Abstract: A computer implemented method may include identifying a base information card stored on a client, determining whether an overlay information card is to be applied to the identified base information card, and selecting the overlay information card. The method may also include generating a final information card by applying the selected overlay information card to the identified base information card.

Abstract: Apparatus and methods are described for searching and replacing user credentials in a multiple disparate credential store environment. Upon authentication of a user to change credentials, credential information of multiple disparate credential stores is searched. Upon population of search results, users indicate which of the credentials they desire to change and results are committed upon affirmative execution in a user interface dialog. In this manner, users locate their credential information, from whatever store, and change it in quantity or singularly from a single point of control. They can also fully understand how many passwords, secrets, keys, etc., they have over the many disparate stores available to them and affirmatively control their relationship to other credential information. Reversion of credential information to an earlier time is still another feature as is retrofitting existing SSO services. Computer program products and computing network interaction are also disclosed.

Abstract: A selector daemon can run in the background of a computer. Applications that are capable of processing information cards directly, without requiring the use of a card selector, can request the selector daemon to list information cards that satisfy security policy. Upon receiving such a request, selector daemon can determine the information cards available on the computer that satisfy the security policy, and can identify these information cards to the requesting application. The applications can then use the identified information cards in any manner desired, without having to use a card selector: for example, by requesting a security token based on one of the information cards directly from an identity provider.

Abstract: A selector daemon can run in the background of a computer. Applications that are capable of processing information cards directly, without requiring the use of a card selector, can request the selector daemon to list information cards that satisfy security policy. Upon receiving such a request, selector daemon can determine the information cards available on the computer that satisfy the security policy, and can identify these information cards to the requesting application. The applications can then use the identified information cards in any manner desired, without having to use a card selector: for example, by requesting a security token based on one of the information cards directly from an identity provider.

Abstract: A machine includes card stores to store information cards. For each card store, one or more card selectors can be provided. When performing a transaction involving information cards, a generic card selector, using a selector policy engine, can identify a card selector to use for the transaction. The identified card selector can be used to identify an information card in a card store to use in performing the transaction, which can be used to provide a security token to the relying party.

Abstract: Apparatus and methods are described for coordinating user credentials across multiple disparate credential stores. A synchronizing engine requests and receives past and present credential information from the disparate credential stores. Users indicate which, if any, of the credential information they desire to synch together. Upon common formatting of the credential information, comparisons reveal whether differences exist between the past and present versions. If differences exist, the information is updated. In this manner, users link together various passwords, keys or other secrets to maintain convenience from a single point of control, such as in a single-sign-on (SSO) environment, regardless of the disparateness of the stores. The reverse is also possible such that linked credentials are accessible from the multiple stores. Retrofitting existing SSO services is another feature as are computer program products and computing network interaction.

Abstract: A computer implemented method may include identifying a base information card stored on a client, determining whether an overlay information card is to be applied to the identified base information card, and selecting the overlay information card. The method may also include generating a final information card by applying the selected overlay information card to the identified base information card.

Abstract: A machine includes card stores to store information cards. For each card store, one or more card selectors can be provided. When performing a transaction involving information cards, a generic card selector, using a selector policy engine, can identify a card selector to use for the transaction. The identified card selector can be used to identify an information card in a card store to use in performing the transaction, which can be used to provide a security token to the relying party.

Abstract: An information card overlay system can include a base card having multiple claims, an overlay card storing an overlay claim, and an overlay module that can be used to apply the overlay card to the base card. A computer-implemented method can include selecting a base card having multiple claims, selecting an overlay card storing an overlay claim, and applying the overlay card to the base card.

Abstract: An information card overlay system can include a base card having multiple claims, an overlay card storing an overlay claim, and an overlay module that can be used to apply the overlay card to the base card. A computer-implemented method can include selecting a base card having multiple claims, selecting an overlay card storing an overlay claim, and applying the overlay card to the base card.

Abstract: An apparatus can include a secret mapping module running on a machine and configured to create a mapping that maps a secret to a claim stored in an information card, a receiver running on the machine and configured to receive a request for the secret from a remote application, a mapping query module running on the machine and configured to perform a search for the mapping, a credential provider application running on the machine and configured to retrieve the secret based at least in part on the claim, and a transmitter configured to transmit the secret to the remote application.

