Method and apparatus for providing identity claim validation

US 8,788,836 B1
Filed: 12/22/2006
Issued: 07/22/2014
Est. Priority Date: 12/22/2006
Status: Active Grant

First Claim

Patent Images

1. An apparatus for validating identity claims comprising:

an identification management system comprising at least one hardware processor and at least one memory coupled to the at least one hardware processor, the identification management system configured to;

receive at least one identity claim;

validate the at least one identity claim using a hash of verified identification information without using stored identification information, wherein the hash is created based at least in part on identification information supplied by a user, wherein the hash is stored in the at least one memory, and wherein the identification information supplied by the user is discarded; and

create a signed token using the hash based on the validated at least one identity claim, wherein the signed token supports multifactor authentication.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for providing claim validation without storing user information within the IDM system. During enrollment, the IDM system creates a hash representative of the identification information provided by a user. The user information is discarded, i.e., not stored within the IDM system. Only a hash representing that information is stored within the system. Upon a user providing information to a service provider, the service provider requests that the user'"'"'s information be authenticated by a third party IDS system. The service provider will request such authentication from the IDM system identified by the user. The IDM system generates, from the user'"'"'s information that was provided to the service provider, a signed token that is sent to the user for use by the user to access the service provider'"'"'s services. In this manner, the IDM system does not store identification information of the user. Yet, the IDM system provides identification validation services to any service provider requesting such services to ensure that a user is authentic.

23 Citations

View as Search Results

12 Claims

1. An apparatus for validating identity claims comprising:
- an identification management system comprising at least one hardware processor and at least one memory coupled to the at least one hardware processor, the identification management system configured to;
  
  receive at least one identity claim;
  
  validate the at least one identity claim using a hash of verified identification information without using stored identification information, wherein the hash is created based at least in part on identification information supplied by a user, wherein the hash is stored in the at least one memory, and wherein the identification information supplied by the user is discarded; and
  
  create a signed token using the hash based on the validated at least one identity claim, wherein the signed token supports multifactor authentication.
- View Dependent Claims (2, 3)
- - 2. The apparatus of claim 1 further comprising a user computer for storing the signed token.
  - 3. The apparatus of claim 2 further comprising a service provider that processes the signed token when provided by the user computer to authenticate the identity of the user computer.

4. A method of processing identification information comprising:
- encrypting, using at least one hardware processor, identification information supplied by a user;
  
  returning an encryption key and the encrypted identification information to the user;
  
  creating a hash of the encrypted identification information based at least in part on identification information supplied by the user;
  
  discarding the encrypted identification information and the identification information;
  
  storing the hash and a private encryption key in an identification management system for validating at least one identity claim using at least one of the hash and the private encryption key without using stored identification information; and
  
  creating a signed token using the hash in the event the at least one identity claim is validated, wherein the signed token supports multifactor authentication.
- View Dependent Claims (5, 6, 7, 8, 9)
- - 5. The method of claim 4 further comprising:
    - providing the identification information from a user; and
      
      verifying the veracity of the identification information prior to encrypting the identification information.
  - 6. The method of claim 4 wherein the identification information comprises a plurality of claims, and the encrypting step further comprises separately encrypting each claim in the plurality of claims.
  - 7. The method of claim 4 further comprising:
    - receiving, at the identification management system, a request from a user for a signed token as an indicia of the veracity of specific identity claims related to the identification information;
      
      sending a key to the requesting user;
      
      user decrypts encrypted identification information;
      
      user selects at least one specific claim requiring validation;
      
      user sends to the identification management system the at least one specific claim;
      
      identification management system uses the private encryption key to decrypt the at least one specific claim;
      
      identification management system computes a hash for the decrypted at least one specific claim;
      
      comparing the hash for the at least one specific claim to the stored hash; and
      
      creating the signed token if the hashes match.
  - 8. The method of claim 7 further comprising authenticating the user upon receiving the request for a signed token.
  - 9. The method of claim 7 further comprising sending the signed token to the user.

10. A system for performing a secure transaction comprising:
- a user computer coupled to a communication network;
  
  a service provider, coupled to the communications network, for providing services for the user computer through the communications network;
  
  an identification management system, coupled to the communications network, for;
  
  creating a hash based at least in part on identification information supplied via the user computer,storing the hash for the user computer in a memory of the identification management system,discarding the identification information supplied via the user computer, andpreparing a signed token based on the hash upon request of the user computer, wherein the signed token supports multifactor authentication.
- View Dependent Claims (11, 12)
- - 11. The system of claim 10 wherein the user computer stores the signed token.
  - 12. The system of claim 11 wherein the user computer provides the signed token to the service provider to enable services to be provided to the user computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Hernacki, Brian, Satish, Sourabh, Brown, Timothy G.
Primary Examiner(s)
LEE, JASON T

Application Number

US11/644,579
Time in Patent Office

2,769 Days
Field of Search

726/26, 726/28
US Class Current

713/185
CPC Class Codes

G06F 21/31   User authentication

G06F 21/6245   Protecting personal data, e...

G06F 2221/2115   Third party

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/126   the source of the received ...

Method and apparatus for providing identity claim validation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for providing identity claim validation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links