PERFORMING A BUSINESS TRANSACTION WITHOUT DISCLOSING SENSITIVE IDENTITY INFORMATION TO A RELYING PARTY
First Claim
1. An apparatus, comprising:
- a machine (105);
a card selector (205) on the machine (105) to receive a selection of an information card (220) from a user;
a receiver (210) to receive a security policy (150) used in identifying said information card (220), said security policy (150) including elements of a transaction (305) from a relying party (130), a security token (160) responsive to said security policy (150) from an identity provider (135); and
a transmitter (215) to transmit said security policy (150) to said identity provider (135) and said security token (160) to said relying party (130), said security token (160) responsive to said security policy (150),wherein said security policy includes elements of a transaction (305) and said security token (160) is at least partially responsive to said elements of a transaction (305).
7 Assignments
0 Petitions
Accused Products
Abstract
A user engages in a transaction with a relying party. The relying party requests identity information from the user in a security policy and identifies transaction elements for an on-line business transaction. Typically, the security policy and transaction elements are transmitted together; the security policy can be as little as a request to conduct the on-line business transaction. The user identifies an information card that satisfies the security policy. The computer system requests a security token from the identity provider managing the information card, which can include requesting a transaction receipt for the transaction elements. The computer system then returns the security token (and the transaction receipt) to the relying party, to complete the transaction.
-
Citations
37 Claims
-
1. An apparatus, comprising:
-
a machine (105); a card selector (205) on the machine (105) to receive a selection of an information card (220) from a user; a receiver (210) to receive a security policy (150) used in identifying said information card (220), said security policy (150) including elements of a transaction (305) from a relying party (130), a security token (160) responsive to said security policy (150) from an identity provider (135); and a transmitter (215) to transmit said security policy (150) to said identity provider (135) and said security token (160) to said relying party (130), said security token (160) responsive to said security policy (150), wherein said security policy includes elements of a transaction (305) and said security token (160) is at least partially responsive to said elements of a transaction (305). - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for conducting a transaction with a relying party, comprising:
-
identifying (605) elements of the transaction (305); receiving (610) a security policy (150) from the relying party (130), the security policy (150) including the elements of the transaction (305); receiving (615) an identifier of a selected information card (220) to conduct the transaction, the information card (220) satisfying the security policy (150); requesting (620) a security token (160) from an identity provider (135), providing the elements of the transaction (305) to the identity provider (135); receiving (625) the security token (160) from the identity provider (135); and transmitting (630) the security token (160) to the relying party (130). - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. An article, comprising a storage medium, said storage medium having stored thereon instructions that, when executed by a machine, result in:
-
identifying (605) elements of the transaction (305); receiving (610) a security policy (150) from the relying party (130), the security policy (150) including the elements of the transaction (305); receiving (615) an identifier of a selected information card (220) to conduct the transaction, the information card (220) satisfying the security policy (150); requesting (620) a security token (160) from an identity provider (135), providing the elements of the transaction (305) to the identity provider (135); receiving (625) the security token (160) from the identity provider (135); and transmitting (630) the security token (160) to the relying party (130). - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
Specification