REMOTE ACCESS OF DIGITAL IDENTITIES
First Claim
1. A method for controlling distribution of a digital identity representation, comprising the steps of:
- receiving at a first device a request from a second device for the digital identity representation;
prompting a user of the first device to accept or deny the request;
providing, if the request is accepted by the user, the digital identity representation.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for controlling distribution and use of digital identity representations (“DIRs”) increases security, usability, and oversight of DIR use. A DIR stored on a first device may be obtained by a second device for use in satisfying the security policy of a relying party. Release of the DIR to the second device requires permission from a device or entity that may be different from the device or entity attempting to access the relying party. Further, the use of the DIR to obtain an identity token may separately require permission of even a different person or entity and may be conditioned upon receiving satisfactory information relating to the intended use of the DIR (e.g., the name of the relying party, type of operation being attempted, etc.). By controlling the distribution and use of DIRs, security of the principal'"'"'s identity and supervisory control over a principal'"'"'s activities are enhanced.
-
Citations
20 Claims
-
1. A method for controlling distribution of a digital identity representation, comprising the steps of:
-
receiving at a first device a request from a second device for the digital identity representation; prompting a user of the first device to accept or deny the request; providing, if the request is accepted by the user, the digital identity representation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer program product for use in a computer system, the computer program product comprising one or more computer readable media having computer-executable instructions for implementing a method for controlling use of a digital identity representation, the method comprising the steps of:
-
receiving at a first device a request from a second device to use the digital identity representation; prompting a user of the first device to accept or deny the request; providing, if the request is accepted by the user, permission to use the digital identity representation. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A method of using a digital identity representation, comprising the steps of:
-
receiving a request for an identity token from a relying party; sending to a first device a request from a second device to obtain the digital identity representation; receiving at the second device the digital identity representation, wherein the digital identity representation includes metadata describing at least a first claim about a principal; sending from the second device a request to use the digital identity representation; receiving at the second device permission to use the digital identity representation; using the digital identity representation to request the identity token; receiving the identity token; and providing the identity token to the relying party. - View Dependent Claims (18, 19, 20)
-
Specification