Secure portable store for security skins and authentication information

US 9,397,988 B2
Filed: 01/07/2013
Issued: 07/19/2016
Est. Priority Date: 02/29/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

initiating, by a security component, a display of an embedded region within a document drawn by a network-enabled application, responsive to an attempt by the network-enabled application to access restricted content located at a relying party, the security component invoked based on the relying party being trusted and not invoked based on the relying party being untrusted;

drawing the embedded region within the document such that the embedded region comprises an integral part of content within the document, the embedded region being drawn based on one or more user-defined graphical user interface customizations that are usable to customize the display of the embedded region when the relying party is trusted and which were defined prior to the attempt to access the restricted content;

accessing a secure store to identify one or more identity cards to display in the embedded region, the one or more identity cards representing identity information that is associated with a user and the relying party; and

altering an appearance of a display of at least a portion of the document that is displayed outside of the embedded region in response to user interaction within the embedded region.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security component may be associated with a network-enabled application. The security component may access a secure store, which may include customization information, which may include one or more graphical user interface customizations defined by a user, and one or more instances of card information. The card information may specify how to authenticate a user'"'"'s credentials to access a relying party (e.g., web site). The security component may initiate the display of an embedded region of a window drawn by the network-enabled application. At least a part of the appearance of the embedded region of the window may be defined according to the customization information and not by the relying party. The embedded region may provide a user interface for determining user authentication credentials. The customization information and the one or more instances of card information may not be accessible to the relying party.

79 Citations

View as Search Results

20 Claims

1. A method comprising:
- initiating, by a security component, a display of an embedded region within a document drawn by a network-enabled application, responsive to an attempt by the network-enabled application to access restricted content located at a relying party, the security component invoked based on the relying party being trusted and not invoked based on the relying party being untrusted;
  
  drawing the embedded region within the document such that the embedded region comprises an integral part of content within the document, the embedded region being drawn based on one or more user-defined graphical user interface customizations that are usable to customize the display of the embedded region when the relying party is trusted and which were defined prior to the attempt to access the restricted content;
  
  accessing a secure store to identify one or more identity cards to display in the embedded region, the one or more identity cards representing identity information that is associated with a user and the relying party; and
  
  altering an appearance of a display of at least a portion of the document that is displayed outside of the embedded region in response to user interaction within the embedded region.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method as recited in claim 1, further comprising displaying the one or more identity cards in the embedded region to prompt the user for authentication credentials.
  - 3. A method as recited in claim 1, further comprising:
    - receiving a selection of at least one said identity card displayed in the embedded region; and
      
      receiving user input that includes user credentials associated with a user identity previously established with the relying party.
  - 4. A method as recited in claim 1, further comprising accessing a reputation service to determine whether the relying party is reputable.
  - 5. A method as recited in claim 1, wherein the one or more user-defined graphical user interface customizations include one or more of a color, a border, a border width, a background color, or a background image.
  - 6. A method as recited in claim 1, further comprising:
    - accessing a secure store to retrieve customization information associated with the user; and
      
      controlling at least part of an appearance of the embedded region based on the customization information retrieved from the secure store.
  - 7. A method as recited in claim 1, further comprising:
    - detecting that at least a portion of the embedded region is obscured; and
      
      automatically altering the display of the embedded region responsive to detecting that the at least a portion of the embedded region is obscured.
  - 8. A method as recited in claim 1, further comprising:
    - receiving user input that includes authentication credentials associated with the user; and
      
      sending the authentication credentials to an assertion provider configured to authenticate an identity of the user based on the authentication credentials.
  - 9. A method as recited in claim 8, further comprising:
    - receiving from the assertion provider an assertion token configured to indicate that the identity of the user is authenticated; and
      
      sending the assertion token to the relying party to enable the relying party to authenticate the identity of the user.

10. A device comprising:
- a network-enabled application embodied on one or more computer storage devices, the network-enabled application configured to;
  
  make an attempt to access a restricted document at a relying party; and
  
  draw the restricted document; and
  
  a security component embodied on the one or more computer storage devices, the security component configured to;
  
  initiate a display of an embedded region within the document drawn by the network-enabled application, responsive to the attempt by the network-enabled application to access to the restricted document, the display of the embedded region being based on one or more user-defined graphical user interface customizations set prior to the attempt to access the restricted document;
  
  cause at least one identity card to be displayed in the embedded region within the document, the at least one identity card obtained from a secure store and associated with a user of the device; and
  
  receive user credentials associated with the relying party and which correspond to the at least one identity card, the user credentials being usable to authenticate the user to the relying party;
  
  the network-enabled application further configured to alter an appearance of a display of at least a portion of the restricted document that is display outside of the embedded region in response to user interaction within the embedded region.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. A device as recited in claim 10, wherein the security component is implemented as a component of the network-enabled application.
  - 12. A device as recited in claim 10, wherein the security component is further configured to, responsive to an indication that at least a portion of the embedded region is obscured, alter the display of the embedded region to notify the user that the at least a portion of the embedded region is obscured.
  - 13. A device as recited in claim 10, wherein the security component is further configured to determine whether the relying party is reputable by at least accessing a reputation service.
  - 14. A device as recited in claim 10, wherein the security component is further configured to enable a user of the device to update customization settings for the display of the embedded region.
  - 15. A device as recited in claim 10, wherein the one or more user-defined graphical user interface customizations include one or more user-selected graphic images to be displayed in the embedded region.
  - 16. A device as recited in claim 10, wherein the one or more user-defined graphical user interface customizations include one or more of a color, a border, a border width, a background image, or a background color.

17. One or more computer storage devices implemented at least in part on hardware, the one or more computer storage devices comprising instructions that, responsive to execution by a computing device, cause the computing device to perform operations comprising:
- storing customization information in a secure store, the customization information including one or more user-defined graphical user interface customizations usable to customize a display of an embedded region in an area within a document drawn by a network-enabled application, the display of the embedded region being integral to the document, the one or more user-defined graphical user interface customizations including a user-defined border displayable around the embedded region;
  
  storing one or more identity cards in the secure store, the one or more identity cards having card information associated with a relying party and additional information associated with a user of the device, the card information and the additional information being usable to authenticate user credentials of the user with the relying party; and
  
  providing secure access, via a security component, to the customization information, the card information, and the additional information stored in the secure store, the security component invoked to provide the secure access when the relying party is trusted and not invoked when the relying party is untrusted.
- View Dependent Claims (18, 19, 20)
- - 18. One or more computer storage devices as recited in claim 17, wherein the one or more user-defined graphical user interface customizations are user-defined and include one or more of a color, a border color, a border width, a background color, or a background image.
  - 19. One or more computer storage devices as recited in claim 17, wherein the card information includes one or more of a card identifier (ID), a card image, a card name, an ID type, location of a stored ID, one or more options indicating how to access the ID, or information associated with an assertion provider.
  - 20. One or more computer storage devices as recited in claim 17, wherein the card information associated with the relying party includes one or more of a logo, text, an image, or customized colors.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Pravetz, James D., Steele, Joseph Donovan, Agrawal, Sunil
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
GYORFI, THOMAS A

Application Number

US13/735,825
Publication Number

US 20140047518A1
Time in Patent Office

1,289 Days
Field of Search

726/2, 726/4, 726/5, 726 17- 19
US Class Current

1/1
CPC Class Codes

G06F 21/36   by graphic or iconic repres...

H04L 63/08   for authentication of entit...

H04L 63/1483   service impersonation, e.g....

H04L 63/205   involving negotiation or de...

Secure portable store for security skins and authentication information

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

79 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure portable store for security skins and authentication information

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

79 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links