Abstract: Techniques for managing security contexts may be described. An apparatus may comprise a processor and a security management module. The security management module may form a merged security context for multiple concurrent threads, with one of the threads depending on more than one preceding operation from other threads. Other embodiments are described and claimed.

Abstract: The systems and methods provide for configuring and managing resources on a multi-purpose IC card. In one aspect, a user interface (UI) for an application is presented on a display device. A user is enabled via at least one graphical dialog screen of the UI to configure a communicatively coupled IC card. Management of one or more resources on the IC card is facilitated via at least one graphical dialog screen of the UI.

Abstract: Techniques for managing security contexts may be described. An apparatus may comprise a processor and a security management module. The security management module may form a merged security context for multiple concurrent threads, with one of the threads depending on more than one preceding operation from other threads. Other embodiments are described and claimed.

Abstract: A resource of a first organization provides access thereto to a requestor of a second organization. A first administrator of the first organization issues a first credential to a second administrator of the second organization, including policy that the second administrator may issue a second credential to the requestor on behalf of the first administrator. The second administrator issues the second credential to the requester, including the issued first credential. The requestor requests access from the resource and includes the issued first and second credentials. The resource validates that the issued first credential ties the first administrator to the second administrator, and that the issued second credential ties the second administrator to the requester. The resource thus knows that the request is based on rights delegated from the first administrator to the requester by way of the second administrator.

Abstract: An access control policy engine associated with a resource determines whether to allow a request to access same. The engine receives the request with an security token, retrieves the token determines a type thereof, and maps access decision information in the token to a common format as at least one security claim setting forth adequate information to determine a right of the requestor. Thereafter, the engine retrieves a set of rules for accessing the resource, applies the rules to the security claims to determine whether to allow the request from the requestor, and if the request is to be allowed, provides the requestor access to the resource in accordance with the request and the rights of the requestor as determined based on the security claims.

Abstract: A digital certificate is employed to produce a digital signature for a digital construct. In the digital certificate is set forth a certificate validity period defining for the digital certificate a time period during which the digital certificate is to be honored as valid for producing digital signatures, and a signature validity period defining for each digital signature produced based on the digital certificate a time period during which the digital signature is to be honored as valid.

Abstract: To establish trust between first and second entities, the first entity sends an attestation message to the second entity, including a code ID, relevant data, a digital signature based on the code ID and data, and a certificate chain. The second entity verifies the signature and decides whether to in fact enter into a trust-based relationship with the first entity based on the code ID and the data in the attestation message. Upon so deciding, the second entity sends a trust message to the first entity, including a secret to be shared between the first and second entities. The first entity obtains the shared secret in the trust message and employs the shared secret to exchange information with the second entity.

Abstract: The systems and methods provide for configuring and managing resources on a multi-purpose IC card. In one aspect, a user interface (UI) for an application is presented on a display device. A user is enabled via at least one graphical dialog screen of the UI to configure a communicatively coupled IC card. Management of one or more resources on the IC card is facilitated via at least one graphical dialog screen of the UI.

Abstract: A computerized system offers a uniform platform for conducting electronic transactions in multiple different environments. The system includes a portable, multi-purpose, integrated circuit (IC) card and complimentary computer software which enables access and management of resources maintained on the IC card. The software runs on a user's personal computer, empowering the user to initialize the IC card, configure the card with the resources that the user wants to maintain on the card, and to manage those resources. The software enables the user to generate private/public key pairs and establish or change passcodes for access to the card resources. The IC card itself provides the electronic vehicle for securely transporting the user's private keys and certificates without exposing them in plaintext form.

Abstract: A computerized system offers a uniform platform for conducting electronic transactions in multiple different environments. The system includes a portable, multi-purpose, integrated circuit (IC) card and complimentary computer software which enables access and management of resources maintained on the IC card. The software runs on a user's personal computer, empowering the user to initialize the IC card, configure the card with the resources that the user wants to maintain on the card, and to manage those resources. The software enables the user to generate private/public key pairs and establish or change passcodes for access to the card resources. The IC card itself provides the electronic vehicle for securely transporting the user's private keys and certificates without exposing them in plaintext form.