SYSTEM AND METHOD FOR ELECTRONIC CREDENTIALS

US 20190319944A1
Filed: 06/28/2019
Published: 10/17/2019
Est. Priority Date: 08/16/2012
Status: Active Grant

First Claim

Patent Images

1. A method of provisioning a credential authentication system, the method comprising:

wirelessly conveying first data from at least one data device of a first party to an authentication server, the first data including a first party identifier, a confidential data item of a second party, and a request to process the confidential data item, wherein the confidential data item of the second party is generated at the at least one data device of the first party;

at the authentication server, initiating a session with the at least one data device of the first party and processing the first data that comprises the confidential data item to determine that a security protocol is associated with the confidential data item and determine that the request is a storage request;

at the authentication server, generating second data, wherein the second data is a result of operating on the confidential data item with a one-way function;

based on the determined security protocol and the determined storage request, storing the confidential data item and the second data at a database;

terminating the initiated session in accordance with an expiration factor associated with at least one of the confidential data item and the second data, wherein the expiration factor is selected from the group consisting of;

a clock time, a number of requests to access either the confidential data or the second data, and combinations thereof;

transmitting a provisioning request to the authentication server from a data device of the second party;

retrieving a confidential data item from the authentication server based on the provisioning request; and

transmitting an authentication request to the data device of the second party, wherein the authentication request prompts the second party to send an authentication message from the data device of the second party to the authentication server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure describes systems and methods directed towards a highly secure and intelligent, end to end provisioning, authentication, and transaction system which creates and/or consolidates user data for a unified profile for the user (e.g., a person, place, organization, object, etc.) to allow for the safe, secure, and verifiable exchange of information.

4 Citations

28 Claims

1. A method of provisioning a credential authentication system, the method comprising:
- wirelessly conveying first data from at least one data device of a first party to an authentication server, the first data including a first party identifier, a confidential data item of a second party, and a request to process the confidential data item, wherein the confidential data item of the second party is generated at the at least one data device of the first party;
  
  at the authentication server, initiating a session with the at least one data device of the first party and processing the first data that comprises the confidential data item to determine that a security protocol is associated with the confidential data item and determine that the request is a storage request;
  
  at the authentication server, generating second data, wherein the second data is a result of operating on the confidential data item with a one-way function;
  
  based on the determined security protocol and the determined storage request, storing the confidential data item and the second data at a database;
  
  terminating the initiated session in accordance with an expiration factor associated with at least one of the confidential data item and the second data, wherein the expiration factor is selected from the group consisting of;
  
  a clock time, a number of requests to access either the confidential data or the second data, and combinations thereof;
  
  transmitting a provisioning request to the authentication server from a data device of the second party;
  
  retrieving a confidential data item from the authentication server based on the provisioning request; and
  
  transmitting an authentication request to the data device of the second party, wherein the authentication request prompts the second party to send an authentication message from the data device of the second party to the authentication server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, further comprising:
    - determining, based on the first data, that a digital certificate is to be issued;
      
      requesting issuance of a digital certificate based on at least the confidential data item;
      
      receiving the digital certificate; and
      
      storing the digital certificate at the database.
  - 3. The method of claim 2, wherein the digital certificate is generated by operating on issuer data, the confidential data item, a timestamp, and an indication of whether the first party or the second party requested the issuance of the digital certificate with a one-way function.
  - 4. The method of claim 1, further comprising:
    - determining, based on the first data, that a digital certificate is to be created;
      
      creating a digital certificate based on at least the confidential data item; and
      
      storing the digital certificate at the database.
  - 5. The method of claim 4, further comprising:
    - transmitting a second party identifier from the at least one data device of the first party to the authentication server; and
      
      based on receipt of the second party identifier, sending an acknowledgement message from the authentication server to a data device of the second party, wherein the acknowledgement message provides a notification that the authentication system has been provisioned for secure storage of the confidential data item.
  - 6. The method of claim 1, wherein said processing the first data includes comparing the confidential data item against a predetermined list of data items.
  - 7. The method of claim 1, wherein the confidential data item and the second data are stored in a second party profile at the database.
  - 8. The method of claim 7, further comprising:
    - transmitting a second party identifier from the at least one data device of the first party to the authentication server;
      
      at the authentication server, generating third data, wherein the third data is a result of operating on the confidential data item and the second party identifier with a one-way function; and
      
