User-portable device and method of use in a user-centric identity management system
First Claim
1. A system, comprising:
- a user-portable user computing device including;
a storage comprising a plurality of first user identities,a storage comprising at least one user attribute, anda security token generator operatively coupled to the user attribute storage, wherein the security token generator;
receives a token request in reference to a first user identity of the first user identities from an identity management module executing on a host computing system, the receipt of the token request responsive to a security policy from a relying party,determines that the first user identity satisfies the security policy from among the plurality of first user identities,generates a security token in accordance with the token request, using the at least one user attribute,exports at least one of the plurality of user identities,receives the token request relative to one of the exported identities, andissues the security token based on the token request, using user attribute information associated with the user identities,wherein the security token generator retrieves a set of user attributes to support claim assertions of the security token, and wherein the set is associated with a first information card included in a plurality of selectable information cards containing at least the security token and indicative of the first user identity.
3 Assignments
0 Petitions
Accused Products
Abstract
A user-portable computing device configured as a smart card enables a user to carry identification information and to generate security tokens for use in authenticating the user to a service provider. The device includes memory for storing user identities as information cards that are exported to a host computer, presented to a user in visual form, and then selected for use in the authentication process. A security token service installed on the device issues a security token in response to a token request sent from the host computer that references the selected user identity. The security token service uses user attribute information stored on the user device to compose the claim assertions needed to issue the security token. The token is returned to the host computer and used to facilitate the authentication process.
-
Citations
19 Claims
-
1. A system, comprising:
-
a user-portable user computing device including; a storage comprising a plurality of first user identities, a storage comprising at least one user attribute, and a security token generator operatively coupled to the user attribute storage, wherein the security token generator; receives a token request in reference to a first user identity of the first user identities from an identity management module executing on a host computing system, the receipt of the token request responsive to a security policy from a relying party, determines that the first user identity satisfies the security policy from among the plurality of first user identities, generates a security token in accordance with the token request, using the at least one user attribute, exports at least one of the plurality of user identities, receives the token request relative to one of the exported identities, and issues the security token based on the token request, using user attribute information associated with the user identities, wherein the security token generator retrieves a set of user attributes to support claim assertions of the security token, and wherein the set is associated with a first information card included in a plurality of selectable information cards containing at least the security token and indicative of the first user identity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. In an environment including a service provider environment, an identity provider environment, a host computing system, a network connecting the host computing system to the service provider environment and the identity provider environment, and a user-portable user computing device that communicates with the host computing system and including a plurality of first user identities and at least one user attribute, a method, comprising:
-
the host computing system generating a token request in reference to a first user identity of the first user identities based on an identity management module executing on the host computing system, responsive to a security policy from a relying party, determining that the first user identity satisfies the security policy from among the plurality of first user identities; the host computing system exporting at least one user identity the user computing device receiving the token request relative to one of the exported identities; and the user computing device issuing a security token according to the token request and the user attribute information associated with the user identities; wherein a security token generator retrieves a set of user attributes to support claim assertions of the security token, and wherein the set is associated with a first information card included in a plurality of selectable information cards containing at least the security token and indicative of the first user identity. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer-readable medium having computer-executable instructions for execution by a processor, that, when executed, cause the processor to:
-
receive a token request in reference to one of a plurality of user identities, the plurality of user identities located on the medium, the token request received from an identity management module executing on a host computing system, the receipt of the token request based on the identity management module, responsive to a security policy of a relying party, determining that the one of the plurality of user identities satisfies the security policy from among the plurality of user identities; generate a security token in accordance with the token request; export at least one of the plurality of user identities; receive the token request relative to one of the exported identities; and issue the security token based on the token request, using user attribute information associated with the at least one of the plurality of user identities; wherein a security token generator located on the medium retrieves a set of user attributes to support claim assertions of the security token, and wherein the set is associated with a first information card included in a plurality of selectable information cards containing at least the security token and indicative of the first user identity. - View Dependent Claims (17, 18, 19)
-
Specification