Method and system for identity recognition

US 7,822,988 B2
Filed: 10/23/2003
Issued: 10/26/2010
Est. Priority Date: 10/23/2003
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of sending an identity information document from an initiating system to an intended receiving system, the method comprising:

presenting a list of identity information from a self-identity information store included in the initiating system for a principal using the initiating system to select information to include in a first identity information document and to include in a second identity information document, wherein the first identity information document is based on a first intended receiving system and the second identity information document is based on a second intended receiving system, the first intended receiving system being different from the second intended receiving system, and wherein the presenting the list of identity information for selection allows the principal to control the disclosure of identity information to the first and the second intended receiving systems;

receiving a first selection of identity information from the list of identity information from the self-identity information store stored in a memory for inclusion in the first identity information document, wherein the first selected identity information comprises a first subset of identity information relating to the principal in the self-identity information store, and wherein the first subset of identity information is specific to the first intended receiving system;

receiving a second selection of identity information from the list of identity information from the self-identity information store stored in memory for inclusion in the second identity information document, wherein the second selected identity information comprises a second subset of identity information relating to the principal in the self-identity information store, and wherein the second subset of identity information is specific to the second intended receiving system and is different from the first subset of identity information;

reading the first and the second selected identity information from the self-identity information store included in the initiating system;

generating the first identity information document to include the first selected identity information and at least a first key, the first identity information document signed using a second key associated with the first key in the first identity information document; and

sending the first identity information document to the first intended receiving system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with various aspects, the present invention relates to methods and systems for sending an identity information document comprising selecting identity information from a self-identity information store for inclusion in the identity information document. The selected identity information is read from a self-identity information store. The identity information document is generated to include the selected identity information and one or more keys, and signed using a key associated with one of the keys included in the identity information document. The identity information document is then sent to a recipient. Receiving an identity information document comprises receiving a signed identity information document from an originator. A determination is made as to whether identity information in the identity information document is reliable. The identity information is saved in a recognized identity information store if the identity information is determined to be reliable. If the identity information is determined to be unreliable, an identity recognition number retrieved from the sender is compared to an identity recognition number generated by the recipient based on information in the received identity information document. If the identity recognition number is verified, the identity information is saved in the recognized identity information store.

22 Citations

View as Search Results

24 Claims

1. A computer-implemented method of sending an identity information document from an initiating system to an intended receiving system, the method comprising:
- presenting a list of identity information from a self-identity information store included in the initiating system for a principal using the initiating system to select information to include in a first identity information document and to include in a second identity information document, wherein the first identity information document is based on a first intended receiving system and the second identity information document is based on a second intended receiving system, the first intended receiving system being different from the second intended receiving system, and wherein the presenting the list of identity information for selection allows the principal to control the disclosure of identity information to the first and the second intended receiving systems;
  
  receiving a first selection of identity information from the list of identity information from the self-identity information store stored in a memory for inclusion in the first identity information document, wherein the first selected identity information comprises a first subset of identity information relating to the principal in the self-identity information store, and wherein the first subset of identity information is specific to the first intended receiving system;
  
  receiving a second selection of identity information from the list of identity information from the self-identity information store stored in memory for inclusion in the second identity information document, wherein the second selected identity information comprises a second subset of identity information relating to the principal in the self-identity information store, and wherein the second subset of identity information is specific to the second intended receiving system and is different from the first subset of identity information;
  
  reading the first and the second selected identity information from the self-identity information store included in the initiating system;
  
  generating the first identity information document to include the first selected identity information and at least a first key, the first identity information document signed using a second key associated with the first key in the first identity information document; and
  
  sending the first identity information document to the first intended receiving system.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the receiving a first selection of identity information comprises receiving a selection of the first subset of identity information from the self-identity information store based on user input from a Graphical User Interface (GUI).
  - 3. The method of claim 1, wherein the receiving a first selection of identity information comprises receiving a selection of a predetermined subset of information from the self-identity information store.
  - 4. The method of claim 1, wherein generating the first identity information document comprises encoding the first selected identification information in an eXtensible Mark-up Language (XML) document.
  - 5. The method of claim 1, wherein the first selected identity information comprises identity claims of the principal originating the first identity information document.
  - 6. The method of claim 1, wherein the first selected identity information comprises use policies for defining uses to which the contents of the identity information may be put.