      storing the third data in the second party profile at the database.
  - 9. The method of claim 8, wherein second party profile includes a data table indexed by the second party identifier.
  - 10. The method of claim 1, wherein the confidential data item and the second data are stored in a first party profile at the database.
  - 11. The method of claim 10, wherein the first party profile includes a data table indexed by the first party identifier.
  - 12. The method of claim 1, further comprising sending a first acknowledgement message from the authentication server to one of the data devices of the first party, wherein the first acknowledgement message provides a notification that the authentication system has been provisioned for secure storage of the confidential data item.
  - 13. The method of claim 12, further comprising:
    - transmitting a second party identifier from the at least one data device of the first party to the authentication server; and
      
      based on receipt of the second party identifier, sending a second acknowledgement message from the authentication server to a data device of the second party, wherein the second acknowledgement message provides a notification that the authentication system has been provisioned for secure storage of the confidential data item.
  - 14. The method of claim 1, further comprising:
    - upon receipt of the authentication message from the data device of the second party, transmitting the retrieved confidential data item from the authentication server to a third party database based on the provisioning request.
  - 15. The method of claim 1, further comprising:
    - transmitting a provisioning request to the authentication server from a third party'"'"'s data device, wherein the provisioning request includes a second party identifier and a third party data device identification;
      
      verifying at the authentication server the second party identifier and the third party data device identification;
      
      retrieving a confidential data item from the authentication server based on the verification of the second party identifier, the verification of the third party data device identification, and the provisioning request; and
      
      transmitting the confidential data item from the authentication server to a third party database based on the provisioning request.
  - 16. The method of claim 1, further comprising:
    - transmitting a provisioning request to the authentication server from a data device of a third party, wherein the provisioning request includes a second party identifier and a third party data device identification;
      
      verifying at the authentication server the second party identifier and the third party data device identification;
      
      transmitting an authentication request to a data device of the second party, wherein the authentication request prompts the second party to send an authentication message from the data device of the second party to the authentication server;
      
      retrieving a confidential data item from the authentication server based on the verification of the second party identifier, the verification of the third party data device identification, the receipt of the authentication message, and the provisioning request; and
      
      transmitting the confidential data item from the authentication server to a third party database based on the provisioning request.

17. A method of provisioning a credential authentication system, the method comprising:
- wirelessly conveying first data from a data device of a user to an authentication server via a third party device, the first data including a user identifier, a confidential data item of the user, and a request to process the confidential data item, wherein the third party device automatically connects to the data device of the user using Bluetooth when the user enters one of predetermined physical locations, and collects and forwards the first data using Bluetooth;
  
  at the authentication server, initiating a session with the data device of the user and processing the first data that comprises the confidential data item to determine that a security protocol is associated with the confidential data item and determine that the request is a storage request;
  
  at the authentication server, generating second data, wherein the second data is a result of operating on the confidential data item with a one-way function;
  
  based on the determined security protocol and the determined storage request, storing the confidential data item and the second data in a user profile at a database, wherein the user profile is associated with a universal electronic identifier and comprises heterogeneous types of confidential data of the user; and
  
  terminating the initiated session in accordance with an expiration factor associated with the confidential data item and the second data, wherein the expiration factor is selected from the group consisting of;
  
  a clock time, a number of requests to access either the confidential data or the second data, and combinations thereof.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, further comprising:
    - at the authentication server, generating third data, wherein the third data is a result of operating on the confidential data item and the user identifier with a one-way function; and
      
      storing the third data in the user profile at the database.
  - 19. The method of claim 17, further comprising:
    - based on receipt of the user identifier at the authentication server, transmitting an acknowledgement message from the authentication server to the data device of the user via the third party device, wherein the acknowledgement message provides a notification that the authentication system has been provisioned for secure storage of the confidential data item.
  - 20. The method of claim 17, wherein the first data further includes a unique transaction identifier corresponding to the request to process the confidential data item.

21. A method of provisioning a credential authentication system, the method comprising:
- providing first data to an authentication server, the first data including a user identifier associated with a user, a confidential data item of the user, a device identifier associated with a first device, and a request to process the confidential data item;
  
  at the authentication server, initiating a session with the first device and processing the first data that comprises the confidential data item to determine that a security protocol is associated with the confidential data item and determine that the request is a storage request;
  
  at the authentication server, generating second data and third data, wherein the second data is a result of operating on the confidential data item with a one-way function, and the third data is a result of operating on the confidential data item and the user identifier with a one-way function;
  
  verifying that the device identifier is associated with an account of the user, wherein the account is stored in a database at the authentication server;
  
  based on the determined security protocol, the determined storage request, and the verified device identifier, storing the confidential data item, the second data, and the third data in a user profile at the database, wherein the user profile is associated with a universal electronic identifier and comprises heterogeneous types of confidential data of the user; and
  
