Privacy and identification in a data communications network
First Claim
Patent Images
1. A method for managing identification in a data communications network, the method comprising:
- receiving a portable user-controlled secure storage device;
enrolling a user of said portable user-controlled secure storage device with an authority network site, said enrolling comprising providing information requested by said authority network site;
receiving user data in response to said enrolling;
storing said user data in said portable user-controlled secure storage device;
enabling said portable user-controlled secure storage device to release said user data; and
using said user data, from said portable user-controlled secure storage device, at a service provider network site to obtain a service.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for managing identification in a data communications network includes receiving a user-controlled secure storage device and enrolling the user with an authority network site. The enrolling includes providing information requested by the authority network site. The method also includes receiving user data in response to the enrolling, storing the user data in the user-controlled secure storage device, enabling the user-controlled secure storage device to release the user data and using the user data at a service provider network site to obtain a service.
-
Citations
9 Claims
-
1. A method for managing identification in a data communications network, the method comprising:
-
receiving a portable user-controlled secure storage device; enrolling a user of said portable user-controlled secure storage device with an authority network site, said enrolling comprising providing information requested by said authority network site; receiving user data in response to said enrolling; storing said user data in said portable user-controlled secure storage device; enabling said portable user-controlled secure storage device to release said user data; and using said user data, from said portable user-controlled secure storage device, at a service provider network site to obtain a service.
-
-
2. A method for managing identification in a data communications network, the method comprising:
-
receiving a portable user-controlled secure storage device; enrolling a user of said portable user-controlled secure storage device with an authority network site, said enrolling comprising providing information requested by said authority network site; receiving user data in response to said enrolling, said user data comprising a first portion and a second portion, said first portion comprising a cryptogram computed based on said second portion; storing said user data in said portable user-controlled secure storage device; enabling said portable user-controlled secure storage device to release said user data; and using said user data, from said portable user-controlled secure storage, at a service provider network site to obtain a service.
-
-
3. A method for managing identification in a data communications network, the method comprising:
-
presenting an identity credential request and data to be stored to a federated identity server via a client host; receiving an identity credential in response to said identity credential request, said identity credential comprising a randomized ID and an identification authority ID, said federated identity server capable of verifying the truthfulness, accuracy and completeness of said data to be stored; presenting a service request and said identity credential to a service portal, said service portal configured to issue an authentication request to said federated identity server; receiving a logon credential in response to said service request, said login credential comprising an indication of the client host used by the user; and using said logon credential to obtain a service from a service provider accessible via said service portal.
-
-
4. A computer program storage device including a tangible computer readable media having embodied therein a program of instructions executable by a processor to perform a method for managing identification in a data communications network, the method comprising:
-
receiving a portable user-controlled secure storage device; enrolling a user of said portable user-controlled secure storage device with an authority network site, said enrolling comprising providing information requested by said authority network site; receiving user data in response to said enrolling; storing said user data in said portable user-controlled secure storage device; enabling said portable user-controlled secure storage device to release said user data; and using said user data, from said portable user-controlled secure storage device, at a service provider network site to obtain a service.
-
-
5. A computer program storage device including a tangible computer readable media having embodied therein a program of instructions executable by a processor to perform a method for managing identification in a data communications network, the method comprising:
-
receiving a portable user-controlled secure storage device; enrolling a user of said portable user-controlled secure storage device with an authority network site, said enrolling comprising providing information requested by said authority network site; receiving user data in response to said enrolling, said user data comprising a first portion and a second portion, said first portion comprising a cryptogram computed based on said second portion; storing said user data in said portable user-controlled secure storage device; enabling said portable user-controlled secure storage device to release said user data; and using said user data, from said portable user-controlled secure storage device, at a service provider network site to obtain a service.
-
-
6. A computer program storage device including a tangible computer readable media having embodied therein a program of instructions executable by a processor to perform a method for managing identification in a data communications network, the method comprising:
-
presenting an identity credential request and data to be stored to a federated identity server via a client host; receiving an identity credential in response to said identity credential request, said identity credential comprising a randomized ID and an identification authority ID, said federated identity server capable of verifying the truthfulness, accuracy and completeness of said data to be stored; presenting a service request and said identity credential to a service portal, said service portal configured to issue an authentication request to said federated identity server; receiving a logon credential in response to said service request, said login credential comprising an indication of the client host used by the user; and using said logon credential to obtain a service from a service provider accessible via said service portal.
-
-
7. An apparatus for managing identification in a data communications network, the apparatus comprising:
-
means for receiving a portable user-controlled secure storage device; means for enrolling a user of said portable user-controlled secure storage device with an authority network site, said enrolling comprising providing information requested by said authority network site; means for receiving user data in response to said enrolling; means for storing said user data in said portable user-controlled secure storage device; means for enabling said portable user-controlled secure storage device to release said user data; and means for using said user data, from said portable user-controlled secure storage device, at a service provider network site to obtain a service.
-
-
8. An apparatus for managing identification in a data communications network, the apparatus comprising:
-
means for receiving a portable user-controlled secure storage device; means for enrolling a user of said portable user-controlled secure storage device with an authority network site, said enrolling comprising providing information requested by said authority network site; means for receiving user data in response to said enrolling, said user data comprising a first portion and a second portion, said first portion comprising a cryptogram computed based on said second portion; means for storing said user data in said portable user-controlled secure storage device; means for enabling said portable user-controlled secure storage device to release said user data; and means for using said user data, from said portable user-controlled secure storage device, at a service provider network site to obtain a service.
-
-
9. An apparatus for managing identification in a data communications network, the apparatus comprising:
-
means for presenting an identity credential request and data to be stored to a federated identity server via a client host; means for receiving an identity credential in response to said identity credential request, said identity credential comprising a randomized ID and an identification authority ID, said federated identity server capable of verifying the truthfulness, accuracy and completeness of said data to be stored; means for presenting a service request and said identity credential to a service portal, said service portal configured to issue an authentication request to said federated identity server; means for receiving a logon credential in response to said service request, said login credential comprising an indication of the client host used by the user; and means for using said logon credential to obtain a service from a service provider accessible via said service portal.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeOracle America, Inc. (Oracle Corporation)
-
Original AssigneeSun Microsystems Incorporated (Oracle Corporation)
-
Inventorsde Jong, Eduard K., Leung, Albert Y., Levy, Moshe
-
Primary Examiner(s)Moise; Emmanuel L
-
Assistant Examiner(s)Fields; Courtney D
-
Application NumberUS10/040,293Publication NumberTime in Patent Office2,675 DaysField of Search713/202, 713/182, 713/184, 713/155, 713/193, 709/229, 380/255, 726/8, 726/5, 726/7, 726/9, 726/19, 726/20US Class Current713/155CPC Class CodesG06F 21/33 using certificatesG06F 21/34 involving the use of extern...G06F 21/6245 Protecting personal data, e...H04L 63/0407 wherein the identity of one...H04L 63/08 for authentication of entit...H04L 63/0815 providing single-sign-on or...H04L 63/0853 using an additional device,...
