OpenID/local openID security

US 10,044,713 B2
Filed: 08/20/2012
Issued: 08/07/2018
Est. Priority Date: 08/19/2011
Status: Active Grant

First Claim

Patent Images

1. A method performed by a user device comprising a processor and a memory, the method comprising:

receiving a plurality of claims that each define a key and a value associated with the key, from a network identity provider, such that the plurality of claims is enrolled in the user device, wherein each claim is representative of a verifiable attribute associated with a user of the user device, and each claim is verified by the network identity provider before the claim is enrolled in the user device, such that each claim is associated with a trust that a service has in the network identity provider;

after each claim is verified by the network identity provider, storing the plurality of claims on a secure local entity on the user device such that the plurality of claims cannot be changed by the user;

creating a first digital identity associated with the user and corresponding to the service, wherein the first digital identity is based on a first portion of the plurality of claims;

in response to a user selection of the first digital identity, authenticating with the service using the first digital identity such that the first digital identity conveys, to the service, respective verifiable attributes represented by the first portion of the claims, and the trust associated with the claims;

removing the first portion of claims from the secure local entity on the user device when the first portion of claims expires, wherein each claim in the first portion of claims comprises expiration information corresponding to when the respective claim expires.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Identity management, user authentication, and/or user access to services on a network may be provided in a secure and/or trustworthy manner, as described herein. For example, trustworthy claims may be used to indicate security and/or trustworthiness of a user or user device on a network. Security and/or trustworthiness of a user or a user device on a network may also be established using OpenID and/or local OpenID, a secure channel between a service and the user device, and/or by including a network layer authentication challenge in an application layer authentication challenge on the user device for example.

61 Citations

14 Claims

1. A method performed by a user device comprising a processor and a memory, the method comprising:
- receiving a plurality of claims that each define a key and a value associated with the key, from a network identity provider, such that the plurality of claims is enrolled in the user device, wherein each claim is representative of a verifiable attribute associated with a user of the user device, and each claim is verified by the network identity provider before the claim is enrolled in the user device, such that each claim is associated with a trust that a service has in the network identity provider;
  
  after each claim is verified by the network identity provider, storing the plurality of claims on a secure local entity on the user device such that the plurality of claims cannot be changed by the user;
  
  creating a first digital identity associated with the user and corresponding to the service, wherein the first digital identity is based on a first portion of the plurality of claims;
  
  in response to a user selection of the first digital identity, authenticating with the service using the first digital identity such that the first digital identity conveys, to the service, respective verifiable attributes represented by the first portion of the claims, and the trust associated with the claims;
  
  removing the first portion of claims from the secure local entity on the user device when the first portion of claims expires, wherein each claim in the first portion of claims comprises expiration information corresponding to when the respective claim expires.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the first digital identity is associated with the trust that the service has in the network identity provider.
  - 3. The method of claim 1, the method further comprising:
    - creating a second digital identity associated with the user and corresponding to the service, wherein the second digital identity is based on a second portion of the plurality of claims; and
      
      authenticating with the service using the second digital identity such that the second digital identity conveys, to the service, respective verifiable attributes represented by the second portion of the claims.
  - 4. The method of claim 3, wherein at least one of the first and second digital identities is based on one claim.
  - 5. The method of claim 3, wherein at least one of the first and second digital identities is based on more than one claim.
  - 6. The method of claim 1, the method further comprising:
    - sending the first digital identity to the service so that the service can authenticate the user and verify at least one required attribute of the user.
  - 7. The method of claim 1, wherein the first portion of the plurality of claims represents an age of the user.

8. A user device comprising a processor and a memory, the memory comprising computer-executable instructions that when executed by the processor, cause the processor to perform operations comprising:
- receiving a plurality of claims that each define a key and a value associated with the key, from a network identity provider, such that the plurality of claims is enrolled in the user device, wherein each claim is representative of a verifiable attribute associated with a user of the user device, and each claim is verified by the network identity provider before the claim is enrolled in the user device, such that each claim is associated with a trust that a service has in the network identity provider;
  
  after each claim is verified by the network identity provider, storing the plurality of claims on a secure local entity on the user device such that the plurality of claims cannot be changed by the user;
  
  creating a first digital identity associated with the user and corresponding to the service, wherein the first digital identity is based on a first portion of the plurality of claims;
  
  in response to a user selection of the first digital identity, authenticating with the service using the first digital identity such that the first digital identity conveys, to the service, respective verifiable attributes represented by the first portion of the claims, and the trust associated with the claims; and
  
  removing the first portion of claims from the secure local entity on the user device when the first portion of claims expires, wherein each claim in the first portion of claims comprises expiration information corresponding to when the respective claim expires.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The user device of claim 8, wherein the first digital identity is associated with the trust that the service has in the network identity provider.
  - 10. The user device of claim 8, the memory further comprising computer-executable instructions that when executed by the processor, cause the processor to perform operations further comprising:
    - creating a second digital identity associated with the user and corresponding to the service, wherein the second digital identity is based on a second portion of the plurality of claims; and
      
      authenticating with the service using the second digital identity such that the second digital identity conveys, to the service, respective verifiable attributes represented by the second portion of the claims.
  - 11. The user device of claim 10, wherein at least one of the first and second digital identities is based on one claim.
  - 12. The user device of claim 10, wherein at least one of the first and second digital identities is based on more than one claim.
  - 13. The user device of claim 8, the memory further comprising computer-executable instructions that when executed by the processor, cause the processor to perform operations further comprising:
    - sending the first digital identity to the service so that the service can authenticate the user and verify at least one required attribute of the user.
  - 14. The user device of claim 8, wherein the first portion of the plurality of claims represents an age of the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
InterDigital Patent Holdings, Inc. (InterDigital, Inc.)
Original Assignee
InterDigital Patent Holdings, Inc. (InterDigital, Inc.)
Inventors
Leicher, Andreas, Schmidt, Andreas, Shah, Yogendra
Primary Examiner(s)
Korsak, Oleg
Assistant Examiner(s)
GAO, SHU CHUN

Application Number

US13/589,991
Publication Number

US 20130227658A1
Time in Patent Office

2,178 Days
Field of Search

726 5
US Class Current
CPC Class Codes

H04L 63/0876 based on the identity of th...

OpenID/local openID security

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

61 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

OpenID/local openID security

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links