CLAIM CATEGORY HANDLING

US 20090249430A1
Filed: 03/25/2008
Published: 10/01/2009
Est. Priority Date: 03/25/2008
Status: Abandoned Application

First Claim

Patent Images

1. An apparatus, comprising:

a machine (105);

a card selector (205) on the machine (105) to receive a selection of an information card (220) from a user;

a receiver (210) to receive a security policy (150) from a relying party (130) used in identifying said information card (220), and a security token (160) responsive to said security policy (150) from an identity provider (135); and

a transmitter (215) to transmit said security policy (150) to said identity provider (135) and said security token (160) to said relying party (130), said security token (160) responsive to said security policy (150),wherein said security policy (150) includes at least one claim (405, 410, 415, 420) that the relying party (130) considers neither required nor optional (435, 440).

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A relying party can have a security policy. The security policy can include claims that are categorized other than “required” and “optional”. The user can specify, in a user policy, whether or not to include in a request for a security token from an identity provider claims that are not “required”.

124 Citations

28 Claims

1. An apparatus, comprising:
- a machine (105);
  
  a card selector (205) on the machine (105) to receive a selection of an information card (220) from a user;
  
  a receiver (210) to receive a security policy (150) from a relying party (130) used in identifying said information card (220), and a security token (160) responsive to said security policy (150) from an identity provider (135); and
  
  a transmitter (215) to transmit said security policy (150) to said identity provider (135) and said security token (160) to said relying party (130), said security token (160) responsive to said security policy (150),wherein said security policy (150) includes at least one claim (405, 410, 415, 420) that the relying party (130) considers neither required nor optional (435, 440).
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. An apparatus according to claim 1, further comprising a policy store (225) to store a user policy (230) used to match said information card (220) with said security policy (150).
  - 3. An apparatus according to claim 2, wherein said user policy (230) can specify that said security token (160) automatically includes a second claim (405, 410, 415, 420) of said security policy (150) that is not required (430, 435, 440), without manual user specification (510) of inclusion of said second claim (405, 410, 415, 420).
  - 4. An apparatus according to claim 2, wherein the card selector (205) is operative to use said user policy (230) to identify said information card (220).
  - 5. An apparatus according to claim 4, wherein the card selector (205) is further operative to use said user policy (230) to rank (605) a plurality of information cards according to their suitability as a match for said security policy (150).
  - 6. An apparatus according to claim 5, wherein the card selector (205) is operative to rank (605) one of said plurality of information cards based on said one of said plurality of information cards matches a proper subset of all claims (405, 410, 415, 420) in said security policy (150), said proper subset of all claims (405, 410, 415, 420) including said at least one claim (405, 410, 415, 420) that the relying party (130) considers neither required nor optional (435, 440).
  - 7. An apparatus according to claim 5, wherein the card selector (205) is further operative to provide a user visual and/or non-visual cues (735, 630) regarding said ranks (605) for said plurality of information cards.

8. An apparatus, comprising:
- a machine (130);
  
  memory (315) in the machine (130);
  
  a web site (320) stored in the memory (315) in the machine (130); and
  
  a security policy (150) associated with the web site (320), the security policy (150) including at least one claim (405, 410, 415, 420) that is neither required nor optional (435, 440) for use of the web site (320).
- View Dependent Claims (9, 10)
- - 9. An apparatus according to claim 8, further comprising a transmitter (310) to transmit the security policy (150) to a client (105) responsive to said client (105) requesting the web site (320).
  - 10. An apparatus according to claim 8, wherein the security policy (150) further includes at least one claim (405, 410, 415, 420) that is either required or optional (425, 430) for use of the web site (320).

11. A security policy data structure stored in memory (315), comprising:
- a first claim (405, 410, 415, 420) considered either required or optional (425, 430) by a relying party (130);
  
  ad a second claim (405, 410, 415, 420) considered neither required nor optional (435, 440) by said relying party (130).
- View Dependent Claims (12)
- - 12. A security policy data structure according to claim 11, further comprising a third claim (405, 410, 415, 420) considered neither required nor optional (435, 440) by said relying party (130), and categorized differently from the second claim (405, 410, 415, 420).

13. A method, comprising:
- receiving (805) a security policy (150) from a relying party (130), the security policy (150) including at least one claim (405, 410, 415, 420) that the relying party (130) considers neither required nor optional (435, 440);
  
  identifying (810) an information card (220) that satisfies the security policy (150);
  
  requesting (815) a security token (160) from an identity provider (135) in response to the security token (160); and
  
  transmitting (820) the security token (160) to the relying party (130).
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. A method according to claim 13, wherein identifying (810) an information card (220) includes:
    - accessing (905) a user policy (230); and
      
      using (910) the user policy (230) to match the information card (220) with the security policy (150).
  - 15. A method according to claim 14, wherein requesting (815) a security token (160) from an identity provider (135) includes:
    - identifying (1005) a second claim (405, 410, 415, 420) in the security token (160) that is not required (430, 435, 440) by the relying party (130) that can be satisfied by the information card (220); and
      
