Abstract: A system implements a Policy-Governed Content Mediation Model for Mobile Augmented Reality (MAR) applications (MAR-Apps) by regulating the real-time interaction between digital MAR content, e.g., 3D objects displayed on top of a video stream, and the actual physical world. The system regulates the way MAR content is distributed inside physical spaces by means of the specification, evaluation, and enforcement of user-friendly authorization policies based on security-relevant information, a.k.a., attributes, ultimately resulting in the avoidance of unwanted content distribution and/or unwanted user interactions. Consequently, the system protects sensitive spaces as only authorized MAR content is authorized to merge with the physical surroundings. Additionally, the system allows benign multi-user interactions and respects the users' privacy by granting and enforcing management over user-supplied sensitive information.

Abstract: An embodiment of a blockchain-based cryptographic key generation method and system that leverages existing values locally available within a distributed ledger to generate cryptographic keys independent of a third-party server is disclosed herein.

Abstract: An embodiment of a blockchain-based cryptographic key generation method and system that leverages existing values locally available within a distributed ledger to generate cryptographic keys independent of a third-party server is disclosed herein.

Abstract: A client-side user agent operates in conjunction with an identity selector to institute and exercise privacy control management over user identities managed by the identity selector. The user agent includes the combination of a privacy enforcement engine, a storage of rulesets expressing user privacy preferences, and a preference editor. The editor enables the user to direct the composition of privacy preferences relative to user identities. The preferences can be applied to individual cards and to categorized groups of attributes. The engine evaluates the proper rulesets against the privacy policy of a service provider. The privacy preferences used by the engine are determined on the basis of specifications in a security policy indicating the attribute requirements for claims that purport to satisfy the security policy.

Abstract: Various embodiments of a system and method for authenticating a call request header including identity information that is lightweight and deployable in VoIP and PSTN systems are disclosed.

Abstract: A privacy preference editor enables a user to institute privacy preferences relative to user identity information on a card-based and category-based basis. An identity selector furnishes information cards representative of user identities. The editor allows the user to set a privacy preference for each information card. Any proposed disclosure of an information card invokes its corresponding privacy preference. In turn, an agent engine evaluates the invoked privacy preference against the privacy policy of a relying party seeking the card information. The editor also permits the user to create information categories, populate the categories with a group of relevant user identity attributes, and set a privacy preference to the category. In this way, a category-specific privacy preference can be invoked by using the attribute required by the security policy as an index to the appropriate categorized group where the required attribute resides.

Abstract: A privacy enforcement engine conducts a process that evaluates user privacy preferences against the privacy policy of a service provider. The engine works in conjunction with an identity selector. The identity selector filters user identity information cards to determine which ones satisfy the requirements of a security policy. The engine identifies privacy preferences that are relevant to the user identity information specified by the successfully filtered cards. The engine evaluates these privacy preferences against the privacy policy, to provide its own filtering operation relative to the exercise of privacy controls. The cards that pass the filtering operation conducted by the engine are deemed available for disclosure.

Abstract: A user-portable computing device configured as a smart card enables a user to carry identification information and to generate security tokens for use in authenticating the user to a service provider. The device includes memory for storing user identities as information cards that are exported to a host computer, presented to a user in visual form, and then selected for use in the authentication process. A security token service installed on the device issues a security token in response to a token request sent from the host computer that references the selected user identity. The security token service uses user attribute information stored on the user device to compose the claim assertions needed to issue the security token. The token is returned to the host computer and used to facilitate the authentication process.

Abstract: A combination includes a user-portable computing device, and an identity selector adapted for interoperable use with the user device. The user computing device includes a security token service that issues security tokens in reference to a portfolio of user identities stored as information cards on the user device. The issuance of security tokens employs user attribute information that is stored onboard the user device. The identity selector exports the information cards from the user device and determines which user identity satisfies a security policy promulgated by a relying party as part of an authentication process within the context of an online interaction. The identity selector generates a token request based on one of the eligible user identities, and forwards the token request to the user device to invoke the token issuance operation. The identity selector presents the issued security token to the relying party to comply with the security policy.

Abstract: An identity management system incorporates privacy management processes that enable the user to exercise privacy controls over the disclosure of user identity information within the context of an authentication process. A combination includes an identity selector, a privacy engine, and a ruleset. The identity selector directs the release of a user identity in the form of a security token to satisfy the requirements dictated by a security policy. Prior to release of the user identity, the engine conducts a privacy enforcement process that examines the privacy policy of the service provider and determines if it is acceptable. The engine evaluates a ruleset against the privacy policy. A preference editor enables the user to construct, in advance, the ruleset, which embodies the user's privacy preferences regarding the disclosure of identity information.

Abstract: A client-side user agent operates in conjunction with an identity selector to institute and exercise privacy control management over user identities managed by the identity selector. The user agent includes the combination of a privacy enforcement engine, a storage of rulesets expressing user privacy preferences, and a preference editor. The editor enables the user to direct the composition of privacy preferences relative to user identities. The preferences can be applied to individual cards and to categorized groups of attributes. The engine evaluates the proper rulesets against the privacy policy of a service provider. The privacy preferences used by the engine are determined on the basis of specifications in a security policy indicating the attribute requirements for claims that purport to satisfy the security policy.

