System and method for validating requests in an identity metasystem
First Claim
1. A method for validating the authenticity of a request for access on behalf of a user sent from an edge system as a computer comprising a central processing unit device and a random access memory device to a relying party server as a software component of a server computer connected via a network to said computer in an identity metasystem, said method comprising(a) storing an identifier of said edge system in an activity database,(b) generating at an identity provider a set of claims regarding said user and said edge system for use by said relying party server,(c) transferring said claims and said identifier of said edge system from said edge system to said relying party server via said network,(d) authorizing said end user and said edge system to perform said request at said relying party server based on said set of claims,(e) storing a record comprising said claims and said identifier in a relying party queue,(f) transferring at a later time said record from said relying party queue to a tracing service,(g) transferring said record from said tracing service to said identity provider,(h) transferring said identifier from said record from said identity provider to an activity requestor acting on behalf of said user,(i) retrieving a historic identifier of said edge system as of the time of said request from said activity database,(j) comparing said identifier from said record with said historic identifier, and(k) notifying said user if said identifier from said record and said historic identifier are different.
1 Assignment
0 Petitions
Accused Products
Abstract
An information processing system in a computer network comprising an edge system, an identity provider, a relying party and a tracing service, in which the tracing service relays a queue of information of authorized user activity from a relying party to an identity provider, which then can provide that activity information to the user.
-
Citations
7 Claims
-
1. A method for validating the authenticity of a request for access on behalf of a user sent from an edge system as a computer comprising a central processing unit device and a random access memory device to a relying party server as a software component of a server computer connected via a network to said computer in an identity metasystem, said method comprising
(a) storing an identifier of said edge system in an activity database, (b) generating at an identity provider a set of claims regarding said user and said edge system for use by said relying party server, (c) transferring said claims and said identifier of said edge system from said edge system to said relying party server via said network, (d) authorizing said end user and said edge system to perform said request at said relying party server based on said set of claims, (e) storing a record comprising said claims and said identifier in a relying party queue, (f) transferring at a later time said record from said relying party queue to a tracing service, (g) transferring said record from said tracing service to said identity provider, (h) transferring said identifier from said record from said identity provider to an activity requestor acting on behalf of said user, (i) retrieving a historic identifier of said edge system as of the time of said request from said activity database, (j) comparing said identifier from said record with said historic identifier, and (k) notifying said user if said identifier from said record and said historic identifier are different.
-
7. A computer program product comprising a non-transitory computer readable or usable medium with software for validating the authenticity of a request for access on behalf of a user sent from an edge system to a relying party server in an identity metasystem, said computer program product comprising
(a) instructions for storing an identifier of said edge system in an activity database, (b) instructions for generating at an identity provider a set of claims regarding said user and said edge system for use by said relying party server, (c) instructions for transferring said claims and said identifier of said edge system from said edge system to said relying party server, (d) instructions for authorizing said end user and said edge system to perform said request at said relying party server based on said set of claims, (e) instructions for storing a record comprising said authorization, said claims and said identifier in a relying party queue, (f) instructions for transferring at a later time said record from said relying party queue to a tracing service, (g) instructions for transferring said record from said tracing service to said identity provider, (h) instructions for transferring said record from said identity provider to an activity requester on behalf of said user, (i) instructions for retrieving a historic identifier of said edge system at the time of said request from said activity database, (j) instructions for comparing said identifier from said record with said historic identifier, and (k) instructions for notifying said user if said identifier from said record and said historic identifier are different.
Specification