Efficient browser-based identity management providing personal control and anonymity

US 9,501,634 B2
Filed: 06/02/2011
Issued: 11/22/2016
Est. Priority Date: 04/26/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A system for providing identity-related information, said system comprising:

A) a requesting entity computer;

B) a client application interacting with the requesting entity computer, performing browser-based application-dependent interactions; and

C) at least one location entity computer possessing identity-related information of an anonymous user of the client application, wherein said identity-related information comprises at least a pseudonym of the anonymous user, and a reference to a prescribed security policy setting requirements on said identity-related information;

wherein the requesting entity computer is configured to perform;

requesting from the client application location information corresponding to a location entity computer selected by the client application;

receiving the location information from the client application;

responsive to receiving the location information, issuing a redirect command to the client application, said redirect command suspending the communication with the client application, pursuant to which the client application establishes a connection with the selected location entity computer for instructing said selected location entity computer to transfer the identity-related information to the requesting entity computer;

wherein the redirect instruction further enables the selected location entity computer to recognize the requesting entity computer;

once recognized by the location entity computer, obtaining the identity-related information, the obtaining step comprising;

receiving contact from the selected location entity computer;

providing authentication to the selected location entity computer;

requesting the identity-related information from the selected location entity computer; and

receiving the identity-related information from the selected location entity computer, along with a part of the prescribed security policy instructing the requesting entity to act in certain ways regarding said identity-related information;

wherein the identity-related information does not breach the user'"'"'s anonymity; and

receiving a connect back from the client application, thereby resuming the communication with the client application.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system allows a reliable and efficient identity management that can, with full interoperability, accommodate to various requirements of participants. For that a system is presented for providing an identity-related information about a user to a requesting entity. The method includes a location-request step initiated by the requesting entity for requesting from a client application a location information that corresponds to a location entity possessing the identity-related information, a redirecting step for connecting the client application to the location entity in order to instruct the location entity to transfer the identity-related information to the requesting entity, and an acquiring step for obtaining the identity-related information. The acquiring step includes a contact step wherein the location entity contacts the requesting entity, a request step wherein the requesting entity requests the identity-related information, and a response step wherein the requesting entity receives the identity-related information from the location entity.

9 Citations

View as Search Results

20 Claims

1. A system for providing identity-related information, said system comprising:
- A) a requesting entity computer;
  
  B) a client application interacting with the requesting entity computer, performing browser-based application-dependent interactions; and
  
  C) at least one location entity computer possessing identity-related information of an anonymous user of the client application, wherein said identity-related information comprises at least a pseudonym of the anonymous user, and a reference to a prescribed security policy setting requirements on said identity-related information;
  
  wherein the requesting entity computer is configured to perform;
  
  requesting from the client application location information corresponding to a location entity computer selected by the client application;
  
  receiving the location information from the client application;
  
  responsive to receiving the location information, issuing a redirect command to the client application, said redirect command suspending the communication with the client application, pursuant to which the client application establishes a connection with the selected location entity computer for instructing said selected location entity computer to transfer the identity-related information to the requesting entity computer;
  
  wherein the redirect instruction further enables the selected location entity computer to recognize the requesting entity computer;
  
  once recognized by the location entity computer, obtaining the identity-related information, the obtaining step comprising;
  
  receiving contact from the selected location entity computer;
  
  providing authentication to the selected location entity computer;
  
  requesting the identity-related information from the selected location entity computer; and
  
  receiving the identity-related information from the selected location entity computer, along with a part of the prescribed security policy instructing the requesting entity to act in certain ways regarding said identity-related information;
  
  wherein the identity-related information does not breach the user'"'"'s anonymity; and
  
  receiving a connect back from the client application, thereby resuming the communication with the client application.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1 wherein one client application interacts with multiple location entity computers.
  - 3. The system of claim 1, wherein the identity-related information is provided by a further location entity computer and is obtainable by the requesting entity computer via the selected location entity computer, the location information of the further location entity computer being stored on the selected location entity computer.
  - 4. The system of claim 1 wherein the transport protocol used between the requesting entity computer and the client application, and between the selected location entity computer and the client application, is a secure Hyper Text Transfer Protocol.
  - 5. The system of claim 1 wherein the received location information is relative to a location of the client application.
  - 6. The system of claim 1 wherein requesting the identity-related information further comprises a step of accepting an authentication from the selected location entity computer under a location entity pseudonym.
  - 7. The system of claim 1 wherein the selected location entity computer is remote from the client application.

