US2012159605A1PendingUtilityA1

Remotable information cards

51
Assignee: BURCH LLOYD LEONPriority: Mar 16, 2007Filed: Feb 29, 2012Published: Jun 21, 2012
Est. expiryMar 16, 2027(~0.7 yrs left)· nominal 20-yr term from priority
G06F 21/34
51
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

An accessor function interfaces among a client, a relying party, and an identity provider. The identity provider can “manage” personal (i.e., self-asserted) information cards on behalf of a user, making the personal information cards available on clients on which the personal information cards are not installed. The client can be an untrusted client, vulnerable to attacks such as key logging, screen capture, and memory interrogation. The accessor function can also asked as a proxy for the relying party in terms of invoking and using the information cards system, for use with legacy relying parties.

Claims

exact text as granted — not AI-modified
1 . An apparatus, comprising:
 a machine; and   an accessor function on the machine, the accessor function operative to invoke a card selector on a client, receive a security token, and use said security token to grant said client access to a resource on a relying party,   wherein the machine is separate from said relying party and said client.   
     
     
         2 . An apparatus according to  claim 1 , wherein the accessor function is further operative to authenticate a user on said client before receiving said security token. 
     
     
         3 . An apparatus according to  claim 2 , wherein the machine includes an out-of-band authentication mode to authenticate said user on said client. 
     
     
         4 . An apparatus according to  claim 1 , wherein the accessor function is operative to forward said security token to said relying party to grant said client access to said resource on said relying party. 
     
     
         5 . An apparatus according to  claim 1 , wherein the accessor function is operative to access information from said security token and to use said information from said security token to form fill a website of said relying party. 
     
     
         6 . A method according to  claim 1 , wherein the accessor function is operative to access information from said security token and to use said information from said security token to authenticate a user of said client to said relying party without providing said security token to said relying party. 
     
     
         7 . An apparatus according to  claim 1 , wherein the accessor function is operative to receive said security token from said client. 
     
     
         8 . An apparatus according to  claim 1 , wherein:
 the accessor function is operative to receive said security token from an identity provider; and   the machine is separate from said identity provider.   
     
     
         9 . A method, comprising:
 receiving a request for a security token from a relying party at an accessor function;   invoking a card selector on a client by the accessor function;   receiving the security token at the accessor function, the security token based on a use of the card selector; and   using the security token by the accessor function to grant the client access to a resource on the relying party,   wherein the accessor function is on a separate machine from the relying party and the client.   
     
     
         10 . A method according to  claim 9 , further comprising authenticating a user on the client by the accessor function before receiving the security token from the client. 
     
     
         11 . A method according to  claim 10 , wherein authenticating the user by the accessor function includes authenticating the user by the accessor function using an out-of-band authentication mode. 
     
     
         12 . A method according to  claim 9 , wherein using the security token by the accessor function to grant the client access to a resource on the relying party includes forwarding the security token from the accessor function to the relying party. 
     
     
         13 . A method according to  claim 9 , wherein using the security token by the accessor function to grant the client access to a resource on the relying party includes:
 accessing information from the security token by the accessor function; and   using the information from the security token by the accessor function to form fill a website of the relying party.   
     
     
         14 . A method according to  claim 9 , wherein using the security token by the accessor function to grant the client access to a resource on the relying party includes:
 accessing information from the security token by the accessor function; and   using the information from the security token by the accessor function to authenticate a user of the client to the relying party without providing the security token to the relying party.   
     
     
         15 . A method according to  claim 9 , wherein receiving the security token at the accessor function includes receiving the security token at the accessor function from the client. 
     
     
         16 . A method according to  claim 9 , wherein receiving the security token at the accessor function includes receiving the security token at the accessor function from an identity provider without receiving the security token from the client, the accessor function on a separate machine from the identity provider. 
     
     
         17 . An article, comprising a non-transitory storage medium, said non-transitory storage medium having stored thereon instructions that, when executed by a machine, result in:
 receiving a request for a security token from a relying party at an accessor function;   invoking a card selector on a client by the accessor function;   receiving the security token at the accessor function, the security token based on a use of the card selector; and   using the security token by the accessor function to grant the client access to a resource on the relying party,   wherein the accessor function is on a separate machine from the relying party and the client.   
     
     
         18 . An article according to  claim 17 , said non-transitory storage medium having stored thereon further instructions that, when executed by the machine, result in authenticating a user on the client by the accessor function before receiving the security token from the client. 
     
     
         19 . An article according to  claim 18 , wherein authenticating the user by the accessor function includes authenticating the user by the accessor function using an out-of-band authentication mode. 
     
     
         20 . An article according to  claim 17 , wherein using the security token by the accessor function to grant the client access to a resource on the relying party includes forwarding the security token from the accessor function to the relying party. 
     
     
         21 . An article according to  claim 17 , wherein using the security token by the accessor function to grant the client access to a resource on the relying party includes:
 accessing information from the security token by the accessor function; and   using the information from the security token by the accessor function to form fill a website of the relying party.   
     
     
         22 . An article according to  claim 17 , wherein using the security token by the accessor function to grant the client access to a resource on the relying party includes:
 accessing information from the security token by the accessor function; and   using the information from the security token by the accessor function to authenticate a user of the client to the relying party without providing the security token to the relying party.   
     
     
         23 . An article according to  claim 17 , wherein receiving the security token at the accessor function includes receiving the security token at the accessor function from the client. 
     
     
         24 . An article according to  claim 17 , wherein receiving the security token at the accessor function includes receiving the security token at the accessor function from an identity provider without receiving the security token from the client, the accessor function on a separate machine from the identity provider.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.