Method and system for interoperable identity and interoperable credentials

US 10,162,960 B2
Filed: 11/08/2017
Issued: 12/25/2018
Est. Priority Date: 08/28/2014
Status: Active Grant

First Claim

Patent Images

1. A method implemented on a computing device having at least one processor, storage, and a communication platform capable of making a connection to a network, the method comprising:

receiving, by the computing device, a verification request from a trusted application, the verification request including an actual name of a person, a peripheral name of the person, and verification information associated with a particular credential verifiable via a credential service agent, the credential service agent accepting an asserted credential, which includes a credential identifier and verification information, and providing in return a verification response for the asserted credential, wherein the received verification request lacks a credential identifier for the particular credential;

generating a universal name by combining the actual name and the peripheral name of the person;

identifying, a globally unique identifier associated with the universal name;

identifying a credential identifier for the particular credential, the particular credential being associated with the globally unique identifier;

providing, responsive to the identifying, the particular credential, which includes the credential identifier and the verification information, to the credential service agent; and

providing, by the computing device, a response from the credential service agent to the trusted application that responds to the verification request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present teaching relates to generating an identifier for a person. In one example, an actual name of the person is received. The identity of the person that is associated with the actual name of the person is proved at a pre-determined level of assurance (LOA) required by an identity management system. When the identity of the person has been proved, a peripheral name is solicited from the person. An identifier that includes the actual name and the peripheral name of the person is created. Whether the identifier is unique is determined. The steps of soliciting, creating, and determining are repeated until the identifier is unique. The peripheral name is associated with the person. The identifier is associated with the person.

27 Citations

View as Search Results

20 Claims

1. A method implemented on a computing device having at least one processor, storage, and a communication platform capable of making a connection to a network, the method comprising:
- receiving, by the computing device, a verification request from a trusted application, the verification request including an actual name of a person, a peripheral name of the person, and verification information associated with a particular credential verifiable via a credential service agent, the credential service agent accepting an asserted credential, which includes a credential identifier and verification information, and providing in return a verification response for the asserted credential, wherein the received verification request lacks a credential identifier for the particular credential;
  
  generating a universal name by combining the actual name and the peripheral name of the person;
  
  identifying, a globally unique identifier associated with the universal name;
  
  identifying a credential identifier for the particular credential, the particular credential being associated with the globally unique identifier;
  
  providing, responsive to the identifying, the particular credential, which includes the credential identifier and the verification information, to the credential service agent; and
  
  providing, by the computing device, a response from the credential service agent to the trusted application that responds to the verification request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the actual name and the peripheral name are provided via a voice recorder.
  - 3. The method of claim 2, wherein the verification information is a voice sample.
  - 4. The method of claim 2, wherein the universal name is unique to the person based on Soundex similarity.
  - 5. The method of claim 1, wherein the trusted application is associated with a second credential service agent.
  - 6. The method of claim 5, wherein the particular credential is a first credential and the credential identifier is a first credential identifier and the credential service agent is a first credential service agent and the method further comprises:
    - identifying a second digital credential associated with the globally unique identifier, the second digital credential being verifiable via the second credential service agent; and
      
      responsive to determining that the first credential identifier is a master credential, selecting the first credential identifier.
  - 7. The method of claim 6, wherein the first credential is associated with a first level of assurance and the second credential is associated with a second level of assurance, the first level of assurance being at least as secure as the second level of assurance.
  - 8. The method of claim 1, wherein generating the universal name includes combining a symbol with the actual name and the peripheral name.
  - 9. The method of claim 1, wherein the peripheral name is in a language that differs from the actual name.
  - 10. The method of claim 1, wherein the actual name, the peripheral name, and the verification information are received via a voice recorder.

