Networked identity framework

US 8,635,679 B2
Filed: 12/08/2006
Issued: 01/21/2014
Est. Priority Date: 12/08/2005
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a computing system comprising one or more processors, a first request for one or more of a plurality of sets of identity data associated with a user;

transmitting a second request to release from a homesite at least one of the requested plurality of sets of identity data associated with the user that would authenticate the user at a membersite;

selecting a set of the at least one of the plurality of requested sets of identity data associated with the user to release in accordance with a user preference;

receiving, by an anonymizer and through a network interface, at least a portion of identity information in the selected set of identity data and user instructions to anonymize the identity information;

redacting the identity information to remove identifying information associated with the user; and

transmitting the selected set of identity data associated with the user to the membersite.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method provide a framework for networked identity management in a user-centric model by providing the ability for a user to delegate permissions to release identity information, by enabling a mechanism for releasing one of a requested plurality of data sets and by providing facilities for the retrieval of identity information from an external server. Anonymization of identity data is enabled through the use of an anonymizer system that can optionally be integrated with an identity store such as a homesite.

30 Citations

View as Search Results

37 Claims

1. A method comprising:
- receiving, by a computing system comprising one or more processors, a first request for one or more of a plurality of sets of identity data associated with a user;
  
  transmitting a second request to release from a homesite at least one of the requested plurality of sets of identity data associated with the user that would authenticate the user at a membersite;
  
  selecting a set of the at least one of the plurality of requested sets of identity data associated with the user to release in accordance with a user preference;
  
  receiving, by an anonymizer and through a network interface, at least a portion of identity information in the selected set of identity data and user instructions to anonymize the identity information;
  
  redacting the identity information to remove identifying information associated with the user; and
  
  transmitting the selected set of identity data associated with the user to the membersite.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 2. The method of claim 1 wherein receiving the first request includes receiving a request from the membersite via the user.
  - 3. The method of claim 1 wherein selecting the set of the at least one of the plurality of sets of identity data includes selecting in accordance with a predetermined user preference.
  - 4. The method of claim 1 wherein selecting the set of the at least one of the plurality of sets of identity data includes:
    - presenting the plurality of sets of identity data to the user; and
      
      obtaining a user selection of the set of the at least one of the plurality of sets of identity data.
  - 5. The method of claim 1 wherein the said transmitting includes transmitting the selected set one of the plurality of sets of identity data to the membersite via the user.
  - 6. The method of claim 1 wherein the received first request includes an ordered list of the plurality of sets of identity data, wherein said selecting includes providing the plurality of sets of identity data for selection according to the ordered list.
  - 7. The method of claim 6 wherein the ordered list includes an indication of a hard priority from the membersite, the hard priority identifying identity data required by the membersite.
  - 8. The method of claim 6 wherein the ordered list includes an indication of a soft priority from the membersite, the soft priority identifying a preference for some identity data over other identity data by the membersite.
  - 9. The method of claim 8 wherein the indication of the soft priority includes an indication of an association between each of the plurality of sets of identity data and a plurality of levels of access.
  - 10. The method of claim 1 wherein the plurality of sets of identity data includes an identity claim.
  - 11. The method of claim 10 wherein the identity claim includes an expiry date.
  - 12. The method of claim 11 wherein said transmitting the selected of identity data includes determining if the identity claim has expired.
  - 13. The method of claim 11 wherein transmitting includes:
    - updating an expired identity claim included in the selected set of identity data; and
      
      transmitting the selected set of identity data upon receipt of an updated identity claim for the expired identity claim.
  - 14. The method of claim 10 wherein the identity claim includes attributes of the user.
  - 15. The method of claim 10 wherein the identity claim includes an attribute of the homesite.
  - 16. The method of claim 15 wherein the attribute is a certification of an authentication at the homesite.
  - 17. The method of claim 16 wherein the authentication is provided by a third party.
  - 18. The method of claim 16 wherein the certification includes a hash of an authentication engine at the homesite used to authenticate an identity of the user.
  - 19. The method of claim 1 further comprising:
    - receiving proxy rights to access user identity information associated with the user, the proxy rights including an identity claim needed to access the user identity information;
      
      determining that another user that generated the first request has received proxy rights to the requested user identity information, the determination based at least in part on a confirmation that the another user has an identity claim providing authorization for the requested user identity information, wherein the another user is not associated with the requested user identity information and is requesting access to the requested user identity information on behalf of the user; and
      
