Remotable information cards
First Claim
Patent Images
1. A system, comprising:
- an untrusted client, wherein the untrusted client is a machine whose security cannot be trusted;
an identity provider operative to receive a selection of an information card from a user of the untrusted client and to issue a security token generated using the selected information card;
a relying party to authenticate said user of the untrusted client using said security token and to allow access to a resource on the relying party; and
an accessor function to interface between the untrusted client and the relying party, where the accessor function is operative to invoke a card selector on the untrusted client on behalf of the relying party and the accessor function is on a separate machine from the untrusted client, the identity provider, and the relying party.
7 Assignments
0 Petitions
Accused Products
Abstract
An accessor function interfaces among a client, a relying party, and an identity provider. The identity provider can “manage” personal (i.e., self-asserted) information cards on behalf of a user, making the personal information cards available on clients on which the personal information cards are not installed. The client can be an untrusted client, vulnerable to attacks such as key logging, screen capture, and memory interrogation. The accessor function can also asked as a proxy for the relying party in terms of invoking and using the information cards system, for use with legacy relying parties.
167 Citations
22 Claims
-
1. A system, comprising:
-
an untrusted client, wherein the untrusted client is a machine whose security cannot be trusted; an identity provider operative to receive a selection of an information card from a user of the untrusted client and to issue a security token generated using the selected information card; a relying party to authenticate said user of the untrusted client using said security token and to allow access to a resource on the relying party; and an accessor function to interface between the untrusted client and the relying party, where the accessor function is operative to invoke a card selector on the untrusted client on behalf of the relying party and the accessor function is on a separate machine from the untrusted client, the identity provider, and the relying party. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method, comprising:
-
requesting access to a resource of a relying party from an untrusted client; receiving a request on the untrusted client to invoke a card selector from an accessor function, wherein the accessor function interfaces between the untrusted client and the relying party, and the accessor function is on a separate machine from the untrusted client, an identity provider, and the relying party; invoking the card selector on the untrusted client by the accessor function; authenticating a user of the untrusted client at the identity provider; transmitting from the untrusted client to the identity provider a selection of an information card from the user of the untrusted client via the card selector; receiving at the untrusted client a security token from the identity provider, the security token generated from the selected information card; transmitting the security token from the untrusted client to the relying party via the accessor function; and gaining access to the resource of the relying party by the untrusted client after authentication of the user by the relying party using the security token. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification