Privacy and identification in a data communications network
First Claim
Patent Images
1. A method for managing identification in a data communications network, the method comprising:
- receiving a portable user-controlled secure storage device;
enrolling a user of said portable user-controlled secure storage device with an authority network site, said enrolling comprising providing information requested by said authority network site;
receiving user data in response to said enrolling;
storing said user data in said portable user-controlled secure storage device;
enabling said portable user-controlled secure storage device to release said user data; and
using said user data, from said portable user-controlled secure storage device, at a service provider network site to obtain a service.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for managing identification in a data communications network includes receiving a user-controlled secure storage device and enrolling the user with an authority network site. The enrolling includes providing information requested by the authority network site. The method also includes receiving user data in response to the enrolling, storing the user data in the user-controlled secure storage device, enabling the user-controlled secure storage device to release the user data and using the user data at a service provider network site to obtain a service.
-
Citations
9 Claims
-
1. A method for managing identification in a data communications network, the method comprising:
-
receiving a portable user-controlled secure storage device; enrolling a user of said portable user-controlled secure storage device with an authority network site, said enrolling comprising providing information requested by said authority network site; receiving user data in response to said enrolling; storing said user data in said portable user-controlled secure storage device; enabling said portable user-controlled secure storage device to release said user data; and using said user data, from said portable user-controlled secure storage device, at a service provider network site to obtain a service.
-
-
2. A method for managing identification in a data communications network, the method comprising:
-
receiving a portable user-controlled secure storage device; enrolling a user of said portable user-controlled secure storage device with an authority network site, said enrolling comprising providing information requested by said authority network site; receiving user data in response to said enrolling, said user data comprising a first portion and a second portion, said first portion comprising a cryptogram computed based on said second portion; storing said user data in said portable user-controlled secure storage device; enabling said portable user-controlled secure storage device to release said user data; and using said user data, from said portable user-controlled secure storage, at a service provider network site to obtain a service.
-
-
3. A method for managing identification in a data communications network, the method comprising:
-
presenting an identity credential request and data to be stored to a federated identity server via a client host; receiving an identity credential in response to said identity credential request, said identity credential comprising a randomized ID and an identification authority ID, said federated identity server capable of verifying the truthfulness, accuracy and completeness of said data to be stored; presenting a service request and said identity credential to a service portal, said service portal configured to issue an authentication request to said federated identity server; receiving a logon credential in response to said service request, said login credential comprising an indication of the client host used by the user; and using said logon credential to obtain a service from a service provider accessible via said service portal.
-
-
4. A computer program storage device including a tangible computer readable media having embodied therein a program of instructions executable by a processor to perform a method for managing identification in a data communications network, the method comprising:
-
receiving a portable user-controlled secure storage device; enrolling a user of said portable user-controlled secure storage device with an authority network site, said enrolling comprising providing information requested by said authority network site; receiving user data in response to said enrolling; storing said user data in said portable user-controlled secure storage device; enabling said portable user-controlled secure storage device to release said user data; and using said user data, from said portable user-controlled secure storage device, at a service provider network site to obtain a service.
-
-
5. A computer program storage device including a tangible computer readable media having embodied therein a program of instructions executable by a processor to perform a method for managing identification in a data communications network, the method comprising:
-
receiving a portable user-controlled secure storage device; enrolling a user of said portable user-controlled secure storage device with an authority network site, said enrolling comprising providing information requested by said authority network site; receiving user data in response to said enrolling, said user data comprising a first portion and a second portion, said first portion comprising a cryptogram computed based on said second portion; storing said user data in said portable user-controlled secure storage device; enabling said portable user-controlled secure storage device to release said user data; and using said user data, from said portable user-controlled secure storage device, at a service provider network site to obtain a service.
-
-
6. A computer program storage device including a tangible computer readable media having embodied therein a program of instructions executable by a processor to perform a method for managing identification in a data communications network, the method comprising:
-
presenting an identity credential request and data to be stored to a federated identity server via a client host; receiving an identity credential in response to said identity credential request, said identity credential comprising a randomized ID and an identification authority ID, said federated identity server capable of verifying the truthfulness, accuracy and completeness of said data to be stored; presenting a service request and said identity credential to a service portal, said service portal configured to issue an authentication request to said federated identity server; receiving a logon credential in response to said service request, said login credential comprising an indication of the client host used by the user; and using said logon credential to obtain a service from a service provider accessible via said service portal.
-
-
7. An apparatus for managing identification in a data communications network, the apparatus comprising:
-
means for receiving a portable user-controlled secure storage device; means for enrolling a user of said portable user-controlled secure storage device with an authority network site, said enrolling comprising providing information requested by said authority network site; means for receiving user data in response to said enrolling; means for storing said user data in said portable user-controlled secure storage device; means for enabling said portable user-controlled secure storage device to release said user data; and means for using said user data, from said portable user-controlled secure storage device, at a service provider network site to obtain a service.
-
-
8. An apparatus for managing identification in a data communications network, the apparatus comprising:
-
means for receiving a portable user-controlled secure storage device; means for enrolling a user of said portable user-controlled secure storage device with an authority network site, said enrolling comprising providing information requested by said authority network site; means for receiving user data in response to said enrolling, said user data comprising a first portion and a second portion, said first portion comprising a cryptogram computed based on said second portion; means for storing said user data in said portable user-controlled secure storage device; means for enabling said portable user-controlled secure storage device to release said user data; and means for using said user data, from said portable user-controlled secure storage device, at a service provider network site to obtain a service.
-
-
9. An apparatus for managing identification in a data communications network, the apparatus comprising:
-
means for presenting an identity credential request and data to be stored to a federated identity server via a client host; means for receiving an identity credential in response to said identity credential request, said identity credential comprising a randomized ID and an identification authority ID, said federated identity server capable of verifying the truthfulness, accuracy and completeness of said data to be stored; means for presenting a service request and said identity credential to a service portal, said service portal configured to issue an authentication request to said federated identity server; means for receiving a logon credential in response to said service request, said login credential comprising an indication of the client host used by the user; and means for using said logon credential to obtain a service from a service provider accessible via said service portal.
-
Specification