Patent Issued for Global identity for use in a hybrid cloud network architecture (USPTO 11599623): Aetna Inc.
2023 MAR 24 (NewsRx) -- By a
Patent number 11599623 is assigned to
The following quote was obtained by the news editors from the background information supplied by the inventors: “In a cloud system, different information technology (IT) systems are linked through connections across one or more networks. The networks can be public (e.g., accessible via the Internet) or private (e.g., implemented on an intranet or behind a firewall) and can be managed by more than one cloud service provider. Each service can be associated with user accounts that are mapped to local identifiers that identify a particular user within the context of that service. Where the network includes both public and private clouds, the network can be referred to as a hybrid cloud network architecture.
“However, a single user may have different user accounts for different services. The user may have distinct credentials for each user account. Each user account can be associated with a local identifier that identifies the user account within the context of a specific service provider. Furthermore, the different local identifiers may not be correlated as being associated with the same unique user and, therefore, the information associated with one user account for a first cloud service provider is typically not utilized in combination with additional information associated with a different user account for a second cloud service provider.
“An organization that designs a hybrid cloud for use with multiple public and private clouds managed by one or more cloud service providers might have difficulty linking different accounts to a single user. This difficulty can prevent the organization from delivering certain services that could benefit the user by combining aspects of multiple services from different cloud service providers. Customers of the organization that use the hybrid cloud may also become frustrated when their interactions with different services seem repetitive. For example, one cloud service provider may request a user to verify their account using a set of personally identifying details. When the user interacts with a different service operating within the hybrid cloud architecture, a different cloud service provider may request the user to verify their account using a different set of personally identifying details. The user may assume that the multiple services included in the hybrid cloud are related and wonder why they are being repetitively asked to verify their account multiple times.”
In addition to the background information obtained for this patent, NewsRx journalists also obtained the inventors’ summary information for this patent: “A system and method are disclosed for creating global identity contexts across different information technology systems. A global identity context can refer to a concept of matching unique constituents to one or more different accounts within the context of a cloud architecture. The global identity context is associated with a global identifier or individual identifier, which can be used throughout the cloud to identify the unique individual or entity.
“In an embodiment, the system includes an account management application and an identity management application. The account management application is configured to register one or more accounts for each constituent in a plurality of constituents. The identity management application is configured to perform individualization to establish an individual identifier for each unique constituent based on one or more attributes and map each account of the one or more accounts to a particular individual identifier and one or more local identifiers. In some embodiments, the account management application is associated with an account management application programming interface (API), and the identity management application is associated with an identity management API.
“In an embodiment, the plurality of constituents includes at least one consumer constituent, which comprises one of an individual associated with demographic information or an entity associated with a group of one or more individuals. In some embodiments, the demographics information includes one or more of a name of the consumer constituent, a date of birth of the consumer constituent, a gender of the consumer constituent, an identifier for the consumer constituent, an address of the consumer constituent, or a relationship of the consumer constituent with a consumer application.
“In an embodiment, registering an account for a constituent includes the steps of receiving credentials to associate with the account and creating the account in an account directory. Registering the account can also include the steps of providing one or more vetting questions to a client device, receiving a vetting response provided by the constituent from the client device, transmitting a request to an identity management API to verify the vetting response, receiving a response from the identity management API that verifies the vetting response, and registering the account in an account directory as a vetted account. In some embodiments, a level of assurance for the vetted account can be increased.
“In an embodiment, responsive to authentication of the client device based on the credentials, the account management application is configured to transmit a user session token associated with a corresponding account to a first consumer application. Subsequently, the identity management application is configured to receive, via an API gateway, a request for one or more local identifiers associated with the account corresponding to the user session token, authenticate information included in the session token, and transmit the one or more local identifiers to the first consumer application.”
The claims supplied by the inventors are:
“1. A system for creating global identity contexts across different information technology (IT) systems, the system comprising: a first server device configured to implement an account management application, wherein the account management application, responsive to execution by the first server device, is configured to: register, for each constituent in a plurality of constituents, one or more accounts for the constituent, wherein each account of the one or more accounts is associated with one or more local identifiers that identifies the constituent within a context of a particular service; and a second server device configured to implement an identity management application, wherein the identity management application, responsive to execution by the second server device, is configured to: perform individualization to establish an individual identifier for each unique constituent based on one or more attributes, and map each account of the one or more accounts to a particular individual identifier and the one or more local identifiers, wherein the first server device and the second server device are communicatively coupled to an application programming interface (API) gateway via a network, wherein performing individualization comprises: receiving a transaction record from a system of record; processing the transaction record to generate a standard record that contains at least some attributes from the transaction record; matching the standard record to one or more keys; generating a list of candidates by comparing the one or more keys to a plurality of golden records matching unique individuals; and responsive to the list of candidates being empty, creating a new golden record based on the standard record and associating a new individual identifier with the new golden record, or responsive to the list of candidates including at least one individual identifier, generating scores for each candidate in the list of candidates.
“2. The system of claim 1, wherein the plurality of constituents includes at least one consumer constituent that comprises one of: an individual associated with demographic information; or an entity associated with a group of one or more individuals.
“3. The system of claim 2, wherein the demographic information comprises one or more of: a name of the consumer constituent; a date of birth of the consumer constituent; a gender of the consumer constituent; an identifier for the consumer constituent; an address of the consumer constituent; or a relationship of the consumer constituent with a consumer application.
“4. The system of claim 1, wherein registering an account for a constituent comprises: receiving credentials to associate with the account; creating the account in an account directory; providing one or more vetting questions to a client device; receiving a vetting response provided by the constituent from the client device; transmitting a request to an identity management application programming interface (API) deployed on the API gateway to verify the vetting response; receiving a response from the identity management API deployed on the API gateway that verifies the vetting response; and registering the account in an account directory as a vetted account.
