Virtual Identity Credential Issuance and Verification Using Physical and Virtual Means

US 20180254909A1
Filed: 03/06/2018
Published: 09/06/2018
Est. Priority Date: 03/06/2017
Status: Active Application

First Claim

Patent Images

1. A method of authenticating an identity of a user and facilitating a transaction between the user and a relying party, the method comprising:

establishing, by a backend system having a memory and a processor coupled to the memory, a communication path with a first electronic device of the user;

receiving, by the backend system, an identity credential data points of the user from an identity credential issuer;

receiving, by the backend system, an identity credential issued by the identity credential issuer from the user;

authenticating, by the backend system, the identity credential received from the user with the identity credential data points of the user from the identity credential issuer;

storing, by the backend system, the authenticated identity credential of the user as a virtual identity credential in the memory;

establishing, by the backend system, a communication path with a second electronic device of the relying party; and

facilitating transmission of identity credential information or identity credential verification commands between the user and the relying party.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and non-transitory machine readable medium for authenticating an identity of a user and facilitating a transaction between the user and a relying party include establishing a communication path with a first electronic device of the user, receiving, an identity credential data points of the user from an identity credential issuer, receiving an identity credential issued by the identity credential issuer from the user, authenticating the identity credential received from the user with the identity credential data points of the user from the identity credential issuer, storing the authenticated identity credential of the user as a virtual identity credential in the memory, establishing a communication path with a second electronic device of the relying party, and facilitating transmission of identity credential information or identity credential verification commands between the user and the relying party.

Citations

18 Claims

1. A method of authenticating an identity of a user and facilitating a transaction between the user and a relying party, the method comprising:
- establishing, by a backend system having a memory and a processor coupled to the memory, a communication path with a first electronic device of the user;
  
  receiving, by the backend system, an identity credential data points of the user from an identity credential issuer;
  
  receiving, by the backend system, an identity credential issued by the identity credential issuer from the user;
  
  authenticating, by the backend system, the identity credential received from the user with the identity credential data points of the user from the identity credential issuer;
  
  storing, by the backend system, the authenticated identity credential of the user as a virtual identity credential in the memory;
  
  establishing, by the backend system, a communication path with a second electronic device of the relying party; and
  
  facilitating transmission of identity credential information or identity credential verification commands between the user and the relying party.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method according to claim 1, further comprising:
    - registering the identity credential issuer;
      
      receiving, from the user, a presentation of a PKI-based identity credential previously issued to the user by the identity credential issuer;
      
      validating the PKI-based identity credential presented by the user;
      
      receiving, from the first electronic device of the user, a private key;
      
      authenticating the PKI-based identity credential using the private key; and
      
      storing the authenticated PKI-based identity credential of the user as the virtual identity credential in the memory.
  - 3. The method according to claim 1, further comprising:
    - registering a government authority;
      
      receiving, from the user, a presentation of a government-issued identity credential previously issued to the user by the government authority;
      
      validating the government-issued identity credential presented by the user based on information provided by the government authority; and
      
      storing the validated government-issued identity credential of the user as the virtual identity credential in the memory.
  - 4. The method according to claim 1, further comprising:
    - establishing a secure communication path with a first communication node; and
      
      transmitting a unique correlation token to the first communication node from transmission to an origin node.
  - 5. The method according to claim 4, further comprising:
    - receiving data points of a user specified by the identity credential issuer;
      
      transmitting a unique correlation token to the identity credential issuer for display to the user;
      
      establishing a secure communication path to the first electronic device of the user;
      
      transmitting a command to create a credential and a private key to the first electronic device of the user;
      
      receiving a public key from the first electronic device of the user; and
      
      transmitting the user specific data points to the first electronic device of the user.
  - 6. The method according to claim 1, further comprising:
    - receiving, from the first electronic device of the user, a notification to initiate verification of a virtual identity credential selected by the user;
      
      generating a one-time use code;
      
      transmitting the one-time use code to the first electronic device of the user for display;
      
      receiving, from the second electronic device of the relying party, the one-time use code received by the second electronic device of the relying party from its display on the first electronic device of the user;
      
      parsing the one-time use code transmitted by the second electronic device of the relying party;
      
      generating a unique one-time use verification code;
      
      transmitting the one-time use verification code to the second electronic device of the relying party for display on the second electronic device of the relying party; and
      
      transmitting a notification and the one-time use verification code to the first electronic device of the user for verification against the one-time use verification code displayed on the second electronic device of the relying party.

7. A system comprising:
- a memory; and
  
  a processor coupled to the memory, the processor being configured to;
  
  establish a communication path with a first electronic device of a user;
  
  receive an identity credential data points of the user from an identity credential issuer;
  
  receive an identity credential issued by the identity credential issuer from the user;
  
  authenticate the identity credential received from the user with the identity credential data points of the user from the identity credential issuer;
  
  store the authenticated identity credential of the user as a virtual identity credential in the memory;
  
  establish a communication path with a second electronic device of the relying party; and
  
  facilitate transmission of identity credential information or identity credential verification commands between the user and the relying party.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system according to claim 7, further comprising:
    - register the identity credential issuer;
      
      receive, from the user, a presentation of a PKI-based identity credential previously issued to the user by the identity credential issuer;
      
      validate the PKI-based identity credential presented by the user;
      
      receive, from the first electronic device of the user, a private key;
      
