{
  "patent_number": "US 8688813",
  "country": "US",
  "title": "How to Verify Anonymous Users Using Third-Party Identity Services",
  "original_title": "Using identity/resource profile and directory enablers to support identity management",
  "summary": "A method for a system to identify and authorize a user it doesn't know by asking a different, trusted service that already has the user's information.",
  "what_it_does": "This patent describes a way for a computer system (the profile enabler) to handle a request from a user it does not recognize. Instead of rejecting the user, the system contacts a directory enabler to find a third-party service that actually knows who the user is. The directory enabler selects an appropriate service based on the user's request, and the profile enabler then asks that service to authenticate the user. Once authenticated, the third-party service provides an identity result, such as a security token or an attribute, allowing the original system to grant or deny access to a resource.",
  "what_it_does_not_cover": [
    "Does not cover systems where the profile enabler already has the user's credentials.",
    "Does not cover direct authentication where the user logs in directly to the primary system.",
    "Does not cover scenarios where no third-party service can be identified to verify the user.",
    "Does not cover the specific encryption algorithms used to secure the identity tokens."
  ],
  "filed": "2006-01-11",
  "granted": "2014-04-01",
  "expires": null,
  "status": "active",
  "holder": "Oracle International Corp",
  "holder_url": "https://patentbrief.org/company/oracle-international-corp",
  "inventors": [
    {
      "name": "Stephane H. Maes",
      "url": "https://patentbrief.org/inventor/stephane-h-maes"
    }
  ],
  "times_cited": 39,
  "tags": [
    "software",
    "telecommunications",
    "ecommerce",
    "ai_ml"
  ],
  "abstract": "Embodiments of the present invention provide methods, system and machine-readable media for dynamically providing identity management or other services. According to one embodiment, dynamically providing services can comprise receiving a request related to an unknown principal. A service to which the principal is known can be selected. Once a service to which the principal is known has been located, an identity management result can be obtained from the selected service. The method can further comprise determining based on the identity management result whether the principal is authorized to access a requested resource. In response to determining the principal is authorized, the requested resource can be accessed.",
  "url": "https://patentbrief.org/patent/us/8688813/kindle-fire-tablet",
  "markdown_url": "https://patentbrief.org/patent/us/8688813/kindle-fire-tablet/md",
  "google_patents_url": "https://patents.google.com/patent/US8688813",
  "relatedPatents": []
}