OpenID/local openID security
First Claim
Patent Images
1. A method performed by a user device comprising a processor and a memory, the method comprising:
- receiving a plurality of claims that each define a key and a value associated with the key, from a network identity provider, such that the plurality of claims is enrolled in the user device, wherein each claim is representative of a verifiable attribute associated with a user of the user device, and each claim is verified by the network identity provider before the claim is enrolled in the user device, such that each claim is associated with a trust that a service has in the network identity provider;
after each claim is verified by the network identity provider, storing the plurality of claims on a secure local entity on the user device such that the plurality of claims cannot be changed by the user;
creating a first digital identity associated with the user and corresponding to the service, wherein the first digital identity is based on a first portion of the plurality of claims;
in response to a user selection of the first digital identity, authenticating with the service using the first digital identity such that the first digital identity conveys, to the service, respective verifiable attributes represented by the first portion of the claims, and the trust associated with the claims;
removing the first portion of claims from the secure local entity on the user device when the first portion of claims expires, wherein each claim in the first portion of claims comprises expiration information corresponding to when the respective claim expires.
1 Assignment
0 Petitions
Accused Products
Abstract
Identity management, user authentication, and/or user access to services on a network may be provided in a secure and/or trustworthy manner, as described herein. For example, trustworthy claims may be used to indicate security and/or trustworthiness of a user or user device on a network. Security and/or trustworthiness of a user or a user device on a network may also be established using OpenID and/or local OpenID, a secure channel between a service and the user device, and/or by including a network layer authentication challenge in an application layer authentication challenge on the user device for example.
61 Citations
14 Claims
-
1. A method performed by a user device comprising a processor and a memory, the method comprising:
-
receiving a plurality of claims that each define a key and a value associated with the key, from a network identity provider, such that the plurality of claims is enrolled in the user device, wherein each claim is representative of a verifiable attribute associated with a user of the user device, and each claim is verified by the network identity provider before the claim is enrolled in the user device, such that each claim is associated with a trust that a service has in the network identity provider; after each claim is verified by the network identity provider, storing the plurality of claims on a secure local entity on the user device such that the plurality of claims cannot be changed by the user; creating a first digital identity associated with the user and corresponding to the service, wherein the first digital identity is based on a first portion of the plurality of claims; in response to a user selection of the first digital identity, authenticating with the service using the first digital identity such that the first digital identity conveys, to the service, respective verifiable attributes represented by the first portion of the claims, and the trust associated with the claims; removing the first portion of claims from the secure local entity on the user device when the first portion of claims expires, wherein each claim in the first portion of claims comprises expiration information corresponding to when the respective claim expires. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A user device comprising a processor and a memory, the memory comprising computer-executable instructions that when executed by the processor, cause the processor to perform operations comprising:
-
receiving a plurality of claims that each define a key and a value associated with the key, from a network identity provider, such that the plurality of claims is enrolled in the user device, wherein each claim is representative of a verifiable attribute associated with a user of the user device, and each claim is verified by the network identity provider before the claim is enrolled in the user device, such that each claim is associated with a trust that a service has in the network identity provider; after each claim is verified by the network identity provider, storing the plurality of claims on a secure local entity on the user device such that the plurality of claims cannot be changed by the user; creating a first digital identity associated with the user and corresponding to the service, wherein the first digital identity is based on a first portion of the plurality of claims; in response to a user selection of the first digital identity, authenticating with the service using the first digital identity such that the first digital identity conveys, to the service, respective verifiable attributes represented by the first portion of the claims, and the trust associated with the claims; and removing the first portion of claims from the secure local entity on the user device when the first portion of claims expires, wherein each claim in the first portion of claims comprises expiration information corresponding to when the respective claim expires. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification