Patent application number | Description | Published |
20080229383 | CREDENTIAL CATEGORIZATION - The user can associate metadata with information cards. The metadata can include, among other possibilities, string names, icons, user policies, containers, and hierarchies. The metadata is stored by the computer system. The metadata can then be used to filter the set of information cards that can satisfy a security policy from a relying party. | 09-18-2008 |
20080229398 | FRAMEWORK AND TECHNOLOGY TO ENABLE THE PORTABILITY OF INFORMATION CARDS - When a user connects a pluggable card store to a machine, the machine plugs a pluggable card provider into a card provider registry. The pluggable card store can be an object portable to the user, or can be a remote store available via some connection, such as an FTP connection. The user can then use the information cards stored on the pluggable card store in a transaction. | 09-18-2008 |
20080229410 | PERFORMING A BUSINESS TRANSACTION WITHOUT DISCLOSING SENSITIVE IDENTITY INFORMATION TO A RELYING PARTY - A user engages in a transaction with a relying party. The relying party requests identity information from the user in a security policy and identifies transaction elements for an on-line business transaction. Typically, the security policy and transaction elements are transmitted together; the security policy can be as little as a request to conduct the on-line business transaction. The user identifies an information card that satisfies the security policy. The computer system requests a security token from the identity provider managing the information card, which can include requesting a transaction receipt for the transaction elements. The computer system then returns the security token (and the transaction receipt) to the relying party, to complete the transaction. | 09-18-2008 |
20080229411 | CHAINING INFORMATION CARD SELECTORS - A machine includes card stores to store information cards. For each card store, one or more card selectors can be provided. When performing a transaction involving information cards, a generic card selector, using a selector policy engine, can identify a card selector to use for the transaction. The identified card selector can be used to identify an information card in a card store to use in performing the transaction, which can be used to provide a security token to the relying party. | 09-18-2008 |
20090077655 | PROCESSING HTML EXTENSIONS TO ENABLE SUPPORT OF INFORMATION CARDS BY A RELYING PARTY - A user engages in a transaction with a relying party through a computer system. The relying party requests identity information from the user using HTML extensions. The computer system includes a web browser having browser extensions. The HTML extensions cause the web browser to call a card selector invoker. The card selector invoker invokes a card selector to provide a security token. The card selector invoker extracts identity information from the security token and provides the identity information to the web browser. The computer system then returns the identity information to the relying party. | 03-19-2009 |
20090199284 | METHODS FOR SETTING AND CHANGING THE USER CREDENTIAL IN INFORMATION CARDS - An identity provider issues information cards in which the credential type and/or the credential data is not specified at the time of issuance. A card selector installs the information cards and either prompts a user for the credential at the time of installation or afterwards. The card selector updates the credential type, the credential data, and/or authentication materials associated with an information card after the information card has been installed, and informs the identity provider about the credential type, credential data, and authentication materials before the information card is used. | 08-06-2009 |
20090204542 | PRIVATELY SHARING RELYING PARTY REPUTATION WITH INFORMATION CARD SELECTORS - A computer system accesses reputation information about a relying party. The reputation information can be stored locally or remotely (for example, at an identity provider or reputation service). A reputation information engine can be used to provide the reputation information to the user. The user can then use the reputation information in performing a transaction with the relying party. | 08-13-2009 |
20090204622 | VISUAL AND NON-VISUAL CUES FOR CONVEYING STATE OF INFORMATION CARDS, ELECTRONIC WALLETS, AND KEYRINGS - A user desires to select information about himself. The system uses policies applicable to the display of the user's information and metadata about the user and the information to determine modified presentations of the user's information. The modified information can include visual and non-visual cues (such as aural, olfactory, or tactile). The system then displays the modified information, presenting the user with the visual and non-visual cues about the information. | 08-13-2009 |
20090205014 | SYSTEM AND METHOD FOR APPLICATION-INTEGRATED INFORMATION CARD SELECTION - A selector daemon can run in the background of a computer. Applications that are capable of processing information cards directly, without requiring the use of a card selector, can request the selector daemon to list information cards that satisfy security policy. Upon receiving such a request, selector daemon can determine the information cards available on the computer that satisfy the security policy, and can identify these information cards to the requesting application. The applications can then use the identified information cards in any manner desired, without having to use a card selector: for example, by requesting a security token based on one of the information cards directly from an identity provider. | 08-13-2009 |
20090205035 | INFO CARD SELECTOR RECEPTION OF IDENTITY PROVIDER BASED DATA PERTAINING TO INFO CARDS - A computer system accesses metadata about an information card. The metadata can be stored locally or remotely (for example, at an identity provider). A metadata engine can be used to generate data to be provided to the user from the metadata: this data can take any desired form, such as an advertisement, a state of the user's account, or a policy update, among other possibilities. | 08-13-2009 |
20090249430 | CLAIM CATEGORY HANDLING - A relying party can have a security policy. The security policy can include claims that are categorized other than “required” and “optional”. The user can specify, in a user policy, whether or not to include in a request for a security token from an identity provider claims that are not “required”. | 10-01-2009 |