      authenticate the PKI-based identity credential using the private key; and
      
      storie the authenticated PKI-based identity credential of the user as the virtual identity credential in the memory.
  - 9. The system according to claim 7, further comprising:
    - register a government authority;
      
      receive, from the user, a presentation of a government-issued identity credential previously issued to the user by the government authority;
      
      validate the government-issued identity credential presented by the user based on information provided by the government authority; and
      
      store the validated government-issued identity credential of the user as the virtual identity credential in the memory.
  - 10. The system according to claim 7, further comprising:
    - establish a secure communication path with a first communication node; and
      
      transmit a unique correlation token to the first communication node from transmission to an origin node.
  - 11. The system according to claim 10, further comprising:
    - receive data points of a user specified by the identity credential issuer;
      
      transmit a unique correlation token to the identity credential issuer for display to the user;
      
      establish a secure communication path to the first electronic device of the user;
      
      transmit a command to create a credential and a private key to the first electronic device of the user;
      
      receive a public key from the first electronic device of the user; and
      
      transmit the user specific data points to the first electronic device of the user.
  - 12. The system according to claim 7, further comprising:
    - receive, from the first electronic device of the user, a notification to initiate verification of a virtual identity credential selected by the user;
      
      generate a one-time use code;
      
      transmit the one-time use code to the first electronic device of the user for display;
      
      receive, from the second electronic device of the relying party, the one-time use code received by the second electronic device of the relying party from its display on the first electronic device of the user;
      
      parse the one-time use code transmitted by the second electronic device of the relying party;
      
      generate a unique one-time use verification code;
      
      transmit the one-time use verification code to the second electronic device of the relying party for display on the second electronic device of the relying party; and
      
      transmit a notification and the one-time use verification code to the first electronic device of the user for verification against the one-time use verification code displayed on the second electronic device of the relying party.

13. A non-transitory machine-readable medium comprising a plurality of machine-readable instructions which when executed by one or more processors associated with a backend system are adapted to cause the one or more processors to perform a method comprising:
- establishing a communication path with a first electronic device of a user;
  
  receiving an identity credential data points of the user from an identity credential issuer;
  
  receiving an identity credential issued by the identity credential issuer from the user;
  
  authenticating the identity credential received from the user with the identity credential data points of the user from the identity credential issuer;
  
  storing the authenticated identity credential of the user as a virtual identity credential in a non-transitory machine-readable medium;
  
  establishing a communication path with a second electronic device of the relying party; and
  
  facilitating transmission of identity credential information or identity credential verification commands between the user and the relying party.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The non-transitory machine-readable medium according to claim 13, wherein the method further comprises:
    - registering the identity credential issuer;
      
      receiving, from the user, a presentation of a PKI-based identity credential previously issued to the user by the identity credential issuer;
      
      validating the PKI-based identity credential presented by the user;
      
      receiving, from the first electronic device of the user, a private key;
      
      authenticating the PKI-based identity credential using the private key; and
      
      storing the authenticated PKI-based identity credential of the user as the virtual identity credential in the memory.
  - 15. The non-transitory machine-readable medium according to claim 13, wherein the method further comprises:
    - registering a government authority;
      
      receiving, from the user, a presentation of a government-issued identity credential previously issued to the user by the government authority;
      
      validating the government-issued identity credential presented by the user based on information provided by the government authority; and
      
      storing the validated government-issued identity credential of the user as the virtual identity credential in the memory.
  - 16. The non-transitory machine-readable medium according to claim 13, wherein the method further comprises:
    - establishing a secure communication path with a first communication node; and
      
      transmitting a unique correlation token to the first communication node from transmission to an origin node.
  - 17. The non-transitory machine-readable medium according to claim 16, wherein the method further comprises:
    - receiving data points of a user specified by the identity credential issuer;
      
      transmitting a unique correlation token to the identity credential issuer for display to the user;
      
      establishing a secure communication path to the first electronic device of the user;
      
      transmitting a command to create a credential and a private key to the first electronic device of the user;
      
      receiving a public key from the first electronic device of the user; and
      
      transmitting the user specific data points to the first electronic device of the user.
  - 18. The non-transitory machine-readable medium according to claim 13, wherein the method further comprises:
    - receiving, from the first electronic device of the user, a notification to initiate verification of a virtual identity credential selected by the user;
      
      generating a one-time use code;
      
      transmitting the one-time use code to the first electronic device of the user for display;
      
      receiving, from the second electronic device of the relying party, the one-time use code received by the second electronic device of the relying party from its display on the first electronic device of the user;
      
      parsing the one-time use code transmitted by the second electronic device of the relying party;
      
      generating a unique one-time use verification code;
      
      transmitting the one-time use verification code to the second electronic device of the relying party for display on the second electronic device of the relying party; and
      
      transmitting a notification and the one-time use verification code to the first electronic device of the user for verification against the one-time use verification code displayed on the second electronic device of the relying party.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lamark Solutions, Inc.
Original Assignee
Lamark Solutions, Inc.
Inventors
Hancock, William A.

Application Number

US15/913,811
Publication Number

US 20180254909A1
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/006   involving public key infras...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3228   One-time or temporary data,...

H04L 9/3268   using certificate validatio...

Virtual Identity Credential Issuance and Verification Using Physical and Virtual Means

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual Identity Credential Issuance and Verification Using Physical and Virtual Means

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links