11. A method implemented on a computing device having at least one processor, storage, and a communication platform capable of making a connection to a network, the method comprising:
- receiving, by the computing device, a verification request from a trusted application, the verification request including an actual name of a person and a peripheral name of the person;
  
  generating a universal name by combining the actual name and the peripheral name of the person;
  
  identifying a globally unique identifier (GUID) associated with the universal name;
  
  identifying a first digital credential identifier associated with the GUID, the first digital credential identifier being associated with a first digital credential, wherein a first credential service agent takes as input the first digital credential identifier and the first digital credential and provides a verification response for the input;
  
  identifying a second digital credential identifier associated with the GUID, the second digital credential identifier being associated with a second digital credential, wherein a second credential service agent takes as input the second digital credential identifier and the second digital credential and provides a verification response for the input;
  
  providing a selectable indication for the first credential service agent and a selectable indication for the second credential service agent to the person;
  
  receiving information indicating selection of the selectable indication for the first credential service agent and indicating a submitted digital credential, wherein the information lacks the first digital credential identifier;
  
  providing, by the computing device, the submitted digital credential and the first digital credential identifier to the first credential service agent; and
  
  providing, by the computing device, a response from the first credential service agent to the trusted application that responds to the verification request, wherein the trusted application is associated with the second credential agent.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The method of claim 11, wherein providing the response from the first credential service agent occurs without transmitting the first digital credential identifier between the trusted application and the computing device.
  - 13. The method of claim 11, wherein the submitted digital credential is a voice signature.
  - 14. The method of claim 11, wherein the universal name and the peripheral name are received via a voice recorder.
  - 15. The method of claim 11, wherein the first credential identifier is associated with a first level of assurance and the second credential identifier is associated with a second level of assurance, the first level of assurance being at least as secure as the second level of assurance.
  - 16. The method of claim 11, wherein generating the universal name further includes combining a symbol with the actual name and the peripheral name.

17. A machine-readable, non-transitory and tangible medium having instructions recorded thereon for authenticating a person, the medium, when read by the machine, causing the machine to perform the following:
- determining, responsive to receiving an actual name of a person, a first credential identifier for a first credential verifiable by a first credential service agent;
  
  receiving a digital credential from the person;
  
  verifying the digital credential and the first credential identifier via the first credential service agent;
  
  obtaining, responsive to successful verification of the first credential provided by the person, a peripheral name from the person;
  
  generating a universal name by combining the actual name and the peripheral name of the person;
  
  associating the universal name with the first credential identifier in a data store;
  
  receiving information related to a second credential associated with the person, the second credential being associated with a second credential identifier, the second credential being verifiable via a second credential service agent;
  
  associating the universal name with the second credential identifier in the data store; and
  
  using the universal name to identify the first credential identifier and the second credential identifier as options for a verification process for a trusted application that lacks an association with either the first credential service agent or the second credential service agent, wherein the verification process for the trusted application lacks transmission of the first credential identifier and lacks transmission of the second credential identifier between the machine and the trusted application.
- View Dependent Claims (18, 19, 20)
- - 18. The machine-readable medium of claim 17, wherein the universal name is associated with the first credential identifier and the second credential identifier by a globally unique identifier.
  - 19. The machine-readable medium of claim 17, wherein the first credential identifier has a first level of assurance and the second credential identifier has a second level of assurance and the trusted application requests a level of assurance that is equal to or less than the first level of assurance and equal to or less than the second level of assurance.
  - 20. The machine-readable medium of claim 17, wherein one of the first credential or the second credential is a voice sample.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
DrFirst.com, Incorported
Original Assignee
DrFirst.com, Incorported
Inventors
Chen, James F., Qian, Chen, Tang, Zilong
Primary Examiner(s)
Le, Khoi V

Application Number

US15/807,363
Publication Number

US 20180068111A1
Time in Patent Office

412 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/45   Structures or tools for the...

G06F 21/46   by designing passwords or c...

G06F 2221/2117   User registration

G06Q 10/00   Administration; Management

G06Q 50/265   Personal security, identity...

H04L 63/0421   Anonymous communication, i....

H04L 63/08   for authentication of entit...

H04L 63/0884   by delegation of authentica...

H04L 63/10   for controlling access to d...

H04L 67/60   Scheduling or organising th...

Method and system for interoperable identity and interoperable credentials

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

27 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for interoperable identity and interoperable credentials

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links