System integrating an identity selector and user-portable device and method of use in a user-centric identity management system
First Claim
1. A method, comprising:
- a host computing system determining whether any user identity among at least one of first user identities of a user satisfies identity requirements of the user;
the host computing system generating a token request with respect to one of any user identity determined to satisfy the identity requirements;
communicating, via the host system, the token request to a user computing device storing required information to support claim assertions of a security token associated with the token request; and
receiving, via the host computing system, and from the user computing device, at least one first user identity stored in the user computing device in response to the token request from the host computing system, wherein the user computing device eliminates a need for the host computing system to contact an identify provider associated with the host computing system to support the claim assertions of the security token associated with the token request.
1 Assignment
0 Petitions
Accused Products
Abstract
A combination includes a user-portable computing device, and an identity selector adapted for interoperable use with the user device. The user computing device includes a security token service that issues security tokens in reference to a portfolio of user identities stored as information cards on the user device. The issuance of security tokens employs user attribute information that is stored onboard the user device. The identity selector exports the information cards from the user device and determines which user identity satisfies a security policy promulgated by a relying party as part of an authentication process within the context of an online interaction. The identity selector generates a token request based on one of the eligible user identities, and forwards the token request to the user device to invoke the token issuance operation. The identity selector presents the issued security token to the relying party to comply with the security policy.
-
Citations
20 Claims
-
1. A method, comprising:
-
a host computing system determining whether any user identity among at least one of first user identities of a user satisfies identity requirements of the user; the host computing system generating a token request with respect to one of any user identity determined to satisfy the identity requirements; communicating, via the host system, the token request to a user computing device storing required information to support claim assertions of a security token associated with the token request; and receiving, via the host computing system, and from the user computing device, at least one first user identity stored in the user computing device in response to the token request from the host computing system, wherein the user computing device eliminates a need for the host computing system to contact an identify provider associated with the host computing system to support the claim assertions of the security token associated with the token request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system, comprising:
-
a user computing device including an information card storage, a security token service, and a user attribute storage, the user computing device storing required information to support claim assertions of a security token associated with a token request, wherein the user computing device is to export at least one first user identity to a host computing system in response to a token request from the host computing system, and wherein the user computing device eliminates a need for the host computing system to contact an identify provider associated with the host computing system to support the claim assertions of the security token associated with the token request. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable medium having computer-executable instructions for execution by a processor, that, when executed, cause the processor to:
-
determine whether any user identity among at least one of first user identities of a user satisfies identity requirements of the user; generate a token request with respect to one of any user identity of the user determined to satisfy the identity requirements; communicate the token request to a user computing device storing required information to support claim assertions of a security token associated with the token request; and receive, from the user computing device, at least one first user identity stored in the user computing device in response to the token an import request from a host computing system, wherein the user computing device eliminates a need for the host computing system to contact an identify provider associated with the host computing system to support the claim assertions of the security token associated with the token request. - View Dependent Claims (18, 19, 20)
-
Specification