Method and apparatus for storing an internet user's identity and access rights to world wide web resources
First Claim
1. A method of sending data from a first node to a second node utilizing a passport server node having a plurality of passports stored therein, a network comprising and interconnecting the first, second and passport server nodes, each of the plurality of passports having a data portion, a security level, and a key, the method comprising the steps of:
- maintaining a passport database for storing profile data for each of a plurality of users in a data structure comprising the passport for the corresponding user, the first node corresponding to a first of the users and to a first of the passports;
transmitting a first request from the first node to the second node for a transaction with the second node;
transmitting a public key from the first node to the second node, the public key having been previously provided by the passport server node to the first node;
transmitting an encrypted message from the first node to the passport server node wherein the encrypted message directs the passport server node to transmit the first passport stored in the passport server node to the second node;
transmitting the first passport from the passport server node to the second node; and
if the data portion of the transmitted first passport is encrypted, the second node decodings via the public key transmitted from the first node to the second node, the data portion of the the first passport so as to use the data portion for the transaction with the first node.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for obtaining user information to conduct secure transactions on the Internet without having to re-enter the information multiple times is described. The method and apparatus can also provide a technique by which secured access to the data can be achieved over the Internet. A passport containing user defined information at various security levels is stored in a secure server apparatus, or passport agent, connected to computer network. A user process instructs the passport agent to release all or portions of the passport to a recipient node and forwards a key to the recipient node to unlock the passport information.
373 Citations
19 Claims
-
1. A method of sending data from a first node to a second node utilizing a passport server node having a plurality of passports stored therein, a network comprising and interconnecting the first, second and passport server nodes, each of the plurality of passports having a data portion, a security level, and a key, the method comprising the steps of:
-
maintaining a passport database for storing profile data for each of a plurality of users in a data structure comprising the passport for the corresponding user, the first node corresponding to a first of the users and to a first of the passports; transmitting a first request from the first node to the second node for a transaction with the second node; transmitting a public key from the first node to the second node, the public key having been previously provided by the passport server node to the first node; transmitting an encrypted message from the first node to the passport server node wherein the encrypted message directs the passport server node to transmit the first passport stored in the passport server node to the second node; transmitting the first passport from the passport server node to the second node; and if the data portion of the transmitted first passport is encrypted, the second node decodings via the public key transmitted from the first node to the second node, the data portion of the the first passport so as to use the data portion for the transaction with the first node. - View Dependent Claims (2, 3, 12, 13, 14)
-
-
4. A computer server apparatus for use with a computer network, the computer server apparatus for transmitting information between two nodes coupled to the computer network, the server apparatus comprising:
-
means disposed at a user profile node for registering a plurality of user profile information, the user profile information containing multiple data items wherein at least some of the information is encrypted;
the user profile information including a security level for accessing each of the data items;means for storing the user profile information in data structures comprising a plurality of passports each including a plurality of the data items corresponding to a user; means disposed at the user profile node for receiving an encrypted message from a user, the encrypted message including a request for transmission of data items in a specified one of the passports to a specified address of a destination node on the computer network; means disposed at the user profile node for decrypting the encrypted message provided by the user; and means responsive to the request for transmitting said requested data items to the destination node. - View Dependent Claims (15, 16)
-
-
5. A system for sending data over a public network, the system comprising:
-
means for transmitting a first request from a first node to a second node over the public network for a transaction with the second node; means for transmitting a public key from the first node to the second node over the public network; a passport server node, coupled to the computer network, said passport server node having a memory for storing a plurality of passports, each of the passports corresponding to one of a like plurality of users and each of the plurality of passports having a data portion, a security level portion, and a key portion, the data portion of each of the passports having profile data for one of the users the passport server node comprising; means for receiving an encrypted message transmitted from the first node to the passport server node wherein the encrypted message directs the passport server node to transmit a particular one of the plurality of passports stored in the passport server node to the second node; means for decrypting the encrypted message in the passport server node and extracting therefrom information identifying the particular passport; responsive to the message, and based at least in part on the security level of the particular passport, the passport server node determining whether the data portion of the particular passport should be transmitted to the second node in encrypted form, and, if so, encrypting the data portion; means for transmitting the particular one of the plurality of passports from the passport server node to the second node; and means in the second node for decoding via the public key transmitted from the first node to the second node, the data portion of the particular one of the plurality of passports if the data portion is encrypted.