“5. The system of claim 4, responsive to authentication of the client device based on the credentials: wherein the account management application is further configured to: transmit a user session token associated with a corresponding account to a first consumer application; and wherein the identity management application is further configured to: receive, via the API gateway, a request for the_one or more local identifiers associated with the account corresponding to the user session token, authenticate information included in the session token, and transmit the one or more local identifiers to the first consumer application.
“6. The system of claim 5, wherein the first consumer application forwards the user session token to a second consumer application in response to a connection established between the client device and the second consumer application during the duration of a user session associated with the user session token.
“7. The system of claim 1, wherein the at least some attributes include demographic information, and wherein performing individualization further comprises: matching the standard record to the one or more keys by comparing the demographic information in the standard record to demographic information associated with the one or more keys.
“8. The system of claim 1, wherein performing individualization further comprises: generating a score for each candidate in the list of candidates based on a heuristic algorithm; and removing candidates having scores below a threshold value from the list of candidates.
“9. The system of claim 1, wherein mapping each account of the one or more accounts to the particular individual identifier and the one or more local identifiers comprises: retrieving, from a first table, the particular individual identifier based on an account identifier for the account; and retrieving, from a second table, the one or more local identifiers based on the particular individual identifier.
“10. The system of claim 1, wherein each constituent is associated with one or more identities based on a relationship, and wherein the one or more identities can include: a consumer identity; an employee identity; a provider identity; or a broker identity.
“11. The system of claim 10, wherein each identity of a constituent is associated with one or more accounts based on a vetting process, and wherein the one or more identities associated with the constituent comprise a global identity context for the constituent.
“12. A method for creating global identity contexts across different information technology (IT) systems, the method comprising: registering, by a first server device, for each constituent in a plurality of constituents, one or more accounts for the constituent, wherein each account of the one or more accounts is associated with one or more local identifiers that identifies the constituent within a context of a particular service; performing, by a second server device, individualization to establish an individual identifier for each unique constituent based on one or more attributes; and mapping, by the second server device, each account of the one or more accounts to a particular individual identifier and the one or more local identifiers, wherein the first server device and the second server device are communicatively coupled to an application programming interface (API) gateway via a network, wherein performing individualization comprises: receiving a transaction record from a system of record; processing the transaction record to generate a standard record that contains at least some attributes from the transaction record; matching the standard record to one or more keys; generating a list of candidates by comparing the one or more keys to a plurality of golden records matching unique individuals; and responsive to the list of candidates being empty, creating a new golden record based on the standard record and associating a new individual identifier with the new golden record, or responsive to the list of candidates including at least one individual identifier, generating scores for each candidate in the list of candidates.
“13. The method of claim 12, wherein registering an account for a constituent comprises: receiving credentials to associate with the account; creating the account in an account directory; providing one or more vetting questions to a client device; receiving a vetting response provided by the constituent from the client device; transmitting a request to an identity management API deployed on the API gateway to verify the vetting response; receiving a response from the identity management API deployed on the API gateway that verifies the vetting response; and registering the account in an account directory as a vetted account.
“14. The method of claim 12, wherein the at least some attributes include demographic information, and wherein performing individualization further comprises: matching the standard record to the one or more keys by comparing the demographic information in the standard record to demographic information associated with the one or more keys.
“15. The method of claim 12, wherein mapping each account of the one or more accounts to the particular individual identifier and the one or more local identifiers comprises: retrieving, from a first table, the particular individual identifier based on an account identifier for the account; and retrieving, from a second table, the one or more local identifiers based on the particular individual identifier.”
There are additional claims. Please visit full patent to read further.
URL and more information on this patent, see: Arnold, Joseph. Global identity for use in a hybrid cloud network architecture.
(Our reports deliver fact-based news of research and discoveries from around the world.)
“Intermediary, Digital, Data-Driven Platform for Standardised Linking of Complex Industrial Ecosystems and Risk Transfer Technology Ecosystems and Corresponding Processes” in Patent Application Approval Process (USPTO 20230076467): Swiss Reinsurance Company Ltd.
Patent Application Titled “System That Provides Insurance Services Based On Artificial Intelligence” Published Online (USPTO 20230072529): Buttle Information Systems Co. Ltd.
Advisor News
- Global economic growth will moderate as the labor force shrinks
- Estate planning during the great wealth transfer
- Main Street families need trusted financial guidance to navigate the new Trump Accounts
- Are the holidays a good time to have a long-term care conversation?
- Gen X unsure whether they can catch up with retirement saving
More Advisor NewsAnnuity News
- Product understanding will drive the future of insurance
- Prudential launches FlexGuard 2.0 RILA
- Lincoln Financial Introduces First Capital Group ETF Strategy for Fixed Indexed Annuities
- Iowa defends Athene pension risk transfer deal in Lockheed Martin lawsuit
- Pension buy-in sales up, PRT sales down in mixed Q3, LIMRA reports
More Annuity NewsHealth/Employee Benefits News
Life Insurance News
- Product understanding will drive the future of insurance
- Nearly Half of Americans More Stressed Heading into 2026, Allianz Life Study Finds
- New York Life Investments Expands Active ETF Lineup With Launch of NYLI MacKay Muni Allocation ETF (MMMA)
- LTC riders: More education is needed, NAIFA president says
- Best’s Market Segment Report: AM Best Maintains Stable Outlook on Malaysia’s Non-Life Insurance Segment
More Life Insurance News