SYSTEM AND METHOD FOR POOL-BASED IDENTITY GENERATION AND USE FOR SERVICE ACCESS
First Claim
1. A method comprising:
- seeding an identity generator with a private key;
retrieving independently verifiable data corresponding to a service consumer;
using the independently verifiable data to create signed assertions corresponding to the service consumer;
generating a non-portable identity document associated with the service consumer, the identity document including the signed assertions;
signing the identity document with the private key; and
conveying the signed identity document to the service consumer via a secure link.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer-implemented system and method for pool-based identity generation and use for service access is disclosed. The method in an example embodiment includes seeding an identity generator with a private key; retrieving independently verifiable data corresponding to a service consumer; using the independently verifiable data to create signed assertions corresponding to the service consumer; generating a non-portable identity document associated with the service consumer, the identity document including the signed assertions; signing the identity document with the private key; and conveying the signed identity document to the service consumer via a secure link.
35 Citations
19 Claims
-
1. A method comprising:
-
seeding an identity generator with a private key; retrieving independently verifiable data corresponding to a service consumer; using the independently verifiable data to create signed assertions corresponding to the service consumer; generating a non-portable identity document associated with the service consumer, the identity document including the signed assertions; signing the identity document with the private key; and conveying the signed identity document to the service consumer via a secure link. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method comprising:
-
retrieving a non-portable identity document associated with a service consumer, the identity document including signed assertions corresponding to independently verifiable data of the service consumer; generating a request for credentials including at least a portion of the content of the identity document; sending the request for credentials to an authentication authority; and receiving credentials from the authentication authority. - View Dependent Claims (7, 8, 9)
-
-
10. A method comprising:
-
receiving a request for credentials from a service consumer, the request for credentials including at least a portion of the content of a non-portable identity document associated with the service consumer, the identity document including signed assertions corresponding to independently verifiable data of the service consumer; retrieving independently verifiable data of the service consumer; comparing the portion of the content of the identity document associated with the service consumer received with the request for credentials against the retrieved independently verifiable data of the service consumer; generating credentials for the service consumer, if the portion of the content of the identity document matches the retrieved independently verifiable data of the service consumer; and sending the generated credentials to the service consumer. - View Dependent Claims (11, 12, 13)
-
-
14. A method comprising:
-
retrieving a credential associated with a service consumer, the credential including signed assertions corresponding to independently verifiable data of the service consumer; generating a request for service including at least a portion of the content of the credential; sending the request for service to a service provider; and receiving a message from the service provider indicating that the requested service can be provided. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification