User-portable device and method of use in a user-centric identity management system
First Claim
1. A system, comprising:
- a security token generator that;
receives a token request in reference to a first user identity of a plurality of first user identities from an identity management module executing on a host computing system, the receipt of the token request responsive to a security policy from a relying party;
generates a security token in accordance with the token request, using at least one user attribute;
retrieves information related to the user attribute to support claim assertions of the security token; and
issues the security token contained in an information card based on the token request, using the information related to the user attribute, the information card presented visually in a graphical user interface as a card-shaped picture.
3 Assignments
0 Petitions
Accused Products
Abstract
A user-portable computing device configured as a smart card enables a user to carry identification information and to generate security tokens for use in authenticating the user to a service provider. The device includes memory for storing user identities as information cards that are exported to a host computer, presented to a user in visual form, and then selected for use in the authentication process. A security token service installed on the device issues a security token in response to a token request sent from the host computer that references the selected user identity. The security token service uses user attribute information stored on the user device to compose the claim assertions needed to issue the security token. The token is returned to the host computer and used to facilitate the authentication process.
-
Citations
20 Claims
-
1. A system, comprising:
a security token generator that; receives a token request in reference to a first user identity of a plurality of first user identities from an identity management module executing on a host computing system, the receipt of the token request responsive to a security policy from a relying party; generates a security token in accordance with the token request, using at least one user attribute; retrieves information related to the user attribute to support claim assertions of the security token; and issues the security token contained in an information card based on the token request, using the information related to the user attribute, the information card presented visually in a graphical user interface as a card-shaped picture. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
9. A method, comprising:
-
a host computing system generating a token request in reference to at least one exported user identity based on an identity management module executing on the host computing system; a user computing device receiving the token request relative to the at least one exported user identity; and the user computing device issuing a security token contained in an information card according to the token request and user attribute information associated with the at least one exported user identity, the information card presented visually for selection in a graphical user interface as a card-shaped picture, wherein a security token generator retrieves a set of user attributes related to the security token and indicative of the first user identity. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer-readable medium having computer-executable instructions for execution by a processor, that, when executed, cause the processor to:
-
receive a token request in reference to a first user identity of a plurality of first user identities from an identity management module executing on a host computing system, the receipt of the token request responsive to a security policy from a relying party; generate a security token in accordance with the token request, using at least one user attribute; retrieve information related to the user attribute to support claim assertions of the security token; and issue the security token in an information card based on the token request, using the information related to the user attribute, the information card presented visually for selection in a graphical user interface as a card-shaped picture. - View Dependent Claims (17, 18, 19, 20)
-
Specification