Policy-based auditing of identity credential disclosure by a secure token service
First Claim
Patent Images
1. An apparatus, comprising:
- a machine (135) operative as an identity provider;
a receiver (705) to receive a request for a security token (160), said request for said security token (160) including a security policy (150) and identifying at least one datum (715, 720) to be included in said security token (160);
a transmitter (710) to transmit said security token (160) responsive to said request, said security token (160) responsive to said security policy (150);
at least one audit policy (725) associated with said datum (715, 720) including a trigger (730) based on said security token (160) and an audit action (735); and
an audit operator (740) operative to perform said audit action (735) if said trigger (730) occurs.
8 Assignments
0 Petitions
Accused Products
Abstract
A user defines an audit policy. The audit policy identifies one or more triggers that, when related information is included in a security token, trigger the performance of the audit. The audit can include notifying the user in some manner that the trigger occurred. The audit can require in-line confirmation of the audit, so that the security token is not transmitted until the user confirms the audit.
-
Citations
24 Claims
-
1. An apparatus, comprising:
-
a machine (135) operative as an identity provider; a receiver (705) to receive a request for a security token (160), said request for said security token (160) including a security policy (150) and identifying at least one datum (715, 720) to be included in said security token (160); a transmitter (710) to transmit said security token (160) responsive to said request, said security token (160) responsive to said security policy (150); at least one audit policy (725) associated with said datum (715, 720) including a trigger (730) based on said security token (160) and an audit action (735); and an audit operator (740) operative to perform said audit action (735) if said trigger (730) occurs. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for triggering an audit, comprising:
-
receiving (1410) at an identity provider (135) a request for a security token (160), the request including a security policy (150) and identifying at least one datum (715, 720); accessing (1415) an audit policy (710) associated with the datum (715, 720); identifying (1420) a trigger (730) associated with the security token (160); performing (1425) an audit action (735) responsive to the identified trigger (730); and transmitting (1450) from the identity provider (135) the security token (160) responsive to the received security policy (150). - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An article, comprising a non-transitory storage medium, said non-transitory storage medium having stored thereon instructions that, when executed by a machine, result in:
-
receiving (1410) a request for a security token (160), the request including a security policy (150) and identifying at least one datum (715, 720); accessing (1415) an audit policy (710) associated with the datum (715, 720); identifying (1420) a trigger (730) associated with the security token (160); performing (1425) an audit action (735) responsive to the identified trigger (730); and transmitting (1450) the security token (160) responsive to the received security policy (150). - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification