PRIVACY-PRESERVING FLEXIBLE ANONYMOUS-PSEUDONYMOUS ACCESS
First Claim
1. A computer-implemented method of allowing user-selected anonymous and pseudonymous access for a user to a relying party (RP), mediated by an identity provider (IdP), comprising:
- registering with an IdP to establish a first pseudonym;
upon successful proof of possession of the first pseudonym to the IdP, receiving a first representation of an access token from the IdP for accessing the RP;
transforming, by a processor, the first representation of the access token to obtain a second representation of the access token, the second representation of the access token being a valid access token and is unlinkable to the first representation of the access token by the IdP;
receiving a request from the user to access the RP;
determining whether the request is for accessing the RP anonymously or pseudonymously;
if the request is for anonymous access,providing the second representation of the access token to the RP anonymously; and
gaining access to the RP upon verification of the second representation of the access token, the anonymous access being unlinkable to any previous and any future access at the RP, and unlinkable to the IdP'"'"'s interaction with any particular user;
if the request is for pseudonymous access,providing to the RP the second representation of the access token and proof of possession of a second pseudonym that is previously registered with the RP; and
gaining access to the RP upon successful verification of the second representation of the access token and proof of possession of the second pseudonym, wherein the pseudonymous access is linkable to the second pseudonym, unlinkable to the IdP'"'"'s interaction with any particular user, and unlinkable to any past and future access to the RP that does not employ the second pseudonym.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are disclosed for privacy-preserving flexible user-selected anonymous and pseudonymous access at a relying party (RP), mediated by an identity provider (IdP). Anonymous access is unlinkable to any previous or future accesses of the user at the RP. Pseudonymous access allows the user to associate the access to a pseudonym previously registered at the RP. A pseudonym system is disclosed. The pseudonym system allows a large number of different and unlinkable pseudonyms to be generated using only a small number of secrets held by the user. The pseudonym system can generate tokens capable of including rich semantics in both a fixed format and a free format. The tokens can be used in obtaining from the IdP, confirmation of access privilege and/or of selective partial disclosure of user characteristics required for access at the RPs. The pseudonym system and associated protocols also support user-enabled linkability between pseudonyms.
172 Citations
51 Claims
-
1. A computer-implemented method of allowing user-selected anonymous and pseudonymous access for a user to a relying party (RP), mediated by an identity provider (IdP), comprising:
-
registering with an IdP to establish a first pseudonym; upon successful proof of possession of the first pseudonym to the IdP, receiving a first representation of an access token from the IdP for accessing the RP; transforming, by a processor, the first representation of the access token to obtain a second representation of the access token, the second representation of the access token being a valid access token and is unlinkable to the first representation of the access token by the IdP; receiving a request from the user to access the RP; determining whether the request is for accessing the RP anonymously or pseudonymously; if the request is for anonymous access, providing the second representation of the access token to the RP anonymously; and gaining access to the RP upon verification of the second representation of the access token, the anonymous access being unlinkable to any previous and any future access at the RP, and unlinkable to the IdP'"'"'s interaction with any particular user; if the request is for pseudonymous access, providing to the RP the second representation of the access token and proof of possession of a second pseudonym that is previously registered with the RP; and gaining access to the RP upon successful verification of the second representation of the access token and proof of possession of the second pseudonym, wherein the pseudonymous access is linkable to the second pseudonym, unlinkable to the IdP'"'"'s interaction with any particular user, and unlinkable to any past and future access to the RP that does not employ the second pseudonym. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer-implemented method of authorizing access for a user to a relying party (RP), mediated by an identity provider (IdP), comprising:
-
receiving the user'"'"'s registration of a first pseudonym at the IdP in a previous session; upon verification of the user'"'"'s possession of the first pseudonym, generating, by a processor, a first representation of an access token to the user for accessing the RP, wherein the first representation of the access token selectively encodes a partial disclosure based on one or more characteristics of the user known to the IdP, the partial disclosure being a confirmation of at least some characteristics required for user access at the RP, the first representation of the access token being modifiable to a second representation of the access token that is unlinkable to the first representation of the access token, and the second representation of the access token remaining as a valid access token for accessing the RP; and providing the first representation of the access token to the user for accessing the RP. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. A computer-implemented method of allowing access for a user to a relying party (RP), mediated by an identity provider (IdP), comprising:
-
receiving a request to access the RP from the user, the request comprising a second representation of an access token, the second representation of the access token being based on a first representation of the access token issued to the user by the IdP, the second representation of the access token being unlinkable to the first representation of the access token by the RP and the IdP individually, and the second representation of the access token being unlinkable to the first representation of the access token by the RP and the IdP in collusion; if the first representation of the access token is publicly verifiable, verifying, by a processor, the second representation of the access token; and providing access to the user upon successful verification of the second representation of the access token; if the first representation of the access token is privately verifiable by the IdP, presenting the second representation of the access token to the IdP for verification; and providing access to the user if the IdP successfully verifies the second representation of the access token. - View Dependent Claims (24, 25, 26, 27, 28, 29)
