INFORMATION CARD FEDERATION POINT TRACKING AND MANAGEMENT

US 20090077627A1
Filed: 11/25/2008
Published: 03/19/2009
Est. Priority Date: 03/16/2007
Status: Abandoned Application

First Claim

Patent Images

1. An apparatus, comprising:

a client (105);

a receiver (210) on the client (105) to receive a security policy (150) from a relying party (130);

a transmitter (215) on the client (105) to transmit a security token (160) to said relying party (130) responsive to said security policy (150);

a data store (225) on the client (105), the data store (225) capable of storing federation points (230, 505, 510, 515, 520), each federation point (230, 505, 510, 515, 520) including an identifier (525) of an account (605, 610, 615, 620) on a relying party (130) and an identifier (530) of an information card (220);

a data store accessor (240) on the client (105) to access said federation points (230, 505, 510, 515, 520) stored in the data store (225); and

a card selector (205) on the client (105) to present information about said federation points (230, 505, 510, 515, 520) in the data store (225) to a user.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A client can store information about federation points. A federation point is a combination of an identifier of an account on a relying party and an identifier of an information card. The client can track which information cards are included n various federation points, and can use this information to assist the user in performing a transaction with relying parties.

Citations

34 Claims

1. An apparatus, comprising:
- a client (105);
  
  a receiver (210) on the client (105) to receive a security policy (150) from a relying party (130);
  
  a transmitter (215) on the client (105) to transmit a security token (160) to said relying party (130) responsive to said security policy (150);
  
  a data store (225) on the client (105), the data store (225) capable of storing federation points (230, 505, 510, 515, 520), each federation point (230, 505, 510, 515, 520) including an identifier (525) of an account (605, 610, 615, 620) on a relying party (130) and an identifier (530) of an information card (220);
  
  a data store accessor (240) on the client (105) to access said federation points (230, 505, 510, 515, 520) stored in the data store (225); and
  
  a card selector (205) on the client (105) to present information about said federation points (230, 505, 510, 515, 520) in the data store (225) to a user.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. An apparatus according to claim 1, wherein:
    - the apparatus further comprises a relying party identifier (245) on the client (105) to identify said relying party (130);
      
      the data store accessor (240) is operative to identify at least one federation point (230, 505, 510, 515, 520) including an identifier (525) of an account (605, 610, 615, 620) on said relying party (130); and
      
      the card selector (205) is operative to present to said user at least one information card (220, 530) and information about at least one federation point (230, 505, 510, 515, 520) including said at least one information card (220, 530), and to receive from said user a selection of one of said at least one information card (220, 530).
  - 3. An apparatus according to claim 2, wherein the card selector (205) is further operative to present to said user information about at least one account (605, 610, 615, 620) on said relying party (130) that is part of said at least one federation point (230, 505, 510, 515, 520).
  - 4. An apparatus according to claim 2, wherein the card selector (205) is further operative to present to said user information about a level of access (625, 630, 635, 640, 645, 650) associated with at least one account (605, 610, 615, 620) on said relying party (130) that is part of said at least one federation point (230, 505, 510, 515, 520).
  - 5. An apparatus according to claim 2, wherein the card selector (205) is further operative to present to said user information about said at least one federation point (230, 505, 510, 515, 520) responsive to a request by said user for said information about said at least one federation point (230, 505, 510, 515, 520) including said at least one information card (220, 530).
  - 6. An apparatus according to claim 2, wherein:
    - the apparatus further comprises an query mechanism (250) on the client (105) to query an endpoint (805) on said relying party (130) for information (815) about a federation point (230, 505, 510, 515, 520);
      
      the receiver (210) is operative to receive said information (815) about said federation point (230, 505, 510, 515, 520) from said endpoint (805); and
      
      the card selector (205) is operative to present to said user said information (815) about said federation point (230, 505, 510, 515, 520) received from said endpoint (805).
  - 7. An apparatus according to claim 2, further comprising a federation point adder (235) on the client (105) to add a new federation point (230, 505, 510, 515, 520) to the data store (225), said new federation point (230, 505, 510, 515, 520) including an identifier (525) of an account (605, 610, 615, 620) on said relying party (130) and said selected information card (220, 530).

