SITE-SPECIFIC CREDENTIAL GENERATION USING INFORMATION CARDS

US 20100031328A1
Filed: 07/31/2008
Published: 02/04/2010
Est. Priority Date: 07/31/2008
Status: Abandoned Application

First Claim

Patent Images

1. An apparatus, comprising:

a machine;

a browser on the machine configured to receive a request from a relying party site for a credential from a user;

a receiver to receive a plurality of inputs;

a site-specific credential generator to generate the credential based at least in part on the plurality of inputs; and

a transmitter configured to transmit the generated credential to the relying party site.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for generation of site-specific credentials using information cards are provided. An apparatus can include a machine, a browser on the machine configured to receive a request from a relying party site for a credential from a user, a receiver to receive one or more inputs, a site-specific credential generator to generate the credential based on the inputs, and a transmitter configured to transmit the generated credential to the relying party site.

117 Citations

View as Search Results

20 Claims

1. An apparatus, comprising:
- a machine;
  
  a browser on the machine configured to receive a request from a relying party site for a credential from a user;
  
  a receiver to receive a plurality of inputs;
  
  a site-specific credential generator to generate the credential based at least in part on the plurality of inputs; and
  
  a transmitter configured to transmit the generated credential to the relying party site.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The apparatus of claim 1, wherein the plurality of inputs comprises at least a relying party site identifier, a user identifier, and a variant flag.
  - 3. The apparatus of claim 2, wherein the plurality of inputs further comprises a password generation policy.
  - 4. The apparatus of claim 1, wherein the generated credential comprises a generated username and a generated password.
  - 5. The apparatus of claim 1, wherein the generated credential is automatically populated into a login form at the relying party site.

6. A computer-implemented method of generating a site-specific credential, comprising:
- receiving a request from a relying party site for a credential from a user;
  
  receiving a relying party site identifier corresponding to the relying party site;
  
  receiving an information card identifier corresponding to an information card;
  
  receiving a value for a flag; and
  
  generating the credential, wherein the credential is specific to the relying party site based at least in part on the relying party site identifier, the information card identifier, and the value for the flag.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 7. The computer-implemented method of claim 6, further comprising receiving a password generation policy.
  - 8. The computer-implemented method of claim 7, wherein the generating comprises generating the credential specific to the relying party site based at least in part on the password generation policy.
  - 9. The computer-implemented method of claim 6, wherein the relying party site identifier comprises a site-specific certificate.
  - 10. The computer-implemented method of claim 6, wherein the information card identifier comprises cryptographic information.
  - 11. The computer-implemented method of claim 6, wherein the information card identifier comprises static information.
  - 12. The computer-implemented method of claim 6, wherein the generated credential comprises a username/password variant.
  - 13. The computer-implemented method of claim 6, wherein receiving the request comprises detecting a login form having multiple login form fields.
  - 14. The computer-implemented method of claim 13, further comprising automatically populating the multiple login form fields with corresponding values from the generated credential.
  - 15. The computer-implemented method of claim 6, further comprising storing the generated credential in the information card.
  - 16. The computer-implemented method of claim 15, further comprising storing in the information card a key pair and private personal identifier (PPID) corresponding to the relying party site.
  - 17. The computer-implemented method of claim 6, wherein generating the credential comprises implementing a SHA-256 hash function.

18. A tangible computer-readable medium storing instructions that, when executed by a processor, result in:
- receiving a request from a relying party site for a username and a password;
  
  receiving a plurality of inputs;
  
  based at least in part on the plurality of inputs, generating a username and a password specific to the relying party site; and
  
  transmitting the generated username and password to the relying party site.
- View Dependent Claims (19, 20)
- - 19. The tangible computer-readable medium of claim 18, wherein receiving the request comprises automatically detecting a login form at the relying party site, wherein the login form comprises at least a username field and a password field.
  - 20. The tangible computer-readable medium of claim 19, having stored thereon further instructions that, when executed by the machine, result in:
    - populating the username field with the generated username; and
      
      populating the password field with the generated password.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Hodgkinson, Andrew A.

Application Number

US12/184,155
Publication Number

US 20100031328A1
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

G06F 21/33   using certificates

G06F 21/77   in smart cards

G06F 2221/2151   Time stamp

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

SITE-SPECIFIC CREDENTIAL GENERATION USING INFORMATION CARDS

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

117 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SITE-SPECIFIC CREDENTIAL GENERATION USING INFORMATION CARDS

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

117 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links