20090272797 | DYNAMIC INFORMATION CARD RENDERING - A system and method for dynamic rendering of information cards is provided. A card selector uses policies and rendering content to modify the presentation of information cards in the card selector. The policies and rendering content can be obtained from identity providers and relying parties. The rendering content can be obtained each time the card selector is invoked, just prior to rendering the information cards, or at other times specified in the policy. The rendering content can be displayed in a display area of the information card or in a content canvas outside the display area of the information card. | 11-05-2009 |
20090328166 | REMOTABLE INFORMATION CARDS - An accessor function interfaces among a client, a relying party, and an identity provider. The identity provider can “manage” personal (i.e., self-asserted) information cards on behalf of a user, making the personal information cards available on clients on which the personal information cards are not installed. The client can be an untrusted client, vulnerable to attacks such as key logging, screen capture, and memory interrogation. The accessor function can also asked as a proxy for the relying party in terms of invoking and using the information cards system, for use with legacy relying parties. | 12-31-2009 |
20100095372 | TRUSTED RELYING PARTY PROXY FOR INFORMATION CARD TOKENS - An apparatus can include a secret mapping module running on a machine and configured to create a mapping that maps a secret to a claim stored in an information card, a receiver running on the machine and configured to receive a request for the secret from a remote application, a mapping query module running on the machine and configured to perform a search for the mapping, a credential provider application running on the machine and configured to retrieve the secret based at least in part on the claim, and a transmitter configured to transmit the secret to the remote application. | 04-15-2010 |
20100187302 | MULTIPLE PERSONA INFORMATION CARDS - A computer-implemented method can include selecting an information card from a group of identified information cards, selecting a persona from a group of identified personae that are associated with the selected information card, and generating a Request for Security Token (RST) based on the selected information card and the selected persona. | 07-29-2010 |
20110153499 | PERFORMING A BUSINESS TRANSACTION WITHOUT DISCLOSING SENSITIVE IDENTITY INFORMATION TO A RELYING PARTY - A user engages in a transaction with a relying party. The relying party requests identity information from the user in a security policy and identifies transaction elements for an on-line business transaction. Typically, the security policy and transaction elements are transmitted together; the security policy can be as little as a request to conduct the on-line business transaction. The user identifies an information card that satisfies the security policy. The computer system requests a security token from the identity provider managing the information card, which can include requesting a transaction receipt for the transaction elements. The computer system then returns the security token (and the transaction receipt) to the relying party, to complete the transaction. | 06-23-2011 |
20120072970 | CHAINING INFORMATION CARD SELECTORS - A machine includes card stores to store information cards. For each card store, one or more card selectors can be provided. When performing a transaction involving information cards, a generic card selector, using a selector policy engine, can identify a card selector to use for the transaction. The identified card selector can be used to identify an information card in a card store to use in performing the transaction, which can be used to provide a security token to the relying party. | 03-22-2012 |
20120159605 | REMOTABLE INFORMATION CARDS - An accessor function interfaces among a client, a relying party, and an identity provider. The identity provider can “manage” personal (i.e., self-asserted) information cards on behalf of a user, making the personal information cards available on clients on which the personal information cards are not installed. The client can be an untrusted client, vulnerable to attacks such as key logging, screen capture, and memory interrogation. The accessor function can also asked as a proxy for the relying party in terms of invoking and using the information cards system, for use with legacy relying parties. | 06-21-2012 |
20130014208 | CHAINING INFORMATION CARD SELECTORS - A machine includes card stores to store information cards. For each card store, one or more card selectors can be provided. When performing a transaction involving information cards, a generic card selector, using a selector policy engine, can identify a card selector to use for the transaction. The identified card selector can be used to identify an information card in a card store to use in performing the transaction, which can be used to provide a security token to the relying party. | 01-10-2013 |
20130014245 | REMOTABLE INFORMATION CARDS - An accessor function interfaces among a client, a relying party, and an identity provider. The identity provider can “manage” personal (i.e., self-asserted) information cards on behalf of a user, making the personal information cards available on clients on which the personal information cards are not installed. The client can be an untrusted client, vulnerable to attacks such as key logging, screen capture, and memory interrogation. The accessor function can also asked as a proxy for the relying party in terms of invoking and using the information cards system, for use with legacy relying parties. | 01-10-2013 |
20130024908 | SYSTEM AND METHOD FOR APPLICATION-INTEGRATED INFORMATION CARD SELECTION - A selector daemon can run in the background of a computer. Applications that are capable of processing information cards directly, without requiring the use of a card selector, can request the selector daemon to list information cards that satisfy security policy. Upon receiving such a request, selector daemon can determine the information cards available on the computer that satisfy the security policy, and can identify these information cards to the requesting application. The applications can then use the identified information cards in any manner desired, without having to use a card selector: for example, by requesting a security token based on one of the information cards directly from an identity provider. | 01-24-2013 |