SYSTEM AND METHOD FOR SECURE ACCOUNT RESET UTILIZING INFORMATION CARDS

US 20090217368A1
Filed: 02/27/2008
Published: 08/27/2009
Est. Priority Date: 02/27/2008
Status: Abandoned Application

First Claim

Patent Images

1. An apparatus, comprising:

a machine;

a receiver on the machine configured to receive from a relying party a request for at least one challenge claim;

a card selector on the machine configured to receive from a user a selection of an information card responsive to the request for the at least one challenge claim; and

a transmitter configured to transmit to an identity provider a request for a security token responsive to the selection of the information card,wherein the receiver is further configured to receive the security token from the identity provider, the transmitter is further configured to transmit the security token to the relying party, and the security token includes the at least one challenge claim.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

New claim identifiers allow account reset and supplemental authorizations to be performed utilizing information cards. The new claim identifiers include claims for simple challenge questions, simple challenge answers, generated-challenge answers, and challenge methods. Each of the new claims can include a tuple. Methods of utilizing the new claim identifiers for account reset and supplemental authorization are also provided.

Citations

40 Claims

1. An apparatus, comprising:
- a machine;
  
  a receiver on the machine configured to receive from a relying party a request for at least one challenge claim;
  
  a card selector on the machine configured to receive from a user a selection of an information card responsive to the request for the at least one challenge claim; and
  
  a transmitter configured to transmit to an identity provider a request for a security token responsive to the selection of the information card,wherein the receiver is further configured to receive the security token from the identity provider, the transmitter is further configured to transmit the security token to the relying party, and the security token includes the at least one challenge claim.
- View Dependent Claims (2, 3)
- - 2. An apparatus according to claim 1, wherein the at least one challenge claim includes at least one of a simple challenge question, a simple challenge answer, a generated-challenge answer, a challenge method, and challenge method seed data.
  - 3. An apparatus according to claim 2, wherein one or more of the at least one challenge claims comprises a tuple.

4. A method for obtaining a challenge claim, comprising:
- receiving from a client a request for a security policy;
  
  transmitting to the client the security policy, wherein the security policy comprises at least one challenge claim identifier;
  
  receiving from the client a security token, the security token comprising at least one challenge claim; and
  
  storing the at least one challenge claim.
- View Dependent Claims (5, 6, 7)
- - 5. A method according to claim 4, wherein receiving the security token comprises receiving a security token including at least one of a simple challenge question, a simple challenge answer, a generated-challenge answer, a challenge method, and challenge method seed data.
  - 6. A method according to claim 5, wherein receiving the security token further comprises receiving a security token including at least one challenge claim comprising a tuple.
  - 7. A method according to claim 5, wherein storing the at least one challenge claim comprises storing an identifier for an identity provider that issued the security token.

8. An article, comprising a storage medium, the storage medium having stored thereon instructions that, when executed by a machine, result in:
- receiving from a client a request for a security policy;
  
  transmitting to the client the security policy, wherein the security policy comprises at least one challenge claim identifier;
  
  receiving from the client a security token, the security token comprising at least one challenge claim; and
  
  storing the at least one challenge claim.
- View Dependent Claims (9, 10)
- - 9. An article according to claim 8, wherein the at least one challenge claim includes at least one of a simple challenge question, a simple challenge answer, a generated-challenge answer, a challenge method, and challenge method seed data.
  - 10. An article according to claim 8, wherein the at least one challenge claim comprises a tuple.

11. A method for responding to a challenge from a relying party, comprising:
- receiving the challenge from the relying party;
  
  obtaining a response to the challenge from an identity provider; and
  
  providing the response to the relying party.
- View Dependent Claims (12, 13, 14, 15)
- - 12. A method according to claim 11, wherein:
    - obtaining the response to the challenge comprises requesting a security token from the identity provider; and
      
      providing the response to the relying party comprises providing the security token to the relying party.
  - 13. A method according to claim 11, wherein:
    - the method further comprises requesting an account reset; and
      
      receiving the challenge includes receiving the challenge from the relying party responsive to the account reset request.
  - 14. A method according to claim 11, further comprising repeatedly receiving a challenge, obtaining a response, and providing the response to the relying party for at least two iterations.
  - 15. A method according to claim 14, wherein obtaining a response in a first one of the at least two iterations comprises obtaining a response from a first identity provider and wherein obtaining a response in a second one of the at least two iterations comprises obtaining a response from a second identity provider.

16. An article, comprising a storage medium, the storage medium having stored thereon instructions that, when executed by a machine, result in:
- receiving a challenge from a relying party;
  
  obtaining a response to the challenge from an identity provider; and
  
  providing the response to the relying party.
- View Dependent Claims (17, 18, 19)
- - 17. An article according to claim 16, wherein:
    - obtaining the response to the challenge comprises requesting a security token from the identity provider; and
      
      providing the response to the relying party comprises providing the security token to the relying party.
  - 18. An article according to claim 16, wherein:
    - the storage medium has stored thereon further instructions that, when executed by the machine, result in;
      
      requesting an account reset before receiving the challenge from the relying party.
  - 19. An article according to claim 16, wherein:
    - the storage medium has stored thereon further instructions that, when executed by the machine, result in;
      
      repeatedly receiving a challenge, obtaining a response, and providing the response to the relying party for at least two iterations.

