Method and system for interoperable identity and interoperable credentials
First Claim
1. A method implemented on a computing device having at least one processor, storage, and a communication platform capable of making a connection to a network, the method comprising:
- receiving, by the computing device, a verification request from a trusted application, the verification request including an actual name of a person, a peripheral name of the person, and verification information associated with a particular credential verifiable via a credential service agent, the credential service agent accepting an asserted credential, which includes a credential identifier and verification information, and providing in return a verification response for the asserted credential, wherein the received verification request lacks a credential identifier for the particular credential;
generating a universal name by combining the actual name and the peripheral name of the person;
identifying, a globally unique identifier associated with the universal name;
identifying a credential identifier for the particular credential, the particular credential being associated with the globally unique identifier;
providing, responsive to the identifying, the particular credential, which includes the credential identifier and the verification information, to the credential service agent; and
providing, by the computing device, a response from the credential service agent to the trusted application that responds to the verification request.
1 Assignment
0 Petitions
Accused Products
Abstract
The present teaching relates to generating an identifier for a person. In one example, an actual name of the person is received. The identity of the person that is associated with the actual name of the person is proved at a pre-determined level of assurance (LOA) required by an identity management system. When the identity of the person has been proved, a peripheral name is solicited from the person. An identifier that includes the actual name and the peripheral name of the person is created. Whether the identifier is unique is determined. The steps of soliciting, creating, and determining are repeated until the identifier is unique. The peripheral name is associated with the person. The identifier is associated with the person.
27 Citations
20 Claims
-
1. A method implemented on a computing device having at least one processor, storage, and a communication platform capable of making a connection to a network, the method comprising:
-
receiving, by the computing device, a verification request from a trusted application, the verification request including an actual name of a person, a peripheral name of the person, and verification information associated with a particular credential verifiable via a credential service agent, the credential service agent accepting an asserted credential, which includes a credential identifier and verification information, and providing in return a verification response for the asserted credential, wherein the received verification request lacks a credential identifier for the particular credential; generating a universal name by combining the actual name and the peripheral name of the person; identifying, a globally unique identifier associated with the universal name; identifying a credential identifier for the particular credential, the particular credential being associated with the globally unique identifier; providing, responsive to the identifying, the particular credential, which includes the credential identifier and the verification information, to the credential service agent; and providing, by the computing device, a response from the credential service agent to the trusted application that responds to the verification request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method implemented on a computing device having at least one processor, storage, and a communication platform capable of making a connection to a network, the method comprising:
-
receiving, by the computing device, a verification request from a trusted application, the verification request including an actual name of a person and a peripheral name of the person; generating a universal name by combining the actual name and the peripheral name of the person; identifying a globally unique identifier (GUID) associated with the universal name; identifying a first digital credential identifier associated with the GUID, the first digital credential identifier being associated with a first digital credential, wherein a first credential service agent takes as input the first digital credential identifier and the first digital credential and provides a verification response for the input; identifying a second digital credential identifier associated with the GUID, the second digital credential identifier being associated with a second digital credential, wherein a second credential service agent takes as input the second digital credential identifier and the second digital credential and provides a verification response for the input; providing a selectable indication for the first credential service agent and a selectable indication for the second credential service agent to the person; receiving information indicating selection of the selectable indication for the first credential service agent and indicating a submitted digital credential, wherein the information lacks the first digital credential identifier; providing, by the computing device, the submitted digital credential and the first digital credential identifier to the first credential service agent; and providing, by the computing device, a response from the first credential service agent to the trusted application that responds to the verification request, wherein the trusted application is associated with the second credential agent. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A machine-readable, non-transitory and tangible medium having instructions recorded thereon for authenticating a person, the medium, when read by the machine, causing the machine to perform the following:
-
determining, responsive to receiving an actual name of a person, a first credential identifier for a first credential verifiable by a first credential service agent; receiving a digital credential from the person; verifying the digital credential and the first credential identifier via the first credential service agent; obtaining, responsive to successful verification of the first credential provided by the person, a peripheral name from the person; generating a universal name by combining the actual name and the peripheral name of the person; associating the universal name with the first credential identifier in a data store; receiving information related to a second credential associated with the person, the second credential being associated with a second credential identifier, the second credential being verifiable via a second credential service agent; associating the universal name with the second credential identifier in the data store; and using the universal name to identify the first credential identifier and the second credential identifier as options for a verification process for a trusted application that lacks an association with either the first credential service agent or the second credential service agent, wherein the verification process for the trusted application lacks transmission of the first credential identifier and lacks transmission of the second credential identifier between the machine and the trusted application. - View Dependent Claims (18, 19, 20)
-
Specification