SYSTEM AND METHOD FOR VIRTUAL INFORMATION CARDS

US 20100058435A1
Filed: 08/29/2008
Published: 03/04/2010
Est. Priority Date: 08/29/2008
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

a client (105);

a card selector (205) on the client (105);

a receiver (210) on the client (105) to receive a security policy (150) from a relying party (130);

a transmitter (215) to transmit a security token (160) to said relying party (130);

at least one local security policy (230) accessible from the client (105); and

a virtual information card definer (235) to define at least one virtual information card (315) using the at least one local security policy (230) and said security policy (150).

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A client includes a card selector, and receives a security policy from a relying party. If the client does not have an information card that can satisfy the security policy, the client can define a virtual information card, either from the security policy or by augmenting an existing information card. The client can also use a local security policy that controls how and when a virtual information card is defined. The virtual information card can then be used to generate a security token to satisfy the security policy.

Citations

30 Claims

1. An apparatus, comprising:
- a client (105);
  
  a card selector (205) on the client (105);
  
  a receiver (210) on the client (105) to receive a security policy (150) from a relying party (130);
  
  a transmitter (215) to transmit a security token (160) to said relying party (130);
  
  at least one local security policy (230) accessible from the client (105); and
  
  a virtual information card definer (235) to define at least one virtual information card (315) using the at least one local security policy (230) and said security policy (150).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. An apparatus according to claim 1, wherein the card selector (205) includes no information cards (220).
  - 3. An apparatus according to claim 2, wherein the virtual information card definer (235) is operative to define a virtual information card (315) including a list of claims (610) in said security policy (150).
  - 4. An apparatus according to claim 3, further comprising an adder (240) to add said virtual information card (315) to the card selector (205) as an information card (220).
  - 5. An apparatus according to claim 1, wherein the card selector (205) includes no information cards (220) that satisfy said security policy (150).
  - 6. An apparatus according to claim 5, wherein the virtual information card definer (235) includes:
    - an information card identifier (305) to identify at least one information card (220) in the card selector (205) that nearly satisfies said security policy (150); and
      
      an augmenter (310) to augment said at least one information card (220) with information (620) in said security policy (150) that is missing from said information card (220), to define said at least one virtual information card (315).
  - 7. An apparatus according to claim 6, wherein said information (620) in said security policy (150) that is missing from said information card (220) includes at least one claim (610).
  - 8. An apparatus according to claim 6, wherein said information (620) in said security policy (150) that is missing from said information card (220) includes a token type (605).
  - 9. An apparatus according to claim 6, wherein said information (620) in said security policy (150) that is missing from said information card (220) includes metadata (615).
  - 10. An apparatus according to claim 6, further comprising an upgrader (245) to upgrade said at least one information card (220) so that said at least one information card (220) can satisfy said security policy (150).
  - 11. An apparatus according to claim 1, wherein:
    - the transmitter (215) is operative to transmit a request for said security token (160) from the client (105) to an identity provider (135), said request for said security token (160) based on one of said at least one virtual information cards (315); and
      
      the receiver (210) is operative to receive said security token (160) from said identity provider (135).
  - 12. An apparatus according to claim 1, wherein:
    - the at least one local security policy (230) includes a list (705) of acceptable identity providers (135); and
      
      the virtual information card definer (235) is operative to define said at least one virtual information card (315) to request said security token (160) from one of the list (705) of acceptable identity providers (135).
  - 13. An apparatus according to claim 1, wherein:
    - the at least one local security policy (230) includes a maximum number (710) of claims that can be missing from an information card (220); and
      
      the virtual information card definer (235) is operative to define said at least one virtual information card (315) based on an information card (220) that fails to satisfy at most the maximum number (710) of claims from the security policy (150).
  - 14. An apparatus according to claim 1, wherein:
    - the at least one local security policy (230) includes claims that should be included (715) in an information card (220); and
      
      the virtual information card definer (235) is operative to define said at least one virtual information card (315) based on an information card (220) that omits only claims not included in the local security policy (230).

15. A method, comprising:
- receiving (805) a security policy (150) from a relying party (130) at a client (105);
  
  determining (810, 815) that no information card (220) stored on the client (105) satisfies the security policy (150);
  
  accessing (835) a local security policy (230);
  
  defining (845) at least one virtual information card (315) using the security policy (150) and the local security policy (230) that can satisfy the security policy (150);
  
  receiving (850) a selection of one of the at least one virtual information cards (315);
  
  generating (855) a security token (160) responsive to the selected virtual information card (315); and
  
  transmitting (830) the security token (160) to the relying party (130).
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
- - 16. A method according to claim 15, wherein determining (810, 815) that no information card (220) stored on the client (105) satisfies the security policy (150) includes determining (810, 815) that there is no information card (220) stored on the client (105).
  - 17. A method according to claim 16, wherein:
    - defining (845) at least one virtual information card (315) using the security policy (150) and the local security policy (230) that can satisfy the security policy (150) includes defining (845, 910) a virtual information card (315) including a list of claims (610) requested in the security policy (150); and
      
      generating (855) a security token (160) responsive to the selected virtual information card (315) includes requesting (915) a security token (160) from an identity provider (135) using the virtual information card (315).
  - 18. A method according to claim 15, wherein defining (845) at least one virtual information card (315) using the security policy (150) and the local security policy (230) that can satisfy the security policy (150) includes:
    - identifying (930) an information card (220) that nearly satisfies the security policy (150), the information card (220) including a first list of information that can be provided using the information card (220);
      
