Method and apparatus for providing identity claim validation
First Claim
1. An apparatus for validating identity claims comprising:
- an identification management system comprising at least one hardware processor and at least one memory coupled to the at least one hardware processor, the identification management system configured to;
receive at least one identity claim;
validate the at least one identity claim using a hash of verified identification information without using stored identification information, wherein the hash is created based at least in part on identification information supplied by a user, wherein the hash is stored in the at least one memory, and wherein the identification information supplied by the user is discarded; and
create a signed token using the hash based on the validated at least one identity claim, wherein the signed token supports multifactor authentication.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for providing claim validation without storing user information within the IDM system. During enrollment, the IDM system creates a hash representative of the identification information provided by a user. The user information is discarded, i.e., not stored within the IDM system. Only a hash representing that information is stored within the system. Upon a user providing information to a service provider, the service provider requests that the user'"'"'s information be authenticated by a third party IDS system. The service provider will request such authentication from the IDM system identified by the user. The IDM system generates, from the user'"'"'s information that was provided to the service provider, a signed token that is sent to the user for use by the user to access the service provider'"'"'s services. In this manner, the IDM system does not store identification information of the user. Yet, the IDM system provides identification validation services to any service provider requesting such services to ensure that a user is authentic.
-
Citations
12 Claims
-
1. An apparatus for validating identity claims comprising:
an identification management system comprising at least one hardware processor and at least one memory coupled to the at least one hardware processor, the identification management system configured to; receive at least one identity claim; validate the at least one identity claim using a hash of verified identification information without using stored identification information, wherein the hash is created based at least in part on identification information supplied by a user, wherein the hash is stored in the at least one memory, and wherein the identification information supplied by the user is discarded; and create a signed token using the hash based on the validated at least one identity claim, wherein the signed token supports multifactor authentication. - View Dependent Claims (2, 3)
-
4. A method of processing identification information comprising:
-
encrypting, using at least one hardware processor, identification information supplied by a user; returning an encryption key and the encrypted identification information to the user; creating a hash of the encrypted identification information based at least in part on identification information supplied by the user; discarding the encrypted identification information and the identification information; storing the hash and a private encryption key in an identification management system for validating at least one identity claim using at least one of the hash and the private encryption key without using stored identification information; and creating a signed token using the hash in the event the at least one identity claim is validated, wherein the signed token supports multifactor authentication. - View Dependent Claims (5, 6, 7, 8, 9)
-
-
10. A system for performing a secure transaction comprising:
-
a user computer coupled to a communication network; a service provider, coupled to the communications network, for providing services for the user computer through the communications network; an identification management system, coupled to the communications network, for; creating a hash based at least in part on identification information supplied via the user computer, storing the hash for the user computer in a memory of the identification management system, discarding the identification information supplied via the user computer, and preparing a signed token based on the hash upon request of the user computer, wherein the signed token supports multifactor authentication. - View Dependent Claims (11, 12)
-
Specification