Digital identity system

US 10,594,484 B2
Filed: 02/12/2016
Issued: 03/17/2020
Est. Priority Date: 02/13/2015
Status: Active Grant

First Claim

Patent Images

1. A method of a digital identity system generating a sharing token for authenticating a bearer to a validator, wherein a data store of the digital identity system holds a plurality of attributes of the bearer, the method comprising implementing by the digital identity system comprising a hardware processor and memory the following steps:

receiving at the digital identity system from a bearer an electronic sharing token request, wherein the token request identifies at least one of the bearer'"'"'s attributes in the data store selected for sharing with a validator;

in response to the electronic token request, generating a sharing token, which is unique to that request, for presentation by the bearer to a validator;

associating with the unique sharing token at the digital identity system the identified at least one bearer attribute; and

issuing to the bearer the unique sharing token;

wherein later presentation of the unique sharing token to the digital identify system by a validator causes the at least one bearer attribute associated with the sharing token to be rendered available to the validator by the digital identity system.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of a digital identity system generating a sharing token for authenticating a bearer to a validator, wherein a data store of the digital identity system holds a plurality of attributes of the bearer, the method comprising implementing by the digital identity system the following steps: receiving at the digital identity system from a bearer an electronic sharing token request, wherein the token request identifies at least one of the bearer'"'"'s attributes in the data store selected for sharing with a validator; in response to the electronic token request, generating a sharing token, which is unique to that request, for presentation by the bearer to a validator; associating with the unique sharing token at the digital identity system the identified at least one bearer attribute; and issuing to the bearer the unique sharing token; and wherein later presentation of the unique sharing token to the digital identify system by a validator causes the at least one bearer attribute associated with the sharing token to be rendered available to the validator by the digital identity system.

100 Citations

View as Search Results

20 Claims

1. A method of a digital identity system generating a sharing token for authenticating a bearer to a validator, wherein a data store of the digital identity system holds a plurality of attributes of the bearer, the method comprising implementing by the digital identity system comprising a hardware processor and memory the following steps:
- receiving at the digital identity system from a bearer an electronic sharing token request, wherein the token request identifies at least one of the bearer'"'"'s attributes in the data store selected for sharing with a validator;
  
  in response to the electronic token request, generating a sharing token, which is unique to that request, for presentation by the bearer to a validator;
  
  associating with the unique sharing token at the digital identity system the identified at least one bearer attribute; and
  
  issuing to the bearer the unique sharing token;
  
  wherein later presentation of the unique sharing token to the digital identify system by a validator causes the at least one bearer attribute associated with the sharing token to be rendered available to the validator by the digital identity system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. A method according to claim 1, wherein the token request comprises an associated policy defined by the bearer and the steps further comprises:
    - storing the bearer-defined policy at the digital identity system in association with the sharing token, wherein the at least one bearer attribute is only rendered available to the validator if the validator presents a matching policy with the sharing token.
  - 3. A method according to claim 2, wherein the policy defined by the bearer is a bearer policy that specifies a type of the at least one attribute associated with the sharing token.
  - 4. A method according to claim 2, wherein the policy defined by the bearer is a validator policy which specifies at least one attribute type that the bearer expects the validator to share with the bearer.
  - 5. A method according to claim 4, wherein the presentation of the sharing token to the digital identity also causes at least one attribute of the validator held in the data store to be rendered available to the bearer by the digital identity system, and wherein the at least one validator attribute has the type specified by the bearer-defined validator policy.
  - 6. A method according to claim 4, wherein the token request comprises both the validator policy and a bearer policy that specifies a type of the at least one attribute associated with the sharing token.
  - 7. A method according to claim 1, wherein each of the bearer and the validator is associated with a respective code unique to that entity, wherein the method comprises:
    - generating a unique composite code by combining the code of the bearer with the code of the validator, wherein neither of the codes is derivable from the composite code alone;
      
      wherein in response to the later presentation of the sharing token, the composite code is provided to the bearer and/or the validator by the digital identity system.
  - 8. A method according to claim 7, wherein a wrapper key of the bearer is stored at the digital identity system, wherein the at least one attribute held in the data store is encrypted with a bearer key, and wherein a version of the bearer key encrypted with the bearer wrapper key is received from the bearer in the token request, and wherein the steps further comprise:
    - using the bearer wrapper key to decrypt the bearer key received from the bearer; and
      
