SECURELY ROAMING DIGITAL IDENTITIES
First Claim
1. A method for securely roaming a digital identity, said method comprising:
- creating an identity token comprising;
a cryptographic session key;
a time stamp indicative of a duration of said session key; and
at least one attribute of said digital identity;
encrypting said identity token, said identity token being encrypted utilizing a private key of a public-key cryptographic key pair;
encrypting an identifier, said identifier being encrypted utilizing said cryptographic session key; and
providing said encrypted identity token and said encrypted identifier.
1 Assignment
0 Petitions
Accused Products
Abstract
A cryptographic session key is utilized to maintain security of a digital identity. The session key is valid only for a limited period of time. Additional security is provided via a bimodal credential allowing different levels of access to the digital identify. An identity token contains pertinent information associated with the digital identity. The identity token is encrypted utilizing public-key cryptography. An identifier utilized to verify the validity of the digital identity is encrypted with the cryptographic session key. The encrypted identity token and the encrypted identifier are provided to a service for example. The service decrypts the encrypted identity token utilizing public key cryptography, and decrypts, with the cryptographic session key obtained from the identity token, the encrypted identifier. If the identifier is determined to be valid, the transaction proceeds normally. If the identifier is determined to be invalid, the transaction is halted.
13 Citations
20 Claims
-
1. A method for securely roaming a digital identity, said method comprising:
-
creating an identity token comprising; a cryptographic session key; a time stamp indicative of a duration of said session key; and at least one attribute of said digital identity; encrypting said identity token, said identity token being encrypted utilizing a private key of a public-key cryptographic key pair; encrypting an identifier, said identifier being encrypted utilizing said cryptographic session key; and providing said encrypted identity token and said encrypted identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A secure roaming device comprising:
-
an input/output portion for; receiving a bimodal credential indicative of an allowable level of access to information associated with said digital identity; receiving a request for at least on attribute associated with said digital identity; providing a response to said request, said response comprising an encrypted identity token and an encrypted identifier, said identity token comprising said requested at least one attribute, a cryptographic session key, and a time stamp indicative of a duration of said cryptographic session key, wherein; said identity token is encrypted with a private of a public-key cryptographic key pair; and said encrypted identifier is encrypted utilizing said cryptographic session key; receiving a reply to said response, said reply being indicative of said digital identity being one of valid and invalid; and a memory portion for storing attributes of said digital identity, said private key, said time stamp, said identity token, and all modes of said bimodal credential. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A computer-readable medium having computer-executable instructions for performing the acts of:
-
encrypting, utilizing a private key of a public-key cryptographic key pair, an identity token comprising a cryptographic session key, a time stamp indicative of a duration of said session key, and at least one attribute of said digital identity; encrypting an identifier, said identifier being encrypted utilizing said cryptographic session key; and providing said encrypted identity token and said encrypted identifier. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification