Method for issuing an electronic identity

US 7,020,778 B1
Filed: 01/21/2000
Issued: 03/28/2006
Est. Priority Date: 01/21/2000
Status: Expired due to Term

First Claim

Patent Images

1. Method for issuing an electronic identity for a first entity from an identity registration authority, the method comprising the steps of:

a) issuing a first electronic identity for said first entity, said first electronic identity having a first representational form for use by said first entity in a first application;

b) creating a request for a second electronic identity for use by said first entity in a second application, the request including an identifier of said first entity, said second application requiring said second electronic identity in a second representational form that is different from said first representational form;

c) sending said request to said identity registration authority;

d) in response to said request, creating an identification response;

e) sending said identification response to said first entity;

f) verifying an acceptability of said identification response by said first entity;

g) in response to said verifying, if said identification response is acceptable, signing said identification response using a digital signature by said first entity, thereby generating a signed response;

h) sending said signed response to said identity registration authority;

i) verifying a validity of said digital signature and said identification response in said signed response; and

j) in response to said verifying, if said digital signature and identification response are valid, issuing said second electronic identity based on said first electronic identity.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for issuing an electronic identity based on previously certified electronic identity. This is accomplished by providing a method to use a previously certified identity to create another representational form for the same identity. This way the holder of a certificate can extend his or her already verified identity for other uses. The previously certified identity can be for instance so called mobile identity which is associated to a person'"'"'s mobile terminal such as mobile phone. The person can show to certificate be his/her own by using the digital signature feature of the mobile terminal.

Citations

26 Claims

1. Method for issuing an electronic identity for a first entity from an identity registration authority, the method comprising the steps of:
- a) issuing a first electronic identity for said first entity, said first electronic identity having a first representational form for use by said first entity in a first application;
  
  b) creating a request for a second electronic identity for use by said first entity in a second application, the request including an identifier of said first entity, said second application requiring said second electronic identity in a second representational form that is different from said first representational form;
  
  c) sending said request to said identity registration authority;
  
  d) in response to said request, creating an identification response;
  
  e) sending said identification response to said first entity;
  
  f) verifying an acceptability of said identification response by said first entity;
  
  g) in response to said verifying, if said identification response is acceptable, signing said identification response using a digital signature by said first entity, thereby generating a signed response;
  
  h) sending said signed response to said identity registration authority;
  
  i) verifying a validity of said digital signature and said identification response in said signed response; and
  
  j) in response to said verifying, if said digital signature and identification response are valid, issuing said second electronic identity based on said first electronic identity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 2. The method of claim 1 further comprising a second entity by which said first entity digitally signs said identification response.
  - 3. The method of claim 2 further comprising the steps of:
    - checking if the information of said second entity is available using said identifier; and
      
      in response said checking, if said information is not available, inquiring the information of said second entity from said first entity.
  - 4. The method of claim 2 or 3 wherein said second entity is in control of said first entity.
  - 5. The method of claim 3 wherein said information of said second entity comprises one or more from a set containing a unique address of said second entity, a name of the holder of said second entity and previous identity or identities of said second entity.
  - 6. The method of claim 1 further comprising the step of:
    - establishing and encrypting a communication channel between said first entity and said identity registration authority to ensure confidential communication there between.
  - 7. The method of claim 1 further comprising the step of:
    - storing said issued second identity to a database of said identity registration authority.
  - 8. The method of claim 1 further comprising the step of:
    - storing said issued second identity to a database of the issuer of said first electronic identity.
  - 9. The method of claim 1 further comprising the step of:
    - combining said first and said second electronic identities to form a combined electronic identity; and
      
      storing said combined electronic identity to a database.
  - 10. The method of claim 1 further comprising the step of:
    - sending said issued second identity to said first entity.
  - 11. The method of claim 1 further comprising the step of:
    - sending said issued second identity to a third party.
  - 12. The method of claim 1 before the step of issuing said second identity further comprising the steps of:
    - checking if additional guarantees for ensuring a validity of the first electronic identity are to be acquired; and
      
      in response to said checking, if additional guarantees are needed, acquiring additional guarantees.
  - 13. The method of claim 1 further comprising the steps of:
    - adding a time stamp to said issued second identity; and
      
      storing said time stamped second identity to a database of said registration authority.
  - 14. The method of claim 1 further comprising the step of:
    - adding into said time stamp a expiration date of said second electronic identity.
  - 15. The method of claim 1 further comprising, the steps of:
    - adding a notarization to said issued second identity; and
      
      storing said notarized second identity to a database of said registration authority.
  - 16. The method of claim 1 further comprising the steps of:
    - inquiring a further identifier code to be added into said signed identification responsereceiving said identifier code at said registration authority; and
      
      verifying the validity of said identifier code at said registration authority.
  - 17. The method of claim 16 wherein said identifier code includes one or more from a set containing biometric code of said first entity, a predetermined character string, a fingerprint of a first entity'"'"'s public key, random number, certificate, and a hash code of the shared secret between said first entity and said registration authority.
  - 18. The method of claim 2 further comprising the steps of:
    - creating a first hash code from said request at said registration authority;
      
      sending said first hash code to said second entity;
      
      creating a second hash code from said identity request by said second entity; and
      
      verifying a validity of said first hash code by comparing it to said second hash code before said step of signing said identification response.
  - 19. The method of claim 1 or 2 before the step of issuing further comprising the steps of:
    - sending a confirmation message to the address specified in additional information of said first entity;
      
      receiving a confirmation response to said confirmation message at said registration authority; and
      
      verifying the validity of said confirmation response.
  - 20. The method of claim 19 before the step of issuing further comprising the step of:
    - canceling said issuing of said second electronic identity if said confirmation response is not received in a predetermined time period.
  - 21. The method of claim 1 wherein said request for issuing said second certificate for said entity is initiated by a third party.
  - 22. The method of claim 2 wherein said request for issuing said second electronic identity for said first entity is initiated by said second entity.
  - 23. The method of claim 2 wherein said request is digitally signed by said first entity before sending said request.
  - 24. The method of claim 2 wherein said request is encrypted before sending said request.
  - 25. The method of claim 1 further comprising the step of:
    - journalizing a log of all transactions during the issue process of said second electronic identity.
  - 26. The method of claim 2 wherein said second entity is one of the following set including mobile terminal, mobile phone, personal computer, set-top box, smart card, tamper proof device, security token, software agent, pager, terminal equipment, and personal digital assistant (PDA).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Giesecke + Devrient Mobile Security GmBH (Giesecke & Devrient GmbH)
Original Assignee
Sonera Smarttrust OY
Inventors
Lahtiranta, Atte, Miettinen, Jarmo, Liukkonen, Jukka, Otranen, Jari, Mättö, Mikko, Saarinen, Jennifer, Salo, Saku
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
ZIA, SYED

Application Number

US09/489,328
Time in Patent Office

2,258 Days
Field of Search

713/182
US Class Current

713/182
CPC Class Codes

H04L 2209/42   Anonymization, e.g. involvi...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

Method for issuing an electronic identity

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Method for issuing an electronic identity

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links