Patents by Inventor Thomas E. Doman
Thomas E. Doman has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8632003Abstract: A computer-implemented method can include selecting an information card from a group of identified information cards, selecting a persona from a group of identified personae that are associated with the selected information card, and generating a Request for Security Token (RST) based on the selected information card and the selected persona.Type: GrantFiled: January 27, 2009Date of Patent: January 21, 2014Assignee: Novell, Inc.Inventors: James Sermersheim, Andrew A. Hodgkinson, Daniel S. Sanders, Thomas E. Doman, Duane F. Buss
-
Patent number: 8468576Abstract: A selector daemon can run in the background of a computer. Applications that are capable of processing information cards directly, without requiring the use of a card selector, can request the selector daemon to list information cards that satisfy security policy. Upon receiving such a request, selector daemon can determine the information cards available on the computer that satisfy the security policy, and can identify these information cards to the requesting application. The applications can then use the identified information cards in any manner desired, without having to use a card selector: for example, by requesting a security token based on one of the information cards directly from an identity provider.Type: GrantFiled: October 1, 2008Date of Patent: June 18, 2013Assignee: Apple Inc.Inventors: Thomas E. Doman, Duane F. Buss, Daniel S. Sanders, Andrew A. Hodgkinson, James G. Sermersheim, James M. Norman
-
Patent number: 8370913Abstract: A user defines an audit policy. The audit policy identifies one or more triggers that, when related information is included in a security token, trigger the performance of the audit. The audit can include notifying the user in some manner that the trigger occurred. The audit can require in-line confirmation of the audit, so that the security token is not transmitted until the user confirms the audit.Type: GrantFiled: August 22, 2007Date of Patent: February 5, 2013Assignee: Apple Inc.Inventors: Andrew A. Hodgkinson, Duane F. Buss, Thomas E. Doman, Patrick R. Felsted, James G. Sermersheim
-
Patent number: 8364600Abstract: A user engages in a transaction with a relying party. The relying party requests identity information from the user in a security policy and identifies transaction elements for an on-line business transaction. Typically, the security policy and transaction elements are transmitted together; the security policy can be as little as a request to conduct the on-line business transaction. The user identifies an information card that satisfies the security policy. The computer system requests a security token from the identity provider managing the information card, which can include requesting a transaction receipt for the transaction elements. The computer system then returns the security token (and the transaction receipt) to the relying party, to complete the transaction.Type: GrantFiled: February 28, 2011Date of Patent: January 29, 2013Assignee: Apple Inc.Inventors: Patrick R. Felsted, Thomas E. Doman, James G. Sermersheim, Daniel S. Sanders, Andrew A. Hodgkinson, Dale R. Olds
-
Publication number: 20130024908Abstract: A selector daemon can run in the background of a computer. Applications that are capable of processing information cards directly, without requiring the use of a card selector, can request the selector daemon to list information cards that satisfy security policy. Upon receiving such a request, selector daemon can determine the information cards available on the computer that satisfy the security policy, and can identify these information cards to the requesting application. The applications can then use the identified information cards in any manner desired, without having to use a card selector: for example, by requesting a security token based on one of the information cards directly from an identity provider.Type: ApplicationFiled: September 14, 2012Publication date: January 24, 2013Applicant: APPLE INC.Inventors: Thomas E. Doman, Duane F. Buss, Daniel S. Sanders, Andrew A. Hodgkinson, James G. Sermersheim, James M. Norman
-
Publication number: 20130018984Abstract: A client can store information about federation points. A federation point is a combination of an identifier of an account on a relying party and an identifier of an information card. The client can track which information cards are included n various federation points, and can use this information to assist the user in performing a transaction with relying parties.Type: ApplicationFiled: September 14, 2012Publication date: January 17, 2013Applicant: APPLE INC.Inventors: Thomas E. Doman, Wendy Michelle Busath, Duane F. Buss
-