8. A method, comprising:
- receiving (1203) a security policy (150) from a relying party (130);
  
  identifying (1206) the relying party (130);
  
  identifying (1209) at least one federation point (230, 505, 510, 515, 520), the at least one federation point (230, 505, 510, 515, 520) including an identifier (525) of an account (605, 610, 615, 620) on the relying party (130);
  
  identifying (1212) at least one information card (220, 530) accessible to the card selector (205) included in the identified federation points (230, including);
  
  presenting (1251) to a user the identified information cards (220, 530);
  
  receiving (1257) a selection by the user of one of the identified information cards (220, 530); and
  
  forwarding (1275) to the relying party (130) a security token (160) responsive to the security policy (150) and the selected information card (220, 530).
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. A method according to claim 8, wherein presenting (1251) to a user the identified information cards (220, 530) includes presenting (1251) to the user information (815) about at least one federation point (230, 505, 510, 515, 520) including each information card (220, 530).
  - 10. A method according to claim 9, wherein presenting (1251) to the user information (815) about at least one federation point (230, 505, 510, 515, 520 including each information card (220, 530) includes informing (1251, 1254) the user about at least one account (605, 610, 615, 620) on the relying party (130) that is part of at least one federation point (230, 505, 510, 515, 520) including each information card (220, 530).
  - 11. A method according to claim 9, wherein presenting (1251) to the user information (815) about at least one federation point (230, 505, 510, 515, 520) including each information card (220, 530) includes informing (1251, 1254) the user about a level of access (625, 630, 635, 640, 645, 650) associated with at least one account (605, 610, 615, 620) on the relying party (130) that is part of at least one federation point (230, 505, 510, 515, 520) including each information card (220, 530).
  - 12. A method according to claim 9, wherein presenting (1251) to the user information (815) about at least one federation point (230, 505, 510, 515, 520) including each information card (220, 530) includes:
    - receiving (1215) from the user a request for the information (815) about the federation point (230, 505, 510, 515, 520) including the one of the identified information cards (220, 530); and
      
      presenting (1251) to the user information (815) about at least one federation point (230, 505, 510, 515, 520) including one of the identified information cards (220, 530) responsive to the request from the user for the information (815) about the federation point (230, 505, 510, 515, 520) including the one of the identified information cards (220, 530).
  - 13. A method according to claim 9, wherein presenting (1251) to the user information (815) about the federation point (230, 505, 510, 515, 520) including each information card (220, 530) includes:
    - for at least one identified information card (220, 530), querying (1230) an endpoint (805) on the relying party (130) for the information (815) about the federation point (230, 505, 510, 515, 520) including the identified information card (220, 530); and
      
      receiving (1239) from the endpoint (805) on the relying party (130) the information (815) about the federation point (230, 505, 510, 515, 520) including the identified information card (220, 530).
  - 14. A method according to claim 8, further comprising, if the selected information card (220, 530) is not included in a federation point (230, 505, 510, 515, 520) including the identifier (525) of the account on the relying party (130), creating (1287) the federation point (230, 505, 510, 515, 520) including the identifier (525) of the account on the relying party (130) and the identifier (530) of the selected information card (220).
  - 15. A method according to claim 14, further comprising querying (1281) an endpoint (805) on the relying party (130) for the identifier (525) of the account (605, 610, 615, 620) on the relying party (130) that is part of the federation point (230, 505, 510, 515, 520).

16. An apparatus, comprising:
- a relying party (130);
  
  a policy store (820) on the relying party (130) to store at least one policy (825) specifying how the relying party (130) processes security tokens (160);
  
  a data store (810) on the relying party (130) to store information (815) about security tokens (160) and accounts (605, 610, 615, 620) to which access has been granted based on said security tokens (160);
  
  an endpoint (805) on the relying party (130) to receive from a requester a query about an account (605, 610, 615, 620) on the relying party (130);
  
  a response generator (830) on the relying party (130) to generate a response to the query; and
  
  a transmitter (835) on the relying party (130) to transmit said response to said requester.
- View Dependent Claims (17, 18, 19, 20)
- - 17. An apparatus according to claim 16, wherein the response generator (830) is operative to generate said response including information (815) from the data store (225) about an account (605, 610, 615, 620) to which access has been granted based on a security token (160).
  - 18. An apparatus according to claim 16, wherein the response generator (830) is operative to generate said response including information (815) about an account (605, 610, 615, 620) to which access might be granted based on a security token (160) based on a policy in the policy store.
  - 19. An apparatus according to claim 18, wherein said information (815) about an account (605, 610, 615, 620) to which access might be granted includes a level of access (625, 630, 635, 640, 645, 650) associated with said account (605, 610, 615, 620).
  - 20. An apparatus according to claim 18, wherein said information (815) about an account (605, 610, 615, 620) to which access might be granted includes identifying a claim that would need to be included in said security token (160) to access said account (605, 610, 615, 620).