      using the decrypted bearer key to decrypt the at least one attribute held in the data store;
      
      wherein the decrypted at least one attribute is rendered available to the validator when presenting the sharing token; and
      
      wherein the unique code of the bearer is derived from the bearer key.
  - 9. A method according to claim 7, wherein the unique code of the validator is derived from a validator key, with which the at least one validator attribute is encrypted.
  - 10. A method according to claim 7, wherein two different composite codes are generated, each being unique to both that pair of entities and to a different one of the entities, wherein that composite code is provided to that entity.
  - 11. A method according to claim 1, wherein the sharing token is associated with the at least one bearer attribute by storing a copy of at least a part of the token request at the digital identity system in association with the unique sharing token, wherein the later presentation of the unique sharing token to the digital identity system causes the digital identity system to retrieve the at least one selected attribute from the data store using the stored token request.
  - 12. A method according to claim 11, wherein the stored request is encrypted with a sharing key, a copy of which is issued to the bearer with the sharing token, whereby the validator must present the sharing key with the sharing token to access the at least one bearer attribute.

13. A bearer device comprising:
- a computer interface; and
  
  a hardware processor configured to execute a digital identity application, wherein the digital identity application is configured when executed on the processor to perform operations comprising;
  
  generating an electronic sharing token request, wherein the token request identifies at least one of bearer attribute in a data store of the digital identity system;
  
  transmitting the token request to the digital identic system via the computer interface;
  
  receiving from the digital identity system, in response to the electronic token request, a sharing token unique to that request for presentation by the bearer to a validator; and
  
  rendering the unique sharing token available to a validator, wherein presentation of the unique sharing token to the digital identify system by the validator causes the identified at least one bearer attribute to be rendered available to the validator by the digital identity system.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. A bearer device according to claim 13, wherein the unique sharing token is received with a sharing key for decrypting the at least one bearer attribute, which the application is configured to provide to the validator with the sharing token.
  - 15. A bearer device according to claim 13, wherein the electronic message is generated in response to receiving a selection of the at least one bearer attribute from a user of the bearer device via a user interface of the bearer device.
  - 16. A bearer device according to claim 13, wherein the application is configured to render the sharing token available by displaying on a display of the device a bar code in which the sharing token is embedded.
  - 17. A bearer device according to claim 13, wherein the application is configured to also generate at least one policy which is included in the electronic message transmitted to the digital identity system, wherein the application is configured to render a copy of the policy available to the validator with the sharing token.
  - 18. A bearer device according to claim 17, wherein the application is configured to render the sharing token available by displaying on a display of the device a bar code in which the sharing token is embedded, and wherein the policy or a link to the policy is embedded in the bar code, and thereby rendered available to the validator.
  - 19. A bearer device according to claim 17, wherein the at least one policy defines at least a type of the at least one bearer attribute and/or at least one attribute type to be shared by the bearer in return for the at least one bearer attribute.

20. Non-transitory computer-readable storage media configured to store executable instructions, which, when executed on one or more hardware processors of a digital system, configure the one or more hardware processors to implement the following:
- receiving at the digital identity system from a bearer an electronic sharing token request, wherein the token request identifies in a data store at least one attribute of the bearer selected for sharing with a validator;
  
  in response to the electronic token request, generating a sharing token, which is unique to that request, for presentation by the bearer to a validator;
  
  associating with the unique sharing token at the digital identity system the identified at least one bearer attribute; and
  
  issuing to the bearer the unique sharing token;
  
  wherein later presentation of the unique sharing token to the digital identify system by a validator causes the at least one bearer attribute associated with the sharing token to be rendered available to the validator by the digital identity system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Yoti Holding Ltd
Original Assignee
Yoti Holding Ltd
Inventors
Rodriguez, Francisco Angel Garcia, Powlesland, Piers, Greci, Paolo, Withers, Laurence, Loughlin-McHugh, Eleanor Simone Frederika, Szczesniak, Roman Edward
Primary Examiner(s)
Rahim, Monjur

Application Number

US15/550,712
Publication Number

US 20180176017A1
Time in Patent Office

1,495 Days
Field of Search

726 6
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0838   using one-time-passwords

H04L 63/0861   using biometrical features,...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

H04L 9/0822   using key encryption key

H04L 9/0861   Generation of secret inform...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3234   involving additional secure...

H04W 12/06   Authentication

Digital identity system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

100 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Digital identity system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

100 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links