Secure portable store for security skins and authentication information
First Claim
1. A method comprising:
- initiating, by a security component, a display of an embedded region within a document drawn by a network-enabled application, responsive to an attempt by the network-enabled application to access restricted content located at a relying party, the security component invoked based on the relying party being trusted and not invoked based on the relying party being untrusted;
drawing the embedded region within the document such that the embedded region comprises an integral part of content within the document, the embedded region being drawn based on one or more user-defined graphical user interface customizations that are usable to customize the display of the embedded region when the relying party is trusted and which were defined prior to the attempt to access the restricted content;
accessing a secure store to identify one or more identity cards to display in the embedded region, the one or more identity cards representing identity information that is associated with a user and the relying party; and
altering an appearance of a display of at least a portion of the document that is displayed outside of the embedded region in response to user interaction within the embedded region.
1 Assignment
0 Petitions
Accused Products
Abstract
A security component may be associated with a network-enabled application. The security component may access a secure store, which may include customization information, which may include one or more graphical user interface customizations defined by a user, and one or more instances of card information. The card information may specify how to authenticate a user'"'"'s credentials to access a relying party (e.g., web site). The security component may initiate the display of an embedded region of a window drawn by the network-enabled application. At least a part of the appearance of the embedded region of the window may be defined according to the customization information and not by the relying party. The embedded region may provide a user interface for determining user authentication credentials. The customization information and the one or more instances of card information may not be accessible to the relying party.
79 Citations
20 Claims
-
1. A method comprising:
-
initiating, by a security component, a display of an embedded region within a document drawn by a network-enabled application, responsive to an attempt by the network-enabled application to access restricted content located at a relying party, the security component invoked based on the relying party being trusted and not invoked based on the relying party being untrusted; drawing the embedded region within the document such that the embedded region comprises an integral part of content within the document, the embedded region being drawn based on one or more user-defined graphical user interface customizations that are usable to customize the display of the embedded region when the relying party is trusted and which were defined prior to the attempt to access the restricted content; accessing a secure store to identify one or more identity cards to display in the embedded region, the one or more identity cards representing identity information that is associated with a user and the relying party; and altering an appearance of a display of at least a portion of the document that is displayed outside of the embedded region in response to user interaction within the embedded region. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A device comprising:
-
a network-enabled application embodied on one or more computer storage devices, the network-enabled application configured to; make an attempt to access a restricted document at a relying party; and draw the restricted document; and a security component embodied on the one or more computer storage devices, the security component configured to; initiate a display of an embedded region within the document drawn by the network-enabled application, responsive to the attempt by the network-enabled application to access to the restricted document, the display of the embedded region being based on one or more user-defined graphical user interface customizations set prior to the attempt to access the restricted document; cause at least one identity card to be displayed in the embedded region within the document, the at least one identity card obtained from a secure store and associated with a user of the device; and receive user credentials associated with the relying party and which correspond to the at least one identity card, the user credentials being usable to authenticate the user to the relying party; the network-enabled application further configured to alter an appearance of a display of at least a portion of the restricted document that is display outside of the embedded region in response to user interaction within the embedded region. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. One or more computer storage devices implemented at least in part on hardware, the one or more computer storage devices comprising instructions that, responsive to execution by a computing device, cause the computing device to perform operations comprising:
-
storing customization information in a secure store, the customization information including one or more user-defined graphical user interface customizations usable to customize a display of an embedded region in an area within a document drawn by a network-enabled application, the display of the embedded region being integral to the document, the one or more user-defined graphical user interface customizations including a user-defined border displayable around the embedded region; storing one or more identity cards in the secure store, the one or more identity cards having card information associated with a relying party and additional information associated with a user of the device, the card information and the additional information being usable to authenticate user credentials of the user with the relying party; and providing secure access, via a security component, to the customization information, the card information, and the additional information stored in the secure store, the security component invoked to provide the secure access when the relying party is trusted and not invoked when the relying party is untrusted. - View Dependent Claims (18, 19, 20)
-
Specification