Framework for obtaining cryptographically signed consent
First Claim
1. A method for obtaining cryptographically signed consent from a user on a host computer, comprising:
- requesting access to a resource on a web service provider by a user on a host computer;
in response to request from user to access a resource on the web service provider, generating a request for the user attributes by the web service provider and transmitting the request to an identity provider on the network;
encrypting the user attributes by the identity provider and transmitting the encrypted message to the web service provider;
transmitting encrypted message received from the identity provider by the web service provider to the host computer;
generating user consent by a consent service on the host computer;
transmitting encrypted user consented attributes and cryptographically signed user consent by the host computer to the web service provider; and
decrypting the cryptographically signed user consent and the encrypted user consented attributes by the web service provider and storing the user consented attributes and signed consent of the user in the storage device of the web service provider.
1 Assignment
0 Petitions
Accused Products
Abstract
A consent service on a host computer providing cryptographically signed consent for user attributes by a user on a host computer to a web service provider. The consent service is operable to provide decryption of the user attributes acquired by the web service provider from an identity provider. The consent service displaying and acquiring user consent to one or more user attributes displayed in a browser web page to the user on the host computer. The consent service is operable to provide encryption of the user consented attributes and to generate cryptographically signed consent of the user. The consent service conveying and transmitting the user consented attribute and cryptographically signed user consent to the web service provider. The web service provider is operable to provide decryption of the user consented attributes and storing the user consented attributes and signed user consent. The web service provider sharing user consented attributes and user signed consent with other web service providers so the user on the host computer can access resources on the other web service providers without multiple authentication or any further interaction with the identity provider.
-
Citations
24 Claims
-
1. A method for obtaining cryptographically signed consent from a user on a host computer, comprising:
-
requesting access to a resource on a web service provider by a user on a host computer;
in response to request from user to access a resource on the web service provider, generating a request for the user attributes by the web service provider and transmitting the request to an identity provider on the network;
encrypting the user attributes by the identity provider and transmitting the encrypted message to the web service provider;
transmitting encrypted message received from the identity provider by the web service provider to the host computer;
generating user consent by a consent service on the host computer;
transmitting encrypted user consented attributes and cryptographically signed user consent by the host computer to the web service provider; and
decrypting the cryptographically signed user consent and the encrypted user consented attributes by the web service provider and storing the user consented attributes and signed consent of the user in the storage device of the web service provider. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 21, 22, 23, 24)
-
-
13. A method for obtaining cryptographically signed consent from a user on a host computer, comprising:
-
requesting access to a resource on a web service provider by a user on a host computer;
in response to the request from user to access a resource on the web service provider, generating a request for user consent to user attributes by the web service provider and transmitting the web service provider request to the host computer;
displaying the user attributes requested by the web service provider in a user interface on the host computer for user consent;
transmitting user consent of request for user attributes by web service provider to a consent service on the host computer;
transmitting user consented request for user attributes by the consent service on the host computer to an identity provider;
encrypting the user attributes by the identity provider and transmitting the encrypted message to the consent service on the host computer;
decrypting the user attributes by the consent service on the host computer from the identity provider'"'"'s encrypted message;
encrypting user consented attributes and generating cryptographically signed user consent by the consent service on the host computer;
transmitting encrypted user consented attributes and cryptographically signed user consent by the host computer to the web service provider; and
decrypting the cryptographically signed user consent and the encrypted user consented attributes by the web service provider and storing the user consented attributes and signed consent of the user in the storage device of the web service provider. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification