METHODS AND SYSTEMS FOR SECURE IDENTITY MANAGEMENT

US 20130205136A1
Filed: 01/18/2013
Published: 08/08/2013
Est. Priority Date: 01/18/2012
Status: Active Grant

First Claim

Patent Images

1. A method for authorizing a virtual identity using an access device, the method comprising:

sending, from an access device, a request to a resource through a network;

accessing a resource challenge that is acceptable to the resource;

sending the resource challenge to an identity repository;

receiving, from the identity repository, a first signed resource challenge;

signing the resource challenge to generate a second signed resource challenge; and

sending an authorization for the virtual identity to the resource through the network, the authorization including the first signed resource challenge and the second signed resource challenge.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for authorizing a virtual identity using an access device may include sending, from an access device, a request to a resource through a network. The method may also include accessing a resource challenge that is acceptable to the resource and sending the resource challenge to an identity repository. The method may additionally include receiving, from the identity repository, a first signed resource challenge and signing the resource challenge to generate a second signed resource challenge. The method may further include sending an authorization for the virtual identity to the resource through the network. The authorization may include the first signed resource challenge and the second signed resource challenge.

Citations

28 Claims

1. A method for authorizing a virtual identity using an access device, the method comprising:
- sending, from an access device, a request to a resource through a network;
  
  accessing a resource challenge that is acceptable to the resource;
  
  sending the resource challenge to an identity repository;
  
  receiving, from the identity repository, a first signed resource challenge;
  
  signing the resource challenge to generate a second signed resource challenge; and
  
  sending an authorization for the virtual identity to the resource through the network, the authorization including the first signed resource challenge and the second signed resource challenge.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - sending an access device public key to the resource; and
      
      sending an identity repository public key to the resource, wherein;
      
      the access device public key is associated with an access device private key that is used by the access device to sign the resource challenge;
      
      the identity repository public key is associated with an identity repository private key that is used by the identity repository to sign the resource challenge; and
      
      the access device public key and the identity repository public key are sent to the resource as a part of a registration process prior to the request.
  - 3. The method of claim 2 wherein the access device public key and the identity repository public key are associated exclusively with the resource.
  - 4. The method of claim 1 further comprising:
    - receiving a third signed resource challenge from the identity repository, wherein the third signed resource challenge comprises the resource challenge signed by a control device; and
      
      sending the third signed resource challenge to the resource through the network to authorize using the virtual identity for an interaction with the resource.
  - 5. The method of claim 4 wherein the control device comprises an app operating on a computing device.
  - 6. The method of claim 4 wherein the access device and the control device are the same device.
  - 7. The method of claim 1 wherein the first signed resource challenge is signed by the identity repository.
  - 8. The method of claim 1 further comprising:
    - accessing an access device challenge that is acceptable to the identity repository;
      
      receiving a personal identifier from a user;
      
      signing the access device challenge using at least the personal identifier to generate a signed access device challenge; and
      
      sending the signed access device challenge to the identity repository to verify that the access device is authorized to sign the resource challenge.
  - 9. The method of claim 8 wherein the personal identifier comprises a user password.
  - 10. The method of claim 1 wherein the resource comprises a website.

11. A method for authorizing a virtual identity using a control device for an interaction between an access device and a resource, the method comprising:
- accessing, at the control device, a resource challenge that is acceptable to the resource;
  
  signing the resource challenge to generate a signed resource challenge; and
  
  sending the signed resource challenge to the identity repository.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11 further comprising:
    - receiving information describing the interaction;
      
      providing a first indication including information describing the interaction to a user; and
      
      receiving a second indication from the user that grants permission to use the virtual identity in the interaction between the access device and the resource.
  - 13. The method of claim 11 further comprising:
    - accessing a control device challenge that is acceptable to the identity repository;
      
      receiving a personal identifier from a user;
      
      signing the control device challenge using at least the personal identifier to generate a signed control device challenge; and
      
      sending the signed control device challenge to the identity repository to verify that the control device is authorized to sign the resource challenge.
  - 14. The method of claim 13 wherein the personal identifier comprises a Personal Identification Number (PIN).
  - 15. The method of claim 11 wherein:
    - the resource challenge is signed using a control device private key, andthe control device private key is associated with a control device public key that was previously sent to the resource by the access device as a part of a registration process.

