Secure portable store for security skins and authentication information

US 8,353,016 B1
Filed: 02/29/2008
Issued: 01/08/2013
Est. Priority Date: 02/29/2008
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

one or more processors;

a memory coupled to one or more processors, wherein the memory stores program instructions executable by the one or more processors to implement a security component associated with an network-enabled application, wherein said security component is configured to;

access a secure store comprising;

customization information comprising one or more graphical user interface customizations; and

one or more instances of card information, wherein each instance of card information specifies how to authenticate a user to access a relying party;

initiate the display of an embedded region in an area within a content page drawn by the network-enabled application, wherein the content page is drawn according to display information received from the relying party, wherein the display of the embedded region is integral to the content page drawn by the network-enabled application, wherein at least a part of the appearance of the embedded region of the content page is defined according to said customization information and not by the relying party, wherein the embedded region provides a user interface for determining user authentication credentials;

wherein the customization information and the one or more instances of card information are not accessible to the relying party in the secure store.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security component may be associated with a network-enabled application. The security component may access a secure store, which may include customization information, which may include one or more graphical user interface customizations defined by a user, and one or more instances of card information. The card information may specify how to authenticate a user'"'"'s credentials to access a relying party (e.g., web site). The security component may initiate the display of an embedded region of a window drawn by the network-enabled application. At least a part of the appearance of the embedded region of the window may be defined according to the customization information and not by the relying party. The embedded region may provide a user interface for determining user authentication credentials. The customization information and the one or more instances of card information may not be accessible to the relying party.

142 Citations

View as Search Results

31 Claims

1. A system, comprising:
- one or more processors;
  
  a memory coupled to one or more processors, wherein the memory stores program instructions executable by the one or more processors to implement a security component associated with an network-enabled application, wherein said security component is configured to;
  
  access a secure store comprising;
  
  customization information comprising one or more graphical user interface customizations; and
  
  one or more instances of card information, wherein each instance of card information specifies how to authenticate a user to access a relying party;
  
  initiate the display of an embedded region in an area within a content page drawn by the network-enabled application, wherein the content page is drawn according to display information received from the relying party, wherein the display of the embedded region is integral to the content page drawn by the network-enabled application, wherein at least a part of the appearance of the embedded region of the content page is defined according to said customization information and not by the relying party, wherein the embedded region provides a user interface for determining user authentication credentials;
  
  wherein the customization information and the one or more instances of card information are not accessible to the relying party in the secure store.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system as recited in claim 1, wherein the display information from the relying party indicates the area within the content page where the embedded region is to be drawn.
  - 3. The system as recited in claim 1, wherein said security component is further configured to either access the secure store on a server via a secure network connection or access the secure store locally on the system where the security component resides.
  - 4. The system as recited in claim 1, wherein said security component is further configured to access the secure store on a portable device.
  - 5. The system as recited in claim 1, wherein said security component is further configured to export and import the secure store.
  - 6. The system as recited in claim 1, wherein said component is further configured to digitally sign the secure store.
  - 7. The system as recited in claim 1, wherein the customization information and the one or more instances of card information are encrypted in the secure store, and wherein said security component is further configured to decrypt the customization information and the one or more instances of card information.
  - 8. The system as recited in claim 1, wherein the relying party and the assertion provider are controlled by the same entity.
  - 9. The system as recited in claim 1, wherein the customization information specifies a customized appearance of at least part of said user interface including one or more customized image, background color, border width, border color or text.
  - 10. The system as recited in claim 9, wherein the security component is configured to apply the customization information to said user interface consistently for different relying parties.
  - 11. The system as recited in claim 1, wherein the security component is configured to select one or more of the instances of card information for display within said user interface according to filter information received from the relying party.
  - 12. The system as recited in claim 1, wherein the security component is configured to provide an interface to allow the user to specify the customization information.