Abstract: An identity selector manages the identity requirements of an online interaction between a user and a service provider environment. The identity selector is adapted for interoperable use with a user-portable computing device. The user device enables a user to carry identification information and to generate security tokens for use in authenticating the user to a service provider. The identity selector includes an agent module that facilitates communication with the user device. The identity selector imports the user identities from the user device and determines which user identities satisfy a security policy of a relying party. After the user selects one of the eligible user identities, the identity selector generates a token request based on the selected identity and forwards it to the user device, which in response issues a security token. The security token is returned to the identity selector and used to facilitate the authentication process.

Abstract: A client-side user agent operates in conjunction with an identity selector to institute and exercise privacy control management over user identities managed by the identity selector. The user agent includes the combination of a privacy enforcement engine, a storage of rulesets expressing user privacy preferences, and a preference editor. The editor enables the user to direct the composition of privacy preferences relative to user identities. The preferences can be applied to individual cards and to categorized groups of attributes. The engine evaluates the proper rulesets against the privacy policy of a service provider. The privacy preferences used by the engine are determined on the basis of specifications in a security policy indicating the attribute requirements for claims that purport to satisfy the security policy.

Abstract: A combination includes a user-portable computing device, and an identity selector adapted for interoperable use with the user device. The user computing device includes a security token service that issues security tokens in reference to a portfolio of user identities stored as information cards on the user device. The issuance of security tokens employs user attribute information that is stored onboard the user device. The identity selector exports the information cards from the user device and determines which user identity satisfies a security policy promulgated by a relying party as part of an authentication process within the context of an online interaction. The identity selector generates a token request based on one of the eligible user identities, and forwards the token request to the user device to invoke the token issuance operation. The identity selector presents the issued security token to the relying party to comply with the security policy.

Abstract: Various embodiments of a system and method for authenticating a call request header including identity information that is lightweight and deployable in VoIP and PSTN systems are disclosed.

Abstract: A privacy preference editor enables a user to institute privacy preferences relative to user identity information on a card-based and category-based basis. An identity selector furnishes information cards representative of user identities. The editor allows the user to set a privacy preference for each information card. Any proposed disclosure of an information card invokes its corresponding privacy preference. In turn, an agent engine evaluates the invoked privacy preference against the privacy policy of a relying party seeking the card information. The editor also permits the user to create information categories, populate the categories with a group of relevant user identity attributes, and set a privacy preference to the category. In this way, a category-specific privacy preference can be invoked by using the attribute required by the security policy as an index to the appropriate categorized group where the required attribute resides.

Abstract: A user-portable computing device configured as a smart card enables a user to carry identification information and to generate security tokens for use in authenticating the user to a service provider. The device includes memory for storing user identities as information cards that are exported to a host computer, presented to a user in visual form, and then selected for use in the authentication process. A security token service installed on the device issues a security token in response to a token request sent from the host computer that references the selected user identity. The security token service uses user attribute information stored on the user device to compose the claim assertions needed to issue the security token. The token is returned to the host computer and used to facilitate the authentication process.

Abstract: An identity management system incorporates privacy management processes that enable the user to exercise privacy controls over the disclosure of user identity information within the context of an authentication process. A combination includes an identity selector, a privacy engine, and a ruleset. The identity selector directs the release of a user identity as a security token to satisfy the requirements dictated by a security policy. Prior to release of the user identity, the engine conducts a privacy enforcement process that examines the privacy policy of the service provider and determines its acceptability. The engine evaluates a ruleset against the privacy policy. A preference editor enables the user to construct, in advance, the ruleset embodying the user's privacy preferences regarding the disclosure of identity information. Based on the evaluation results, the user can either approve or disapprove the privacy policy, and decide whether to proceed with disclosure of the user identity.

Abstract: An identity selector manages the identity requirements of an online interaction between a user and a service provider environment. The identity selector is adapted for interoperable use with a user-portable computing device. The user device enables a user to carry identification information and to generate security tokens for use in authenticating the user to a service provider. The identity selector includes an agent module that facilitates communication with the user device. The identity selector imports the user identities from the user device and determines which user identities satisfy a security policy of a relying party. After the user selects one of the eligible user identities, the identity selector generates a token request based on the selected identity and forwards it to the user device, which in response issues a security token. The security token is returned to the identity selector and used to facilitate the authentication process.

Abstract: A privacy preference editor enables a user to institute privacy preferences relative to user identity information on a card-based and category-based basis. An identity selector furnishes information cards representative of user identities. The editor allows the user to set a privacy preference for each information card. Any proposed disclosure of an information card invokes its corresponding privacy preference. In turn, an agent engine evaluates the invoked privacy preference against the privacy policy of a relying party seeking the card information. The editor also permits the user to create information categories, populate the categories with a group of relevant user identity attributes, and set a privacy preference to the category. In this way, a category-specific privacy preference can be invoked by using the attribute required by the security policy as an index to the appropriate categorized group where the required attribute resides.