16. A method of authorizing a virtual identity by an identity repository for an interaction between an access device and a resource, the method comprising:
- accessing, at the identity repository, a resource challenge that is acceptable to the resource;
  
  accessing an identity repository private key;
  
  signing the resource challenge using the identity repository private key to generate a first signed resource challenge; and
  
  sending the first signed resource challenge to the access device.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
- - 17. The method of claim 16 wherein the identity repository private key is associated with an identity repository public key that was previously sent to the resource by the access device as a part of a registration process.
  - 18. The method of claim 16 further comprising:
    - sending the resource challenge to a control device;
      
      receiving a third signed resource challenge from the control device, wherein the third signed resource challenge comprises the resource challenge signed by the control device; and
      
      sending the third signed resource challenge to the access device.
  - 19. The method of claim 18 further comprising:
    - determining that the control device requires a personal identifier from a user to authorize the virtual identity;
      
      sending a request for a signed control device challenge to the control device;
      
      receiving the signed control device challenge from the control device, wherein the signed control device challenge comprises a control device challenge signed by the control device using at least the personal identifier; and
      
      determining that the control device is authorized to sign the resource challenge using at least the signed control device challenge.
  - 20. The method of claim 16 further comprising:
    - determining that the access device requires a personal identifier from a user to authorize the virtual identity;
      
      sending a request for a signed access device challenge to the access device;
      
      receiving the signed access device challenge from the access device, wherein the signed access device challenge comprises an access device challenge signed by the access device using at least the personal identifier; and
      
      determining that the access device is authorized to sign the resource challenge using at least the signed access device challenge.
  - 21. The method of claim 16 further comprising:
    - receiving one or more conditions originating from the resource that must be met prior to signing the resource challenge; and
      
      determining that the one or more conditions have been met.
  - 22. The method of claim 21 wherein the one or more conditions includes verifying that a personal identifier has been received from the access device to verify that the access device has been authorized by a user to sign the resource challenge.
  - 23. The method of claim 21 wherein the one or more conditions includes receiving a third signed resource challenge from an out-of-band control device.
  - 24. The method of claim 16 further comprising:
    - receiving a device identifier assigned to the access device; and
      
      determining that the access device is authorized to sign the resource challenge based at least in part on the device identifier and a set of user preferences stored by the identity repository.

25. A method of verifying, by a resource, that a virtual identity is authorized for use in an interaction between an access device and the resource, the method comprising:
- receiving, at the resource, a request from the access device to use the virtual identity;
  
  receiving information from the access device, the information comprising;
  
  a first signed resource challenge signed by an identity repository; and
  
  a second signed resource challenge signed by the access device, wherein the first signed resource challenge and the second signed resource challenge are based on a resource challenge that is acceptable to the resource;
  
  determining one or more public cryptographic keys associated with the virtual identity;
  
  determining that the first signed resource challenge is valid using the one or more public cryptographic keys;
  
  determining that the second signed resource challenge is valid using the one or more public cryptographic keys; and
  
  determining that the virtual identity is authorized for use in the interaction between the access device and the resource.
- View Dependent Claims (26, 27, 28)
- - 26. The method of claim 25 further comprising determining that a third signed resource challenge is valid using the one or more public cryptographic keys, wherein:
    - the information from the access device further comprises the third signed resource challenge; and
      
      the third signed resource challenge is signed by a control device.
  - 27. The method of claim 25 wherein the access device comprises a personal computer.
  - 28. The method of claim 25 further comprising requiring an authorization from an out-of-band control device based on a risk level of a transaction, wherein the interaction with the resource is associated with the transaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Neustar Incorporated
Original Assignee
OneID Inc.
Inventors
KIRSCH, STEVEN TODD

Granted Patent

US 9,215,223 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06F 21/31   User authentication

G06F 21/335   for accessing specific reso...

G06F 2221/2103   Challenge-response

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/0869   for achieving mutual authen...

H04L 63/12   Applying verification of th...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

METHODS AND SYSTEMS FOR SECURE IDENTITY MANAGEMENT

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS AND SYSTEMS FOR SECURE IDENTITY MANAGEMENT

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links