Abstract: The present disclosure is directed to a method and system for obtaining or allowing single sign-on capability for remote applications. The system receives a request a user device to register with a remote application or desktop service. The system then authenticates the user with the service, by receiving the user's credentials, and generating an access token and a single sign-on token. The user is presented with a list of remote applications that can be accessed through the service. The system receives the indication of the selection by the user and then proceeds to authenticate the user with the remote application. The remote application connects with the authentication service and presents the tokens that were generated in a certificate request to the authentication service. The authentication service uses this request and obtains a certificate authority a logon certificate that is used to log the user into the remote application.

Abstract: A system and method for controlling distribution and use of digital identity representations (“DIRs”) increases security, usability, and oversight of DIR use. A DIR stored on a first device may be obtained by a second device for use in satisfying the security policy of a relying party. Release of the DIR to the second device requires permission from a device or entity that may be different from the device or entity attempting to access the relying party. Further, the use of the DIR to obtain an identity token may separately require permission of even a different person or entity and may be conditioned upon receiving satisfactory information relating to the intended use of the DIR (e.g., the name of the relying party, type of operation being attempted, etc.). By controlling the distribution and use of DIRs, security of the principal's identity and supervisory control over a principal's activities are enhanced.

Abstract: A system and method for controlling distribution and use of digital identity representations (“DIRs”) increases security, usability, and oversight of DIR use. A DIR stored on a first device may be obtained by a second device for use in satisfying the security policy of a relying party. Release of the DIR to the second device requires permission from a device or entity that may be different from the device or entity attempting to access the relying party. Further, the use of the DIR to obtain an identity token may separately require permission of even a different person or entity and may be conditioned upon receiving satisfactory information relating to the intended use of the DIR (e.g., the name of the relying party, type of operation being attempted, etc.). By controlling the distribution and use of DIRs, security of the principal's identity and supervisory control over a principal's activities are enhanced.

Abstract: Examples of the present disclosure describe systems and methods for authentication by an authentication component when a client attempts to access a secured resource(s). As an example, an access request is received from a client at an authentication component. The authentication component generates an authentication challenge including criteria to assist the client in selecting an appropriate authentication credential, a request for proof of possession of the authentication credential, and challenge-specific data for the client to return in a challenge response. A challenge response is received from the client. The authentication component evaluates the challenge response and determines whether to authenticate the client for access to a resource based on the evaluated challenge response. Other examples are also described.

Abstract: A system and method for controlling distribution and use of digital identity representations (“DIRs”) increases security, usability, and oversight of DIR use. A DIR stored on a first device may be obtained by a second device for use in satisfying the security policy of a relying party. Release of the DIR to the second device requires permission from a device or entity that may be different from the device or entity attempting to access the relying party. Further, the use of the DIR to obtain an identity token may separately require permission of even a different person or entity and may be conditioned upon receiving satisfactory information relating to the intended use of the DIR (e.g., the name of the relying party, type of operation being attempted, etc.). By controlling the distribution and use of DIRs, security of the principal's identity and supervisory control over a principal's activities are enhanced.

Abstract: A system and method for controlling distribution and use of digital identity representations (“DIRs”) increases security, usability, and oversight of DIR use. A DIR stored on a first device may be obtained by a second device for use in satisfying the security policy of a relying party. Release of the DIR to the second device requires permission from a device or entity that may be different from the device or entity attempting to access the relying party. Further, the use of the DIR to obtain an identity token may separately require permission of even a different person or entity and may be conditioned upon receiving satisfactory information relating to the intended use of the DIR (e.g., the name of the relying party, type of operation being attempted, etc.). By controlling the distribution and use of DIRs, security of the principal's identity and supervisory control over a principal's activities are enhanced.

Abstract: In accordance with various aspects, the present invention relates to methods and systems for sending an identity information document comprising selecting identity information from a self-identity information store for inclusion in the identity information document. The selected identity information is read from a self-identity information store. The identity information document is generated to include the selected identity information and one or more keys, and signed using a key associated with one of the keys included in the identity information document. The identity information document is then sent to a recipient. Receiving an identity information document comprises receiving a signed identity information document from an originator. A determination is made as to whether identity information in the identity information document is reliable. The identity information is saved in a recognized identity information store if the identity information is determined to be reliable.

Abstract: A system and method for controlling distribution and use of digital identity representations (“DIRs”) increases security, usability, and oversight of DIR use. A DIR stored on a first device may be obtained by a second device for use in satisfying the security policy of a relying party. Release of the DIR to the second device requires permission from a device or entity that may be different from the device or entity attempting to access the relying party. Further, the use of the DIR to obtain an identity token may separately require permission of even a different person or entity and may be conditioned upon receiving satisfactory information relating to the intended use of the DIR (e.g., the name of the relying party, type of operation being attempted, etc.). By controlling the distribution and use of DIRs, security of the principal's identity and supervisory control over a principal's activities are enhanced.