      transmitting through the network interface the requested user identity information to the membersite upon determination that the another user has received the proxy rights.
  - 20. The method of claim 19 wherein said determining includes determining that the another user is listed on a proxy list associated with the user associated with the requested user identity information.
  - 21. The method of claim 19 wherein determining includes authenticating the another user.
  - 22. The method of claim 19 wherein the request for user identity information is received as a uniform resource locator.
  - 23. The method of claim 22 wherein the uniform resource locator points to a static request document.
  - 24. The method of claim 22 wherein the uniform resource locator points to a dynamic request document generated in accordance with at least one of a user network address and a requested service.
  - 25. The method of claim 1,wherein the anonymizer signs the redacted identity information;
    - andwherein transmitting the selected set of identity data comprises transmitting, by the anonymizer and through the network interface, the redacted identity information to the membersite.
  - 26. The method of claim 1 wherein the identity information includes information selected from a list including:
    - a unique identifier associated with the user;
      
      a user birth date; and
      
      a user address.
  - 27. The method of claim 1 wherein the identifying information comprises a unique identifier and said redacting includes replacing the unique identifier with an identifier that is pairwise unique between the user and the membersite.
  - 28. The method of claim 1 wherein the identifying information comprises a unique identifier and said redacting includes replacing the unique identifier with an identifier selected from a pool of identifiers.
  - 29. The method of claim 1 wherein the identifying information comprises a user birth date and said redacting includes replacing the user birth date with an age range.
  - 30. The method of claim 1 wherein the identifying information comprises a user address and said redacting includes replacing the user address with one of a country, province, state, city, postal code, zip code or other non-specific geographical indicator derived in accordance with the user address.
  - 31. The method of claim 1, wherein receiving the request comprises receiving the request by a homesite comprising one or more computing systems, the method further comprising:
    - determining, by the homesite, that an element in the requested one or more of sets of user identity data is hosted by an external site;
      
      issuing, by the homesite, a request for the element hosted by the external site to the external site;
      
      receiving, by the homesite, the requested element from the external site; and
      
      transmitting, by the homesite, the requested element from the external site to the membersite in response to the received request.
  - 32. The method of claim 31 wherein said receiving the request includes receiving the request from the membersite via the user.
  - 33. The method of claim 31 wherein said issuing the request for the element includes redirecting the user to the external site with the request for the element.
  - 34. The method of claim 31 wherein said receiving the requested element includes receiving the requested element from the external site via the user.
  - 35. The method of claim 31 wherein said transmitting the requested element includes transmitting the requested element via the user.

36. A system comprising:
- a processor configured to receive a first request for one or more of a plurality of sets of identity data associated with a user;
  
  a transmitter configured to transmit a second request to release from a homesite at least one of the requested plurality of sets of identity data associated with the user that would authenticate the user at a membersite;
  
  the processor further configured to select a set of the at least one of the plurality of requested sets of identity data associated with the user to release in accordance with a user preference;
  
  the processor in data communication with an anonymizer, the anonymizer configured to;
  
  receive at least a portion of identity information in the selected set of identity data;
  
  receive a user instruction to redact the identity information; and
  
  remove identifying information associated with the user based on the received user instruction; and
  
  the transmitter configured to transmit the selected set of identity data associated with the user to the membersite.

37. A non-transitory computer readable storage medium including instructions executable by a processor of a device, the instructions causing the device to:
- receive a first request for one or more of a plurality of sets of identity data associated with a user;
  
  transmit a second request to release from a homesite at least one of the requested plurality of sets of identity data associated with the user that would authenticate the user at a membersite;
  
  select a set of the at least one of the plurality of requested sets of identity data associated with the user to release in accordance with a user preference;
  
  receive at least a portion of identity information in the selected set of identity data and user instructions to anonymize the identity information;
  
  redact the identity information to remove identifying information associated with the user; and
  
  transmit the selected set of identity data associated with the user to the membersite.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Callahan Cellular LLC (Intellectual Ventures LLC)
Original Assignee
Webler Solutions LLC
Inventors
Hardt, Dick Clarence
Primary Examiner(s)
Mehedi, Morshed
Assistant Examiner(s)
LEE, JASON T

Application Number

US11/608,432
Publication Number

US 20070143860A1
Time in Patent Office

2,601 Days
Field of Search

726/28, 713/155
US Class Current

726/6
CPC Class Codes

G06F 21/6254   by anonymising data, e.g. d...

H04L 63/0421   Anonymous communication, i....

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 63/105   Multiple levels of security

Networked identity framework

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

30 Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Networked identity framework

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links