      automatically requesting (1020) inclusion of the second claim (405, 410, 415, 420) in the security token (160) without manual user specification (510) of inclusion of the second claim (405, 410, 415, 420).
  - 16. A method according to claim 14, wherein using (910) the user policy (230) includes ranking (915) a plurality of information cards according to their suitability as a match for the security policy (150).
  - 17. A method according to claim 16, wherein ranking (915) a plurality of information cards according to their suitability as a match for the security policy (150) includes ranking (915) at least one of the plurality of information cards according to its suitability as a match for the security policy (150), where the one of the plurality of information cards matches a proper subset of all claims (405, 410, 415, 420) in the security policy (150), the proper subset of all claims (405, 410, 415, 420) including the at least one claim (405, 410, 415, 420) that the relying party (130) considers neither required nor optional (435, 440).
  - 18. A method according to claim 14, wherein identifying (810) an information card (220) that satisfied the security policy (150) further includes providing (925) a user visual and/or non-visual cues (735, 630) regarding said ranks (605) for said plurality of information cards.

19. A method, comprising:
- receiving (1105) a request for a web site (320) at a relying party (130) from a client (105);
  
  identifying (1110) a security policy (150) associated with the web site (320), the security policy (150) including at least one claim (405, 410, 415, 420) that is neither required nor optional (435, 440) for use of the web site (320); and
  
  transmitting (1115) the security policy (150) to the client (105).
- View Dependent Claims (20)
- - 20. A method according to claim 19, further comprising:
    - receiving (1120) a security token (160) from the client (105), the security token including data responsive to the claim (405, 410, 415, 420) that is neither required nor optional (435, 440) for use of the web site (320); and
      
      using (1125) the security token (160) with the web site (320).

21. An article, comprising a storage medium, said storage medium having stored thereon instructions that, when executed by a machine, result in:
- receiving (805) a security policy (150) from a relying party (130), the security policy (150) including at least one claim (405, 410, 415, 420) that the relying party (130) considers neither required nor optional (435, 440);
  
  identifying (810) an information card (220) that satisfies the security policy (150);
  
  requesting (815) a security token (160) from an identity provider (135) in response to the security token (160); and
  
  transmitting (820) the security token (160) to the relying party (130).
- View Dependent Claims (22, 23, 24, 25, 26)
- - 22. An article according to claim 21, wherein identifying (810) an information card (220) includes:
    - accessing (905) a user policy (230); and
      
      using (910) the user policy (230) to match the information card (220) with the security policy (150).
  - 23. An article according to claim 22, wherein requesting (815) a security token (160) from an identity provider (135) includes:
    - identifying (1005) a second claim (405, 410, 415, 420) in the security token (160) that is not required (430, 435, 440) by the relying party (130) that can be satisfied by the information card (220); and
      
      automatically requesting (1020) inclusion of the second claim (405, 410, 415, 420) in the security token (160) without manual user specification (510) of inclusion of the second claim (405, 410, 415, 420).
  - 24. An article according to claim 22, wherein using (910) the user policy (230) includes ranking (915) a plurality of information cards according to their suitability as a match for the security policy (150).
  - 25. An article according to claim 24, wherein ranking (915) a plurality of information cards according to their suitability as a match for the security policy (150) includes ranking (915) at least one of the plurality of information cards according to its suitability as a match for the security policy (150), where the one of the plurality of information cards matches a proper subset of all claims (405, 410, 415, 420) in the security policy (150), the proper subset of all claims (405, 410, 415, 420) including the at least one claim (405, 410, 415, 420) that the relying party (130) considers neither required nor optional (435, 440).
  - 26. An article according to claim 22, wherein identifying (810) an information card (220) that satisfied the security policy (150) further includes providing (925) a user visual and/or non-visual cues (735, 630) regarding said ranks (605) for said plurality of information cards.

27. An article, comprising a storage medium, said storage medium having stored thereon instructions that, when executed by a machine, result in:
- receiving (1105) a request for a web site (320) at a relying party (130) from a client (105);
  
  identifying (1110) a security policy (150) associated with the web site (320), the security policy (150) including at least one claim (405, 410, 415, 420) that is neither required nor optional (435, 440) for use of the web site (320); and
  
  transmitting (1115) the security policy (150) to the client (105).
- View Dependent Claims (28)
- - 28. An article according to claim 27, said storage medium has stored thereon further instructions that, when executed by the machine, result in:
    - receiving (1120) a security token (160) from the client (105), the security token including data responsive to the claim (405, 410, 415, 420) that is neither required nor optional (435, 440) for use of the web site (320); and
      
      using (1125) the security token (160) with the web site (320).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Sanders, Daniel S., Olds, Dale R., Hodgkinson, Andrew A., Buss, Duane F.

Application Number

US12/054,774
Publication Number

US 20090249430A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 2221/2115 Third party

CLAIM CATEGORY HANDLING

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

124 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

CLAIM CATEGORY HANDLING

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

124 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links