7. A computer-implemented method of receiving an identity information document at a recipient from an initiating system, the method comprising:
- receiving, at a first recipient, a signed first identity information document from the initiating system, wherein the first identity information document contains selected identity information comprising a first subset of identity information relating to a principal and selected from a self-identity information store included in the initiating system, and wherein the first subset of identity information is specific to the first recipient, and wherein the first subset of identity information is different from a second subset of identity information, the second subset of identity information being contained in a second identity information document intended for a second recipient;
  
  determining whether the first subset of identity information in the first identity information document is reliable;
  
  saving the first subset of identity information in a recognized identity information store located at the first recipient and stored in a memory if the first subset of identity information is determined to be reliable;
  
  determining whether to verify the first subset of identity information if the first subset of identity information is not reliable; and
  
  if the first subset of identity information is not reliable, saving the first subset of identity information in the recognized identity information store at the first recipient with a flag indicating the first subset of identity information is not reliable.
- View Dependent Claims (8, 9, 10)
- - 8. The method of claim 7, further comprising:
    - responsive to determining to verify the first subset of identity information, retrieving an Identification Recognition Number (IRN) from the initiating system of the first identity information document, determining whether the IRN is correct and, responsive to the IRN being correct, saving the first subset of identity information in the recognized identity information store.
  - 9. The method of claim 7, wherein determining whether the first subset of identity information is reliable is based on a user input through a graphical user interface.
  - 10. The method of claim 7, wherein determining whether to verify the first subset of identity information is based on a user input through a graphical user interface.

11. A system to send an identity information document comprising:
- a processor;
  
  a communication channel connected with the processor; and
  
  a memory coupled with and readable by the processor, the memory containing a series of instructions that, when executed by the processor, cause the processor to;
  
  select identity information from a self-identity information store included in an initiating system for inclusion in a first identity information document, wherein the selected identity information comprises a predetermined first subset of identity information relating to a principal in the self-identity information store and wherein the predetermined first subset of identity information is specific to a first intended recipient and is automatically selected for inclusion in the first identity information document, and wherein a predetermined second subset of identity information relating to the principal in the self-identity information store is specific to a second intended recipient, the second subset of identity information being different from the first subset of identity information;
  
  read the first subset of identity information from the self-identity information store included in the initiating system;
  
  generate the first identity information document to include the first subset of identity information and at least a first key, the first identity information document signed using a second key paired with the first key; and
  
  send the first identity information document to the first intended recipient connected to the communication channel to establish an identity of the principal at the first recipient.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system of claim 11, wherein the selecting identity information for inclusion in a first identity information document comprises selecting the first subset of identity information from the self-identity information store based on user input from a Graphical User Interface (GUI).
  - 13. The system of claim 11, wherein the generating the first identity information document comprises encoding the first subset of identification information in an eXtensible Mark-up Language (XML) document.
  - 14. The system of claim 11, wherein the first subset of identity information comprises identity claims of the principal originating the first identity information document.
  - 15. The system of claim 11, wherein the first subset of identity information comprises use policies for defining uses to which the contents of the first subset of identity information may be put.

16. A system to receive an identity information document at a recipient from an initiating system for use in future recognition of a principal comprising:
- a processor;
  
  a communication channel connected with the processor; and
  
  a memory coupled with and readable by the processor, the memory containing a series of instructions that, when executed by the processor, cause the processor to;
  
  receive, at a first recipient, a signed first identity information document from the initiating system, the signed first identity information document containing selected identity information comprising a first subset of identity information relating to the principal in a self-identity information store included in the initiating system, wherein the first subset of identity information is specific to the first recipient, and wherein a second subset of identity information relating to the principal in the self-identity information store is specific to a second intended recipient, the second intended recipient being different from the first intended recipient, and the second subset of identity information being different from the first subset of identity information;
  
