System integrating an identity selector and user-portable device and method of use in a user-centric identity management system
First Claim
1. In an environment including a service provider environment, an identity provider environment, a host computing system, a user-portable user computing device comprising user identity information including a plurality of first user identities of a user, the user computing device configured to communicate with the host computing system, and a network connecting the host computing system to the service provider environment and the identity provider environment, a method, comprising:
- the host computing system initiating an interaction with the service provider environment;
the host computing system receiving from the service provider environment identity requirements for a user relating to the interaction;
the host computing system determining whether any user identity among at least one of the first user identities of the user satisfies the identity requirements;
the host computing system generating a token request with respect to a selective one of any user identity determined to satisfy the identity requirements;
the host computing system communicating the token request to the user computing device;
the user computing device issuing a security token according to the token request; and
the user computing device communicating the security token to the host computing system.
2 Assignments
0 Petitions
Accused Products
Abstract
A combination includes a user-portable computing device, and an identity selector adapted for interoperable use with the user device. The user computing device includes a security token service that issues security tokens in reference to a portfolio of user identities stored as information cards on the user device. The issuance of security tokens employs user attribute information that is stored onboard the user device. The identity selector exports the information cards from the user device and determines which user identity satisfies a security policy promulgated by a relying party as part of an authentication process within the context of an online interaction. The identity selector generates a token request based on one of the eligible user identities, and forwards the token request to the user device to invoke the token issuance operation. The identity selector presents the issued security token to the relying party to comply with the security policy.
-
Citations
20 Claims
-
1. In an environment including a service provider environment, an identity provider environment, a host computing system, a user-portable user computing device comprising user identity information including a plurality of first user identities of a user, the user computing device configured to communicate with the host computing system, and a network connecting the host computing system to the service provider environment and the identity provider environment, a method, comprising:
-
the host computing system initiating an interaction with the service provider environment; the host computing system receiving from the service provider environment identity requirements for a user relating to the interaction; the host computing system determining whether any user identity among at least one of the first user identities of the user satisfies the identity requirements; the host computing system generating a token request with respect to a selective one of any user identity determined to satisfy the identity requirements; the host computing system communicating the token request to the user computing device; the user computing device issuing a security token according to the token request; and the user computing device communicating the security token to the host computing system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. In an environment comprising a service provider environment including at least one identity provider and at least one relying party, a system, comprising:
-
a user-portable user computing device; the user computing device comprising; a storage including a plurality of first user identities for a user, a storage including at least one user attribute, and the user computing device programmed to receive a token request in reference to a first user identity and for generating a security token in accordance with the token request, using the at least one user attribute; the system further comprising; an identity manager system configured to facilitate interactions between a user and the service provider environment by managing identity requirements of the interactions; the identity manager system comprises; an agent module programmed to manage communications between the identity manager system and the user computing device, and the agent module programmed further to generate a token request; and means for enabling communications between the identity manager system and the service provider environment. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. In an environment comprising a service provider environment, a user-portable user computing device comprising user identity information including a plurality of first user identities, the user computing device further comprising a means for issuing a security token relative to any of the first user identities in response to a token request referencing one of the first user identities, a non-transitory computer-readable medium having computer-executable instructions for execution by a processor, that, when executed, cause the processor to:
-
initiate an interaction with the service provider environment; receive from the service provider environment identity requirements relating to the interaction; determine whether any user identity among at least one of the first user identities of a user satisfies the identity requirements; generate a token request with respect to one of any user identity of the user determined to satisfy the identity requirements; direct the token request to the user computing device; and receive from the user computing device the security token issued according to the token request. - View Dependent Claims (18, 19, 20)
-
Specification