System integrating an identity selector and user-portable device and method of use in a user-centric identity management system
First Claim
1. A method, comprising:
- a host computing system determining whether any user identity among at least one of first user identities of a user satisfies identity requirements of the user;
the host computing system generating a token request with respect to a selective one of any user identity determined to satisfy the identity requirements;
the user computing device communicating a security token to the host computing system;
the user computing device exporting at least one first user identity to the host computing system, in response to an import request from the host computing system; and
the host computing system determining whether any of the exported identities satisfies the identity requirements.
1 Assignment
0 Petitions
Accused Products
Abstract
A combination includes a user-portable computing device, and an identity selector adapted for interoperable use with the user device. The user computing device includes a security token service that issues security tokens in reference to a portfolio of user identities stored as information cards on the user device. The issuance of security tokens employs user attribute information that is stored onboard the user device. The identity selector exports the information cards from the user device and determines which user identity satisfies a security policy promulgated by a relying party as part of an authentication process within the context of an online interaction. The identity selector generates a token request based on one of the eligible user identities, and forwards the token request to the user device to invoke the token issuance operation. The identity selector presents the issued security token to the relying party to comply with the security policy.
-
Citations
20 Claims
-
1. A method, comprising:
-
a host computing system determining whether any user identity among at least one of first user identities of a user satisfies identity requirements of the user; the host computing system generating a token request with respect to a selective one of any user identity determined to satisfy the identity requirements; the user computing device communicating a security token to the host computing system; the user computing device exporting at least one first user identity to the host computing system, in response to an import request from the host computing system; and the host computing system determining whether any of the exported identities satisfies the identity requirements. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system, comprising:
-
a user computing device, wherein the user computing device; comprises at least one storage including a plurality of first user identities for a user and at least one user attribute, and is programmed to generate a security token in accordance with a token request in reference to a first user identity; and an identity manager system, wherein the identity manager system is programmed to; export at least one first user identity to the host computing system, in response to an import request from the host computing system. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable medium having computer-executable instructions for execution by a processor, that, when executed, cause the processor to:
-
determine whether any user identity among at least one of first user identities of a user satisfies identity requirements of the user; generate a token request with respect to one of any user identity of the user determined to satisfy the identity requirements; receive from the user computing device the security token issued according to the token request export at least one first user identity to the host computing system, in response to an import request from the host computing system; and determine whether any of the exported identities satisfies the identity requirements. - View Dependent Claims (18, 19, 20)
-
Specification