-
-
6. A method for establishing a user passport for use by the user in connection with transactions over a network with third-party sites, comprising the steps of:
-
(a) a user sending a request to generate a passport to a passport agent; (b) receiving the request in the passport agent; (c) opening, via the passport agent, a secure communication channel between the passport agent and the user; (d) presenting, via the passport agent, series of queries to the user; (e) the user entering user profile information, including a plurality of data items regarding the user, in response to the passport agent queries; (f) the user assigning a security level to each item of user profile information; (g) the passport agent assigning an encryption key to the user based at least in part on the security level assigned each item of user profile information by the user; (h) the passport agent transmitting at least one public key, which corresponds to the assigned encryption key, for enabling the user to share the public key with one or more of the third-party sites and thereby enabling the one or more third-party sites to access passport profile information; and (i) storing the user profile information in a passport database for subsequent transmission and use, responsive to a user request, in connection with transactions with the third-party sites. - View Dependent Claims (7, 8)
-
-
9. A system for establishing a user passport comprising:
-
a passport database for storing a plurality of user passports, each comprising a data structure containing user information with respect to a different one of a plurality of users; means for receiving a request to generate a passport from a user; means for establishing a secure communication channel to the user; means for presenting a query to the user; means for receiving user information entered in response to the query; means for assigning a security level to each item of user information received by said means for receiving; means for assigning an encryption key to the user; means for storing the user information in one of the passports in said passport database corresponding to the user; and means for transmitting a public key to the user, which corresponds to the assigned encryption key, for enabling the user to share the public key with one or more third parties and thereby enable the one or more third parties to access the user information stored in the corresponding passport in said passport database. - View Dependent Claims (10, 11)
-
-
17. A computer program product comprising a computer-readable media, and computer-executable program code stored on the computer-readable media, wherein the program code is suitable for use in a system for sending data from a first node to a second node utilizing a passport server node having a plurality of passports stored therein, each of the plurality of passports having a data portion, a security level, and a key, the program code comprising:
-
program code for accessing a passport database stored on a passport server node, the passport database storing profile data for each of a plurality of users in a data structure comprising the passport for the corresponding user, the first node corresponding to a first of the users and to a first of the passports; program code for transmitting a first request from the first node to the second node for a transaction with the second node; program code for transmitting a public key from the first node to the second node, the public key having been previously provided by the passport server node to the first node; and program code for transmitting an encrypted message from the first node to the passport server node wherein the encrypted message directs the passport server node to transmit the first passport stored in the passport server node.
-
-
18. A computer program product comprising a computer-readable media, and computer-executable program code stored on the computer-readable media, the program code capable of establishing a user passport for use by a user in connection with transactions over a network with third-party sites, the program code comprising:
-
(a) program code for receiving a request from a user to generate a passport; (b) program code for presenting a series of queries to the user, and for receiving user profile information from the user, including a plurality of data items regarding the user, in response to the queries; (c) program code for receiving from the user a security level assigned to each item of user profile information; (d) program code for assigning an encryption key to the user based at least in part on the security level assigned each item of user profile information by the user; (e) program code for transmitting at least one public key, which corresponds to the assigned encryption key, for enabling one or more third-party sites to access the passport profile information; and (f) program code for storing the user profile information in a passport database for subsequent transmission and use, responsive to a user request, in connection with transactions with the third-party sites.
-
-
19. A computer data signal embodied in a carrier wave, the computer data signal capable of use in establishing a user passport for use by a user in connection with transactions over a network with third-party sites, the computer data signal comprising:
-
(a) program code portion for receiving a request from a user to generate a passport; (b) program code portion for presenting a series of queries to the user, and for receiving user profile information from the user, including a plurality of data items regarding the user, in response to the queries; (c) program code portion for receiving from the user a security level assigned to each item of user profile information; (d) program code portion for assigning an encryption key to the user based at least in part on the security level assigned each item of user profile information by the user; (e) program code portion for transmitting at least one public key, which corresponds to the assigned encryption key, for enabling one or more third-party sites to access the passport profile information; and (f) program code portion for storing the user profile information in a passport database for subsequent transmission and use, responsive to a user request, in connection with transactions with the third-party sites.
-
Specification