8. A system for providing identity-related information, said system comprising:
- A) a requesting entity computer;
  
  B) a client application interacting with the requesting entity computer, performing browser-based application-dependent interactions; and
  
  C) at least one location entity computer possessing identity-related information of a user of the client application who is anonymous to the requesting entity computer;
  
  wherein the identity-related information comprises a pseudonym of the anonymous user, and a reference to a prescribed security policy setting requirements on said identity-related information;
  
  wherein the client application performs the following steps;
  
  receiving a location request from the requesting entity computer for requesting location information of a location entity computer selected by the client application;
  
  transmitting the location information of the selected location entity computer to the requesting entity computer;
  
  receiving a redirect command comprising a redirect instruction from the requesting entity computer, said redirect suspending the communication with the requesting entity computer;
  
  pursuant to the redirect command, establishing a connection with the selected location entity computer for instructing the selected location entity computer to transfer the identity-related information to the requesting entity computer, wherein the selected location entity computer is unable to recognize the requesting entity computer without instruction from the client application;
  
  receiving a redirect command from the selected location entity computer after the requesting entity computer has provided authentication to the selected location entity computer and received the requested identity-related information, along with a part of the prescribed security policy instructing the requesting entity to act in certain ways regarding said identity-related information, wherein said identity-related information does not breach the user'"'"'s anonymity; and
  
  resuming the interaction with the requesting entity computer.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The system of claim 8 wherein a transport protocol used between the requesting entity computer and the client application, and between the selected location entity computer and the client application is a secure Hyper Text Transfer Protocol.
  - 10. The system of claim 8 wherein the selected location entity computer is remote from the client application.
  - 11. The system of claim 8 wherein the step of establishing the connection with the selected location entity computer comprises establishing a connection with a first of a plurality of location entities, wherein different types of identity-related information are stored in each of the plurality of the location entities.
  - 12. The system of claim 11 wherein the first of the plurality of the location entities stores location information for a second of the plurality of location entities.
  - 13. The system of claim 11 further comprising:
    - preceding the transmitting step with a step of generating a value k;
      
      wherein the transmitting step further comprises transmitting the generated value k together with the requested identity information;
      
      receiving a return address from the requesting entity computer; and
      
      wherein the performing step further comprises transmitting the generated value k and the return address to the client application, such that the client application is able to connect to the return address and the requesting entity computer is able to authenticate the client application using the generated value k.
  - 14. The system of claim 13 wherein the value k is randomly generated.
  - 15. The system of claim 11 wherein the selected location entity computer stores location information for one of a plurality of location entity computers.

16. A computer program product for providing identity-related information, said computer program product comprising a non-transitory computer readable storage medium comprising computer program instructions causing a computer to perform:
- at a requesting entity computer, requesting location information from a client application, said location information corresponding to at least one location entity computer possessing the identity-related information of an anonymous user engaged in communication with said client application for performing application-dependent interactions with the requesting entity computer;
  
  wherein said identity-related information comprises at least a pseudonym of the anonymous user, and a reference to a prescribed security policy setting requirements on said identity-related information;
  
  at the requesting entity computer;
  
  receiving the location information from the client application, said location information specified a location entity computer selected by said client application;
  
  issuing a redirect command comprising a redirect instruction to the client application, said redirect command suspending the communication with the client application, pursuant to which the client application establishes a connection with the selected location entity computer for instructing the selected location entity computer to transfer the identity-related information to the requesting entity computer;
  
  wherein the redirect instruction further enables the selected location entity computer to recognize the requesting entity computer;
  
  once recognized by the location entity computer, obtaining the identity-related information, the obtaining step comprising;
  
  receiving contact from the selected location entity computer;
  
  providing authentication to the selected location entity computer;
  
  requesting the identity-related information from the selected location entity computer; and
  
  receiving the identity-related information from the selected location entity computer, along with a part of the prescribed security policy instructing the requesting entity to act in certain ways regarding said identity-related information;
  
  wherein said identity-related information does not breach the user'"'"'s anonymity, wherein the receiving step prompts the selected location entity computer to issue a redirect command to the client application using a hypertext transfer protocol redirect and a simple object access protocol; and
  
  receiving a connect back from the client application, thereby resuming the communication with the client application.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer program product of claim 16 further comprising computer program instructions causing a computer to perform:
    - preceding the transmitting step with a step of generating a value k;
      
      wherein the transmitting step further comprises transmitting the generated value k together with the requested identity information;
      
      receiving a return address from the requesting entity computer; and
      
      wherein the performing step further comprises transmitting the generated value k and the return address to the client application, such that the client application is able to connect to the return address and the requesting entity computer is able to authenticate the client application using the generated value k.
  - 18. The computer program product of claim 17 wherein the value k is randomly generated.
  - 19. The computer program product of claim 16 wherein the selected location entity computer stores location information for one of a plurality of location entity computers.
  - 20. The computer program product of claim 16 wherein a transport protocol used between the requesting entity computer and the client application, and between the selected location entity computer and the client application is a secure Hyper Text Transfer Protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Pfitzmann, Birgit, Waidner, Michael
Primary Examiner(s)
Nguyen, Phuoc
Assistant Examiner(s)
Belani, Kishin G

Application Number

US13/151,708
Publication Number

US 20110302273A1
Time in Patent Office

2,000 Days
Field of Search

709/217
US Class Current

1/1
CPC Class Codes

G06F 21/41   where a single sign-on prov...

G06Q 20/00   Payment architectures, sche...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

Efficient browser-based identity management providing personal control and anonymity

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

9 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Efficient browser-based identity management providing personal control and anonymity

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links