Publication number: 20130014207Abstract: A user defines an audit policy. The audit policy identifies one or more triggers that, when related information is included in a security token, trigger the performance of the audit. The audit can include notifying the user in some manner that the trigger occurred. The audit can require in-line confirmation of the audit, so that the security token is not transmitted until the user confirms the audit.Type: ApplicationFiled: September 14, 2012Publication date: January 10, 2013Applicant: APPLE INC.Inventors: Andrew A. Hodgkinson, Duane F. Buss, Thomas E. Doman, Patrick R. Felsted, James G. Sermersheim
-
Patent number: 8073783Abstract: A user engages in a transaction with a relying party. The relying party requests identity information from the user in a security policy and identifies transaction elements for an on-line business transaction. Typically, the security policy and transaction elements are transmitted together; the security policy can be as little as a request to conduct the on-line business transaction. The user identifies an information card that satisfies the security policy. The computer system requests a security token from the identity provider managing the information card, which can include requesting a transaction receipt for the transaction elements. The computer system then returns the security token (and the transaction receipt) to the relying party, to complete the transaction.Type: GrantFiled: August 22, 2007Date of Patent: December 6, 2011Inventors: Patrick R. Felsted, Thomas E. Doman, James G. Sermersheim, Daniel S. Sanders, Andrew A. Hodgkinson, Dale R. Olds
-
Publication number: 20110153499Abstract: A user engages in a transaction with a relying party. The relying party requests identity information from the user in a security policy and identifies transaction elements for an on-line business transaction. Typically, the security policy and transaction elements are transmitted together; the security policy can be as little as a request to conduct the on-line business transaction. The user identifies an information card that satisfies the security policy. The computer system requests a security token from the identity provider managing the information card, which can include requesting a transaction receipt for the transaction elements. The computer system then returns the security token (and the transaction receipt) to the relying party, to complete the transaction.Type: ApplicationFiled: February 28, 2011Publication date: June 23, 2011Applicant: NOVELL, INC.Inventors: Patrick R. Felsted, Thomas E. Doman, James G. Sermersheim, Daniel S. Sanders, Andrew A. Hodgkinson, Dale R. Olds
-
Publication number: 20100187302Abstract: A computer-implemented method can include selecting an information card from a group of identified information cards, selecting a persona from a group of identified personae that are associated with the selected information card, and generating a Request for Security Token (RST) based on the selected information card and the selected persona.Type: ApplicationFiled: January 27, 2009Publication date: July 29, 2010Applicant: Novell, Inc.Inventors: James Sermersheim, Andrew A. Hodgkinson, Daniel S. Sanders, Thomas E. Doman, Duane F. Buss
-
Publication number: 20090272797Abstract: A system and method for dynamic rendering of information cards is provided. A card selector uses policies and rendering content to modify the presentation of information cards in the card selector. The policies and rendering content can be obtained from identity providers and relying parties. The rendering content can be obtained each time the card selector is invoked, just prior to rendering the information cards, or at other times specified in the policy. The rendering content can be displayed in a display area of the information card or in a content canvas outside the display area of the information card.Type: ApplicationFiled: April 30, 2008Publication date: November 5, 2009Applicant: NOVELL, INC. A DELAWARE CORPORATIONInventors: Thomas E. Doman, Duane F. Buss, James G. Sermersheim, Daniel S. Sanders, Andrew A. Hodgkinson
-
Publication number: 20090271856Abstract: A system and method for utilizing restricted user information cards is provided. An identity provider issues a restricted use information card responsive to a relying party's restricted use policy. The identity provider can issue security tokens associated with the restricted use information card that include a unique-id claim. A broker can act as an intermediary between a user and the relying party to protect the user's personal information but still uniquely identity the user to the relying party. The relying party, the identity provider, or the broker can be responsible for enforcing the restricted use policy.Type: ApplicationFiled: April 24, 2008Publication date: October 29, 2009Applicant: NOVELL, INC. A DELAWARE CORPORATIONInventors: Thomas E. Doman, Duane F. Buss
-
Publication number: 20090228885Abstract: A system and method for managing information cards using workflows is provided. A workflow manager in a card selector allows the user to initiate cardflows in the card selector. The workflow manager is extensible and programmable so that additional user-defined or industry-defined cardflows can be added to the workflow manager.Type: ApplicationFiled: March 7, 2008Publication date: September 10, 2009Applicant: NOVELL, INC.Inventors: Duane F. Buss, Thomas E. Doman, Andrew A. Hodgkinson, Daniel S. Sanders, James G. Sermersheim
