System and method for implementing an extended authentication and authorization credential store

US 8,707,400 B2
Filed: 01/22/2007
Issued: 04/22/2014
Est. Priority Date: 01/22/2007
Status: Active Grant

First Claim

Patent Images

1. A method for using a first computer to access a shared session opened by a second computer over a network, the first computer having a communications circuit and configured to perform the steps of:

presenting a transaction request to the second computer;

receiving a credential request from the second computer over the network;

matching the credential request to a credential from a set of available credentials controlled by the first computer, the credential comprising a consumer-side information;

storing information relating to the set of available credentials;

automatically evaluating an authorization of the second computer to receive the credential;

retrieving a credential identifier from a credential store when the authorization is validated; and

returning a credential response over the network to the second computer, wherein;

the credential response is created using the credential identifier,the credential is drawn from a set including an authentication credential and an authorization credential,the credential response is used by the second computer to authenticate or authorize the first computer, andthe credential response is selected from a group that includes the credential, a modified credential, an error, a credential sent in an HTTP post, a credential sent as a message-oriented protocol, and a credential wrapped in a protocol envelope.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for consumer-side authorization and authentication is disclosed. In one embodiment, the method comprises receiving a request for a credential from a business-side party, matching the credential request to a set of available credentials, the available credentials comprising consumer-side information. The credential is retrieved from a credential store, and the authorization of the business-side party to receive the credential is evaluated before returning a response. In another embodiment, the system comprises a receiver module adapted to receive credential requests from business-side parties. The credential request is passed to a selection and matching module for matching against consumer-side credentials. The credential is retrieved from a storage and retrieval module, but is not passed until an authorization module allows a sender module to return a credential response to the business-side party.

19 Citations

View as Search Results

16 Claims

1. A method for using a first computer to access a shared session opened by a second computer over a network, the first computer having a communications circuit and configured to perform the steps of:
- presenting a transaction request to the second computer;
  
  receiving a credential request from the second computer over the network;
  
  matching the credential request to a credential from a set of available credentials controlled by the first computer, the credential comprising a consumer-side information;
  
  storing information relating to the set of available credentials;
  
  automatically evaluating an authorization of the second computer to receive the credential;
  
  retrieving a credential identifier from a credential store when the authorization is validated; and
  
  returning a credential response over the network to the second computer, wherein;
  
  the credential response is created using the credential identifier,the credential is drawn from a set including an authentication credential and an authorization credential,the credential response is used by the second computer to authenticate or authorize the first computer, andthe credential response is selected from a group that includes the credential, a modified credential, an error, a credential sent in an HTTP post, a credential sent as a message-oriented protocol, and a credential wrapped in a protocol envelope.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein automatically evaluating the authorization of the second computer comprises at least one of the group consisting of:
    - analyzing information provided by the second computer, retrieving information from a third computer, and evaluating the information from the third computer.
  - 3. The method of claim 2, wherein the information from the third computer comprises reputation information.
  - 4. The method of claim 1, wherein the first computer is further configured to authenticate the second computer.
  - 5. The method of claim 1, wherein the first computer is further configured to execute a scripted action based upon a result of evaluating the authorization of the second computer.
  - 6. The method of claim 1, wherein the first computer is further configured to perform a step that includes storing at the first computer the set of available credentials, the set available credentials comprising consumer-side information.

7. A non-transitory computer-readable storage medium configured to store instructions that, when executed by a first computer, cause the first computer to:
- access a shared session established over a network by a second computer;
  
  present a transaction request to the second computer;
  
  receive a credential request from the second computer over the network;
  
  match the credential request to a credential of a set of available credentials controlled by the first computer, wherein the available credentials comprise consumer-side information;
  
  store information relating to the set of available credentials;
  
  automatically evaluate an authorization of the second computer to receive the credential;
  
  retrieve the credential from a credential store when the authorization is validated; and
  
  return a credential response over the network to the second computer, wherein;
  
  the credential response is created using a credential identifier,the credential is drawn from a set including an authentication credential and an authorization credential,the credential response is used by the second computer to authenticate or authorize the first computer, andthe credential response is selected from a group that includes the credential, a modified credential, an error, a credential sent in an HTTP post, a credential sent as a message-oriented protocol, and a credential wrapped in a protocol envelope.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The non-tranistory computer-readable storage medium of claim 7, wherein evaluating the authorization of the second computer comprises at least one of the group consisting of:
    - analyzing information provided by the second computer, retrieving information from a third computer, and evaluating the information from the third computer.
  - 9. The non-transitory computer-readable storage medium of claim 8, wherein the information from the third computer comprises reputation information.
  - 10. The non-transitory computer-readable storage medium of claim 7, further storing instructions that, when executed by the first computer, cause the first computer to authenticate the second computer to the first computer using one of a password, passphrase, certificate, and key.
  - 11. The non-transitory computer-readable storage medium of claim 7, further storing instructions that, when executed by the first computer, cause the first computer to execute a scripted action based upon a result of evaluating the authorization of the second computer.
  - 12. The non-transitory computer-readable storage medium of claim 7, further storing instructions that, when executed by the first computer, cause the first computer to store the set of available credentials at the first computer.

13. A system for using a first computer that includes a processor and a storage medium to access a shared session that is established by a second computer, the system comprising:
- a receiver associated with the first computer to receive a credential request from the second computer over a network;
  
  a communications circuit under control of the first computer configured to access a shared session established by a second computer and configured to present a transaction request to the second computer;
  
  a selection and matching program adapted to match a credential from a set of available credentials to the credential request, wherein the set of available credentials comprise consumer-side information, and the set of available credentials and the selection and matching program are controlled by the first computer;
  
  a credential circuit in the processor, wherein the credential circuit uses the storage medium to store information relating to the set of available credentials;
  
  an authorization circuit in the processor for evaluating an authorization of the second computer to receive the credential; and
  
  a sender circuit in the processor adapted to send a credential response to the second computer over the network, wherein;
  
  the credential response is created with a credential identifier,the credential is drawn from a set including an authentication credential and an authorization credential,the second computer uses the credential response to authenticate or authorize the first computer, andthe credential response is selected from a group consisting of the credential, a modified credential, an error, a credential sent in an HTTP post, a credential sent as a message-oriented protocol, and a credential wrapped in a protocol envelope.
- View Dependent Claims (14, 15, 16)
- - 14. The system of claim 13, further comprising an information-gathering circuit under control of the first computer and configured to gather information from a third computer.
  - 15. The system of claim 13, further comprising an authentication circuit under control of the first computer.
  - 16. The system of claim 13, further comprising a script program that can be executed based upon a result produced by the authorization circuit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Buss, Duane
Primary Examiner(s)
HOLDER, BRADLEY W

Application Number

US11/625,663
Publication Number

US 20080178270A1
Time in Patent Office

2,647 Days
Field of Search

726/5, 726/6, 726/7, 726/18, 726/19
US Class Current

726/5
CPC Class Codes

G06F 21/31   User authentication

G06F 21/41   where a single sign-on prov...

G06F 21/445   by mutual authentication, e...

G06F 2221/2119   Authenticating web pages, e...

G06Q 20/4014   Identity check for transact...

H04L 63/083   using passwords cryptograph...

H04L 63/166   at the transport layer

System and method for implementing an extended authentication and authorization credential store

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for implementing an extended authentication and authorization credential store

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links