Abstract: A shallow trench isolation structure having a negative taper angle and a method for forming same. A silicon nitride layer formed over a semiconductor substrate is etched according to a plasma etch process to form a first opening therein having sidewalls that present a negative taper angle. The substrate is etched to form a trench therein underlying the first opening. Silicon dioxide fills both the opening and the trench to form the shallow trench isolation structure, with the silicon dioxide in the opening exhibiting a negative taper angle to avoid formation of conductive stringers during subsequent process steps.

Abstract: The present invention provides a trench isolation structure, a method for manufacturing a trench isolation structure, and a method for manufacturing an integrated circuit including the trench isolation structure. In one aspect, the method includes forming a hardmask over a substrate, etching a trench in the substrate through the hardmask, forming a liner in the trench, depositing an interfacial layer over the liner within the trench and over the hardmask and filling the trench with a dielectric material.

Abstract: A computer system is configured to verify a connection to a web site. The computer system includes a user interface programmed to receive a uniform resource locator and a call sign associated with the web site. The computer system also includes a validator module programmed to calculate a hash value based on the uniform resource locator, a public key associated with the web site, and a salt, and the validator being programmed to compare the hash value to the call sign to verify the connection to the web site.

Abstract: A system for endpoint verification includes a computer system programmed to access one web site of a plurality of web sites associated with an organization. The computer system is programmed to receive a digital certificate of the web site and to display an attribute from the digital certificate to the user for endpoint verification. The attribute is common across two or more of the web sites of the organization.

Abstract: A computer system includes a security module programmed to generate a first privacy key for use with secure communications with a first web site, and a second privacy key for use with secure communications with a second web site, the first and second keys being different. The computer system also includes an identity module programmed to receive a request from the first web site for linking a first user account associated with the first web site with a second user account associated with the second web site, and the identity module being programmed to present a user with an option to link the first and second user accounts.

Abstract: A system for providing reputation information includes a relying party programmed to receive a security token including a claim with reputation information associated with a party, and the relying party is further programmed to utilize the reputation information when deciding whether to transact with the party. A method of providing reputation information includes receiving a request for information from a party, requiring the party to provide reputation information, receiving the reputation information in a claim of a security token, and using the reputation information to decide whether to transact with the party. Another method of providing reputation information includes requesting reputation information associated with a online service from a claims authority, receiving the reputation information in a claim of a security token, and using the reputation information to decide whether to transact with the online service.

Abstract: A digital identity system includes a principal including an identity selector programmed to receive a security policy from a relying party, review a plurality of digital identities associated with the principal, and request one or more claims related to an identity of the principal from an identity provider. The principal is further programmed to receive one or more security tokens including the claims from the identity provider, and to forward the security tokens to the relying party.

Abstract: A method for forming BiCMOS integrated circuits and structures formed according to the method. After forming doped wells and gate stacks for the CMOS devices and collector and base regions for the bipolar junction transistor, an emitter layer is formed within an emitter window. A dielectric material layer is formed over the emitter layer and remains in place during etching of the emitter layer and removal of the etch mask. The dielectric material layer further remains in place during source/drain implant doping and activation of the implanted source/drain dopants. The dielectric material layer functions as a thermal barrier, to limit out-diffusion of the emitter dopants during the activation step.

Abstract: In a semiconductor substrate, a shallow trench isolation structure having a dielectric material disposed in voids of a trench-fill material and a method for forming the shallow trench isolation structure. The voids may be formed during a wet clean process after the dielectric material is formed in the trench. A conformal silicon nitride layer is formed over the substrate and in the voids. After removal of the silicon nitride layer, the voids are at least partially filled by the silicon nitride material.

Abstract: A system for providing a digital identity includes a claims transformer programmed to generate a security token including a computational token and a display token, the computational token including one or more claims associated with an identity of a principal, and the display token including display information about the claims in the computational token. The display information is configured to allow the principal to view the display token.

Abstract: A key validation service (KVS) provides the ability to assess the validity of the private key used to send secure information. Each time a user wants to send information to a recipient, the user first sends proof to the KVS that the user's private key is valid. When the KVS is assured that the user's private key is valid and has not been compromised, the key validation service creates a confirmation of validity (COV) which is encrypted using the KVS's own private key. If however, the KVS receives an indication that the user's private key has been compromised (e.g., stolen), the KVS will not issue the COV. The user sends the COV and other information to the recipient. The recipient, who has been provided the KVS's public key, decrypts the COV with the KVS's public key to determine if the user's private key is valid and has not been compromised.

Abstract: A shallow trench isolation structure having a negative taper angle and a method for forming same. A silicon nitride layer formed over a semiconductor substrate is etched according to a plasma etch process to form a first opening therein having sidewalls that present a negative taper angle. The substrate is etched to form a trench therein underlying the first opening. Silicon dioxide fills both the opening and the trench to form the shallow trench isolation structure, with the silicon dioxide in the opening exhibiting a negative taper angle to avoid formation of conductive stringers during subsequent process steps.