  terminating the initiated session in accordance with an expiration factor associated with at least one of the confidential data item, the second data, and the third data, wherein the expiration factor is selected from the group consisting of;
  
  a clock time, a number of requests to access either the confidential data, the second data, or the third data, and combinations thereof.
- View Dependent Claims (22, 23, 24)
- - 22. The method of claim 21, wherein said providing the first data to the authentication server comprises wirelessly conveying the first data from the first device to the authentication server.
  - 23. The method of claim 21, wherein said providing the first data to the authentication server includes:
    - receiving the confidential data item via manual input from the user at the first device; and
      
      transmitting the confidential data item from the second device to the authentication server.
  - 24. The method of claim 21, further comprising:
    - based on receipt of the user identifier at the authentication server, displaying a notification that the authentication system has been provisioned for secure storage of the confidential data item.

25. A method of provisioning a credential authentication system, the method comprising:
- receiving an activation code at a first device via manual entry by a user;
  
  transmitting first data from the first device to an authentication server, the first data including the activation code, a user identifier associated with the user, a confidential data item of the user, a device identifier associated with the first device, and a request to process the confidential data item;
  
  at the authentication server, initiating a session with the first device and processing the first data that comprises the confidential data item to determine that a security protocol is associated with the confidential data item and determine that the request is a storage request;
  
  at the authentication server, generating second data and third data, wherein the second data is a result of operating on the confidential data item with a one-way function, and the third data is a result of operating on the confidential data item and the user identifier with a one-way function;
  
  verifying that the activation code was previously issued for the user by an entity;
  
  based on the determined security protocol, the determined storage request, and the verified activation code, storing the confidential data item, the second data, and the third data in a user profile at the database, wherein the user profile is associated with a universal electronic identifier and comprises heterogeneous types of confidential data of the user; and
  
  terminating the initiated session in accordance with an expiration factor associated with at least one of the confidential data item, the second data, and the third data, wherein the expiration factor is selected from the group consisting of;
  
  a clock time, a number of requests to access either the confidential data, the second data, or the third data, and combinations thereof.
- View Dependent Claims (26, 28)
- - 26. The method of claim 25, further comprising:
    - sending a success message to the first device to indicate successful provisioning of the confidential data item.
  - 28. The method of claim 25, wherein the heterogeneous types of confidential data of the user comprise information from:
    - at least one physical identifier of the user;
      
      at least one non-physical identifier of the user;
      
      at least one financial credential of the user; and
      
      at least one digital key utilized by the user to grant access.

27. A method of provisioning a credential authentication system, the method comprising:
- wirelessly receiving at an authentication server first data from a data device of a first party, wherein the first data includes a first party identifier, a confidential data item of a second party wherein the confidential data item is associated with one of a plurality of predetermined security protocol levels, and a request to process the confidential data item, wherein the confidential data item of the second party is generated at the at least one data device of the first party;
  
  at the authentication server, initiating a session with the data device of the first party and processing the first data that comprises the confidential data item to determine;
  
  (a) a particular one of the predetermined plurality of security protocol levels is associated with the confidential data item; and
  
  (b) that the request to process is a storage request;
  
  at the authentication server, generating second data, wherein the second data is a result of operating on the confidential data item with a one-way function;
  
  based on the particular one of the determined plurality of security protocol levels and the determined storage request, storing the confidential data item and the second data in a database;
  
  terminating the initiated session in accordance with an expiration factor associated with at least one of the confidential data item and the second data, wherein the expiration factor is selected from the group consisting of;
  
  a clock time, a number of requests to access either the confidential data or the second data, and combinations thereof;
  
  transmitting a provisioning request to the authentication server from a data device of the second party;
  
  retrieving a confidential data item from the authentication server based on the provisioning request; and
  
  transmitting an authentication request to the data device of the second party, wherein the authentication request prompts the second party to send an authentication message from the data device of the second party to the authentication server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cort Co.
Original Assignee
Tango Mobile LLC
Inventors
Kumar, Himalesh Cherukuvada

Granted Patent

US 10,999,268 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/33   using certificates

G06F 21/44   Program or device authentic...

G06F 2221/2115   Third party

G06Q 20/12   specially adapted for elect...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/322   Aspects of commerce using m...

G06Q 20/3821   Electronic credentials

G06Q 20/4012   Verifying personal identifi...

G06Q 20/4014   Identity check for transact...

G06Q 20/425   using two different network...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/0884   by delegation of authentica...

H04L 63/105   Multiple levels of security

H04L 9/3226   using a predetermined code,...

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

SYSTEM AND METHOD FOR ELECTRONIC CREDENTIALS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

4 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR ELECTRONIC CREDENTIALS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

4 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links