Digital credential usage reporting

US 20050198536A1
Filed: 05/04/2005
Published: 09/08/2005
Est. Priority Date: 04/24/2000
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

receiving a request to verify a use of a digital credential by a user of a digital credential, the digital credential being a digital security mechanism associated with a user'"'"'s identity, the use occurring at a first of a plurality of different services where the digital credential can be used;

verifying the use of the digital credential in response to receipt of the request to verify;

sending a result of the verification to the first service;

storing the result of the verification in an activity log in a central service that communicates with each of said plurality of different services; and

allowing specified users to access said result.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An credential verification service (CVS) authenticates digital credentials, such as, digital certificates, at the request of online service providers. The CVS stores the authentication results and transaction information in a central activity log. The transaction information can include a size of the transaction, the online service requesting the authentication, an internet protocol (IP) address of a computing device originating the transaction and the goods or services involved in the transaction. The CVS generates an activity report from the activity log that lists the authentication results and the transaction information. A fraud detection module within the CVS analyzes the activity log to identify any unusual patterns in order to identify fraudulent activities or general misuse of the digital credential.

Citations

39 Claims

1. A method comprising:
- receiving a request to verify a use of a digital credential by a user of a digital credential, the digital credential being a digital security mechanism associated with a user'"'"'s identity, the use occurring at a first of a plurality of different services where the digital credential can be used;
  
  verifying the use of the digital credential in response to receipt of the request to verify;
  
  sending a result of the verification to the first service;
  
  storing the result of the verification in an activity log in a central service that communicates with each of said plurality of different services; and
  
  allowing specified users to access said result.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 further including storing transaction information in the activity log.
  - 3. The method of claim 2, wherein the transaction information includes at least one of a message that was signed using a digital signature key of the digital credential, a value of a transaction, an online service, an internet protocol (IP) address, a date of the transaction and a time of the transaction.
  - 4. The method of claim 1 further including generating an activity report from the activity log, wherein the activity report lists the stored verification results.
  - 5. The method of claim 4 further including associating a name to a digital signature key of the digital credential, wherein the activity report lists the name of the digital signature key.
  - 6. The method of claim 4, wherein generating the activity report includes generating the activity report upon request by an owner of the digital credential.
  - 7. The method of claim 4, wherein generating the activity report includes generating the activity report each time the digital credential is verified.
  - 8. The method of claim 4, wherein generating the activity report includes generating a report periodically.
  - 9. The method of claim 1 further including analyzing the activity log to detect misuse of the digital credential.
  - 10. The method of claim 6, wherein generating the activity report includes listing activity for a plurality of digital signature keys associated with the owner.
  - 11. The method of claim 1 further comprising:
    - authorizing one or more delegates to use a delegated digital credential to act on behalf of the owner of the digital credential for specified functions, wherein verifying the use of the digital credential includes determining whether the delegated digital credential was authorized for the specific use.
  - 12. The method of claim 4, wherein generating an activity report includes generating activity reports of the delegates of the user and wherein said allowing comprises allowing said user to view all reports, but allowing each said delegate to view only their own activity report, and not allowing each said delegate to view reports for other delegates.

13. An article comprising a computer-readable medium having computer-executable instructions stored thereon for causing a computer to:
- receive a request to verify a use of a digital credential by a user of a digital credential at any of a plurality of different services where the digital credential can be used, the digital credential being a digital security mechanism associated with a user'"'"'s identity;
  
  verify the use of the digital credential in response to receipt of the request to verify from a first service of the plurality of different services;
  
  send a result of the verification to the first service;
  
  store a result of the verification in an activity log in a central service that communicates with each of said plurality of different services; and
  
  allow specified users to access said result.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 14. The article of claim 13, wherein the computer-executable instructions cause the computer to store transaction information in activity log.
  - 15. The article of claim 14, wherein,the transaction information includes at least one of a message that was signed using a digital signature key of the digital credential, a transaction value, an online service processing the transaction, an internet protocol (IP) address of a computing device originating the transaction, the date of the transaction and the time of the transaction.
  - 16. The article of claim 13, wherein the computer-executable instructions cause the computer to generate an activity report from the activity log, wherein the activity report lists the stored verification results.
  - 17. The article of claim 16, wherein the computer-executable instructions cause the computer to associate a name to a digital signature key of the digital credential, wherein the activity report lists the name of the digital signature key.
  - 18. The article of claim 16, wherein the computer-executable instructions cause the computer to generate the activity report upon receiving a request by an owner of the digital credential and wherein said allowing comprises allowing said user to view all reports, but allowing each said delegate to view only their own activity report, and not allowing each said delegate to view reports for other delegates.
  - 19. The article of claim 13, wherein the computer-executable instructions cause the computer to analyze the activity log to detect misuse of the digital credential.
  - 20. The article of claim 17, wherein the computer-executable instructions cause the computer to list in the activity report activity for a plurality of digital signature keys associated with the owner according to the name of the digital signature key.
  - 21. The article of claim 20, wherein the computer-executable instructions cause the computer to authorize one or more delegates to use a delegated digital credential to act on behalf of the owner of the digital credential for specified functions and determine whether the delegated digital credential was authorized for the specific use.
  - 22. The article of claim 21, wherein the computer-executable instructions cause the computer to generate activity reports of the delegates.

