SYSTEM AND METHODS FOR IDENTITY ATTRIBUTE VALIDATION
First Claim
1. A method of server-based identity attribute validation, comprising:
- a computer server receiving an identity attribute validation request from one of a plurality of communication devices, and an identifier associated with the one communication device, the identity attribute validation request requesting at least one attribute for disclosure to the one communication device, the computer server further receiving a credential and being configured with at least one attribute disclosure profile, each said attribute disclosure profile being associated with a respective one of the communication devices and identifying at least one attribute authorized for disclosure to the associated communication device;
the computer server determining a validity of the credential and the received identifier, and using the received identifier to locate the attribute disclosure profile associated with the one communication device; and
the computer server providing the communication device with a response to the identity attribute validation request based on an outcome of the credential and identifier validity determination and a correlation between the at least one attribute of the identity attribute validation request and the at least one attribute of the located attribute disclosure profile, the attribute validation response including attribute data associated with the credential authorized for disclosure to the one communication device by the located attribute disclosure profile but excluding attribute data associated with the credential not authorized for disclosure to the one communication device by the located attribute disclosure profile.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of identity attribute validation at a computer server involves the computer server receiving an identity attribute validation request from a communication terminal. The computer server further receives a credential, and is configured with an attribute disclosure profile of attributes authorized for disclosure to the communication terminal. The computer server determines the validity of the credential, and provides the communication terminal with a response to the identity attribute validation request based on an outcome of the credential validity determination. The attribute validation response includes attributes data associated with the credential authorized for disclosure by the attribute disclosure profile but excludes attributes data associated with the credential not authorized for disclosure by the attribute disclosure profile.
72 Citations
20 Claims
-
1. A method of server-based identity attribute validation, comprising:
-
a computer server receiving an identity attribute validation request from one of a plurality of communication devices, and an identifier associated with the one communication device, the identity attribute validation request requesting at least one attribute for disclosure to the one communication device, the computer server further receiving a credential and being configured with at least one attribute disclosure profile, each said attribute disclosure profile being associated with a respective one of the communication devices and identifying at least one attribute authorized for disclosure to the associated communication device; the computer server determining a validity of the credential and the received identifier, and using the received identifier to locate the attribute disclosure profile associated with the one communication device; and the computer server providing the communication device with a response to the identity attribute validation request based on an outcome of the credential and identifier validity determination and a correlation between the at least one attribute of the identity attribute validation request and the at least one attribute of the located attribute disclosure profile, the attribute validation response including attribute data associated with the credential authorized for disclosure to the one communication device by the located attribute disclosure profile but excluding attribute data associated with the credential not authorized for disclosure to the one communication device by the located attribute disclosure profile. - View Dependent Claims (2, 3, 4, 5, 11)
-
-
6. An issuer server comprising:
-
at least one attribute disclosure profile, each said attribute disclosure profile being associated with one of a plurality of communication devices and identifying at least one attribute authorized for disclosure to the associated communication device; and an identity attribute validation request processor configured to receive from one of the communication devices an identity attribute validation request and an identifier associated with the one communication device, the identity attribute validation request requesting at least one attribute for disclosure to the one communication device, and to further receive a credential, the identity attribute validation request processor being further configured to determine a validity of the received credential and the identifier, to use the received identifier to locate the attribute disclosure profile associated with the one communication device, and to provide the communication device with a response to the identity attribute validation request based on an outcome of the credential and identifier validity determination and a correlation between the at least one attribute of the identity attribute validation request and the at least one attribute of the located attribute disclosure profile, the attribute validation response including attribute data associated with the credential authorized for disclosure to the one communication device by the located attribute disclosure profile but excluding attribute data associated with the credential not authorized for disclosure to the one communication device by the located attribute disclosure profile. - View Dependent Claims (7, 8, 9, 10)
-
-
12. (canceled)
-
13. A method of terminal-based identity attribute validation, comprising:
-
a communication terminal receiving a credential from a hardware token interfaced with the communication terminal, and transmitting to a computer server the credential, an identifier associated with the communication terminal, and an identity attribute validation request, the communication terminal being configured with an attribute disclosure profile identifying at least one attribute authorized for disclosure to the communication terminal; the communication terminal receiving a response to the identity attribute validation request from the computer server, the attribute validation response being based on an outcome of a determination of validity of the credential and the identifier by the computer server; in accordance with the attribute validation response, the communication terminal using the attribute disclosure profile to interrogate the hardware token for attribute data associated with the credential authorized for disclosure to the communication terminal but excluding attribute data associated with the credential not authorized for disclosure to the communication terminal; and the communication terminal generating an authorization signal in accordance with a correlation between the authorized attribute data and a predetermined criterion. - View Dependent Claims (14, 15, 19)
-
-
16. A validation terminal comprising:
-
a credential interface configured to interface with a hardware token; an attribute disclosure profile identifying at least one attribute authorized for disclosure to the validation terminal; and an identity attribute validation processor configured to (1) receive a credential from the hardware token, (2) transmit to a computer server the credential, an identifier associated with the validation terminal, and an identity attribute validation request, (3) receive a response to the identity attribute validation request from the computer server, the attribute validation response being based on an outcome of a determination of validity of the credential and the identifier by the computer server, (4) in accordance with the attribute validation response, use the attribute disclosure profile to interrogate the hardware token for attribute data associated with the credential authorized for disclosure to the communication terminal but excluding attribute data associated with the credential not authorized for disclosure to the communication terminal, and (5) generate an authorization signal in accordance with a correlation between the authorized attribute data and a predetermined criterion, the attribute validation response being based on an outcome of a determination of validity of the credential by the computer server. - View Dependent Claims (17, 18)
-
-
20. (canceled)
Specification