Identification System and Method

US 20090013391A1
Filed: 06/13/2008
Published: 01/08/2009
Est. Priority Date: 07/03/2007
Status: Abandoned Application

First Claim

Patent Images

1. A system and method comprising (a) a request processing unit, (b) a response generation unit, (c) a cryptography parameters negotiation unit and (d) a cryptography parameters store, where said cryptography negotiation unit from time to time exchanges information with an identity provider to establish shared cryptography parameters, where said cryptography parameters are stored in said cryptography parameters store, and further, where said request processing unit directly or indirectly receives an assertion about an agent from said identity provider and processes said assertion with said cryptography parameters to produce a validity result, and where said response generation unit produces a response that is conveyed to a relying party, said response enabling said relying party to make a decision whether or not to grant to said actor access to a resource.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and a method is disclosed for securely identifying human and non-human actors. A computer implemented system and a method is also disclosed for securely identifying human and non-human actors.

60 Citations

View as Search Results

21 Claims

1. A system and method comprising (a) a request processing unit, (b) a response generation unit, (c) a cryptography parameters negotiation unit and (d) a cryptography parameters store, where said cryptography negotiation unit from time to time exchanges information with an identity provider to establish shared cryptography parameters, where said cryptography parameters are stored in said cryptography parameters store, and further, where said request processing unit directly or indirectly receives an assertion about an agent from said identity provider and processes said assertion with said cryptography parameters to produce a validity result, and where said response generation unit produces a response that is conveyed to a relying party, said response enabling said relying party to make a decision whether or not to grant to said actor access to a resource.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system and method of claim 1, further comprising a response preferences store, where response preferences are stored in said response preferences store, and where said response generation unit generates different said responses depending on said response preferences.
  - 3. The system and method of claim 1, further comprising an identity facts store, said identity facts store containing facts about said agent, where said response generation unit augments said response with said facts about said agent.
  - 4. The system and method of claim 1, further comprising an identity provider facts store, said identity provider facts store containing facts about said identity provider, where said response generation unit augments said response with said facts about said identity provider.
  - 5. The system and method of claim 1, further comprising a challenge generation unit, where said challenge generation unit produces an identification challenge to be met by said agent.
  - 6. The system and method of claim 5, further comprising an identity provider facts store, said identity provider facts store containing facts about one or more identity providers, where said challenge generation unit generates different recommended challenges depending on said facts about said one or more identity providers.

7. A system and method comprising (a) a request processing unit, (b) a response generation unit, and (c) an identity provider facts store, said identity provider facts store containing facts about an identity provider, where said request processing unit directly or indirectly receives an assertion about an agent from said identity provider and processes said assertion to produce a validity result, where said response generation unit obtains said facts about said identity provider from said identity provider facts store, and where said validity result and said facts about said identity provider are processed by said response generation unit to produce a response that is conveyed to a relying party, said response enabling said relying party to make a decision whether or not to grant to said actor access to a resource.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The system and method of claim 7, further comprising a response preferences store, where response preferences are stored in said response preferences store, and where said response generation unit generates different said responses depending on said response preferences.
  - 9. The system and method of claim 7, further comprising an identity facts store, said identity facts store containing facts about said agent, where said response generation unit augments said response with said facts about said agent.
  - 10. The system and method of claim 7, where said response generation unit augments said response with said facts about said identity provider.
  - 11. The system and method of claim 7, further comprising (a) an evaluation unit, and (b) a relying party requirements store, said relying party requirements store containing requirements of said relying party to be met by said identity provider, where said evaluation unit determines whether or not said validity result meets said requirements of said relying party, and where said response generation unit generates a different response depending on whether said requirements were met or not.
  - 12. The system and method of claim 7, further comprising a challenge generation unit, where said challenge generation unit produces an identification challenge to be met by said agent.
  - 13. The system of claim 12, where said identity provider facts store contains facts about one or more identity providers, where said challenge generation unit generates different recommended challenges depending on said facts about one or more identity providers.

14. A system and method comprising (a) a request processing unit, (b) a response generation unit, (c) a cryptography parameters negotiation unit, (d) a cryptography parameters store, (e) an identity provider facts store, (f) a relying party requirements store, and (g) an evaluation unit, said relying party requirements store containing requirements of said relying party to be met by an identity provider, where said cryptography parameters negotiation unit from time to time exchanges information with said identity provider to establish shared cryptography parameters, where said cryptography parameters are stored in said cryptography parameter store, and further where said request processing unit directly or indirectly receives an assertion about an agent from said identity provider and processes said assertion with said cryptography parameters to produce a validity result, where said evaluation unit determines whether or not said validity result meets said requirements of said relying party, where said response generation unit produces a response that is conveyed to a relying party, said response enabling said relying party to make a decision whether or not to grant to said actor access to a resource, where said response generation unit generates a different response depending on whether said requirements were met or not.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The system and method of claim 14, further comprising a response preferences store, where response preferences are stored in said response preferences store, and where said response generation unit generates different said responses depending on said response preferences.
  - 16. The system and method of claim 14, further comprising an identity facts store, said identity facts store containing facts about said agent, where said response generation unit augments said response with said facts about said agent.
  - 17. The system and method of claim 14, where said response generation unit augments said response with said facts about said identity provider.
  - 18. The system and method of claim 14, further comprising a challenge generation unit, where said challenge generation unit produces an identification challenge to be met by said agent.
  - 19. The system and method of claim 18, where said challenge generation unit generates different recommended challenges depending on said facts about said one or more identity providers.

20. A system and method comprising (a) an assertion processing unit, and (b) an evaluation processing unit, where said assertion processing unit receives an assertion from an identity provider about an agent, where said assertion processing unit processes said received assertion to produce a produced assertion, and conveys said produced assertion to an identification system, and where said evaluation processing unit receives a response from said identification system and processes it to produce a decision whether or not to grant to said actor access to a resource.
- View Dependent Claims (21)
- - 21. The system and method of claim 20, further comprising a challenge processing unit, where said challenge processing unit receives a recommended challenge from a challenge production system, where said challenge processing unit processes said recommended challenge into the actual challenge, and where said system conveys said actual challenge to said agent.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Johannes Ernst
Original Assignee
Johannes Ernst
Inventors
Ernst, Johannes

Application Number

US12/139,257
Publication Number

US 20090013391A1
Time in Patent Office

Days
Field of Search
US Class Current

726/6
CPC Class Codes

H04L 9/3271 using challenge-response

Identification System and Method

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

60 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Identification System and Method

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links