Abstract: A method of generating a call sign. A method of generating a call sign comprising determining a distinguished qualifier, finding a distinguished salt, and hashing the distinguished salt with the distinguished qualifier.

Abstract: A system and method for authenticating a request for a resource. A requester sends the request for a resource to a server in a first protocol. The server may send a challenge message to the requester. In response, the requester employs a challenge handler that performs an interactive challenge with a challenge server in a second protocol. Upon successful conclusion of the interactive challenge, the challenge handler synchronizes with a request handler, which sends a challenge response message to the server. The server may then enable access to the requested resource.

Abstract: Exemplary embodiments disclosed herein may include a method and system for creating pair-wise security keys, comprising receiving an identity key from a website, generating a master key, creating a pair-wise symmetric key or asymmetric key pair by utilizing an encryption function of the identity key and the master key, and storing the pair-wise public or symmetric key at the client and the website.

Abstract: In accordance with various aspects, the present invention relates to methods and systems for sending an identity information document comprising selecting identity information from a self-identity information store for inclusion in the identity information document. The selected identity information is read from a self-identity information store. The identity information document is generated to include the selected identity information and one or more keys, and signed using a key associated with one of the keys included in the identity information document. The identity information document is then sent to a recipient. Receiving an identity information document comprises receiving a signed identity information document from an originator. A determination is made as to whether identity information in the identity information document is reliable. The identity information is saved in a recognized identity information store if the identity information is determined to be reliable.

Abstract: Exemplary embodiments disclosed herein may include a method and system for integrating multiple identities and identity providers, including, receiving the security policy of a service provider, determining the attributes requested by the service provider, obtaining authenticated attributes requested by the service provider, registering with a provisioning service based at least in part upon the authenticated attributes, and accessing services of the service provider based at least in part upon the registration from the provisioning service.

Abstract: A system for providing a digital identity includes a claims transformer programmed to generate a security token including a computational token and a display token, the computational token including one or more claims associated with an identity of a principal, and the display token including display information about the claims in the computational token. The display information is configured to allow the principal to view the display token.

Abstract: Technology is described for enabling passive enforcement of security at computing systems. A component of a computing system can passively authenticate or authorize a user based on observations of the user's interactions with the computing system. The technology may increase or decrease an authentication or authorization level based on the observations. The level can indicate what level of access the user should be granted. When the user or a component of the computing device initiates a request, an application or service can determine whether the level is sufficient to satisfy the request. If the level is insufficient, the application or service can prompt the user for credentials so that the user is actively authenticated. The technology may enable computing systems to “trust” authentication so that two proximate devices can share authentication levels.

Abstract: Technology is described for protecting transactions. The technology may include a switching component that a user can employ to switch an associated mobile device into a secure mode so that a user can confirm the transaction. After initiating a transaction request, the user can confirm the transaction request by activating the switching component, which can cause the mobile device to switch into a secure mode. In the secure mode, the mobile device may prevent the mobile device from conducting various normal activities, such as executing applications, receiving input, providing output, and so forth. The switching component may disable other processing temporarily. Upon receiving the confirmation from the user, the switching component may send a confirmation communication to complete the transaction.

Abstract: The claimed matter provides systems and/or techniques that regulate and/or prescribe an individual's behavior while playing electronic games. The system includes mechanisms and/or modalities that identify physical and/or mental activities similar to those undertaken by a game character and that are appropriate to the fitness or mental capabilities of the individual. It requests the individual to perform the activities selected during the execution of the electronic game, monitors the individual's performance of the activity, and reproduces and associates the individual's actions in performing the selected task to the game character during execution of the electronic game. Further, it enhances or diminishes attributes of the game character based on the intensity of the individual's performance of the selected activity.

Abstract: A computer system includes a security module programmed to generate a first privacy key for use with secure communications with a first web site, and a second privacy key for use with secure communications with a second web site, the first and second keys being different. The computer system also includes an identity module programmed to receive a request from the first web site for linking a first user account associated with the first web site with a second user account associated with the second web site, and the identity module being programmed to present a user with an option to link the first and second user accounts.

Abstract: Exemplary embodiments disclosed herein may include a method and system for creating an attendance marker and establishing consistent recognition of an ongoing digital relationship, including receiving an identity key about a server, creating an attendance marker, associating the attendance marker with the server. Other embodiments relate to systems and methods for recognizing a server, website, and/or other system for a client, such as a computer system for a user. Such authentication involves receiving an identity key about a web server or other system, creating an attendance marker, associating the attendance marker with the server, requesting an attendance marker associated with a server, and recognizing the server based at least in part on the attendance marker.

