EFFICIENT BROWSER-BASED IDENTITY MANAGEMENT PROVIDING PERSONAL CONTROL AND ANONYMITY

US 20110302273A1
Filed: 06/02/2011
Published: 12/08/2011
Est. Priority Date: 04/26/2002
Status: Active Grant

First Claim

Patent Images

1. A system for providing identity-related information, said system comprising:

a requesting entity computer requesting location information from a client application, said location information corresponding to a location entity computer possessing the identity-related information of an anonymous user, while engaged in communication with said client application for performing application-dependent interactions, and wherein said identity-related information comprises at least a pseudonym of the anonymous user of the location entity computer;

wherein the requesting entity computer is configured to perform;

receiving the location information from the client application;

responsive to receiving the location information, issuing a redirect command comprising a redirect instruction to the client application, said redirect command suspending the communication with the client application, pursuant to which the client application establishes a connection with the location entity computer for instructing the location entity computer to transfer the identity-related information to the requesting entity computer;

wherein the redirect instruction further enables the location entity computer to recognize the requesting entity computer;

obtaining the identity-related information, the obtaining step comprising;

receiving contact from the location entity computer;

providing authentication to the location entity computer;

requesting the identity-related information from the location entity computer; and

receiving the identity-related information from the location entity computer;

wherein the identity-related information does not breach the user'"'"'s anonymity; and

receiving a connect back from the client application, thereby resuming the communication with the client application.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system allows a reliable and efficient identity management that can, with full interoperability, accommodate to various requirements of participants. For that a system is presented for providing an identity-related information about a user to a requesting entity. The method includes a location-request step initiated by the requesting entity for requesting from a client application a location information that corresponds to a location entity possessing the identity-related information, a redirecting step for connecting the client application to the location entity in order to instruct the location entity to transfer the identity-related information to the requesting entity, and an acquiring step for obtaining the identity-related information. The acquiring step includes a contact step wherein the location entity contacts the requesting entity, a request step wherein the requesting entity requests the identity-related information, and a response step wherein the requesting entity receives the identity-related information from the location entity.

15 Citations

View as Search Results

20 Claims

1. A system for providing identity-related information, said system comprising:
- a requesting entity computer requesting location information from a client application, said location information corresponding to a location entity computer possessing the identity-related information of an anonymous user, while engaged in communication with said client application for performing application-dependent interactions, and wherein said identity-related information comprises at least a pseudonym of the anonymous user of the location entity computer;
  
  wherein the requesting entity computer is configured to perform;
  
  receiving the location information from the client application;
  
  responsive to receiving the location information, issuing a redirect command comprising a redirect instruction to the client application, said redirect command suspending the communication with the client application, pursuant to which the client application establishes a connection with the location entity computer for instructing the location entity computer to transfer the identity-related information to the requesting entity computer;
  
  wherein the redirect instruction further enables the location entity computer to recognize the requesting entity computer;
  
  obtaining the identity-related information, the obtaining step comprising;
  
  receiving contact from the location entity computer;
  
  providing authentication to the location entity computer;
  
  requesting the identity-related information from the location entity computer; and
  
  receiving the identity-related information from the location entity computer;
  
  wherein the identity-related information does not breach the user'"'"'s anonymity; and
  
  receiving a connect back from the client application, thereby resuming the communication with the client application.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1 wherein one client application interacts with multiple location entity computers.
  - 3. The system of claim 1, wherein the identity-related information is provided by a further location entity computer and is obtainable by the requesting entity computer via the location entity computer, the location information of the further location entity computer being stored on the location entity computer.
  - 4. The system of claim 1 wherein the transport protocol used between the requesting entity computer and the client application, and between the location entity computer and the client application, is a secure Hyper Text Transfer Protocol.
  - 5. The system of claim 1 wherein the received location information is relative to a location of the client application.
  - 6. The system of claim 1 wherein requesting the identity-related information further comprises a step of accepting an authentication from the location entity computer under a location entity pseudonym.
  - 7. The system of claim 1 wherein the location entity computer is remote from the client application.

