User-portable device and method of use in a user-centric identity management system
First Claim
1. A system, comprising:
- a security token generator that;
receives a token request in reference to a first user identity of a plurality of first user identities from an identity management module executing on a host computing system, the receipt of the token request responsive to a security policy from a relying party,determines that the first user identity satisfies the security policy from among the plurality of first user identities,generates a security token in accordance with the token request, using at least one user attribute,exports at least one of the plurality of user identities,receives the token request relative to one of the exported identities, andissues the security token based on the token request, using user attribute information associated with the user identities,wherein the security token generator retrieves a set of user attributes to support claim assertions of the security token, and wherein the set is associated with a first information card included in a plurality of selectable information cards containing at least the security token and indicative of the first user identity.
3 Assignments
0 Petitions
Accused Products
Abstract
A user-portable computing device configured as a smart card enables a user to carry identification information and to generate security tokens for use in authenticating the user to a service provider. The device includes memory for storing user identities as information cards that are exported to a host computer, presented to a user in visual form, and then selected for use in the authentication process. A security token service installed on the device issues a security token in response to a token request sent from the host computer that references the selected user identity. The security token service uses user attribute information stored on the user device to compose the claim assertions needed to issue the security token. The token is returned to the host computer and used to facilitate the authentication process.
-
Citations
20 Claims
-
1. A system, comprising:
-
a security token generator that; receives a token request in reference to a first user identity of a plurality of first user identities from an identity management module executing on a host computing system, the receipt of the token request responsive to a security policy from a relying party, determines that the first user identity satisfies the security policy from among the plurality of first user identities, generates a security token in accordance with the token request, using at least one user attribute, exports at least one of the plurality of user identities, receives the token request relative to one of the exported identities, and issues the security token based on the token request, using user attribute information associated with the user identities, wherein the security token generator retrieves a set of user attributes to support claim assertions of the security token, and wherein the set is associated with a first information card included in a plurality of selectable information cards containing at least the security token and indicative of the first user identity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method, comprising:
-
a host computing system generating a token request in reference to at least one exported user identity based on an identity management module executing on the host computing system; a user computing device receiving the token request relative to the at least one exported user identity; and the user computing device issuing a security token according to the token request and user attribute information associated with the at least one exported user identity; wherein a security token generator retrieves a set of user attributes to support claim assertions of the security token, and wherein the set is associated with a first information card included in a plurality of selectable information cards containing at least the security token and indicative of the first user identity. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer-readable medium having computer-executable instructions for execution by a processor, that, when executed, cause the processor to:
-
receive a token request in reference to one of a plurality of user identities, the token request received from an identity management module executing on a host computing system, the receipt of the token request based on the identity management module, responsive to a security policy of a relying party, determining that the one of the plurality of user identities satisfies the security policy from among the plurality of user identities; generate a security token in accordance with the token request; export at least one of the plurality of user identities; receive the token request relative to one of the exported identities; and issue the security token based on the token request, using user attribute information associated with the at least one of the plurality of user identities; wherein a security token generator located on the medium retrieves a set of user attributes to support claim assertions of the security token, and wherein the set is associated with a first information card included in a plurality of selectable information cards containing at least the security token and indicative of the first user identity. - View Dependent Claims (17, 18, 19, 20)
-
Specification