Abstract: Various embodiments of the present invention are directed to a method, in a computer system, for a hardware/software interface system to manipulate a plurality of discrete units of information having properties understandable by said hardware/software interface system, Items. The method uses a base schema comprising at least one of an Item as a base Item from which all other Items are derived, and at least one of a property as a base property from which all other properties are derived. Furthermore, an Item may comprise a property for referencing Categories to which the Item is a member. The Item may also comprise a property for a unique identification of that Item in the hardware/software interface system.

Abstract: The present invention extends to methods, systems, and computer program products for modeling party identities in computer storage systems. A federated identity fabric models identity data and relationships between portions of indentify data in computer storage systems in accordance with a uniform schema. The federated identity fabric can federate distributed identity and identity relationship data from computer storage systems within the variety of different computing environments. Code and metadata at computing environments associated with the federated identity fabric can interoperate to facilitate uniformly storing, accessing, modifying, deleting, and securing identity and identity relationship data within the federated identify fabric. Embodiments of the invention include utilizing an identity key table entry to locate party identity information and performing key transformations between different types of identity keys.

Abstract: A user interface, system, and method are disclosed to facilitate specification of queries and displaying corresponding results. The user interface presents the user with dimensions that contain one or more headings arranged according to an information taxonomy, which can vary based on the intended implementation for the system and user interface. A corresponding filter or query is constructed based on the user selecting of one or more headings. The filter is applied to one or more databases to return results that satisfy the filter. The results are presented in the user interface and can include interactive items based on a particular query as well as can correspond to a fully specified task.

Abstract: Creating a token for use by an entity when digitally signing documents. In a computing environment, a digital identity representation for an entity is accessed. The digital identity representation includes information identifying identity attributes about the entity and capabilities of an identity provider that provides tokens for use by the entity. Context information is accessed. The context information includes information about one or more of which, how or where the attributes for the entity identified in the digital identity representation will be used. A security token is created from the information in the digital identity representation and the context information. The security token makes assertions by the identity provider. The assertions are based on the information in the digital identity representation. The token further includes information related to at least a portion of the context information.

Abstract: A schema is provided that defines people, groups and organizations by their corresponding contact information and other related characteristics. The schema defines a person by personal data, name data, location data, and e-address data. A group is defined by group membership data and e-address data. An organization is defined by location data and by e-address data. The schema also defines role occupancies for interrelating the various contacts. The role occupancies are defined by role occupancy data that may include employee data, team member data, group membership data, family data, customer or business data, and other types of data that can link two or more contacts. By interrelating contacts based on role occupancies, the schema is able to provide rich querying of one or more databases for obtaining desired contact information.

Abstract: Exemplary methods, devices, systems, and/or storage media for organizational data management, including staging, synchronizing, and exporting of organizational data. Exemplary data aggregation rules specify methods for aggregating data from a remote repository. Schemas are exemplary rules configuration data structures having elements for associating processing data objects in a buffer space objects in a core space. The elements may also specify importing attributes into and exporting attributes from the core space.

Abstract: A system for identifying principals within a computing environment is disclosed. The system includes principal objects containing identity claims. The principal objects are used by computer processes within the environment to perform tasks related to the association of principals to activated resource objects. Exemplary principals include individuals, a group of individuals, organizations and computer modules and devices. Each identity claim uniquely identifies a specific principal within a particular scheme. To accomplish this, each identity claim includes an assertion that specifies an identification string unique to a principal within the associated scheme. Exemplary schemes for an individual include email accounts, telephone numbers, credit card account numbers and social security numbers. Thus, exemplary identification strings for an individual are specific email addresses, specific telephone numbers, etc.

Abstract: The claimed subject matter provides systems and/or methods that identify healthcare professionals appropriate to treat diseases. The system can include mechanisms that employ patient symptoms, diagnoses associated with the symptoms, proposed treatment plans, or treatment outcomes based on proposed treatment plans, to construct and utilize dependency graphs to infer a score. The inferred score can then be employed to identify qualified healthcare professionals appropriate to treat the disease as presented by the patient and indicated by the symptoms.

Abstract: The described systems and methods dynamically generate a data polyarchy from information received from a data store (e.g., a directory or database). The data polyarchy represents multiple hierarchies of inter-object relationships based on values of attributes of the objects. These multiple hierarchies are generated and represented in a manner that is independent of object naming and predetermined static hierarchical data structures.