Abstract: A user defines an audit policy. The audit policy identifies one or more triggers that, when related information is included in a security token, trigger the performance of the audit. The audit can include notifying the user in some manner that the trigger occurred. The audit can require in-line confirmation of the audit, so that the security token is not transmitted until the user confirms the audit.

Abstract: An accessor function interfaces among a client, a relying party, and an identity provider. The identity provider can “manage” personal (i.e., self-asserted) information cards on behalf of a user, making the personal information cards available on clients on which the personal information cards are not installed. The client can be an untrusted client, vulnerable to attacks such as key logging, screen capture, and memory interrogation. The accessor function can also asked as a proxy for the relying party in terms of invoking and using the information cards system, for use with legacy relying parties.

Abstract: A string matching system is described herein that provides for very fast and efficient pattern matching against large sets of certain types of pattern strings. If a set of pattern strings is comprised of strings that can be logically divided into segments, these pattern strings can be stored efficiently in a tree-like data structure, segment by segment, storing pattern-match syntax segments separately from literal string segments. After segmentation, individual match candidate strings are compared, segment by segment, against elements in the tree. The system uses a data structure that is conceptually a combination of a tree and a hash table. Using a hash table to implement the branching elements at each level in the tree contributes to quick matching speed at each level. By consistently separating strings into segments, the system can also share storage locations for like elements in the data structure.

Abstract: A process for treating a water stream containing dissolved organic carbon and dissolved salts comprises subjecting the water stream to reverse osmosis after a pre-treatment step to reduce the amount of dissolved organic carbon directed in water to the reverse osmosis treatment step. The preferred pre-treatment step is a membrane treatment step such as nanofiltration. The process enables treatment of complex effluents including mixtures of domestic and industrial effluents. Treated water may be recycled and a treatment plant (100) employing the process forms another aspect of the invention.

Abstract: An accessor function interfaces among a client, a relying party, and an identity provider. The identity provider can “manage” personal (i.e., self-asserted) information cards on behalf of a user, making the personal information cards available on clients on which the personal information cards are not installed. The client can be an untrusted client, vulnerable to attacks such as key logging, screen capture, and memory interrogation. The accessor function can also asked as a proxy for the relying party in terms of invoking and using the information cards system, for use with legacy relying parties.

Abstract: A computer implemented method may include identifying a base information card stored on a client, determining whether an overlay information card is to be applied to the identified base information card, and selecting the overlay information card. The method may also include generating a final information card by applying the selected overlay information card to the identified base information card.

Abstract: An information card overlay system can include a base card having multiple claims, an overlay card storing an overlay claim, and an overlay module that can be used to apply the overlay card to the base card. A computer-implemented method can include selecting a base card having multiple claims, selecting an overlay card storing an overlay claim, and applying the overlay card to the base card.

Abstract: A user engages in a transaction with a relying party. The relying party requests identity information from the user in a security policy and identifies transaction elements for an on-line business transaction. Typically, the security policy and transaction elements are transmitted together; the security policy can be as little as a request to conduct the on-line business transaction. The user identifies an information card that satisfies the security policy. The computer system requests a security token from the identity provider managing the information card, which can include requesting a transaction receipt for the transaction elements. The computer system then returns the security token (and the transaction receipt) to the relying party, to complete the transaction.

Abstract: When a user connects a pluggable card store to a machine, the machine plugs a pluggable card provider into a card provider registry. The pluggable card store can be an object portable to the user, or can be a remote store available via some connection, such as an FTP connection. The user can then use the information cards stored on the pluggable card store in a transaction.

Abstract: A user engages in a transaction with a relying party. The relying party requests identity information from the user in a security policy and identifies transaction elements for an on-line business transaction. Typically, the security policy and transaction elements are transmitted together; the security policy can be as little as a request to conduct the on-line business transaction. The user identifies an information card that satisfies the security policy. The computer system requests a security token from the identity provider managing the information card, which can include requesting a transaction receipt for the transaction elements. The computer system then returns the security token (and the transaction receipt) to the relying party, to complete the transaction.

Abstract: The invention relates to the generation of user selected pages from an internet site and the delay in the reformatting of the same following a user selection of a new data event i.e. the selection of a new page which is to be displayed. In accordance with the invention, upon a user selection, reformatting of the page is delayed either for a predesignated time interval from the previous page reformatting or until all or a predefined amount of the data for the new page has been received. This allows the processor to be controlled hence preventing delays and/or errors in navigational functions and also can reduce the generation of “flicker” on the on-screen display.

Abstract: A system can include an authorization token provided by a user, the authorization token specifying user identification information to be made accessible by an information card host to a relying party, an information card stored at the information card host, and an identity token generated or requested by the information card host in response to a request for identity token from the relying party.

Abstract: A computer-implemented method can include selecting an information card from a group of identified information cards, selecting a persona from a group of identified personae that are associated with the selected information card, and generating a Request for Security Token (RST) based on the selected information card and the selected persona.

Abstract: An information card overlay system can include a base card having multiple claims, an overlay card storing an overlay claim, and an overlay module that can be used to apply the overlay card to the base card. A computer-implemented method can include selecting a base card having multiple claims, selecting an overlay card storing an overlay claim, and applying the overlay card to the base card.

Abstract: A system and method is presented for database restoration in a distributed data system. The distributed data system has a first database on a first server which needs restoration. The first database is first restored with a predetermined full backup file, the full backup file being made at a first predetermined time. The first database is then restored with one or more incremental backup files, the incremental backup files being made since the first predetermined time and having the most recent backup file made at a second predetermined time. A transaction log documenting data transactions since the second predetermined time is then examined. One or more transactions listed in the transaction log after the second predetermined time are then executed since they are not included in the incremental backup files.

Abstract: An apparatus can include a secret mapping module running on a machine and configured to create a mapping that maps a secret to a claim stored in an information card, a receiver running on the machine and configured to receive a request for the secret from a remote application, a mapping query module running on the machine and configured to perform a search for the mapping, a credential provider application running on the machine and configured to retrieve the secret based at least in part on the claim, and a transmitter configured to transmit the secret to the remote application.

Abstract: A client includes a card selector, and receives a security policy from a relying party. If the client does not have an information card that can satisfy the security policy, the client can define a virtual information card, either from the security policy or by augmenting an existing information card. The client can also use a local security policy that controls how and when a virtual information card is defined. The virtual information card can then be used to generate a security token to satisfy the security policy.

Abstract: Systems and methods for generation of site-specific credentials using information cards are provided. An apparatus can include a machine, a browser on the machine configured to receive a request from a relying party site for a credential from a user, a receiver to receive one or more inputs, a site-specific credential generator to generate the credential based on the inputs, and a transmitter configured to transmit the generated credential to the relying party site.

Abstract: Systems and methods for automatic, non-interactive generation of information card tokens are provided. An apparatus can include a receiver, a transmitter, and an information card token generator, wherein the information card token generator is operable to generate an information card token in response to an information card token request received from a relying party site, the information card security token being based at least in part on a user-defined policy.

Abstract: An accessor function interfaces among a client, a relying party, and an identity provider. The identity provider can “manage” personal (i.e., self-asserted) information cards on behalf of a user, making the personal information cards available on clients on which the personal information cards are not installed. The client can be an untrusted client, vulnerable to attacks such as key logging, screen capture, and memory interrogation. The accessor function can also asked as a proxy for the relying party in terms of invoking and using the information cards system, for use with legacy relying parties.