IDENTITY SELECTOR FOR USE WITH A USER-PORTABLE DEVICE AND METHOD OF USE IN A USER-CENTRIC IDENTITY MANAGEMENT SYSTEM
First Claim
1. In an environment comprising a service provider environment including at least one identity provider and at least one relying party, and a user-portable user computing device including user identity information, a system, comprising:
- an identity manager system configured to facilitate online interactions between a user and the service provider environment by managing identity requirements of the interactions;
the identity manager system comprisesan agent module configured to manage communications between the identity manager system and the user computing device,the agent module configured further to receive user identity information from the user computing device and to use the user identity information to facilitate interactions between the user and the service provider environment, andmeans for enabling communications between the identity manager system and the service provider environment.
3 Assignments
0 Petitions
Accused Products
Abstract
An identity selector manages the identity requirements of an online interaction between a user and a service provider environment. The identity selector is adapted for interoperable use with a user-portable computing device. The user device enables a user to carry identification information and to generate security tokens for use in authenticating the user to a service provider. The identity selector includes an agent module that facilitates communication with the user device. The identity selector imports the user identities from the user device and determines which user identities satisfy a security policy of a relying party. After the user selects one of the eligible user identities, the identity selector generates a token request based on the selected identity and forwards it to the user device, which in response issues a security token. The security token is returned to the identity selector and used to facilitate the authentication process.
-
Citations
20 Claims
-
1. In an environment comprising a service provider environment including at least one identity provider and at least one relying party, and a user-portable user computing device including user identity information, a system, comprising:
-
an identity manager system configured to facilitate online interactions between a user and the service provider environment by managing identity requirements of the interactions; the identity manager system comprises an agent module configured to manage communications between the identity manager system and the user computing device, the agent module configured further to receive user identity information from the user computing device and to use the user identity information to facilitate interactions between the user and the service provider environment, and means for enabling communications between the identity manager system and the service provider environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. In an environment including a service provider environment, an identity provider environment, a host computing system, a user-portable user computing device comprising user identity information including a plurality of first user identities, the user computing device configured to communicate with the host computing system, and a network connecting the host computing system to the service provider environment and the identity provider environment, a method, comprising:
-
the host computing system initiating an interaction with the service provider environment; the host computing system receiving user identity information from the user computing device; and the host computing system using the user identity information received from the user computing device to manage identity requirements of the interaction. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. In an environment comprising a service provider environment including at least one service provider and at least one identity provider, a user-portable user computing device comprising user identity information including a plurality of first user identities, the user computing device further comprising a means for issuing a security token relative to any of the first user identities in response to a token request referencing one of the first user identities, a computer-readable medium having computer-executable instructions for execution by a processor, that, when executed, cause the processor to:
-
generate a token request in reference to one of the first user identities; communicate the token request to the user computing device; and receive the security token issued by the user computing device in response to the token request. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification