Abstract: A protocol for issuing and controlling digital certificates is described in which an identity management system is used to identify a user requesting a digital certificate and is also used to issue the digital certificate itself. Accordingly, an IDM-based PKI system is provided.

Abstract: A protocol for issuing and controlling digital certificates is described in which an identity management system is used to identify a user requesting a digital certificate and is also used to issue the digital certificate itself. Accordingly, an IDM-based PKI system is provided.

Abstract: A protocol for issuing and controlling digital certificates is described in which an identity management system is used to identify a user requesting a digital certificate and is also used to issue the digital certificate itself. Accordingly, an IDM-based PKI system is provided.

Abstract: A method includes causing a first request to be sent; receiving a response to said request including a script; causing a second request to be sent including parameter information; running said script to determine type information associated with said parameter information; and causing said type information to be sent.

Abstract: The present invention relates to application program control, in which a browser 203 receives content 208 from a server 205 and, based on the browser content, transmit a request 209 to a port on a device 202. A response is received 211 to the request from an application 204 associated with the port which indicates that the application 204 is triggered. A second request is transmitted 217 to the port on the device 202 to indicate to the application 204 that the browser 203 will handover control, at least in part, of the device 202 to the application 204.

Abstract: An arrangement for authenticating a user at a service provider is described. The arrangement makes use of the fact that a user of a mobile communication device can be readily and securely identified by a telecommunications provider and re-uses that authentication to identify the same user when accessing the service provider from a different client. The client instructs the mobile communication device to contact an identity provider at the telecommunications provider and shared secrets are exchanged between the identity provider, mobile communication device and client to confirm that the same user is at the client and the mobile communication device.

Abstract: A method of providing data in response to a search request comprises the steps of a social networking website receiving the search request to provide a pseudonym associated with the real name; the social networking website determining that the search request is for a pseudonym which, within its database, is not associated with the real name; the social networking website referring the search request to a identity management server which contains an association between the pseudonym and the real name; the identity management server determining the pseudonym which is associated with the real name; and the identity management server providing an information item which is related to the pseudonym.

Abstract: A template is described that can be applied to user attribute data in order to generate a pseudonym/virtual identity for the user. The pseudonym includes a subset of the user's overall user attributes. The invention also enables a user to determine whether a particular pseudonym meets the requirements of a template by checking the pseudonym against a template provided, for example, by a service provider.

Abstract: A protocol for issuing and controlling digital certificates is described in which an identity management system is used to identify a user requesting a digital certificate and is also used to issue the digital certificate itself. Accordingly, an IDM-based PKI system is provided.

Abstract: The present invention relates to an improved identity management in which a first authentication request is received from a service provider where the first authentication request requests authentication attributes relating to a user. A second authentication request is transmitted to an identity provider and a first authentication response is received from the identity provider wherein the first authentication response includes at least one authentication attribute relating to said user. At least one predefined policy is applied to the first authentication response to generate a second authentication response and the second authentication response is transmitted to the service provider.

Abstract: The invention enables a user to use single-sign-on methodologies to obtain access to a service where that user has more than one account. In addition to querying an identity provider to obtain user credentials in the usual way, the invention enables an application to request and obtain further credentials for that user in order to enable the user to gain access to the desired user account. The user may then be prompted to select which of the available accounts should be used at the application.

Abstract: A method of providing data in response to a search request comprises the steps of a social networking website receiving the search request to provide a pseudonym associated with the real name; the social networking website determining that the search request is for a pseudonym which, within its database, is not associated with the real name; the social networking website referring the search request to a identity management server which contains an association between the pseudonym and the real name; the identity management server determining the pseudonym which is associated with the real name; and the identity management server providing an information item which is related to the pseudonym.

Abstract: A local identity management module is described that is able to identify each of a plurality of user devices. The user devices communicate with the outside world via a network address translation device that converts an internal address of the user devices to a single internet protocol address, typically the internet protocol address of the network address translation device. An external identity management system can communicate with the local identity management module in order to identify which of said plurality of user devices made a particular request and, in some embodiments, to identify a user of said user device.

Abstract: An arrangement for authenticating a user at a service provider is described. The arrangement makes use of the fact that a user of a mobile communication device can be readily and securely identified by a telecommunications provider and re-uses that authentication to identify the same user when accessing the service provider from a different client. The client instructs the mobile communication device to contact an identity provider at the telecommunications provider and shared secrets are exchanged between the identity provider, mobile communication device and client to confirm that the same user is at the client and the mobile communication device.

Abstract: A USB memory stick, or similar device, is provided having software installed thereon to enable a user to access restricted applications without a user device needing to handle user credential data. In use, the stick receives a request from the user device for access to an application, obtains first user identification information from the user device, uses the first user identification information and the application information to obtain user credentials from an identity management system, which user credentials are required by the application in order to grant the user access to the application, and provides the user credentials to the application without the user credentials needing to be provided to the user device.

Abstract: A gateway is provided between an application and a server. The gateway is used to modify content sent from the server to the application via the gateway. The modification may include adding, removing or modifying content. The modification process is user-dependent and an identity management system is used for identifying the user.

Abstract: An arrangement for providing users with access to services is described. Access requests received from users are monitored by a gateway and, where appropriate, user credentials for a service that is being accessed are inserted by the gateway. The gateway monitors packets of data in order to check user credentials. The gateway is also able to modify packets of data to insert user credentials, if necessary.