SYSTEM AND METHOD FOR POOL-BASED IDENTITY GENERATION AND USE FOR SERVICE ACCESS

US 20090271625A1
Filed: 04/29/2008
Published: 10/29/2009
Est. Priority Date: 04/29/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

seeding an identity generator with a private key;

retrieving independently verifiable data corresponding to a service consumer;

using the independently verifiable data to create signed assertions corresponding to the service consumer;

generating a non-portable identity document associated with the service consumer, the identity document including the signed assertions;

signing the identity document with the private key; and

conveying the signed identity document to the service consumer via a secure link.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented system and method for pool-based identity generation and use for service access is disclosed. The method in an example embodiment includes seeding an identity generator with a private key; retrieving independently verifiable data corresponding to a service consumer; using the independently verifiable data to create signed assertions corresponding to the service consumer; generating a non-portable identity document associated with the service consumer, the identity document including the signed assertions; signing the identity document with the private key; and conveying the signed identity document to the service consumer via a secure link.

35 Citations

View as Search Results

19 Claims

1. A method comprising:
- seeding an identity generator with a private key;
  
  retrieving independently verifiable data corresponding to a service consumer;
  
  using the independently verifiable data to create signed assertions corresponding to the service consumer;
  
  generating a non-portable identity document associated with the service consumer, the identity document including the signed assertions;
  
  signing the identity document with the private key; and
  
  conveying the signed identity document to the service consumer via a secure link.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method as claimed in claim 1 wherein the independently verifiable data corresponding to a service consumer includes an IP address of the service consumer.
  - 3. The method as claimed in claim 1 wherein the signed assertions are compatible with the security assertion markup language (SAML).
  - 4. The method as claimed in claim 1 wherein the method is performed at initial system/service deployment time.
  - 5. The method as claimed in claim 1 wherein the identity document is stored by the service consumer.

6. A method comprising:
- retrieving a non-portable identity document associated with a service consumer, the identity document including signed assertions corresponding to independently verifiable data of the service consumer;
  
  generating a request for credentials including at least a portion of the content of the identity document;
  
  sending the request for credentials to an authentication authority; and
  
  receiving credentials from the authentication authority.
- View Dependent Claims (7, 8, 9)
- - 7. The method as claimed in claim 6 wherein the independently verifiable data of the service consumer includes an IP address of the service consumer.
  - 8. The method as claimed in claim 6 wherein the signed assertions are compatible with the security assertion markup language (SAML).
  - 9. The method as claimed in claim 6 wherein the method is performed at system run time.

10. A method comprising:
- receiving a request for credentials from a service consumer, the request for credentials including at least a portion of the content of a non-portable identity document associated with the service consumer, the identity document including signed assertions corresponding to independently verifiable data of the service consumer;
  
  retrieving independently verifiable data of the service consumer;
  
  comparing the portion of the content of the identity document associated with the service consumer received with the request for credentials against the retrieved independently verifiable data of the service consumer;
  
  generating credentials for the service consumer, if the portion of the content of the identity document matches the retrieved independently verifiable data of the service consumer; and
  
  sending the generated credentials to the service consumer.
- View Dependent Claims (11, 12, 13)
- - 11. The method as claimed in claim 10 wherein the independently verifiable data of the service consumer includes an IP address of the service consumer.
  - 12. The method as claimed in claim 10 wherein the signed assertions are compatible with the security assertion markup language (SAML).
  - 13. The method as claimed in claim 10 wherein the method is performed at system run time.

14. A method comprising:
- retrieving a credential associated with a service consumer, the credential including signed assertions corresponding to independently verifiable data of the service consumer;
  
  generating a request for service including at least a portion of the content of the credential;
  
  sending the request for service to a service provider; and
  
  receiving a message from the service provider indicating that the requested service can be provided.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The method as claimed in claim 14 wherein the service provider verifies the credential against independently verifiable data of the service consumer.
  - 16. The method as claimed in claim 14 wherein the service provider checks access control data for a requested service and the service consumer via an authorization service.
  - 17. The method as claimed in claim 14 wherein the independently verifiable data of the service consumer includes an IP address of the service consumer.
  - 18. The method as claimed in claim 14 wherein the signed assertions are compatible with the security assertion markup language (SAML).
  - 19. The method as claimed in claim 14 wherein the method is performed at system run time.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
eBay Inc.
Original Assignee
eBay Inc.
Inventors
Kleinocter, Michael Dean, Kasten, Christopher J., Lynch, Liam Sean, Kanungo, Rajesh, Kolluru, Raju Venkata

Granted Patent

US 8,893,242 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/170
CPC Class Codes

G06F 21/33   using certificates

G06F 2221/2129   Authenticate client device ...

G06Q 20/02   involving a neutral party, ...

G06Q 20/3829   involving key management

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4014   Identity check for transact...

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 63/126   the source of the received ...

H04L 9/32   including means for verifyi...

H04L 9/3247   involving digital signatures

SYSTEM AND METHOD FOR POOL-BASED IDENTITY GENERATION AND USE FOR SERVICE ACCESS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

35 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR POOL-BASED IDENTITY GENERATION AND USE FOR SERVICE ACCESS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links