USER-PORTABLE DEVICE AND METHOD OF USE IN A USER-CENTRIC IDENTITY MANAGEMENT SYSTEM
First Claim
1. A system, comprising:
- a user-portable user computing device includinga storage comprising a plurality of first user identities,a storage comprising at least one user attribute, anda security token generator operatively coupled to the user attribute storage, the security token generator configured to receive a token request in reference to a first user identity and to generate a security token in accordance with the token request, using the at least one user attribute.
3 Assignments
0 Petitions
Accused Products
Abstract
A user-portable computing device configured as a smart card enables a user to carry identification information and to generate security tokens for use in authenticating the user to a service provider. The device includes memory for storing user identities as information cards that are exported to a host computer, presented to a user in visual form, and then selected for use in the authentication process. A security token service installed on the device issues a security token in response to a token request sent from the host computer that references the selected user identity. The security token service uses user attribute information stored on the user device to compose the claim assertions needed to issue the security token. The token is returned to the host computer and used to facilitate the authentication process.
-
Citations
20 Claims
-
1. A system, comprising:
-
a user-portable user computing device including a storage comprising a plurality of first user identities, a storage comprising at least one user attribute, and a security token generator operatively coupled to the user attribute storage, the security token generator configured to receive a token request in reference to a first user identity and to generate a security token in accordance with the token request, using the at least one user attribute. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. In an environment including a service provider environment, an identity provider environment, a host computing system, a network connecting the host computing system to the service provider environment and the identity provider environment, and a user-portable user computing device configured to communicate with the host computing system and including a plurality of first user identities and at least one user attribute, a method, comprising:
-
the host computing system generating a token request in reference to a first user identity; the user computing device receiving the token request; and the user computing device issuing a security token according to the token request, using the at least one user attribute. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A computer-readable medium having computer-executable instructions for execution by a processor, that, when executed, cause the processor to:
-
receive a token request in reference to one of a plurality of user identities, the plurality of user identities located on the medium; and generate a security token in accordance with the token request. - View Dependent Claims (17, 18, 19, 20)
-
Specification