23. A system comprising:
- a server to receive requests to verify digital credentials by a user of a digital credential at any of a plurality of different services where the digital credential can be used, to verify the use of the digital credential in response to receipt of requests, and to send results from the verifications to the services;
  
  an activity log coupled to the server to store the results from the verifications in a central service that communicates with each of said plurality of different services; and
  
  a communication part to allow specified users to access said results.
- View Dependent Claims (24, 25, 26)
- - 24. The system of claim 23, wherein the activity log is configured to store transaction information for each authentication result.
  - 25. The system of claim 24, wherein the transaction information includes at least one of a digitally signed message, a date of the transaction, a value of the transaction, an online service requesting the authentication, an internet protocol (IP) address, a value of the transaction, and a time of the transaction.
  - 26. The system of claim 23, and further comprising an owner database to store information of an owner of the digital credential and owner-approved delegates and wherein said communication element allows said owner to view all reports, but allows each said delegate to view only their own report, and not reports for other delegates.

27. An article comprising a computer-readable medium having data structures stored thereon comprising:
- a first data field to store a result from an verification of a digital credential by a user of a digital credential at any of a plurality of different services where the digital credential can be used;
  
  a plurality of data fields to store transaction information relating to each verification result in a central service that communicates with each of said plurality of different services; and
  
  a data access structure, allowing specified users to access said results.
- View Dependent Claims (28, 29)
- - 28. The article of claim 27, wherein the plurality of data fields store at least one of a digitally signed message, a date of the transaction, a time of the transaction, a value of the transaction, an online service, an internet protocol (IP) address of a computing device originating the transaction, and goods or services involved in the transaction.
  - 29. The article of claim 27, wherein the data structures further include a plurality of data fields to store owner and delegate information.

30. A method comprising:
- storing use information for a digital credential of a plurality of delegates who are delegated to use said digital credential by an owner, the digital credential being a digital security mechanism associated with the owner'"'"'s identity;
  
  processing the use information for each of said plurality of delegates to detect misuse; and
  
  generating an alert to the owner based on the detection of misuse.
- View Dependent Claims (31, 32, 33, 34, 35)
- - 31. The method of claim 30, wherein generating an alert includes generating an activity report based on the use information.
  - 32. The method of claim 30, wherein generating an alert includes alerting a credential service provider.
  - 33. The method of claim 30, wherein the use information includes transaction information and wherein the method further comprises allowing said owner to view all reports, but allowing each said delegate to view only their own activity report, and not allowing each said delegate to view reports for other delegates
  - 34. The method of claim 30, wherein the use information includes verification information for the digital credential.
  - 35. The method of claim 33, wherein the transaction information includes at least one of a message that was signed, a transaction value, an online service, an internet protocol (IP) address, a value of the transaction, a date of the transaction and a the time of the transaction.

36. A method comprising:
- receiving a request from a medical professional to access medical information at a remote service, wherein the request includes a digital credential for the medical professional, the digital credential being a digital security mechanism associated with the medical professional'"'"'s identity;
  
  communicating transaction information describing the access request and the digital credential to a credential verification service;
  
  receiving a verification result from the credential verification service;
  
  providing the medical professional access to the medical information based on the verification result; and
  
  receiving an activity report from the credential verification service, wherein the activity report lists the transaction information, the digital credential and the transaction result.
- View Dependent Claims (37, 38, 39)
- - 37. The method of claim 36, wherein the transaction information includes at least an access type, a date of the transaction and a time of the transaction.
  - 38. The method of claim 36, further wherein the digital credential was provided by a credential issuing service and a credential service provider.
  - 39. The method of claim 36, and further including:
    - receiving a request to access the activity report from an owner of the digital credential; and
      
      providing the owner access to the activity report.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Brickell, Ernie F., Deklotz, Wesley

Application Number

US11/122,893
Publication Number

US 20050198536A1
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

G06Q 10/10   Office automation; Time man...

G06Q 20/3821   Electronic credentials

G06Q 20/40   Authorisation, e.g. identif...

G06Q 30/02   Marketing; Price estimation...

Digital credential usage reporting

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

Digital credential usage reporting

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links