SYSTEM AND METHOD FOR ELECTRONIC CREDENTIALS
First Claim
Patent Images
1. A method of provisioning a credential authentication system, the method comprising:
- wirelessly conveying first data from at least one data device of a first party to an authentication server, the first data including a first party identifier, a confidential data item of a second party, and a request to process the confidential data item, wherein the confidential data item of the second party is generated at the at least one data device of the first party;
at the authentication server, initiating a session with the at least one data device of the first party and processing the first data that comprises the confidential data item to determine that a security protocol is associated with the confidential data item and determine that the request is a storage request;
at the authentication server, generating second data, wherein the second data is a result of operating on the confidential data item with a one-way function;
based on the determined security protocol and the determined storage request, storing the confidential data item and the second data at a database;
terminating the initiated session in accordance with an expiration factor associated with at least one of the confidential data item and the second data, wherein the expiration factor is selected from the group consisting of;
a clock time, a number of requests to access either the confidential data or the second data, and combinations thereof;
transmitting a provisioning request to the authentication server from a data device of the second party;
retrieving a confidential data item from the authentication server based on the provisioning request; and
transmitting an authentication request to the data device of the second party, wherein the authentication request prompts the second party to send an authentication message from the data device of the second party to the authentication server.
1 Assignment
0 Petitions
Accused Products
Abstract
The present disclosure describes systems and methods directed towards a highly secure and intelligent, end to end provisioning, authentication, and transaction system which creates and/or consolidates user data for a unified profile for the user (e.g., a person, place, organization, object, etc.) to allow for the safe, secure, and verifiable exchange of information.
4 Citations
28 Claims
-
1. A method of provisioning a credential authentication system, the method comprising:
-
wirelessly conveying first data from at least one data device of a first party to an authentication server, the first data including a first party identifier, a confidential data item of a second party, and a request to process the confidential data item, wherein the confidential data item of the second party is generated at the at least one data device of the first party; at the authentication server, initiating a session with the at least one data device of the first party and processing the first data that comprises the confidential data item to determine that a security protocol is associated with the confidential data item and determine that the request is a storage request; at the authentication server, generating second data, wherein the second data is a result of operating on the confidential data item with a one-way function; based on the determined security protocol and the determined storage request, storing the confidential data item and the second data at a database; terminating the initiated session in accordance with an expiration factor associated with at least one of the confidential data item and the second data, wherein the expiration factor is selected from the group consisting of;
a clock time, a number of requests to access either the confidential data or the second data, and combinations thereof;transmitting a provisioning request to the authentication server from a data device of the second party; retrieving a confidential data item from the authentication server based on the provisioning request; and transmitting an authentication request to the data device of the second party, wherein the authentication request prompts the second party to send an authentication message from the data device of the second party to the authentication server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method of provisioning a credential authentication system, the method comprising:
-
wirelessly conveying first data from a data device of a user to an authentication server via a third party device, the first data including a user identifier, a confidential data item of the user, and a request to process the confidential data item, wherein the third party device automatically connects to the data device of the user using Bluetooth when the user enters one of predetermined physical locations, and collects and forwards the first data using Bluetooth; at the authentication server, initiating a session with the data device of the user and processing the first data that comprises the confidential data item to determine that a security protocol is associated with the confidential data item and determine that the request is a storage request; at the authentication server, generating second data, wherein the second data is a result of operating on the confidential data item with a one-way function; based on the determined security protocol and the determined storage request, storing the confidential data item and the second data in a user profile at a database, wherein the user profile is associated with a universal electronic identifier and comprises heterogeneous types of confidential data of the user; and terminating the initiated session in accordance with an expiration factor associated with the confidential data item and the second data, wherein the expiration factor is selected from the group consisting of;
a clock time, a number of requests to access either the confidential data or the second data, and combinations thereof. - View Dependent Claims (18, 19, 20)
-
-
21. A method of provisioning a credential authentication system, the method comprising:
-
providing first data to an authentication server, the first data including a user identifier associated with a user, a confidential data item of the user, a device identifier associated with a first device, and a request to process the confidential data item; at the authentication server, initiating a session with the first device and processing the first data that comprises the confidential data item to determine that a security protocol is associated with the confidential data item and determine that the request is a storage request; at the authentication server, generating second data and third data, wherein the second data is a result of operating on the confidential data item with a one-way function, and the third data is a result of operating on the confidential data item and the user identifier with a one-way function; verifying that the device identifier is associated with an account of the user, wherein the account is stored in a database at the authentication server; based on the determined security protocol, the determined storage request, and the verified device identifier, storing the confidential data item, the second data, and the third data in a user profile at the database, wherein the user profile is associated with a universal electronic identifier and comprises heterogeneous types of confidential data of the user; and terminating the initiated session in accordance with an expiration factor associated with at least one of the confidential data item, the second data, and the third data, wherein the expiration factor is selected from the group consisting of;
a clock time, a number of requests to access either the confidential data, the second data, or the third data, and combinations thereof. - View Dependent Claims (22, 23, 24)
-
-
25. A method of provisioning a credential authentication system, the method comprising:
-
receiving an activation code at a first device via manual entry by a user; transmitting first data from the first device to an authentication server, the first data including the activation code, a user identifier associated with the user, a confidential data item of the user, a device identifier associated with the first device, and a request to process the confidential data item; at the authentication server, initiating a session with the first device and processing the first data that comprises the confidential data item to determine that a security protocol is associated with the confidential data item and determine that the request is a storage request; at the authentication server, generating second data and third data, wherein the second data is a result of operating on the confidential data item with a one-way function, and the third data is a result of operating on the confidential data item and the user identifier with a one-way function; verifying that the activation code was previously issued for the user by an entity; based on the determined security protocol, the determined storage request, and the verified activation code, storing the confidential data item, the second data, and the third data in a user profile at the database, wherein the user profile is associated with a universal electronic identifier and comprises heterogeneous types of confidential data of the user; and terminating the initiated session in accordance with an expiration factor associated with at least one of the confidential data item, the second data, and the third data, wherein the expiration factor is selected from the group consisting of;
a clock time, a number of requests to access either the confidential data, the second data, or the third data, and combinations thereof. - View Dependent Claims (26, 28)
-
-
27. A method of provisioning a credential authentication system, the method comprising:
-
wirelessly receiving at an authentication server first data from a data device of a first party, wherein the first data includes a first party identifier, a confidential data item of a second party wherein the confidential data item is associated with one of a plurality of predetermined security protocol levels, and a request to process the confidential data item, wherein the confidential data item of the second party is generated at the at least one data device of the first party; at the authentication server, initiating a session with the data device of the first party and processing the first data that comprises the confidential data item to determine; (a) a particular one of the predetermined plurality of security protocol levels is associated with the confidential data item; and (b) that the request to process is a storage request; at the authentication server, generating second data, wherein the second data is a result of operating on the confidential data item with a one-way function; based on the particular one of the determined plurality of security protocol levels and the determined storage request, storing the confidential data item and the second data in a database; terminating the initiated session in accordance with an expiration factor associated with at least one of the confidential data item and the second data, wherein the expiration factor is selected from the group consisting of;
a clock time, a number of requests to access either the confidential data or the second data, and combinations thereof;transmitting a provisioning request to the authentication server from a data device of the second party; retrieving a confidential data item from the authentication server based on the provisioning request; and transmitting an authentication request to the data device of the second party, wherein the authentication request prompts the second party to send an authentication message from the data device of the second party to the authentication server.
-
Specification