13. A method, comprising:
- storing customization information in a secure store, wherein the customization information comprises one or more graphical user interface customizations for an embedded region in an area within a content page drawn by a network-enabled application, wherein the content page is drawn according to display information received from the relying party, wherein the display of the embedded region is integral to the content page drawn by the network-enabled application, wherein at least a part of the appearance of the embedded region of the content page is defined according to said customization information and not by the relying party, wherein the embedded region provides a user interface for determining user authentication credentials; and
  
  storing one or more instances of card information in the secure store, wherein each instance of card information specifies how to authenticate a user to access a relying party;
  
  providing secure access to the customization information and one or more instances of card information in the secure store such that the customization information and one or more instances of card information in the secure store are accessible to a client-side security component and are not accessible to the relying party, wherein the client-side security component initiates display of said embedded region according to the customization region and accesses the one or more of the instances of card information for authenticating the user.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The method as recited in claim 13, further comprising storing the secure store locally on a system where the client-side security component resides.
  - 15. The method as recited in claim 13, further comprising storing the secure store on a server remote to a system where the client-side security component resides.
  - 16. The method as recited in claim 15, wherein said providing secure access comprises providing a secure network connection for the client-side security component to access the secure store.
  - 17. The method as recited in claim 13, further comprising storing the secure store on a portable storage device.
  - 18. The method as recited in claim 15, wherein said providing secure access comprises encrypting the customization information and the one or more instances of card information in the secure store.
  - 19. The system as recited in claim 13, wherein the customization information specifies a customized appearance of at least part of said user interface including one or more customized image, background color, border width, border color or text.

20. A non-transitory computer-readable storage medium storing program instructions computer-executable to implement a security component associated with an network-enabled application, wherein said security component is configured to:
- access a secure store comprising;
  
  customization information comprising one or more graphical user interface customizations; and
  
  one or more instances of card information, wherein each instance of card information specifies how to authenticate a user to access a relying party;
  
  initiate the display of an embedded region in an area within a content page drawn by the network-enabled application, wherein the content page is drawn according to display information received from the relying party, wherein the display of the embedded region is integral to the content page drawn by the network-enabled application, wherein at least a part of the appearance of the embedded region of the content page is defined according to said customization information and not by the relying party, wherein the embedded region provides a user interface for determining user authentication credentials;
  
  wherein the customization information and the one or more instances of card information are not accessible to the relying party in the secure store.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 21. The non-transitory computer-readable storage medium as recited in claim 20, wherein said security component is further configured to access the secure store locally on the system where the security component resides.
  - 22. The non-transitory computer-readable storage medium as recited in claim 20, wherein said security component is further configured to access the secure store on a server via a secure network connection.
  - 23. The non-transitory computer-readable storage medium as recited in claim 20, wherein said security component is further configured to access the secure store on a portable device.
  - 24. The non-transitory computer-readable storage medium as recited in claim 20, wherein said security component is further configured to export and import the secure store.
  - 25. The non-transitory computer-readable storage medium as recited in claim 20, wherein said component is further configured to digitally sign the secure store.
  - 26. The non-transitory computer-readable storage medium as recited in claim 20, wherein the customization information and the one or more instances of card information are encrypted in the secure store, and wherein said security component is further configured to decrypt the customization information and the one or more instances of card information.
  - 27. The non-transitory computer-readable storage medium as recited in claim 20, wherein the relying party and the assertion provider are controlled by the same entity.
  - 28. The non-transitory computer-readable storage medium as recited in claim 20, wherein the customization information specifies a customized appearance of at least part of said user interface including one or more customized image, background color, border width, border color or text.
  - 29. The non-transitory computer-readable storage medium as recited in claim 28, wherein the security component is configured to apply the customization information to said user interface consistently for different relying parties.
  - 30. The non-transitory computer-readable storage medium as recited in claim 20, wherein the security component is configured to select one or more of the instances of card information for display within said user interface according to filter information received from the relying party.
  - 31. The non-transitory computer-readable storage medium as recited in claim 20, wherein the security component is configured to provide an interface to allow the user to specify the customization information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Pravetz, James D., Steele, Joseph D., Agrawal, Sunil
Primary Examiner(s)
Vu, Kim
Assistant Examiner(s)
GYORFI, THOMAS A

Application Number

US12/040,333
Time in Patent Office

1,775 Days
Field of Search

726/5, 726/4, 715/749
US Class Current

726/5
CPC Class Codes

G06F 21/36   by graphic or iconic repres...

H04L 63/08   for authentication of entit...

H04L 63/1483   service impersonation, e.g....

H04L 63/205   involving negotiation or de...

Secure portable store for security skins and authentication information

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

142 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Secure portable store for security skins and authentication information

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

142 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links