accessing a service e.g. products, payments, electronic messaging services, voice messaging services and collective photo album, provided by a service provider e.g. online sale site and telephone operator, in a system managing user identities. #CMT#ADVANTAGE : #/CMT# The method allows managing collective identities and individual identities and providing identity providers capable of processing authentication requests of the service providers, so that the user identity managing system can consider authentications of the individual users and the organizations to provide services with required identity level. The method can organize in hierarchy the identities so as to provide an authentication process with required identity level to user for accessing the services. The method simplifies functioning and management of the services within the service provides by delegating the authentication tasks to the identity providers and preventing complex tasks of updating of certain users within the service provider, thus avoiding a need of knowing the set of individual identities to a service provider of the collective entities. The method also increases the safety of access to services by ensuring that only individual user poses administration rights. #CMT#DESCRIPTION OF DRAWINGS : #/CMT# The drawing shows an interaction between a service provider and an identity provider in a system managing several users. A1, AA1, AA2, AAA1, AAA2, AAA3, B1, BB1, BB2, BB3, BBB1, BBB2, BBB3 : Identity levels 31 : Service provider 32 : Identity provider 33 : User 331 : request 3321 : Request 3331, 3332 : Main branches 3341 : Authentication assertion #CMT#INDUSTRIAL STANDARDS : #/CMT# The user identify management system follows security assertion markup language (SAML)and web service trust language (WS-trust)standards.</p> |
