Identity management system

US 10,129,252 B1
Filed: 12/17/2015
Issued: 11/13/2018
Est. Priority Date: 12/17/2015
Status: Active Grant

First Claim

Patent Images

1. A method of validating an identity of a user device comprising:

registering a biometric signature with an authoritative identity source;

transmitting an encrypted user identity element from the authoritative identity source to a user device;

transmitting the encrypted user identity element from the user device to the third party entity;

sending an identity validation request from the third party entity to the authoritative identity source;

confirming the identity of the user to the third party entity from the authoritative identity source,wherein the third party entity stores its own secure element, an encrypted entity element, wherein the encrypted entity element is a token or a key, in a secure enclave on the user device,wherein, during the confirmation process, the biometric signature of the encrypted user identity element and a biometric signature of the encrypted entity element must match the biometric signature registered with the identity source, andwherein, in the event of a security compromise of the use identity or user device, the third party entity updates the encrypted entity element by rotating the tokens or keys as needed to secure third party access.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method of validating an identity of a user device is disclosed that includes registering a biometric signature with an authoritative identity source, transmitting an encrypted user identity element from the authoritative identity source to a user device, sending an identity request from a third party entity to the user device, transmitting the encrypted user identity element from the user device to the third party, sending an identity validation request from the third party to the authoritative identity source, transmitting a communication from the authoritative identity request to the third party entity, and informing the third party entity if the identity of the user is confirmed.

35 Citations

View as Search Results

20 Claims

1. A method of validating an identity of a user device comprising:
- registering a biometric signature with an authoritative identity source;
  
  transmitting an encrypted user identity element from the authoritative identity source to a user device;
  
  transmitting the encrypted user identity element from the user device to the third party entity;
  
  sending an identity validation request from the third party entity to the authoritative identity source;
  
  confirming the identity of the user to the third party entity from the authoritative identity source,wherein the third party entity stores its own secure element, an encrypted entity element, wherein the encrypted entity element is a token or a key, in a secure enclave on the user device,wherein, during the confirmation process, the biometric signature of the encrypted user identity element and a biometric signature of the encrypted entity element must match the biometric signature registered with the identity source, andwherein, in the event of a security compromise of the use identity or user device, the third party entity updates the encrypted entity element by rotating the tokens or keys as needed to secure third party access.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein prior to registering a biometric signature with an authoritative identity source the method comprising placing a user biometric signature on the user device.
  - 3. The method of claim 1, wherein prior to transmitting an encrypted user identity element from the authoritative identity source to a user device the method further comprising generating an encrypted user identity element.
  - 4. The method of claim 3, wherein the encrypted user identity element is a token or a key.
  - 5. The method of claim 1, wherein prior to sending an identity request from a third party entity to the user device the method further comprising storing the encrypted user identity element in a secure enclave of the user device.
  - 6. The method of claim 1, wherein prior to transmitting the encrypted user identity element from the user device to the third party the method further comprising unlocking the secure enclave of the user device.
  - 7. The method of claim 1, wherein sending an identity validation request from the third party to the authoritative identity source includes transmitting the encrypted user identity element from the third party entity to the authoritative identity source.
  - 8. The method of claim 1, wherein prior to transmitting a communication from the authoritative identity request to the third party entity the method further comprising determining if an identity of the user is confirmed.
  - 9. The method of claim 8, wherein determining if an identity of the user is confirmed includes decrypting the user identity element and comparing the biometric imprint on the user identity element with the biometric signature registered with the identity source.
  - 10. The method of claim 1, wherein sending an identity validation request from the third party to the authoritative identity source includes transmitting the encrypted user identity element and an entity identity element from the third party entity to the authoritative identity source.
  - 11. The method of claim 10, wherein prior to transmitting a communication from the authoritative identity request to the third party entity the method further comprising determining if an identity of the user is confirmed.
  - 12. The method of claim 11, wherein determining if an identity of the user is confirmed includes decrypting the user identity element and decrypting the entity identity key and comparing the biometric imprint on the user identity element and the biometric imprint on the entity identity element with the biometric signature registered with the identity source.

13. An identity management system comprising:
- a registration component that allows a user of an electronic device register at least one biometric signature with an authoritative identity source;
  
  a secure element component that generates an encrypted user identity element;
  
  an identity request component that allows third party entities to request proof of identity from the electronic device of the user of the electronic device; and
  
  a validation component that allows the third party entities to validate the identity of the user of the electronic device via the authoritative identity source,wherein the third party entity stores its own secure element, an encrypted entity element, wherein the encrypted entity element is a token or a key, in a secure enclave on the user device,wherein, during the validation process, the biometric signature of the encrypted user identity element and a biometric signature of the encrypted entity element must match the biometric signature registered with the identity source, andwherein, in the event of a security compromise of the use identity or user device, the third party entity updates the encrypted entity element by rotating the tokens or keys as needed to secure third party access.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The system of claim 13 further comprising a transaction component that facilitates electronic transactions between the user device, the authoritative identity source, and the third party entities.
  - 15. The system of claim 13, wherein the encrypted user identity element is a key that uses public key cryptography and wherein the key includes a biometric imprint of the biometric signature registered with the authoritative identity source.
  - 16. The system of claim 15, wherein the validation component compares the biometric imprint on the key with the biometric signature registered with the authoritative identity source to confirm the identity of the user.
  - 17. The system of claim 16, wherein the validation component transmits a communication to the third party entities validating the identity of the user once the validation component confirms the identity of the user.

18. A computer-readable storage device storing executable instructions that, in response to execution, cause a system comprising a processor to perform operations comprising:
- registering a biometric signature of a user with an authoritative identity source;
  
  transmitting an encrypted user identity element from the authoritative identity source to a user device;
  
  transmitting the encrypted user identity element from the user device to a third party entity;
  
  sending an identity validation request from the third party entity to the authoritative identity source; and
  
  confirming the identity of the user to the third party entity from the authoritative identity source,wherein the third party entity stores its own secure element, an encrypted entity element, wherein the encrypted entity element is a token or a key, in a secure enclave on the user device,wherein, during the confirmation process, the biometric signature of the encrypted user identity element and a biometric signature of the encrypted entity element must match the biometric signature registered with the identity source, andwherein, in the event of a security compromise of the use identity or user device, the third party entity updates the encrypted entity element by rotating the tokens or keys as needed to secure third party access.
- View Dependent Claims (19, 20)
- - 19. The computer-readable storage device of claim 18, wherein prior to transmitting an encrypted user identity element from the authoritative identity source to a user device the operations further comprising sending an identity request from the third party entity to the user device.
  - 20. The computer-readable storage device of claim 18, wherein confirming the identity of the user to the third party entity includes decrypting the user identity element and comparing a biometric imprint on the user identity element with the biometric signature registered with the authoritative identity source.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Wells Fargo Bank NA (Wells Fargo & Company)
Original Assignee
Wells Fargo Bank NA (Wells Fargo & Company)
Inventors
Suen, Darrell L.
Primary Examiner(s)
Turchen, James R

Application Number

US14/972,986
Time in Patent Office

1,062 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/0853   using an additional device,...

H04L 63/0861   using biometrical features,...

Identity management system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

35 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Identity management system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links