  determine whether the first subset of identity information in the first identity information document is reliable;
  
  determine whether to verify the first subset of identity information if the identity information is not reliable;
  
  save the first subset of identity information in a recognized identity information store located at the first recipient if the first subset of identity information is determined to be reliable; and
  
  if the first subset of identity information is not reliable, save the first subset of identity information in the recognized identity information store at the first recipient with a flag indicating the first subset of identity information is not reliable, the recognized identity information store being used for future recognition of the principal.
- View Dependent Claims (17, 18, 19)
- - 17. The system of claim 16, further comprising:
    - responsive to determining to verify the first subset of identity information, receiving an Identification Recognition Number (IRN) from the initiator of the first identity information document, determining whether the IRN is correct and, responsive to the IRN being correct, saving the first subset of identity information in the recognized identity information store.
  - 18. The system of claim 17, wherein the determining whether the first subset of identity information is reliable is based on a user input through a graphical user interface.
  - 19. The system of claim 17, wherein the determining whether to verify the first subset of identity information is based on a user input through a graphical user interface.

20. A computer readable storage medium encoding a computer program of instructions for executing a computer process for identity recognition, said computer process comprising:
- presenting a list of identity information from a self-identity information store included in an initiating system for a principal using the initiating system to select information to include in a first identity information document and to include in a second identity information document, wherein the first identity information document is based on a first intended recipient and the second identity information document is based on a second intended recipient, the first intended recipient being different from the second intended recipient, and wherein the presenting the list of identity information for selection allows the principal to control the disclosure of identity information to the first and the second intended recipients;
  
  receiving a first selection of identity information from the list of identity information from the self-identity information store stored in a memory for inclusion in the first identity information document, wherein the first selected identity information comprises a first subset of identity information relating to the principal in the self-identity information store, and wherein the first subset of identity information is specific to the first intended recipient;
  
  receiving a second selection of identity information from the list of identity information from the self-identity information store stored in memory for inclusion in the second identity information document, wherein the second selected identity information comprises a second subset of identity information relating to the principal in the self-identity information store, and wherein the second subset of identity information is specific to the second intended receiving system and is different from the first subset of identity information;
  
  reading the first and the second selected identity information from the self-identity information store included in the initiating system;
  
  generating the first identity information document to include the first selected identity information and at least a public key, the first identity information document signed with a private key associated with the public key in the first identity information document; and
  
  sending the first identity information document to the first recipient to establish an identity of the principal at the first recipient;
  
  generating the second identity information document to include the second selected identity information and a digital signature; and
  
  sending the second identity information document to the second recipient to establish an identity of the principal at the second recipient.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The computer readable storage medium of claim 20, wherein the receiving a first selection of identity information comprises receiving a selection of the first subset of identity information from the self-identity information store based on user input from a Graphical User Interface (GUI).
  - 22. The computer readable storage medium of claim 20, wherein generating the first identity information document comprises encoding the first selected identification information in an eXtensible Mark-up Language (XML) document.
  - 23. The computer readable storage medium of claim 20, wherein the first selected identity information comprises identity claims of the principal originating the first identity information document.
  - 24. The computer readable storage medium of claim 20, wherein the first selected identity information comprises use policies for defining uses to which the contents of the identity information may be put.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Satagopan, Murli, Brace, Colin, Nanda, Arun, Kwan, Stuart, Hacherl, Don, Dunn, Melissa, Smith, Walter, Cameron, Kim
Primary Examiner(s)
Vu; Kimyen
Assistant Examiner(s)
Moran; Randal D

Application Number

US10/693,172
Publication Number

US 20050091495A1
Time in Patent Office

2,560 Days
Field of Search

713/175, 713/168, 713177-180
US Class Current

713/180
CPC Class Codes

G06F 21/31   User authentication

G06F 21/64   Protecting data integrity, ...

H04L 63/102   Entity profiles

H04L 63/126   the source of the received ...

Method and system for identity recognition

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

24 Claims

Specification

Use Cases

Quick Links

Others

Method and system for identity recognition

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

24 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others