-
Publication number: 20090217368Abstract: New claim identifiers allow account reset and supplemental authorizations to be performed utilizing information cards. The new claim identifiers include claims for simple challenge questions, simple challenge answers, generated-challenge answers, and challenge methods. Each of the new claims can include a tuple. Methods of utilizing the new claim identifiers for account reset and supplemental authorization are also provided.Type: ApplicationFiled: February 27, 2008Publication date: August 27, 2009Applicant: NOVELL, INC.Inventors: Duane F. Buss, Thomas E. Doman
-
Publication number: 20090205035Abstract: A computer system accesses metadata about an information card. The metadata can be stored locally or remotely (for example, at an identity provider). A metadata engine can be used to generate data to be provided to the user from the metadata: this data can take any desired form, such as an advertisement, a state of the user's account, or a policy update, among other possibilities.Type: ApplicationFiled: February 12, 2008Publication date: August 13, 2009Applicant: NOVELL, INC.Inventors: James G. Sermersheim, Duane F. Buss, Thomas E. Doman, Andrew A. Hodgkinson, Dale R. Olds, Daniel S. Sanders
-
Publication number: 20090204542Abstract: A computer system accesses reputation information about a relying party. The reputation information can be stored locally or remotely (for example, at an identity provider or reputation service). A reputation information engine can be used to provide the reputation information to the user. The user can then use the reputation information in performing a transaction with the relying party.Type: ApplicationFiled: March 4, 2008Publication date: August 13, 2009Applicant: NOVELL, INC.Inventors: Thomas E. Doman, Daniel S. Sanders, Duane F. Buss, Andrew A. Hodgkinson, James G. Sermersheim
-
Publication number: 20090205014Abstract: A selector daemon can run in the background of a computer. Applications that are capable of processing information cards directly, without requiring the use of a card selector, can request the selector daemon to list information cards that satisfy security policy. Upon receiving such a request, selector daemon can determine the information cards available on the computer that satisfy the security policy, and can identify these information cards to the requesting application. The applications can then use the identified information cards in any manner desired, without having to use a card selector: for example, by requesting a security token based on one of the information cards directly from an identity provider.Type: ApplicationFiled: October 1, 2008Publication date: August 13, 2009Applicant: NOVELL, INC.Inventors: Thomas E. Doman, Duane F. Buss, Daniel S. Sanders, Andrew A. Hodgkinson, James S. Sermersheim, James M. Norman
-
Publication number: 20090204622Abstract: A user desires to select information about himself. The system uses policies applicable to the display of the user's information and metadata about the user and the information to determine modified presentations of the user's information. The modified information can include visual and non-visual cues (such as aural, olfactory, or tactile). The system then displays the modified information, presenting the user with the visual and non-visual cues about the information.Type: ApplicationFiled: February 11, 2008Publication date: August 13, 2009Applicant: NOVELL, INC.Inventors: Daniel S. Sanders, Duane F. Buss, Thomas E. Doman, Andrew A. Hodgkinson, James G. Sermersheim, John M. Calcote
-
Publication number: 20090178112Abstract: An apparatus can include a client having a card selector, a query generator, and a transmitter. The card selector can allow a user to select an information card based on a security policy. The card selector can also provide a security token in response to the selected information card. The query generator can generate a query based on the selected information card, wherein the query pertains to information about features that are available on a relying party based on the security token and independent of a user's identity. The transmitter can transmit the generated query and the security token to an endpoint on the relying party.Type: ApplicationFiled: March 12, 2009Publication date: July 9, 2009Applicant: NOVELL, INC.Inventors: Thomas E. Doman, Wendy Michelle Busath, Duane F. Buss
-
Publication number: 20090077118Abstract: A client can store information about federation points. A federation point is a combination of an identifier of an account on a relying party and an identifier of an information card. The client can track which information cards are included n various federation points, and can use this information to assist the user in performing a transaction with relying parties.Type: ApplicationFiled: November 25, 2008Publication date: March 19, 2009Applicant: NOVELL, INC.Inventors: Thomas E. Doman, Wendy Michelle Busath, Duane F. Buss