POLICY-BASED AUDITING OF IDENTITY CREDENTIAL DISCLOSURE BY A SECURE TOKEN SERVICE
First Claim
Patent Images
1. An apparatus, comprising:
- a machine (135) operative as an identity provider;
a receiver (705) to receive a request for a security token (160);
a transmitter (710) to transmit said security token (160) responsive to said request;
at least one audit policy (725) including a trigger (730) based on said security token (160) and an audit action (735); and
an audit operator (740) operative to perform said audit action (735) if said trigger (730) occurs.
8 Assignments
0 Petitions
Accused Products
Abstract
A user defines an audit policy. The audit policy identifies one or more triggers that, when related information is included in a security token, trigger the performance of the audit. The audit can include notifying the user in some manner that the trigger occurred. The audit can require in-line confirmation of the audit, so that the security token is not transmitted until the user confirms the audit.
-
Citations
30 Claims
-
1. An apparatus, comprising:
-
a machine (135) operative as an identity provider; a receiver (705) to receive a request for a security token (160); a transmitter (710) to transmit said security token (160) responsive to said request; at least one audit policy (725) including a trigger (730) based on said security token (160) and an audit action (735); and an audit operator (740) operative to perform said audit action (735) if said trigger (730) occurs. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A memory for storing data for access on a computer system, comprising:
-
a data structure (1210) stored in the memory (1205), the data structure including; a first identifier (1215) of a datum stored in the memory (1205); and an audit action (1220) to perform associated with the first identifier (1215) of said datum. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A method for triggering an audit, comprising:
-
receiving (1410) a request for a security token (160), the request identifying at least one datum (715, 720); accessing (1415) an audit policy (710) associated with the datum (715, 720); identifying (1420) a trigger (730) associated with the security token (160); performing (1425) an audit action (735) responsive to the identified trigger (730); and transmitting (1450) the security token (160) responsive to the received request. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
-
-
23. An article, comprising a storage medium, said storage medium having stored thereon instructions that, when executed by a machine, result in:
-
receiving (1410) a request for a security token (160), the request identifying at least one datum (715, 720); accessing (1415) an audit policy (710) associated with the datum (715, 720); identifying (1420) a trigger (730) associated with the security token (160); performing (1425) an audit action (735) responsive to the identified trigger (730); and transmitting (1450) the security token (160) responsive to the received request. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
-
Specification