NETWORKED IDENTITY FRAMEWORK

US 20070143860A1
Filed: 12/08/2006
Published: 06/21/2007
Est. Priority Date: 12/08/2005
Status: Active Grant

First Claim

Patent Images

1. A method of releasing a set of identity information data from a homesite to a membersite in an identity management network comprising:

receiving a request for one of a plurality of sets of identity data associated with a user from a membersite;

selecting one of the requested sets of identity data from the plurality of sets in accordance with a user preference; and

transmitting the selected set of identity data to the membersite.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method provide a framework for networked identity management in a user-centric model by providing the ability for a user to delegate permissions to release identity information, by enabling a mechanism for releasing one of a requested plurality of data sets and by providing facilities for the retrieval of identity information from an external server. Anonymization of identity data is enabled through the use of an anonymizer system that can optionally be integrated with an identity store such as a homesite.

Citations

36 Claims

1. A method of releasing a set of identity information data from a homesite to a membersite in an identity management network comprising:
- receiving a request for one of a plurality of sets of identity data associated with a user from a membersite;
  
  selecting one of the requested sets of identity data from the plurality of sets in accordance with a user preference; and
  
  transmitting the selected set of identity data to the membersite.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1 wherein the step of receiving the request includes receiving a request from the membersite via the user.
  - 3. The method of claim 1 wherein the step of selecting one of the requested sets includes selecting a set in accordance with a predetermined user preference.
  - 4. The method of claim 1 wherein the step of selecting one of the requested sets includes presenting the requested sets to the user and obtaining a user selection of one of the presented sets.
  - 5. The method of claim 1 wherein the step of transmitting includes transmitting the selected set to the membersite via the user.
  - 6. The method of claim 1 wherein the received request includes an ordered list of the plurality of sets.
  - 7. The method of claim 6 wherein the ordered list is an indication of a hard priority from the membersite.
  - 8. The method of claim 6 wherein the ordered list is an indication of a soft priority from the membersite.
  - 10. The method of claim 1 wherein the set of identity data includes an identity claim.
  - 11. The method of claim 10 wherein the identity claim includes an expiry date.
  - 12. The method of claim 11 wherein the step of transmitting the selected set includes determining if the identity claim has expired.
  - 13. The method of claim 11 wherein the step of transmitting includes updating an expired claim and transmitting the selected set upon receipt of an updated identity claim.
  - 14. The method of claim 10 wherein the identity claim includes attributes of the user.
  - 15. The method of claim 10 wherein the identity claim includes an attribute of the homesite.
  - 16. The method of claim 15 wherein the attribute is a certification of an authentication at the homesite.
  - 17. The method of claim 16 wherein the authentication is provided by a third party.
  - 18. The method of claim 16 wherein the certification includes a hash of an authentication engine at the homesite used to authenticate the user identity.

9. The method of claim 9 wherein the indication of soft priority includes an indication of an association between each of the plurality of requested sets and a plurality of levels of access.

19. A method of submitting user data to membersite from a homesite, the method comprising:
- receiving a request for user identity information from a membersite;
  
  determining that the active user has received proxy rights to the requested user identity information; and
  
  transmitting the requested user identity information to the membersite upon determination that the active user has received the proxy rights.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. The method of claim 19 wherein the step of determining includes determining that the active user is listed on a proxy list associated with the user associated with the requested user identity information.
  - 21. The method of claim 19 wherein the step of determining includes determining that the active user has an identity claim providing authorization for the requested user information.
  - 22. The method of claim 19 wherein the step of determining includes requiring the active user to authenticate.
  - 23. The method of claim 19 wherein the request for user identity information is received as a uniform resource locator.
  - 24. The method of claim 23 wherein the uniform resource locator points to a static request document.
  - 25. The method of claim 23 wherein the uniform resource locator points to a dynamic request document generated by the requesting node in accordance with at least one of the user network address and a requested service.

26. A method of anonymizing identity information associated with a user being transmitted from a homesite to a membersite, the method comprising:
- receiving identity information associated with the user from the homesite;
  
  redacting the identity information to remove identifying information associated with the user; and
  
  transmitting the redacted identity information to the membersite.
- View Dependent Claims (27, 28, 29, 30, 31)
- - 27. The method of claim 26 wherein the identity information includes information selected from a list including:
    - a unique identifier associated with the user;
      
      a user birth date; and
      
      a user address.
  - 28. The method of claim 27 wherein the identifying information is a unique identifier and the step of redacting includes replacing the unique identifier with an identifier that is pairwise unique between the user and the membersite.
  - 29. The method of claim 27 wherein the identifying information is a unique identifier and the step of redacting includes replacing the unique identifier with an identifier selected from a pool of identifiers.
  - 30. The method of claim 27 wherein the identifying information is a user birth date and the step of redacting includes replacing the user birth date with an age range.
  - 31. The method of claim 27 wherein the identifying information is a user address and the step of redacting includes replacing the user address with one of a country, province, state, city, postal code, zip code or other non-specific geographical indicator derived in accordance with the user address.

32. A method of providing user identity information to a membersite comprising the steps of:
- receiving a request for a set of user identity information from the membersite;
  
  issuing a request for an element in the requested set to an external site;
  
  receiving the requested element from the external site; and
  
  transmitting the received requested element from the external site to the membersite in response to the received request.
- View Dependent Claims (33, 34, 35, 36)
- - 33. The method of claim 32 wherein the step of receiving a request includes receiving the request from a membersite via the user.
  - 34. The method of claim 33 wherein the step of issuing a request includes redirecting the user to the external site with a request for the element.
  - 35. The method of claim 34 wherein the step of receiving the requested element includes receiving the requested element from the external site via the user.
  - 36. The method of claim 33 wherein the step of transmitting the received requested element includes transmitting the received requested information includes transmitting the received requested element via the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Callahan Cellular LLC (Intellectual Ventures LLC)
Original Assignee
Sxip Identity Corp. (Ping Identity Corporation)
Inventors
Hardt, Dick

Granted Patent

US 8,635,679 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/28
CPC Class Codes

G06F 21/6254   by anonymising data, e.g. d...

H04L 63/0421   Anonymous communication, i....

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 63/105   Multiple levels of security

NETWORKED IDENTITY FRAMEWORK

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

NETWORKED IDENTITY FRAMEWORK

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links