-
-
30. A method for providing anonymous and pseudonymous access for a user to one or more relying parties (RPs), mediated by an identity provider (IdP), comprising:
-
the user registering with the IdP to establish a first pseudonym in a previous session; the user generating an original token for accessing an RP; the user modifying the original token to obtain a modified token; the user providing the modified token to the IdP to obtain confirmation of access authorization; the user proving possession of the first pseudonym previously registered with the IdP to the IdP; upon verification of the user'"'"'s possession of the first pseudonym, the IdP generating a first representation of an access token by signing the modified token, the first representation of the access token containing the confirmation of access authorization at the RP; the IdP providing the first representation of the access token to the user; the user transforming the signed modified token to obtain a second representation of the access token, wherein the second representation of the access token is unlinkable to the first representation of the access token by the RP and the IdP individually, and is unlinkable by the RP and IdP in collusion; the user determining whether to access the RP anonymously or pseudonymously; if accessing the RP anonymously, the user presenting the second representation of the access token to the RP; if accessing the RP pseudonymously, the user presenting the second representation and proof of possession of a second pseudonym, the second pseudonym being a pseudonym previously registered with the RP; upon receiving the second representation of the access token, the RP verifying the second representation of the access token; and if access is anonymous, the RP providing access to the user upon verification of the second representation of the access token; if access is pseudonymous, the RP providing access to the user upon successful verification of the second representation of the access token and successful verification of the proof of possession of the second pseudonym. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
-
-
45. A system for managing user access at relying parties (RPs), mediated by identity providers (IdPs), the system comprising:
-
a first subsystem for a user to prove possession of a first pseudonym previously registered with an IdP to the IdP; a second subsystem for the user to obtain a first representation of an access token from the IdP for accessing an RP anonymously; a third subsystem for the user to modify the first representation of the access token to obtain a second representation of the access token for anonymous access at the RP, where the second representation of the access token is unlinkable to the first representation of the access token by the IdP; a fourth subsystem for the user to present the second representation of the access token to the RP either anonymously or pseudonymously based on user choice; a fifth subsystem for the user to connect the second representation of the access token to one of the user'"'"'s pseudonyms previously registered at the RP, wherein the user'"'"'s pseudonyms registered at the RP are unlinkable to the pseudonym registered at the IdP; a sixth subsystem for the user to prove possession of a second pseudonym previously registered with the RP to the RP; and a seventh subsystem for allowing user access to the RP upon successful cryptographic proof of either the second representation of the access token for anonymous access, or the second representation of the access token and the pseudonym previously registered with the RP for pseudonymous access. - View Dependent Claims (46, 47, 48)
-
-
49. A system, comprising:
-
one or more processors, memory coupled to the one or more processors and storing instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising; receiving the user'"'"'s registration of a first pseudonym at the IdP in a previous session; upon verification of the user'"'"'s possession of the first pseudonym, generating, by a processor, a first representation of an access token to the user for accessing the RP, wherein the first representation of the access token selectively encodes a partial disclosure based on one or more characteristics of the user known to the IdP, the partial disclosure being a confirmation of at least some characteristics required for user access at the RP, the first representation of the access token being modifiable to a second representation of the access token that is unlinkable to the first representation of the access token, and the second representation of the access token remaining as a valid access token for accessing the RP; and providing the first representation of the access token to the user for accessing the RP.
-
-
50. A computer-readable medium having instructions stored thereon, which, when executed by one or more processors, cause the processors to perform operations comprising:
-
receiving the user'"'"'s registration of a first pseudonym at the IdP in a previous session; upon verification of the user'"'"'s possession of the first pseudonym, generating, by a processor, a first representation of an access token to the user for accessing the RP, wherein the first representation of the access token selectively encodes a partial disclosure based on one or more characteristics of the user known to the IdP, the partial disclosure being a confirmation of at least some characteristics required for user access at the RP, the first representation of the access token being modifiable to a second representation of the access token that is unlinkable to the first representation of the access token, and the second representation of the access token remaining as a valid access token for accessing the RP; and providing the first representation of the access token to the user for accessing the RP.
-
-
51. A method, comprising:
-
maintaining a pseudonym system on a device, the pseudonym system operable to generate an unbounded number of pseudonyms based on a fixed number of cryptographic keys; generating a plurality of pseudonyms for establishing respective pseudonymous identities with a plurality of entities, the plurality of pseudonyms being generated by the pseudonym system based on at least one of the fixed number of cryptographic keys, and the plurality of pseudonyms being unlinkable to one another by entities that do not possess the cryptographic key; registering each of the plurality of pseudonymous identities with a respective entity in the plurality of entities using a corresponding pseudonym in the plurality of pseudonyms; and reproducing and proving possession of each pseudonymous identity without maintaining a persistent copy of the corresponding pseudonym.
-
Specification