Identification System and Method
First Claim
1. A system and method comprising (a) a request processing unit, (b) a response generation unit, (c) a cryptography parameters negotiation unit and (d) a cryptography parameters store, where said cryptography negotiation unit from time to time exchanges information with an identity provider to establish shared cryptography parameters, where said cryptography parameters are stored in said cryptography parameters store, and further, where said request processing unit directly or indirectly receives an assertion about an agent from said identity provider and processes said assertion with said cryptography parameters to produce a validity result, and where said response generation unit produces a response that is conveyed to a relying party, said response enabling said relying party to make a decision whether or not to grant to said actor access to a resource.
0 Assignments
0 Petitions
Accused Products
Abstract
A system and a method is disclosed for securely identifying human and non-human actors. A computer implemented system and a method is also disclosed for securely identifying human and non-human actors.
60 Citations
21 Claims
- 1. A system and method comprising (a) a request processing unit, (b) a response generation unit, (c) a cryptography parameters negotiation unit and (d) a cryptography parameters store, where said cryptography negotiation unit from time to time exchanges information with an identity provider to establish shared cryptography parameters, where said cryptography parameters are stored in said cryptography parameters store, and further, where said request processing unit directly or indirectly receives an assertion about an agent from said identity provider and processes said assertion with said cryptography parameters to produce a validity result, and where said response generation unit produces a response that is conveyed to a relying party, said response enabling said relying party to make a decision whether or not to grant to said actor access to a resource.
- 7. A system and method comprising (a) a request processing unit, (b) a response generation unit, and (c) an identity provider facts store, said identity provider facts store containing facts about an identity provider, where said request processing unit directly or indirectly receives an assertion about an agent from said identity provider and processes said assertion to produce a validity result, where said response generation unit obtains said facts about said identity provider from said identity provider facts store, and where said validity result and said facts about said identity provider are processed by said response generation unit to produce a response that is conveyed to a relying party, said response enabling said relying party to make a decision whether or not to grant to said actor access to a resource.
- 14. A system and method comprising (a) a request processing unit, (b) a response generation unit, (c) a cryptography parameters negotiation unit, (d) a cryptography parameters store, (e) an identity provider facts store, (f) a relying party requirements store, and (g) an evaluation unit, said relying party requirements store containing requirements of said relying party to be met by an identity provider, where said cryptography parameters negotiation unit from time to time exchanges information with said identity provider to establish shared cryptography parameters, where said cryptography parameters are stored in said cryptography parameter store, and further where said request processing unit directly or indirectly receives an assertion about an agent from said identity provider and processes said assertion with said cryptography parameters to produce a validity result, where said evaluation unit determines whether or not said validity result meets said requirements of said relying party, where said response generation unit produces a response that is conveyed to a relying party, said response enabling said relying party to make a decision whether or not to grant to said actor access to a resource, where said response generation unit generates a different response depending on whether said requirements were met or not.
- 20. A system and method comprising (a) an assertion processing unit, and (b) an evaluation processing unit, where said assertion processing unit receives an assertion from an identity provider about an agent, where said assertion processing unit processes said received assertion to produce a produced assertion, and conveys said produced assertion to an identification system, and where said evaluation processing unit receives a response from said identification system and processes it to produce a decision whether or not to grant to said actor access to a resource.
Specification