Securely roaming digital identities
First Claim
1. A computer-implemented method for securely roaming a digital identity stored on a secure roaming device, wherein the secure roaming device stores encrypted attributes of the digital identity accessible using a bimodal credential, the method comprising:
- receiving a request for at least one attribute of the digital identity from a service provider;
providing to the secure roaming device a first password of the bimodal credential, wherein the first password enables a safe mode of access to the digital identity;
retrieving from the secure roaming device an encrypted identity token, wherein the encrypted identity token is encrypted with a private key of a public-key cryptographic key pair, and wherein the encrypted identity token comprises;
a cryptographic session key;
a time stamp indicative of a duration of the cryptographic session key; and
the at least one attribute of the digital identity, wherein the at least one attribute comprises private identity information;
retrieving from the secure roaming device an encrypted identifier, wherein the encrypted identifier is encrypted with the cryptographic session key; and
providing the encrypted identity token and the encrypted identifier to the service provider.
2 Assignments
0 Petitions
Accused Products
Abstract
A cryptographic session key is utilized to maintain security of a digital identity. The session key is valid only for a limited period of time. Additional security is provided via a bimodal credential allowing different levels of access to the digital identify. An identity token contains pertinent information associated with the digital identity. The identity token is encrypted utilizing public-key cryptography. An identifier utilized to verify the validity of the digital identity is encrypted with the cryptographic session key. The encrypted identity token and the encrypted identifier are provided to a service for example. The service decrypts the encrypted identity token utilizing public key cryptography, and decrypts, with the cryptographic session key obtained from the identity token, the encrypted identifier. If the identifier is determined to be valid, the transaction proceeds normally. If the identifier is determined to be invalid, the transaction is halted.
28 Citations
19 Claims
-
1. A computer-implemented method for securely roaming a digital identity stored on a secure roaming device, wherein the secure roaming device stores encrypted attributes of the digital identity accessible using a bimodal credential, the method comprising:
-
receiving a request for at least one attribute of the digital identity from a service provider; providing to the secure roaming device a first password of the bimodal credential, wherein the first password enables a safe mode of access to the digital identity; retrieving from the secure roaming device an encrypted identity token, wherein the encrypted identity token is encrypted with a private key of a public-key cryptographic key pair, and wherein the encrypted identity token comprises; a cryptographic session key; a time stamp indicative of a duration of the cryptographic session key; and the at least one attribute of the digital identity, wherein the at least one attribute comprises private identity information; retrieving from the secure roaming device an encrypted identifier, wherein the encrypted identifier is encrypted with the cryptographic session key; and providing the encrypted identity token and the encrypted identifier to the service provider. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A secure roaming device for securely roaming a digital identity, wherein the secure roaming device stores encrypted attributes of the digital identity accessible using a bimodal credential, comprising:
-
an input/output portion for; receiving one or more passwords of a bimodal credential indicative of an appropriate mode of access to information associated with the digital identity; receiving a request for at least attribute associated with the digital identity; providing a response to the request, the response being based on the appropriate mode of access and comprising an encrypted identity token and an encrypted identifier, the encrypted identity token comprising the requested at least one attribute, a cryptographic session key, and a time stamp indicative of a duration of the cryptographic session key, wherein; the identity token is encrypted with a private key of a public-key cryptographic key pair; and the encrypted identifier is encrypted utilizing the cryptographic session key; and a memory portion for storing attributes of the digital identity, the private key, the time stamp, the identity token, and all modes of the bimodal credential. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer storage medium having computer-executable instructions for securely roaming a digital identity stored on a secure roaming device, wherein the secure roaming device stores encrypted attributes of the digital identity accessible using a bimodal credential, performing the acts of:
-
receiving a request for at least one attribute of the digital identity from a service provider over an unsecure interface; providing to the secure roaming device a first password of the bimodal credential, wherein the first password enables a safe mode of access to the digital identity; retrieving from the secure roaming device an encrypted identity token, wherein the encrypted identity token is encrypted with a private key of a public-key cryptographic key pair, and wherein the encrypted identity token comprises a cryptographic session key, a time stamp indicative of a duration of the cryptographic session key, and at least one attribute of digital identity; retrieving from the secure roaming device an encrypted identifier, wherein the encrypted identifier is encrypted with the cryptographic session key; and providing the encrypted identity token and the encrypted identifier to the service provider over the unsecure interface. - View Dependent Claims (16, 17, 18, 19)
-
Specification