System and method for validating interactions in an identity metasystem

US 20090089870A1
Filed: 09/27/2008
Published: 04/02/2009
Est. Priority Date: 09/28/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method for validating interactions between a user, an identity provider and a relying party in an identity metasystem, said method comprising:

(a) accessing said relying party from a web browser on behalf of said user,(b) transferring a relying party identity from said relying party to said web browser,(c) transferring said relying party identity from said web browser to an identity selector,(d) retrieving from a card database a user identity,(e) authenticating a user with said user identity at said identity provider,(f) generating at said identity provider a token for a validation service,(g) transferring said token from said identity provider to said identity selector,(h) transferring a request comprising said token and said relying party identity from said identity selector to said validation service,(i) searching in a database of said validation service for a record set corresponding to said token and said relying party identity,(j) generating at said validation service a response based on said request and said record set from said search,(k) transferring said response from said validation service to said identity selector, and(l) informing said user of said response.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An information processing system for a computing network in which information describing planned interactions between an identity selector and a relying party web site are provided to a validation service, compared with information a database, and a response returned to the identity selector.

91 Citations

View as Search Results

10 Claims

1. A method for validating interactions between a user, an identity provider and a relying party in an identity metasystem, said method comprising:
- (a) accessing said relying party from a web browser on behalf of said user,(b) transferring a relying party identity from said relying party to said web browser,(c) transferring said relying party identity from said web browser to an identity selector,(d) retrieving from a card database a user identity,(e) authenticating a user with said user identity at said identity provider,(f) generating at said identity provider a token for a validation service,(g) transferring said token from said identity provider to said identity selector,(h) transferring a request comprising said token and said relying party identity from said identity selector to said validation service,(i) searching in a database of said validation service for a record set corresponding to said token and said relying party identity,(j) generating at said validation service a response based on said request and said record set from said search,(k) transferring said response from said validation service to said identity selector, and(l) informing said user of said response.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein said generating at said identity provider said token comprises encrypting an identity of said identity provider and an identity of said user with a key of said validation service.
  - 3. The method of claim 2, wherein said searching of said database comprises comparing said identity of said identity provider, said identity of said user and said relying party identity with a record in said database of said validation service.
  - 4. The method of claim 1, wherein said authenticating of said user comprises comparing a user identity and a password provided by said identity selector with a record in a database of said identity provider.

5. A system for validating interactions between a user, an identity provider and a relying party in an identity metasystem, said system comprising:
- (a) said user,(b) said identity provider,(c) said relying party,(d) a web browser,(e) an identity selector,(f) a card database,(g) a validation service, and(h) a database of said validation service, whereinsaid web browser accesses said relying party on behalf of said user,said relying party returns a relying party identity to said web browser,said web browser transfers said relying party identity to said identity selector,said identity selector retrieves a user identity from said card database,said identity provider authenticates said user with said user identity,said identity provider generates a token for said validation service,said identity provider transfers said token to said identity selector,said identity selector transfers a request comprising said token and said relying party identity to said validation service,said validation service searches in said database of said validation service for a record set corresponding to said token and said relying party identity,said validation service generates a response based on said request and said record set from said search,said validation service transfers said response to said identity selector, andsaid identity selector informs said user of said response.
- View Dependent Claims (6, 7, 8, 9)
- - 6. The system of claim 5, wherein said validation service is implemented as software running on a general purpose computer system.
  - 7. The system of claim 5, wherein said web browser, said identity selector, and said card database are implemented as software running on a general purpose computer system.
  - 8. The system of claim 5, wherein said relying party identity comprises a public key certificate.
  - 9. The system of claim 5, wherein said token comprises an identity of said identity provider and an identity of said user encrypted with a key of said validation service and encoded in a security assertion markup language.

10. A computer program product within a computer usable medium with software for validating interactions between a user, an identity provider and a relying party in an identity metasystem, said product comprising:
- (a) instructions for accessing said relying party from a web browser on behalf of said user,(b) instructions for transferring a relying party identity from said relying party to said web browser,(c) instructions for transferring said relying party identity from said web browser to an identity selector,(d) instructions for retrieving from a card database a user identity,(e) instructions for authenticating a user with said user identity at said identity provider,(f) instructions for generating at said identity provider a token for a validation service,(g) instructions for transferring said token from said identity provider to said identity selector,(h) instructions for transferring a request comprising said token and said relying party identity from said identity selector to said validation service,(i) searching in a database of said validation service for a record set corresponding to said token and said relying party identity,(j) generating at said validation service a response based on said request and said record set from said search,(k) instructions for transferring said response from said validation service to said identity selector, and(l) instructions for informing said user of said response.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mark Frederick Wahl
Original Assignee
Mark Frederick Wahl
Inventors
Wahl, Mark Frederick

Application Number

US12/286,042
Publication Number

US 20090089870A1
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

H04L 63/0823 using certificates cryptogr...

System and method for validating interactions in an identity metasystem

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

91 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for validating interactions in an identity metasystem

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

91 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links