8. A system for providing identity-related information, said system comprising:
- a location entity computer possessing identity-related information of a user who is anonymous to a requesting entity computer;
  
  wherein the requesting entity computer and a client application are engaged in communication for performing application-dependent interactions;
  
  wherein the identity-related information comprises a pseudonym of the anonymous user;
  
  receiving a location request from the requesting entity computer for requesting location information of the location entity computer;
  
  transmitting the location information to the requesting entity computer;
  
  receiving a redirect command comprising a redirect instruction from the requesting entity computer, said redirect suspending the communication with the requesting entity computer;
  
  pursuant to the redirect command, establishing a connection with the location entity computer for instructing the location entity computer to transfer the identity-related information to the requesting entity computer, wherein the location entity computer is unable to recognize the requesting entity computer without instruction from the client application;
  
  receiving a redirect command from the location entity computer after the requesting entity computer has provided authentication to the location entity computer and received the requested identity-related information, wherein said identity-related information does not breach the user'"'"'s anonymity; and
  
  resuming the communication with the requesting entity computer.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The system of claim 8 wherein a transport protocol used between the requesting entity computer and the client application, and between the location entity computer and the client application is a secure Hyper Text Transfer Protocol.
  - 10. The system of claim 8 wherein the location entity computer is remote from the client application.
  - 11. The system of claim 8 wherein the step of establishing the connection with the location entity computer comprises establishing a connection with a first of a plurality of location entities, wherein different types of identity-related information are stored in each of the plurality of the location entities.
  - 12. The system of claim 11 wherein the first of the plurality of the location entities stores location information for a second of the plurality of location entities.
  - 13. The system of claim 11 further comprising:
    - preceding the transmitting step with a step of generating a value k;
      
      wherein the transmitting step further comprises transmitting the generated value k together with the requested identity information;
      
      receiving a return address from the requesting entity computer; and
      
      wherein the performing step further comprises transmitting the generated value k and the return address to the client application, such that the client application is able to connect to the return address and the requesting entity computer is able to authenticate the client application using the generated value k.
  - 14. The system of claim 13 wherein the value k is randomly generated.
  - 15. The system of claim 11 wherein the location entity computer stores location information for one of a plurality of location entity computers.

16. A computer program product for providing identity-related information, said computer program product comprising a non-transitory computer readable storage medium comprising computer program instructions causing a computer to perform:
- at a requesting entity computer, requesting location information from a client application, said location information corresponding to a location entity computer possessing the identity-related information of an anonymous user engaged in communication with said client application for performing application-dependent interactions;
  
  wherein said identity-related information comprises at least a pseudonym of the anonymous user of the location entity computer;
  
  receiving the location information from the client application;
  
  issuing a redirect command comprising a redirect instruction to the client application, said redirect command suspending the communication with the client application, pursuant to which the client application establishes a connection with the location entity computer for instructing the location entity computer to transfer the identity-related information to the requesting entity computer;
  
  wherein the redirect instruction further enables the location entity computer to recognize the requesting entity computer;
  
  obtaining the identity-related information, the obtaining step comprising;
  
  receiving contact from the location entity computer;
  
  providing authentication to the location entity computer;
  
  requesting the identity-related information from the location entity computer; and
  
  receiving the identity-related information from the location entity computer, wherein said identity-related information does not breach the user'"'"'s anonymity, wherein the receiving step prompts the location entity computer to issue a redirect command to the client application using a hypertext transfer protocol redirect and a simple object access protocol; and
  
  receiving a connect back from the client application, thereby resuming the communication with the client application.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer program product of claim 16 further comprising computer program instructions causing a computer to perform:
    - preceding the transmitting step with a step of generating a value k;
      
      wherein the transmitting step further comprises transmitting the generated value k together with the requested identity information;
      
      receiving a return address from the requesting entity computer; and
      
      wherein the performing step further comprises transmitting the generated value k and the return address to the client application, such that the client application is able to connect to the return address and the requesting entity computer is able to authenticate the client application using the generated value k.
  - 18. The computer program product of claim 17 wherein the value k is randomly generated.
  - 19. The computer program product of claim 16 wherein the location entity computer stores location information for one of a plurality of location entity computers.
  - 20. The computer program product of claim 16 wherein a transport protocol used between the requesting entity computer and the client application, and between the location entity computer and the client application is a secure Hyper Text Transfer Protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Pfitzmann, Birgit, Waidner, Michael

Granted Patent

US 9,501,634 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/217
CPC Class Codes

G06F 21/41   where a single sign-on prov...

G06Q 20/00   Payment architectures, sche...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

EFFICIENT BROWSER-BASED IDENTITY MANAGEMENT PROVIDING PERSONAL CONTROL AND ANONYMITY

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

EFFICIENT BROWSER-BASED IDENTITY MANAGEMENT PROVIDING PERSONAL CONTROL AND ANONYMITY

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links