20. A method for challenging a user, comprising:
- determining that the user is to be challenged;
  
  retrieving a stored list of challenge methods associated with the user;
  
  identifying a first challenge method from the list of challenge methods;
  
  providing a first challenge to the user based upon the first challenge method;
  
  receiving a first response from the user; and
  
  validating the first response.
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. A method according to claim 20, further comprising:
    - identifying a second challenge method from the list of challenge methods;
      
      providing a second challenge to the user based upon the second challenge method;
      
      receiving a second response from the user; and
      
      validating the second response.
  - 22. A method according to claim 21, wherein:
    - receiving the first response comprises receiving a response generated by a first identity provider; and
      
      receiving the second response comprises receiving a response generated by a second identity provider.
  - 23. A method according to claim 20, wherein validating the first response comprises:
    - retrieving a stored answer; and
      
      comparing the stored answer with the first response.
  - 24. A method according to claim 20, wherein validating the first response comprises:
    - generating an answer; and
      
      comparing the answer with the first response.
  - 25. A method according to claim 20, wherein determining that the user is to be challenged comprises receiving a request for an account reset from the user.

26. An article, comprising a storage medium, the storage medium having stored thereon instructions that, when executed by a machine, result in:
- determining that a user is to be challenged;
  
  retrieving a stored list of challenge methods associated with the user;
  
  identifying a first challenge method from the list of challenge methods;
  
  providing a first challenge to the user based upon the first challenge method;
  
  receiving a first response from the user; and
  
  validating the first response.
- View Dependent Claims (27, 28, 29, 30)
- - 27. An article according to claim 26, wherein:
    - the storage medium has stored thereon further instructions that, when executed by the machine, result in;
      
      identifying a second challenge method from the list of challenge methods;
      
      providing a second challenge to the user based upon the second challenge method;
      
      receiving a second response from the user; and
      
      validating the second response.
  - 28. An article according to claim 27, wherein:
    - receiving the first response comprises receiving a response generated by a first identity provider; and
      
      wherein receiving the second response comprises receiving a response generated by a second identity provider.
  - 29. An article according to claim 26, wherein validating the first response comprises:
    - retrieving a stored answer; and
      
      comparing the stored answer with the first response.
  - 30. An article according to claim 26, wherein validating the first response comprises:
    - generating an answer; and
      
      comparing the answer with the first response.

31. A method, comprising:
- receiving a request for an information card from a client;
  
  obtaining at least one challenge claim responsive to the request; and
  
  sending the information card to the client, wherein the information card includes at least one challenge claim identifier.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 32. A method according to claim 31, wherein obtaining the at least one challenge claim comprises one of generating at least one of a simple challenge question, a simple challenge answer, a generated-challenge answer, a challenge method, and challenge method seed data and retrieving the at least one challenge claim from a storage.
  - 33. A method according to claim 31, wherein obtaining the at least one challenge claim comprises:
    - prompting a user for at least one of an identifier for a challenge claim method, a simple challenge question, and a simple challenge answer; and
      
      receiving a response from the user including at least one of the identifier for the challenge claim method, the simple challenge question, and the simple challenge answer.
  - 34. A method according to claim 31, wherein obtaining the at least one challenge claim comprises generating at least one challenge claim that is specific to a relying party.
  - 35. A method according to claim 31, wherein obtaining the at least one challenge claim comprises generating at least one challenge claim including a random string of characters.
  - 36. A method according to claim 31, further comprising:
    - receiving a request for a security token from the card selector, the request including a challenge claim request identifier;
      
      retrieving the at least one challenge claim;
      
      generating a security token, the security token including the at least one challenge claim; and
      
      sending the security token to the card selector.
  - 37. A method according to claim 36, wherein retrieving the at least one challenge claim comprises generating challenge method seed data and wherein generating the security token comprises generating a security token including the challenge method seed data.
  - 38. A method according to claim 36, wherein retrieving the at least one challenge claim comprises retrieving stored challenge method seed data and wherein generating the security token comprises generating a security token including the stored challenge method seed data.
  - 39. A method according to claim 31, further comprising:
    - receiving a request for the at least one challenge claim from a user;
      
      retrieving the at least one challenge claim;
      
      presenting the at least one challenge claim to the user.
  - 40. A method according to claim 39, wherein presenting the at least one challenge claim to the user comprises presenting at least one of a simple challenge answer and a generated challenge answer to the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Doman, Thomas E., Buss, Duane F.

Application Number

US12/038,674
Publication Number

US 20090217368A1
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

G06F 21/34 involving the use of extern...

SYSTEM AND METHOD FOR SECURE ACCOUNT RESET UTILIZING INFORMATION CARDS

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR SECURE ACCOUNT RESET UTILIZING INFORMATION CARDS

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links