21. A method, comprising:
- receiving (1505) at an endpoint (805) on a relying party (130) a query from a requester for information (815) about an account (605, 610, 615, 620) on the relying party (130);
  
  determining (1510) the requested information (815) about the account (605, 610, 615, 620) on the relying party (130); and
  
  sending (1515) the requested information (815) to the requester.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 22. A method according to claim 21, wherein determining (1510) the requested information (815) about the account (605, 610, 615, 620) on the relying party (130) includes applying (1610) a policy (825) stored on the relying party (130) to the query.
  - 23. A method according to claim 22, wherein receiving (1505) at an endpoint (805) on a relying party (130) a query includes receiving (1505) at the endpoint (805) on the relying party (130) the query from the requestor for the information (815) about the account (605, 610, 615, 620) on the relying party (130), the query identifying a security token (160).
  - 24. A method according to claim 23, wherein applying (1610) a policy (825) includes using (1610) the policy (825) to determine how the relying party (130) might respond if the identified security token (160) was provided by the requester to access the account (605, 610, 615, 620) on the relying party (130).
  - 25. A method according to claim 24, wherein using (1610) the policy (825) includes using (1605, 1610) information (815) derived from the identified security token (160) to determine how the relying party (130) might respond if the identified security token (160) was provided by the requester to access the identified account (605, 610, 615, 620) on the relying party (130).
  - 26. A method according to claim 23, wherein receiving (1505) a query from a requester for information (815) about an account (605, 610, 615, 620) on the relying party (130) includes receiving (1505) a query (1305) for information (815) about a previous time the relying party (130) received the identified security token (160) for the account (605, 610, 615, 620) on the relying party (130).
  - 27. A method according to claim 23, wherein receiving a query from a requester for information (815) about an account (605, 610, 615, 620) on the relying party (130) point includes receiving (1505) a query (1310) for information (815) about the account (605, 610, 615, 620) on the relying party (130) if the relying party (130) were to receive the identified security token (160).
  - 28. A method according to claim 23, wherein receiving a query from a requester for information (815) about an account (605, 610, 615, 620) on the relying party (130) includes receiving (1505) a query (1315) for information (815) about the account (605, 610, 615, 620) on the relying party (130) after the relying party (130) received the security token (160).
  - 29. A method according to claim 22, wherein receiving a query from a requester for information (815) about an account (605, 610, 615, 620) on the relying party (130) includes receiving (1505) a query (1320) for information (815) about a second account (605, 610, 615, 620) other than the account (605, 610, 615, 620) on the relying party (130).
  - 30. A method according to claim 29, wherein sending (1515) the requested information (815) to the requester includes sending (1515) the information (815) about the account (605, 610, 615, 620) on the relying party (130).
  - 31. A method according to claim 29, wherein receiving (1505) a query for information (815) about a second account (605, 610, 615, 620) other than the account (605, 610, 615, 620) on the relying party (130) includes receiving (1505) a query (1320) for information (815) about a level of access (625, 630, 635, 640, 645, 650) associated with the second account (605, 610, 615, 620).
  - 32. A method according to claim 31, wherein sending (1515) the requested information (815) to the requester includes sending (1515) the level of access (625, 630, 635, 640, 645, 650) associated with the second account (605, 610, 615, 620).
  - 33. A method according to claim 29, wherein receiving (1505) a query from a requester for information (815) about an account (605, 610, 615, 620) on the relying party (130) further includes receiving (1505) a second query (1325) for what data the relying party (130) would need to grant access to the second account (605, 610, 615, 620).
  - 34. A method according to claim 33, wherein sending (1515) the requested information (815) to the requester includes sending (1515) an identification of what data the relying party (130) would need to grant access to the second account (605, 610, 615, 620).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Doman, Thomas E., Buss, Duane F., Busath, Wendy Michelle

Application Number

US12/323,141
Publication Number

US 20090077627A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/34 involving the use of extern...

G06F 2221/2141 Access rights, e.g. capabil...

INFORMATION CARD FEDERATION POINT TRACKING AND MANAGEMENT

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

INFORMATION CARD FEDERATION POINT TRACKING AND MANAGEMENT

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links