SECURELY ROAMING DIGITAL IDENTITIES

US 20100064361A1
Filed: 11/17/2009
Published: 03/11/2010
Est. Priority Date: 09/09/2005
Status: Active Grant

First Claim

Patent Images

1. A method for securely roaming a digital identity, said method comprising:

creating an identity token comprising;

a cryptographic session key;

a time stamp indicative of a duration of said session key; and

at least one attribute of said digital identity;

encrypting said identity token, said identity token being encrypted utilizing a private key of a public-key cryptographic key pair;

encrypting an identifier, said identifier being encrypted utilizing said cryptographic session key; and

providing said encrypted identity token and said encrypted identifier.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cryptographic session key is utilized to maintain security of a digital identity. The session key is valid only for a limited period of time. Additional security is provided via a bimodal credential allowing different levels of access to the digital identify. An identity token contains pertinent information associated with the digital identity. The identity token is encrypted utilizing public-key cryptography. An identifier utilized to verify the validity of the digital identity is encrypted with the cryptographic session key. The encrypted identity token and the encrypted identifier are provided to a service for example. The service decrypts the encrypted identity token utilizing public key cryptography, and decrypts, with the cryptographic session key obtained from the identity token, the encrypted identifier. If the identifier is determined to be valid, the transaction proceeds normally. If the identifier is determined to be invalid, the transaction is halted.

13 Citations

View as Search Results

20 Claims

1. A method for securely roaming a digital identity, said method comprising:
- creating an identity token comprising;
  
  a cryptographic session key;
  
  a time stamp indicative of a duration of said session key; and
  
  at least one attribute of said digital identity;
  
  encrypting said identity token, said identity token being encrypted utilizing a private key of a public-key cryptographic key pair;
  
  encrypting an identifier, said identifier being encrypted utilizing said cryptographic session key; and
  
  providing said encrypted identity token and said encrypted identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method in accordance with claim 1, further comprising:
    - decrypting said encrypted identity token utilizing a respective public key of said public-key cryptographic key pair;
      
      decrypting said encrypted identifier utilizing said session key obtained from said decrypted identity token;
      
      determining if said duration of said cryptographic session key has expired;
      
      determining a validity of said identifier; and
      
      determining a validity of said digital identity in accordance with said determination of expiration of said cryptographic session key and said determined validity of said identifier.
  - 3. A method in accordance with claim 1, further comprising the act of receiving a request for at least one attribute associated with said digital identity, wherein said identity token comprises said requested at least one attribute.
  - 4. A method in accordance with claim 1, wherein:
    - said digital identity is determined to be valid ifsaid identifier is determined to be valid; and
      
      said cryptographic session key is determined to not have expired; and
      
      said digital identity is determined to be invalid if said identifier is determined to be invalid or said cryptographic session key is determined to have expired.
  - 5. A method in accordance with claim 1, wherein said identifier comprises a response to a challenge.
  - 6. A method in accordance with claim 1, further comprising the act of allowing access to information associated with said digital identity in accordance with a bimodal credential, wherein:
    - a first mode of said bimodal credential allows modification of at least one of said public-key cryptographic key pair, said time stamp, and attributes associated with said digital identity; and
      
      a second mode of said bimodal credential prohibits modification of said public-key cryptographic key pair, said time stamp, and attributes associated with said digital identity.
  - 7. A method in accordance with claim 6, wherein said bimodal credential comprises a pair of predetermined passwords.
  - 8. A method in accordance with claim 6, wherein said second mode of said bimodal credential allows access to respective metadata associated with said digital identity.

9. A secure roaming device comprising:
- an input/output portion for;
  
  receiving a bimodal credential indicative of an allowable level of access to information associated with said digital identity;
  
  receiving a request for at least on attribute associated with said digital identity;
  
  providing a response to said request, said response comprising an encrypted identity token and an encrypted identifier, said identity token comprising said requested at least one attribute, a cryptographic session key, and a time stamp indicative of a duration of said cryptographic session key, wherein;
  
  said identity token is encrypted with a private of a public-key cryptographic key pair; and
  
  said encrypted identifier is encrypted utilizing said cryptographic session key;
  
  receiving a reply to said response, said reply being indicative of said digital identity being one of valid and invalid; and
  
  a memory portion for storing attributes of said digital identity, said private key, said time stamp, said identity token, and all modes of said bimodal credential.
- View Dependent Claims (10, 11, 12, 13)
- - 10. A secure roaming device in accordance with claim 9, further comprising a processing portion for:
    - processing said bimodal credential to determine said allowable level of access to information associated with said digital identity;
      
      processing said request for at least on attribute associated with said digital identity; and
      
      creating said response to said request.
  - 11. A secure roaming device in accordance with claim 10, wherein said memory portion comprises a removable memory.
  - 12. A secure roaming device in accordance with claim 9, wherein said secure roaming device comprises at least one of a portable secure roaming device and a biometric memory device.
  - 13. A computing device in accordance with claim 9, wherein:
    - a first mode of said bimodal credential allows modification of at least one of said public-key cryptographic key pair, said time stamp, and attributes associated with said digital identity; and
      
      a second mode of said bimodal credential prohibits modification of said public-key cryptographic key pair, said time stamp, and attributes associated with said digital identity.

14. A computer-readable medium having computer-executable instructions for performing the acts of:
- encrypting, utilizing a private key of a public-key cryptographic key pair, an identity token comprising a cryptographic session key, a time stamp indicative of a duration of said session key, and at least one attribute of said digital identity;
  
  encrypting an identifier, said identifier being encrypted utilizing said cryptographic session key; and
  
  providing said encrypted identity token and said encrypted identifier.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. A computer-readable medium in accordance with claim 14, said computer-readable medium having further computer-executable instructions for:
    - decrypting said encrypted identity token utilizing a respective public key of said public-key cryptographic key pair;
      
      decrypting said encrypted identifier utilizing said session key obtained from said decrypted identity token;
      
      determining if said duration of said cryptographic session key has expired; and
      
      determining a validity of said identifier.
  - 16. A computer-readable medium in accordance with claim 14, said computer-readable medium having further computer-executable instructions for receiving a request for at least one attribute associated with said digital identity, wherein said identity token comprises said requested at least one attribute.
  - 17. A computer-readable medium in accordance with claim 14, wherein:
    - said digital identity is determined to be valid if;
      
      said identifier is determined to be valid; and
      
      said cryptographic session key is determined to not have expired; and
      
      said digital identity is determined to be invalid if said identifier is determined to be invalid or said cryptographic session key is determined to have expired.
  - 18. A computer-readable medium in accordance with claim 14, wherein said identifier comprises a response to a challenge.
  - 19. A computer-readable medium in accordance with claim 14, said computer-readable medium having further computer-executable instructions for allowing access to information associated with said digital identity in accordance with a bimodal credential, wherein:
    - a first mode of said bimodal credential allows modification of at least one of said public-key cryptographic key pair, said time stamp, and attributes associated with said digital identity; and
      
      a second mode of said bimodal credential prohibits modification of said public-key cryptographic key pair, said time stamp, and attributes associated with said digital identity.
  - 20. A computer-readable medium in accordance with claim 17, wherein said second mode of said credential allows access to respective metadata associated with said digital identity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Nanda, Arun K., Shewchuk, John P., Box, Donald F., Wilson, Hervey O., Walter, Douglas A.

Granted Patent

US 8,051,469 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/10
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3271   using challenge-response

H04L 9/3297   involving time stamps, e.g....

SECURELY ROAMING DIGITAL IDENTITIES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

13 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURELY ROAMING DIGITAL IDENTITIES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links