Efficient browser-based identity management providing personal control and anonymity
First Claim
1. A system for providing identity-related information, said system comprising:
- A) a requesting entity computer;
B) a client application interacting with the requesting entity computer, performing browser-based application-dependent interactions; and
C) at least one location entity computer possessing identity-related information of an anonymous user of the client application, wherein said identity-related information comprises at least a pseudonym of the anonymous user, and a reference to a prescribed security policy setting requirements on said identity-related information;
wherein the requesting entity computer is configured to perform;
requesting from the client application location information corresponding to a location entity computer selected by the client application;
receiving the location information from the client application;
responsive to receiving the location information, issuing a redirect command to the client application, said redirect command suspending the communication with the client application, pursuant to which the client application establishes a connection with the selected location entity computer for instructing said selected location entity computer to transfer the identity-related information to the requesting entity computer;
wherein the redirect instruction further enables the selected location entity computer to recognize the requesting entity computer;
once recognized by the location entity computer, obtaining the identity-related information, the obtaining step comprising;
receiving contact from the selected location entity computer;
providing authentication to the selected location entity computer;
requesting the identity-related information from the selected location entity computer; and
receiving the identity-related information from the selected location entity computer, along with a part of the prescribed security policy instructing the requesting entity to act in certain ways regarding said identity-related information;
wherein the identity-related information does not breach the user'"'"'s anonymity; and
receiving a connect back from the client application, thereby resuming the communication with the client application.
0 Assignments
0 Petitions
Accused Products
Abstract
A system allows a reliable and efficient identity management that can, with full interoperability, accommodate to various requirements of participants. For that a system is presented for providing an identity-related information about a user to a requesting entity. The method includes a location-request step initiated by the requesting entity for requesting from a client application a location information that corresponds to a location entity possessing the identity-related information, a redirecting step for connecting the client application to the location entity in order to instruct the location entity to transfer the identity-related information to the requesting entity, and an acquiring step for obtaining the identity-related information. The acquiring step includes a contact step wherein the location entity contacts the requesting entity, a request step wherein the requesting entity requests the identity-related information, and a response step wherein the requesting entity receives the identity-related information from the location entity.
9 Citations
20 Claims
-
1. A system for providing identity-related information, said system comprising:
-
A) a requesting entity computer; B) a client application interacting with the requesting entity computer, performing browser-based application-dependent interactions; and C) at least one location entity computer possessing identity-related information of an anonymous user of the client application, wherein said identity-related information comprises at least a pseudonym of the anonymous user, and a reference to a prescribed security policy setting requirements on said identity-related information; wherein the requesting entity computer is configured to perform; requesting from the client application location information corresponding to a location entity computer selected by the client application; receiving the location information from the client application; responsive to receiving the location information, issuing a redirect command to the client application, said redirect command suspending the communication with the client application, pursuant to which the client application establishes a connection with the selected location entity computer for instructing said selected location entity computer to transfer the identity-related information to the requesting entity computer; wherein the redirect instruction further enables the selected location entity computer to recognize the requesting entity computer; once recognized by the location entity computer, obtaining the identity-related information, the obtaining step comprising; receiving contact from the selected location entity computer; providing authentication to the selected location entity computer; requesting the identity-related information from the selected location entity computer; and receiving the identity-related information from the selected location entity computer, along with a part of the prescribed security policy instructing the requesting entity to act in certain ways regarding said identity-related information; wherein the identity-related information does not breach the user'"'"'s anonymity; and receiving a connect back from the client application, thereby resuming the communication with the client application. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for providing identity-related information, said system comprising:
-
A) a requesting entity computer; B) a client application interacting with the requesting entity computer, performing browser-based application-dependent interactions; and C) at least one location entity computer possessing identity-related information of a user of the client application who is anonymous to the requesting entity computer; wherein the identity-related information comprises a pseudonym of the anonymous user, and a reference to a prescribed security policy setting requirements on said identity-related information; wherein the client application performs the following steps; receiving a location request from the requesting entity computer for requesting location information of a location entity computer selected by the client application; transmitting the location information of the selected location entity computer to the requesting entity computer; receiving a redirect command comprising a redirect instruction from the requesting entity computer, said redirect suspending the communication with the requesting entity computer; pursuant to the redirect command, establishing a connection with the selected location entity computer for instructing the selected location entity computer to transfer the identity-related information to the requesting entity computer, wherein the selected location entity computer is unable to recognize the requesting entity computer without instruction from the client application; receiving a redirect command from the selected location entity computer after the requesting entity computer has provided authentication to the selected location entity computer and received the requested identity-related information, along with a part of the prescribed security policy instructing the requesting entity to act in certain ways regarding said identity-related information, wherein said identity-related information does not breach the user'"'"'s anonymity; and resuming the interaction with the requesting entity computer. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer program product for providing identity-related information, said computer program product comprising a non-transitory computer readable storage medium comprising computer program instructions causing a computer to perform:
-
at a requesting entity computer, requesting location information from a client application, said location information corresponding to at least one location entity computer possessing the identity-related information of an anonymous user engaged in communication with said client application for performing application-dependent interactions with the requesting entity computer; wherein said identity-related information comprises at least a pseudonym of the anonymous user, and a reference to a prescribed security policy setting requirements on said identity-related information; at the requesting entity computer; receiving the location information from the client application, said location information specified a location entity computer selected by said client application; issuing a redirect command comprising a redirect instruction to the client application, said redirect command suspending the communication with the client application, pursuant to which the client application establishes a connection with the selected location entity computer for instructing the selected location entity computer to transfer the identity-related information to the requesting entity computer; wherein the redirect instruction further enables the selected location entity computer to recognize the requesting entity computer; once recognized by the location entity computer, obtaining the identity-related information, the obtaining step comprising; receiving contact from the selected location entity computer; providing authentication to the selected location entity computer; requesting the identity-related information from the selected location entity computer; and receiving the identity-related information from the selected location entity computer, along with a part of the prescribed security policy instructing the requesting entity to act in certain ways regarding said identity-related information; wherein said identity-related information does not breach the user'"'"'s anonymity, wherein the receiving step prompts the selected location entity computer to issue a redirect command to the client application using a hypertext transfer protocol redirect and a simple object access protocol; and receiving a connect back from the client application, thereby resuming the communication with the client application. - View Dependent Claims (17, 18, 19, 20)
-
Specification