      identifying (935) a second list of information (620) requested in the security policy (150) not provided by the information card (220); and
      
      defining (845, 940) a virtual information card (315) including the first list of information and the second list of information.
  - 19. A method according to claim 18, wherein generating (855) a security token (160) responsive to the selected virtual information card (315) includes requesting (915) a security token (160) from an identity provider (135) using the selected virtual information card (315), the security token (160) to include at least one claim to be satisfied using the second list of information.
  - 20. A method according to claim 15, wherein:
    - accessing (835) a local security policy (230) includes accessing (1105) the local security policy (230), the local security policy (230) specifying a list (705) of acceptable identity providers (135); and
      
      defining (845) at least one virtual information card (315) using the security policy (150) and the local security policy (230) that can satisfy the security policy (150) includes defining (845) at least one virtual information card (315) to request a security token (160) from one of the list (705) of acceptable identity providers (135).
  - 21. A method according to claim 15, wherein:
    - accessing (835) a local security policy (230) includes accessing (1110) the local security policy (230), the local security policy (230) specifying a maximum number (710) of claims that can be missing from an information card (220); and
      
      defining (845) at least one virtual information card (315) using the security policy (150) and the local security policy (230) that can satisfy the security policy (150) includes defining (845) at least one virtual information card (315) based on an information card (220) that fails to satisfy at most the maximum number (710) of claims from the security policy (150).
  - 22. A method according to claim 15, wherein:
    - accessing (835) a local security policy (230) includes accessing (1115) the local security policy (230), the local security policy (230) specifying claims that should be included (715) in an information card (220); and
      
      defining (845) at least one virtual information card (315) using the security policy (150) and the local security policy (230) that can satisfy the security policy (150) includes defining (845) at least one virtual information card (315) based on an information card (220) that omits only claims not included in the local security policy (230).

23. An article, comprising a storage medium, said storage medium having stored thereon instructions that, when executed by a machine, result in:
- receiving (805) a security policy (150) from a relying party (130) at a client (105);
  
  determining (810, 815) that no information card (220) stored on the client (105) satisfies the security policy (150);
  
  accessing (835) a local security policy (230);
  
  defining (845) at least one virtual information card (315) using the security policy (150) and the local security policy (230) that can satisfy the security policy (150);
  
  receiving (850) a selection of one of the at least one virtual information cards (315);
  
  generating (855) a security token (160) responsive to the selected virtual information card (315); and
  
  transmitting (830) the security token (160) to the relying party (130).
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
- - 24. An article according to claim 23, wherein determining (810, 815) that no information card (220) stored on the client (105) satisfies the security policy (150) includes determining (810, 815) that there is no information card (220) stored on the client (105).
  - 25. An article according to claim 24, wherein:
    - defining (845) at least one virtual information card (315) using the security policy (150) and the local security policy (230) that can satisfy the security policy (150) includes defining (845, 910) a virtual information card (315) including a list of claims (610) requested in the security policy (150); and
      
      generating (855) a security token (160) responsive to the selected virtual information card (315) includes requesting (915) a security token (160) from an identity provider (135) using the virtual information card (315).
  - 26. An article according to claim 23, wherein defining (845) at least one virtual information card (315) using the security policy (150) and the local security policy (230) that can satisfy the security policy (150) includes:
    - identifying (930) an information card (220) that nearly satisfies the security policy (150), the information card (220) including a first list of information that can be provided using the information card (220);
      
      identifying (935) a second list of information (620) requested in the security policy (150) not provided by the information card (220); and
      
      defining (845, 940) a virtual information card (315) including the first list of information and the second list of information.
  - 27. An article according to claim 26, wherein generating (855) a security token (160) responsive to the selected virtual information card (315) includes requesting (915) a security token (160) from an identity provider (135) using the selected virtual information card (315), the security token (160) to include at least one claim to be satisfied using the second list of information.
  - 28. An article according to claim 23, wherein:
    - accessing (835) a local security policy (230) includes accessing (1105) the local security policy (230), the local security policy (230) specifying a list (705) of acceptable identity providers (135); and
      
      defining (845) at least one virtual information card (315) using the security policy (150) and the local security policy (230) that can satisfy the security policy (150) includes defining (845) at least one virtual information card (315) to request a security token (160) from one of the list (705) of acceptable identity providers (135).
  - 29. An article according to claim 23, wherein:
    - accessing (835) a local security policy (230) includes accessing (1110) the local security policy (230), the local security policy (230) specifying a maximum number (710) of claims that can be missing from an information card (220); and
      
      defining (845) at least one virtual information card (315) using the security policy (150) and the local security policy (230) that can satisfy the security policy (150) includes defining (845) at least one virtual information card (315) based on an information card (220) that fails to satisfy at most the maximum number (710) of claims from the security policy (150).
  - 30. An article according to claim 23, wherein:
    - accessing (835) a local security policy (230) includes accessing (1115) the local security policy (230), the local security policy (230) specifying claims that should be included (715) in an information card (220); and
      
      defining (845) at least one virtual information card (315) using the security policy (150) and the local security policy (230) that can satisfy the security policy (150) includes defining (845) at least one virtual information card (315) based on an information card (220) that omits only claims not included in the local security policy (230).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Doman, Tom, Buss, Duane, Hodgkinson, Andrew

Granted Patent

US 8,561,172 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 15/16   Combinations of two or more...

H04L 9/088   Usage controlling of secret...

H04L 9/3263   involving certificates, e.g...

SYSTEM AND METHOD FOR VIRTUAL INFORMATION CARDS

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR VIRTUAL INFORMATION CARDS

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links