System and method for implementing an extended authentication and authorization credential store
First Claim
1. A method for using a first computer to access a shared session opened by a second computer over a network, the first computer having a communications circuit and configured to perform the steps of:
- presenting a transaction request to the second computer;
receiving a credential request from the second computer over the network;
matching the credential request to a credential from a set of available credentials controlled by the first computer, the credential comprising a consumer-side information;
storing information relating to the set of available credentials;
automatically evaluating an authorization of the second computer to receive the credential;
retrieving a credential identifier from a credential store when the authorization is validated; and
returning a credential response over the network to the second computer, wherein;
the credential response is created using the credential identifier,the credential is drawn from a set including an authentication credential and an authorization credential,the credential response is used by the second computer to authenticate or authorize the first computer, andthe credential response is selected from a group that includes the credential, a modified credential, an error, a credential sent in an HTTP post, a credential sent as a message-oriented protocol, and a credential wrapped in a protocol envelope.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method for consumer-side authorization and authentication is disclosed. In one embodiment, the method comprises receiving a request for a credential from a business-side party, matching the credential request to a set of available credentials, the available credentials comprising consumer-side information. The credential is retrieved from a credential store, and the authorization of the business-side party to receive the credential is evaluated before returning a response. In another embodiment, the system comprises a receiver module adapted to receive credential requests from business-side parties. The credential request is passed to a selection and matching module for matching against consumer-side credentials. The credential is retrieved from a storage and retrieval module, but is not passed until an authorization module allows a sender module to return a credential response to the business-side party.
19 Citations
16 Claims
-
1. A method for using a first computer to access a shared session opened by a second computer over a network, the first computer having a communications circuit and configured to perform the steps of:
-
presenting a transaction request to the second computer; receiving a credential request from the second computer over the network; matching the credential request to a credential from a set of available credentials controlled by the first computer, the credential comprising a consumer-side information; storing information relating to the set of available credentials; automatically evaluating an authorization of the second computer to receive the credential; retrieving a credential identifier from a credential store when the authorization is validated; and returning a credential response over the network to the second computer, wherein; the credential response is created using the credential identifier, the credential is drawn from a set including an authentication credential and an authorization credential, the credential response is used by the second computer to authenticate or authorize the first computer, and the credential response is selected from a group that includes the credential, a modified credential, an error, a credential sent in an HTTP post, a credential sent as a message-oriented protocol, and a credential wrapped in a protocol envelope. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory computer-readable storage medium configured to store instructions that, when executed by a first computer, cause the first computer to:
-
access a shared session established over a network by a second computer; present a transaction request to the second computer; receive a credential request from the second computer over the network; match the credential request to a credential of a set of available credentials controlled by the first computer, wherein the available credentials comprise consumer-side information; store information relating to the set of available credentials; automatically evaluate an authorization of the second computer to receive the credential; retrieve the credential from a credential store when the authorization is validated; and return a credential response over the network to the second computer, wherein; the credential response is created using a credential identifier, the credential is drawn from a set including an authentication credential and an authorization credential, the credential response is used by the second computer to authenticate or authorize the first computer, and the credential response is selected from a group that includes the credential, a modified credential, an error, a credential sent in an HTTP post, a credential sent as a message-oriented protocol, and a credential wrapped in a protocol envelope. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system for using a first computer that includes a processor and a storage medium to access a shared session that is established by a second computer, the system comprising:
-
a receiver associated with the first computer to receive a credential request from the second computer over a network; a communications circuit under control of the first computer configured to access a shared session established by a second computer and configured to present a transaction request to the second computer; a selection and matching program adapted to match a credential from a set of available credentials to the credential request, wherein the set of available credentials comprise consumer-side information, and the set of available credentials and the selection and matching program are controlled by the first computer; a credential circuit in the processor, wherein the credential circuit uses the storage medium to store information relating to the set of available credentials; an authorization circuit in the processor for evaluating an authorization of the second computer to receive the credential; and a sender circuit in the processor adapted to send a credential response to the second computer over the network, wherein; the credential response is created with a credential identifier, the credential is drawn from a set including an authentication credential and an authorization credential, the second computer uses the credential response to authenticate or authorize the first computer, and the credential response is selected from a group consisting of the credential, a modified credential, an error, a credential sent in an HTTP post, a credential sent as a message-oriented protocol, and a credential wrapped in a protocol envelope. - View Dependent Claims (14, 15, 16)
-
Specification