Shared credential store
First Claim
1. A method of providing a personal credential store for a networked computer system user, comprising:
- accepting a plurality of search tags, through an application programming interface, wherein each of said plurality of search tags indicates a corresponding one of a plurality of application programs and a type of request to be performed with an obtained credential by said corresponding one of said plurality of application programs;
searching a plurality of physical credential stores responsive to a received one of said plurality of search tags to obtain at least one credential from said plurality of physical credential stores, wherein said obtained credential meets requirements of one of said application programs indicated by said received one of said plurality of search tags to perform said type of request indicated by said received one of said plurality of search tags;
wherein said one of said application programs indicated by said received one of said plurality of search tags is an electronic mail program;
wherein said type of request to be performed indicated by said received one of said plurality of search tags is verification of an incoming electronic mail message;
wherein said received one of said plurality of search tags has a value comprising an electronic mail address of a sender of said incoming electronic mail message; and
wherein said verification of said incoming electronic mail message includes directly searching, responsive to said received one of said plurality of search tags having said value comprising said electronic mail address of said sender of said incoming electronic mail message, for a digital certificate of said sender of said incoming electronic mail message.
2 Assignments
0 Petitions
Accused Products
Abstract
A personal credential store that aggregates a number of physical credential stores beneath an application programming interface (API) and offers tag-based credential look-up. The API of the disclosed system runs on the user'"'"'s client system, and effectively hides the underlying credential store types from applications using it. The tags used to look up credentials through the API may advantageously include or consist of unique identifiers indicating the functional purpose of the desired credential. The types of physical credential store aggregated together under the disclosed API may include a local credential store, a network-resident private credential store that may be shared across multiple client systems operated by a single user, and a network-resident shareable credential store, that may be used by processes acting on behalf of the user, and/or shared by multiple users.
12 Citations
26 Claims
-
1. A method of providing a personal credential store for a networked computer system user, comprising:
-
accepting a plurality of search tags, through an application programming interface, wherein each of said plurality of search tags indicates a corresponding one of a plurality of application programs and a type of request to be performed with an obtained credential by said corresponding one of said plurality of application programs; searching a plurality of physical credential stores responsive to a received one of said plurality of search tags to obtain at least one credential from said plurality of physical credential stores, wherein said obtained credential meets requirements of one of said application programs indicated by said received one of said plurality of search tags to perform said type of request indicated by said received one of said plurality of search tags; wherein said one of said application programs indicated by said received one of said plurality of search tags is an electronic mail program; wherein said type of request to be performed indicated by said received one of said plurality of search tags is verification of an incoming electronic mail message; wherein said received one of said plurality of search tags has a value comprising an electronic mail address of a sender of said incoming electronic mail message; and wherein said verification of said incoming electronic mail message includes directly searching, responsive to said received one of said plurality of search tags having said value comprising said electronic mail address of said sender of said incoming electronic mail message, for a digital certificate of said sender of said incoming electronic mail message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method of providing a personal credential store for a networked computer system user, comprising:
-
accepting a plurality of search tags, through an application programming interface, wherein each of said plurality of search tags indicates a corresponding one of a plurality of application programs and a type of request to be performed with an obtained credential by said corresponding one of said plurality of application programs; searching a plurality of physical credential stores responsive to a received one of said plurality of search tags to obtain at least one credential from said plurality of physical credential stores, wherein said obtained credential meets requirements of one of said application programs indicated by said received one of said plurality of search tags to perform said type of request indicated by said received one of said plurality of search tags; wherein said received one of said plurality of search tags indicates a domain name; wherein said one of said application programs indicated by said received one of said plurality of search tags is associated with said domain name; wherein said type of request to be performed indicated by said received one of said plurality of search tags is a HyperText Transfer Protocol (HTTP) request; and wherein said received one of said plurality of search tags indicates that said HTTP request requires said at least one obtained credential; wherein said plurality of physical credential stores comprises a local credential store for storing local credentials, wherein said local credential store is located on a first client computer system associated with said user, and wherein said local credential store is not accessible to systems other than said first client computer system; and wherein said plurality of physical credential stores further comprises at least one network resident private credential store that is shared only across a plurality of client computer systems associated with said user, wherein said plurality of client computer systems includes said first client computer system, and wherein said at least one network resident private credential store is stored on at least one remote server computer system.
-
-
19. A computer-implemented method of providing a personal credential store for a networked computer system user, comprising:
-
generating, by at least one computer system, an application programming interface to a plurality of physical credential stores, said plurality of physical credential stores including a private credential store accessible only to said user, and a network-resident shareable credential store accessible to at least one process acting on behalf of said user that does not know said user'"'"'s password; wherein a keypair credential associated with said user is stored in said private credential store, said keypair credential including a public key and a private key; wherein a digital certificate associated with said user is stored in said network resident shareable credential store, said digital certificate issued by a certificate authority and containing said public key; wherein said keypair credential stored in said private credential store and said digital certificate stored in said network resident shareable credential store are both accessible through said application programming interface responsive to a single predetermined search tag and a predetermined value; and wherein said predetermined value comprises a cryptographic hash of said public key. - View Dependent Claims (20, 21)
-
-
22. A system, comprising:
-
at least one processor and a non-signal computer readable storage medium, said computer readable storage medium having program code stored thereon for providing a personal credential store for a networked computer system user, said program code comprising program code for generating an application programming interface to a plurality of physical credential stores, said plurality of physical credential stores including a private credential store accessible only to said user, and a network-resident shareable credential store accessible to at least one process acting on behalf of said user that does not know said user'"'"'s password; wherein a keypair credential associated with said user is stored in said private credential store, said keypair credential including a public key and a private key; wherein a digital certificate associated with said user is stored in said network resident shareable credential store, said digital certificate issued by a certificate authority and containing said public key; wherein said keypair credential stored in said private credential store and said digital certificate stored in said network resident shareable credential store are both accessible through said application programming interface responsive to a single predetermined search tag and a predetermined value; and wherein said predetermined value comprises a cryptographic hash of said public key. - View Dependent Claims (23, 24, 25)
-
-
26. A computer program product, comprising:
-
at least one non-signal computer readable storage medium, said computer readable storage medium having program code stored thereon for providing a personal credential store for a networked computer system user, said program code comprising program code for generating an application programming interface to a plurality of physical credential stores, said plurality of physical credential stores including a private credential store accessible only to said user, and a network-resident shareable credential store accessible to at least one process acting on behalf of said user that does not know said user'"'"'s password; wherein a keypair credential associated with said user is stored in said private credential store, said keypair credential including a public key and a private key; wherein a digital certificate associated with said user is stored in said network resident shareable credential store, said digital certificate issued by a certificate authority and containing said public key; wherein said keypair credential stored in said private credential store and said digital certificate stored in said network resident shareable credential store are both accessible through said application programming interface responsive to a single predetermined search tag and a predetermined value; and wherein said predetermined value comprises a cryptographic hash of said public key.
-
Specification