Privacy-preserving flexible anonymous-pseudonymous access
First Claim
1. A computer-implemented method of allowing user-selected anonymous and pseudonymous access for a user to a relying party (RP), mediated by an identity provider (IdP), comprising:
- registering with an IdP to establish a first pseudonym;
upon successful proof of possession of the first pseudonym to the IdP, receiving a first representation of an access token from the IdP for accessing the RP;
transforming, by a processor, the first representation of the access token to obtain a second representation of the access token, the second representation of the access token being a valid access token and is unlinkable to the first representation of the access token by the IdP;
receiving a request from the user to access the RP;
determining whether the request is for accessing the RP anonymously or pseudonymously;
if the request is for anonymous access,providing the second representation of the access token to the RP anonymously; and
gaining access to the RP upon verification of the second representation of the access token, the anonymous access being unlinkable to any previous and any future access at the RP, and unlinkable to the IdP'"'"'s interaction with any particular user;
if the request is for pseudonymous access,providing to the RP the second representation of the access token and proof of possession of a second pseudonym that is previously registered with the RP; and
gaining access to the RP upon successful verification of the second representation of the access token and proof of possession of the second pseudonym, wherein the pseudonymous access is linkable to the second pseudonym, unlinkable to the IdP'"'"'s interaction with any particular user, and unlinkable to any past and future access to the RP that does not employ the second pseudonym.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are disclosed for privacy-preserving flexible user-selected anonymous and pseudonymous access at a relying party (RP), mediated by an identity provider (IdP). Anonymous access is unlinkable to any previous or future accesses of the user at the RP. Pseudonymous access allows the user to associate the access to a pseudonym previously registered at the RP. A pseudonym system is disclosed. The pseudonym system allows a large number of different and unlinkable pseudonyms to be generated using only a small number of secrets held by the user. The pseudonym system can generate tokens capable of including rich semantics in both a fixed format and a free format. The tokens can be used in obtaining from the IdP, confirmation of access privilege and/or of selective partial disclosure of user characteristics required for access at the RPs. The pseudonym system and associated protocols also support user-enabled linkability between pseudonyms.
-
Citations
46 Claims
-
1. A computer-implemented method of allowing user-selected anonymous and pseudonymous access for a user to a relying party (RP), mediated by an identity provider (IdP), comprising:
-
registering with an IdP to establish a first pseudonym; upon successful proof of possession of the first pseudonym to the IdP, receiving a first representation of an access token from the IdP for accessing the RP; transforming, by a processor, the first representation of the access token to obtain a second representation of the access token, the second representation of the access token being a valid access token and is unlinkable to the first representation of the access token by the IdP; receiving a request from the user to access the RP; determining whether the request is for accessing the RP anonymously or pseudonymously; if the request is for anonymous access, providing the second representation of the access token to the RP anonymously; and gaining access to the RP upon verification of the second representation of the access token, the anonymous access being unlinkable to any previous and any future access at the RP, and unlinkable to the IdP'"'"'s interaction with any particular user; if the request is for pseudonymous access, providing to the RP the second representation of the access token and proof of possession of a second pseudonym that is previously registered with the RP; and gaining access to the RP upon successful verification of the second representation of the access token and proof of possession of the second pseudonym, wherein the pseudonymous access is linkable to the second pseudonym, unlinkable to the IdP'"'"'s interaction with any particular user, and unlinkable to any past and future access to the RP that does not employ the second pseudonym. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for providing anonymous and pseudonymous access for a user to one or more relying parties (RPs), mediated by an identity provider (IdP), comprising:
-
the user registering with the IdP to establish a first pseudonym in a previous session; the user generating an original token for accessing an RP; the user modifying the original token to obtain a modified token; the user providing the modified token to the IdP to obtain confirmation of access authorization; the user proving possession of the first pseudonym previously registered with the IdP to the IdP; upon verification of the user'"'"'s possession of the first pseudonym, the IdP generating a first representation of an access token by signing the modified token, the first representation of the access token containing the confirmation of access authorization at the RP; the IdP providing the first representation of the access token to the user; the user transforming the signed modified token to obtain a second representation of the access token, wherein the second representation of the access token is unlinkable to the first representation of the access token by the RP and the IdP individually, and is unlinkable by the RP and IdP in collusion; the user determining whether to access the RP anonymously or pseudonymously; if accessing the RP anonymously, the user presenting the second representation of the access token to the RP; if accessing the RP pseudonymously, the user presenting the second representation and proof of possession of a second pseudonym, the second pseudonym being a pseudonym previously registered with the RP; upon receiving the second representation of the access token, the RP verifying the second representation of the access token; and if access is anonymous, the RP providing access to the user upon verification of the second representation of the access token; if access is pseudonymous, the RP providing access to the user upon successful verification of the second representation of the access token and successful verification of the proof of possession of the second pseudonym. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A tangible computer-readable medium encoded with a computer program, the program comprising instructions that when executed by one or more computers cause the one or more computers to perform operations comprising:
-
registering with an IdP to establish a first pseudonym; upon successful proof of possession of the first pseudonym to the IdP, receiving a first representation of an access token from the IdP for accessing the RP; transforming, by a processor, the first representation of the access token to obtain a second representation of the access token, the second representation of the access token being a valid access token and is unlinkable to the first representation of the access token by the IdP; receiving a request from the user to access the RP; determining whether the request is for accessing the RP anonymously or pseudonymously; if the request is for anonymous access, providing the second representation of the access token to the RP anonymously; and gaining access to the RP upon verification of the second representation of the access token, the anonymous access being unlinkable to any previous and any future access at the RP, and unlinkable to the IdP'"'"'s interaction with any particular user; if the request is for pseudonymous access, providing to the RP the second representation of the access token and proof of possession of a second pseudonym that is previously registered with the RP; and gaining access to the RP upon successful verification of the second representation of the access token and proof of possession of the second pseudonym, wherein the pseudonymous access is linkable to the second pseudonym, unlinkable to the IdP'"'"'s interaction with any particular user, and unlinkable to any past and future access to the RP that does not employ the second pseudonym. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
-
-
46. A system comprising:
-
one or more computers; and a tangible computer-readable medium coupled to the one or more computers having instructions stored thereon which, when executed by the one or more computers, cause the one or more computers to perform operations comprising; registering with an IdP to establish a first pseudonym; upon successful proof of possession of the first pseudonym to the IdP, receiving a first representation of an access token from the IdP for accessing the RP; transforming, by a processor, the first representation of the access token to obtain a second representation of the access token, the second representation of the access token being a valid access token and is unlinkable to the first representation of the access token by the IdP; receiving a request from the user to access the RP; determining whether the request is for accessing the RP anonymously or pseudonymously; if the request is for anonymous access, providing the second representation of the access token to the RP anonymously; and gaining access to the RP upon verification of the second representation of the access token, the anonymous access being unlinkable to any previous and any future access at the RP, and unlinkable to the IdP'"'"'s interaction with any particular user; if the request is for pseudonymous access, providing to the RP the second representation of the access token and proof of possession of a second pseudonym that is previously registered with the RP; and gaining access to the RP upon successful verification of the second representation of the access token and proof of possession of the second pseudonym, wherein the pseudonymous access is linkable to the second pseudonym, unlinkable to the IdP'"'"'s interaction with any particular user, and unlinkable to any past and future access to the RP that does not employ the second pseudonym.
-
Specification