Personal identification information schemas
First Claim
Patent Images
1. A digital identity system comprising:
- a first computer system, the first computer system associated with a principal, the first computer system comprising storage media that store computer readable instructions, execution of the computer readable instructions by the first computer system causing the first computer system to;
store a first digital identity at the first computer system, the first digital identity associated with the principal and a first identity provider, the first digital identity comprising a first extensible markup language (XML) document, the first XML document comprising;
a first capability data structure, the first capability data structure comprising a first claim list, the first claim list specifying claims that the first identity provider is able to provide; and
a first cognitive data structure, the first cognitive data structure comprising a first card image data element and a first card name element, the first card image data element specifying a first graphical image for the first digital identity, the first card name data element specifying a name of the first digital identity;
after storing the first digital identity, display the first graphical image and the name of the first digital identity;
store a second digital identity at the first computer system, the second digital identity associated with the principal and a second identity provider, the second digital identity comprising a second XML document, the second XML document comprising;
a second capability data structure, the second capability data structure comprising a second claim list, the second claim list specifying claims that the second identity provider is able to provide; and
a second cognitive data structure, the second cognitive data structure comprising a second card image data element and a second card name element, the second card image data element specifying a second graphical image for the second digital identity, the second card name data element specifying a name of the second digital identity;
after storing the second digital identity, display the second graphical image and the name of the second digital identity;
after storing the second digital identity at the first computer system, send a security policy request to a relying party;
after sending the security policy request to the relying party, receive a security policy from the relying party, the security policy specifying required claims;
in response to receiving the security policy, automatically determine, based on the claims specified by the first claim list and the second claim list, that the first claim list specifies each of the required claims;
after determining that the first claim list specifies each of the required claims, send a first token request to the first identity provider, the first token request requesting a first security token, the first token request indicating one or more requested claims, the requested claims including the required claims specified by the security policy;
receive the first security token from the relevant first identity provider, the first security token including the one or more requested claims; and
forward the security token to the relying party.
2 Assignments
0 Petitions
Accused Products
Abstract
A digital identity system includes a principal including an identity selector programmed to receive a security policy from a relying party, review a plurality of digital identities associated with the principal, and request one or more claims related to an identity of the principal from an identity provider. The principal is further programmed to receive one or more security tokens including the claims from the identity provider, and to forward the security tokens to the relying party.
-
Citations
15 Claims
-
1. A digital identity system comprising:
a first computer system, the first computer system associated with a principal, the first computer system comprising storage media that store computer readable instructions, execution of the computer readable instructions by the first computer system causing the first computer system to; store a first digital identity at the first computer system, the first digital identity associated with the principal and a first identity provider, the first digital identity comprising a first extensible markup language (XML) document, the first XML document comprising; a first capability data structure, the first capability data structure comprising a first claim list, the first claim list specifying claims that the first identity provider is able to provide; and a first cognitive data structure, the first cognitive data structure comprising a first card image data element and a first card name element, the first card image data element specifying a first graphical image for the first digital identity, the first card name data element specifying a name of the first digital identity; after storing the first digital identity, display the first graphical image and the name of the first digital identity; store a second digital identity at the first computer system, the second digital identity associated with the principal and a second identity provider, the second digital identity comprising a second XML document, the second XML document comprising; a second capability data structure, the second capability data structure comprising a second claim list, the second claim list specifying claims that the second identity provider is able to provide; and a second cognitive data structure, the second cognitive data structure comprising a second card image data element and a second card name element, the second card image data element specifying a second graphical image for the second digital identity, the second card name data element specifying a name of the second digital identity; after storing the second digital identity, display the second graphical image and the name of the second digital identity; after storing the second digital identity at the first computer system, send a security policy request to a relying party; after sending the security policy request to the relying party, receive a security policy from the relying party, the security policy specifying required claims; in response to receiving the security policy, automatically determine, based on the claims specified by the first claim list and the second claim list, that the first claim list specifies each of the required claims; after determining that the first claim list specifies each of the required claims, send a first token request to the first identity provider, the first token request requesting a first security token, the first token request indicating one or more requested claims, the requested claims including the required claims specified by the security policy; receive the first security token from the relevant first identity provider, the first security token including the one or more requested claims; and forward the security token to the relying party. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. A method for providing a security token, the method comprising:
-
receiving, by a first computer system, a digital identity request from a second computer system, the first computer system associated with an identity provider, the second computer system associated with a principal; generating, by the first computer system, a digital identity, the digital identity comprising a first extensible markup language (XML) document, the first XML document comprising; a capability data structure, the capability data structure comprising a claim list, the claim list specifying claims that the identity provider is able to provide; and a cognitive data structure, the cognitive data structure comprising a card image data element and a card name element, the card image data element specifying a graphical image for the digital identity, the card name data element specifying a name of the digital identity; sending the digital identity to the second computer system in response to the digital identity request; after sending the digital identity to the second computer system, receiving, by the first computer system, a token request from the second computer system, the token request requesting the security token, the token request comprising a second XML document, the second XML document indicating one or more requested claims, the requested claims including at least one of the claims in the claim list of the digital identity; after receiving the token request, receiving, by the first computer system, the requested claims; transforming, by the first computer system, one or more of the requested claims into one or more transformed claims, the transformed claims being transformed from a format specified by the token request; generating, by the first computer system, the security token, the security token including the one or more transformed claims; and providing, by the first computer system, the security token to the second computer system. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer-readable storage medium comprising computer-executable instructions, the computer-readable storage medium not consisting of a transitory signal, execution of the computer executable instructions by a first computer system causing the first computer system to:
-
receive a digital identity request from a second computer system, the first computer system associated with an identity provider, the second computer system associated with a principal, generate a digital identity, the digital identity comprising a first extensible markup language (XML) document, the first XML document comprising; a capability data structure, the capability data structure comprising a claim list, the claim list specifying claims that the identity provider is able to provide; and a cognitive data structure, the cognitive data structure comprising a card image data element and a card name data element, the card image data element specifying a graphical image for the digital identity, the card name data element specifying a name of the digital identity; send the digital identity to the second computer system in response to the digital identity request; after sending the digital identity to the second computer system, receive a token request from the second computer system, the token request comprising a second XML document, the second XML document indicating one or more requested claims, the requested claims including the claims in the claim list of the digital identity; acquire the one or more requested claims after receiving the token request; transform the one or more requested claims such that the one or more requested claims are formatted in a particular format and such that the one or more requested claims are altered semantically such that the one or more requested claims reveal less personal information about the principal, the particular format being specified by the token request; and after transforming the one or more requested claims, generate a security token that comprises the transformed claims.
-
Specification