Abstract: Apparatus and methods utilize a single-sign-on (SSO) framework on one or more physical or virtual computing devices. During use, it is determined whether SSO credentials are for use in a volatile session and/or for use amongst an application suite or a plurality of applications. In the former, the SSO credentials are either made temporarily available in a memory of the computing devices, if relatively high security is desired, or a credential store and its contents are made available to a disk, if relatively low security is acceptable. In the latter, the SSO credentials are shared during authentication of a single user as individual applications of the application suite or the plurality of applications are used or started independently. Other features contemplate credential lifetime, the destruction of credentials, timing of application usage relative to credentials as well as retrofitting existing SSO services. Computer program products and computing interaction are also disclosed.

Abstract: A selector daemon can run in the background of a computer. Applications that are capable of processing information cards directly, without requiring the use of a card selector, can request the selector daemon to list information cards that satisfy security policy. Upon receiving such a request, selector daemon can determine the information cards available on the computer that satisfy the security policy, and can identify these information cards to the requesting application. The applications can then use the identified information cards in any manner desired, without having to use a card selector: for example, by requesting a security token based on one of the information cards directly from an identity provider.

Abstract: Apparatus and methods arrange user credentials on physical or virtual computing devices utilizing a single-sign-on framework. During use, a plurality of target environments exist for a user to logon to one or more applications thereof, including at least a personal and workplace environment. One or more roles of the user are identified per each target environment, such as a shopper in the personal environment and an engineer or manager in the workplace environment. The user has credentials per each role and are used to logon using a single-sign-on session to access the one or more applications. The credentials are stored in a secret store corresponding to the defined roles of the user per either the personal or workplace environment. Workplace policies defining the roles or synching credentials are other features as are establishing default roles or retrofitting existing SSO services. Computer program products and computing interaction are also disclosed.

Abstract: Apparatus and methods are described for using preferential credentials in an environment of multiple disparate credential stores. For at least two disparate credential stores, credential information is known, including a preferred credential indicated by a user. Upon indication of a desire to link another credential information to the preferred credential information, the two are mapped to one another. Users can sign-on, singularly, with the preferred credential information, and have access to both the disparate credential stores. A credential value can be shared by multiple credential ID's or one credential ID can be associated with multiple credential values thereby giving users the ability to cross-reference secrets and credentials for most efficiency. Default credentials are also possible as are retrofits for existing SSO services. Policy applications, computer program products and computing network interaction are other noteworthy features.

Abstract: Apparatus and methods are described for searching and replacing user credentials in a multiple disparate credential store environment. Upon authentication of a user to change credentials, credential information of multiple disparate credential stores is searched. Upon population of search results, users indicate which of the credentials they desire to change and results are committed upon affirmative execution in a user interface dialog. In this manner, users locate their credential information, from whatever store, and change it in quantity or singularly from a single point of control. They can also fully understand how many passwords, secrets, keys, etc., they have over the many disparate stores available to them and affirmatively control their relationship to other credential information. Reversion of credential information to an earlier time is still another feature as is retrofitting existing SSO services. Computer program products and computing network interaction are also disclosed.

Abstract: Apparatus and methods are described for coordinating user credentials across multiple disparate credential stores. A synchronizing engine requests and receives past and present credential information from the disparate credential stores. Users indicate which, if any, of the credential information they desire to synch together. Upon common formatting of the credential information, comparisons reveal whether differences exist between the past and present versions. If differences exist, the information is updated. In this manner, users link together various passwords, keys or other secrets to maintain convenience from a single point of control, such as in a single-sign-on (SSO) environment, regardless of the disparateness of the stores. The reverse is also possible such that linked credentials are accessible from the multiple stores. Retrofitting existing SSO services is another feature as are computer program products and computing network interaction.

Abstract: A machine includes card stores to store information cards. For each card store, one or more card selectors can be provided. When performing a transaction involving information cards, a generic card selector, using a selector policy engine, can identify a card selector to use for the transaction. The identified card selector can be used to identify an information card in a card store to use in performing the transaction, which can be used to provide a security token to the relying party.

Abstract: When a user connects a pluggable card store to a machine, the machine plugs a pluggable card provider into a card provider registry. The pluggable card store can be an object portable to the user, or can be a remote store available via some connection, such as an FTP connection. The user can then use the information cards stored on the pluggable card store in a transaction.

Abstract: A fire or explosion suppression system provided with a source of pressurized suppressant and an apertured release suppressant nozzle which extends into the area protected by the system is provided with a cover unit which prevents the nozzle from becoming clogged or impeded by solid materials present in the protected zone. The cover unit that envelops the nozzle is of elastomeric material and has four internal grooves defining lines of weakness which present a cross-pattern. Upon release of the suppressant, the cover unit ruptures along the lines of weakness whereby the petal-shaped areas of the unit defined by the grooves open up for free flow of suppressant therepast.