METHODS AND SYSTEMS FOR SECURE IDENTITY MANAGEMENT
First Claim
1. A method for authorizing a virtual identity using an access device, the method comprising:
- sending, from an access device, a request to a resource through a network;
accessing a resource challenge that is acceptable to the resource;
sending the resource challenge to an identity repository;
receiving, from the identity repository, a first signed resource challenge;
signing the resource challenge to generate a second signed resource challenge; and
sending an authorization for the virtual identity to the resource through the network, the authorization including the first signed resource challenge and the second signed resource challenge.
6 Assignments
0 Petitions
Accused Products
Abstract
A method for authorizing a virtual identity using an access device may include sending, from an access device, a request to a resource through a network. The method may also include accessing a resource challenge that is acceptable to the resource and sending the resource challenge to an identity repository. The method may additionally include receiving, from the identity repository, a first signed resource challenge and signing the resource challenge to generate a second signed resource challenge. The method may further include sending an authorization for the virtual identity to the resource through the network. The authorization may include the first signed resource challenge and the second signed resource challenge.
-
Citations
28 Claims
-
1. A method for authorizing a virtual identity using an access device, the method comprising:
-
sending, from an access device, a request to a resource through a network; accessing a resource challenge that is acceptable to the resource; sending the resource challenge to an identity repository; receiving, from the identity repository, a first signed resource challenge; signing the resource challenge to generate a second signed resource challenge; and sending an authorization for the virtual identity to the resource through the network, the authorization including the first signed resource challenge and the second signed resource challenge. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for authorizing a virtual identity using a control device for an interaction between an access device and a resource, the method comprising:
-
accessing, at the control device, a resource challenge that is acceptable to the resource; signing the resource challenge to generate a signed resource challenge; and sending the signed resource challenge to the identity repository. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A method of authorizing a virtual identity by an identity repository for an interaction between an access device and a resource, the method comprising:
-
accessing, at the identity repository, a resource challenge that is acceptable to the resource; accessing an identity repository private key; signing the resource challenge using the identity repository private key to generate a first signed resource challenge; and sending the first signed resource challenge to the access device. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A method of verifying, by a resource, that a virtual identity is authorized for use in an interaction between an access device and the resource, the method comprising:
-
receiving, at the resource, a request from the access device to use the virtual identity; receiving information from the access device, the information comprising; a first signed resource challenge signed by an identity repository; and a second signed resource challenge signed by the access device, wherein the first signed resource challenge and the second signed resource challenge are based on a resource challenge that is acceptable to the resource; determining one or more public cryptographic keys associated with the virtual identity; determining that the first signed resource challenge is valid using the one or more public cryptographic keys; determining that the second signed resource challenge is valid using the one or more public cryptographic keys; and determining that the virtual identity is authorized for use in the interaction between the access device and the resource. - View Dependent Claims (26, 27, 28)
-
Specification