Centralized authentication system with safe private data storage and method

US 8,826,019 B2
Filed: 10/16/2012
Issued: 09/02/2014
Est. Priority Date: 02/05/2009
Status: Active Grant

First Claim

Patent Images

1. An authentication and data retrieval method for providing access to a service provider to user information associated with a user'"'"'s relationship with the service provider, comprising the steps of:

authenticating using a user token a user presenting the user token at a user terminal, the user token having stored thereon a user ID;

deriving a resource identifier using at least two data input elements, the at least two data input elements including the user ID of the user and a service provider ID of the service provider, wherein the user information is stored in a storage network and the resource identifier is associated with the user information;

retrieving the user information from the storage network using the resource identifier; and

providing the retrieved user information to the service provider.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A token-based centralized authentication method for providing access to a service provider to user information associated with a user'"'"'s relationship with the service provider includes the steps of: authenticating a user presenting a user token at a user terminal, the user token having stored thereon a user ID; deriving a resource identifier using at least two data input elements, the at least two data input elements including the user ID of the user and a service provider ID of the service provider, wherein the user information is stored in a storage network and the resource identifier is associated with the user information; retrieving the user information from the storage network using the resource identifier; and providing the retrieved user information to the service provider.

Citations

34 Claims

1. An authentication and data retrieval method for providing access to a service provider to user information associated with a user'"'"'s relationship with the service provider, comprising the steps of:
- authenticating using a user token a user presenting the user token at a user terminal, the user token having stored thereon a user ID;
  
  deriving a resource identifier using at least two data input elements, the at least two data input elements including the user ID of the user and a service provider ID of the service provider, wherein the user information is stored in a storage network and the resource identifier is associated with the user information;
  
  retrieving the user information from the storage network using the resource identifier; and
  
  providing the retrieved user information to the service provider.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the storage network is a dispersed storage network comprising a plurality of storage nodes, wherein the user information is stored in the storage network in accordance with an information dispersal algorithm (IDA).
  - 3. The method of claim 2, wherein the storage network has stored therein for each user token a data container including a status of the user token and one or more encryption keys specific to the user token.
  - 4. The method of claim 2, further comprising the steps of deriving a second resource identifier using at least an ID specific to the user token and a second data element that is not specific to the user token, and retrieving the data container using the second resource identifier.
  - 5. The method of claim 2, wherein the user information retrieving step includes the step of reconstructing the user information from the plurality of storage nodes, wherein the reconstructed user information is provided to the service provider.
  - 6. The method of claim 1, wherein the deriving step includes the step of deriving the resource identifier using a one way function.
  - 7. The method of claim 1, wherein the user ID and service provider ID are separately received by an authentication system in communication with the storage network, wherein the authentication system performs the step of deriving the resource identifier using the user ID and service provider ID.
  - 8. The method of claim 1, wherein the resource identifier deriving step is performed by the token, the method further comprising the steps of:
    - receiving at an authentication system the resource identifier from the user terminal; and
      
      using the received resource identifier in performing the retrieving step.
  - 9. The method of claim 8, further comprising the steps of:
    - issuing from the authentication system a temporary transaction identifier to the service provider agent, the temporary transaction identifier being associated with an access or authentication request; and
      
      thereafter receiving the temporary transaction identifier at the authentication system from the user terminal.
  - 10. The method of claim 9, further comprising the step of the service provider agent forwarding the temporary transaction identifier to the user terminal, wherein the token performs the resource identifier deriving step after receiving the temporary transaction identifier.
  - 11. The method of claim 1, further comprising the steps of:
    - issuing from an authentication system a temporary transaction identifier to a service provider agent, the temporary transaction identifier being associated with an access or authentication request, the temporary transaction identifier including a name identifier associated with the service provider;
      
      transmitting the temporary transaction identifier to the user terminal from the service provider agent for display of the name identifier to the user using the token;
      
      receiving a consent indication from the user;
      
      after receipt of the consent indication, receiving the temporary transaction identifier from the user terminal; and
      
      performing the resource identifier deriving step after receiving the temporary transaction identifier at the authentication system.
  - 12. The method of claim 1, wherein the storage network stores a plurality of separate sets of user information associated with the user, each set being associated with a respective user/service provider pair, wherein each set of user information is retrievable using a respective resource identifier derived using the user ID and a respective service provider ID.
  - 13. The method of claim 1, wherein the user token is a hardware token.
  - 14. The method of claim 1, further comprising the step of, after providing the retrieved user information to the service provider, receiving a set of user data for the user from the service provider for storage in the storage network in association with the resource identifier, wherein the storage network serves as the service provider'"'"'s storage of the received user data.
  - 15. The method of claim 1, wherein the user data is all or part of the user'"'"'s customer profile with the service provider.
  - 16. The method of claim 1, wherein the step of deriving the resource identifier includes the steps of:
    - combining the user ID and service provider ID to provide a data element; and
      
      encrypting the data element with a public key of a public/private key encryption pair.

17. A method of providing secure data storage and access to stored data, comprising the steps of:
- receiving user information;
  
  storing the user information in a dispersed storage network comprising a plurality of storage nodes in accordance with an information dispersal algorithm (IDA); and
  
  associating the user information with a resource identifier for use in retrieving the user information from the dispersed storage network;
  
  receiving the resource identifier and retrieving the user information from the dispersed storage network using the resource identifier, wherein the resource identifier is derived from an output of a one way function using at least two data input elements,wherein the at least two data input elements comprise a user ID and a service provider ID.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The method of claim 17, wherein the user information retrieving step includes the step of reconstructing the user information from the plurality of storage nodes.
  - 19. The method of claim 17, wherein the user information is associated with a user'"'"'s relationship with a service provider, the method further comprising the step of providing the retrieved user information to the service provider.
  - 20. The method of claim 19, further comprising the steps of:
    - receiving the user ID and the service provider ID at an authentication system; and
      
      deriving the resource identifier with the authentication system.
  - 21. The method of claim 19, further comprising the steps of:
    - receiving the resource identifier at an authentication system from a user terminal.
  - 22. The method of claim 21, further comprising the steps of:
    - receiving a service provider ID at the user terminal;
      
      deriving the resource identifier with a token in communication with the user terminal; and
      
      transmitting the resource identifier from the user terminal to the authentication system.
  - 23. The method of claim 17, further comprising the steps of:
    - issuing, from an authentication system and to one of a user terminal and a service provider agent, a temporary transaction identifier, the temporary transaction identifier being associated with an access or authentication request; and
      
      receiving the temporary transaction identifier from the other of the user terminal and the service provider agent.

24. An authentication and data storage management system for use in a token-based authentication and data retrieval system for providing access to a service provider to user information associated with a user'"'"'s relationship with the service provider, the authentication and data storage management system configured to communicate with a service provider agent and a user terminal, the authentication and data storage management system comprising:
- a user front end, the user front end configured to communicate with a user token through the user terminal for authenticating a user, the user token having stored thereon a user ID;
  
  a service provider front end, the service provider front end configured to communicate with the service provider agent for authenticating a service provider; and
  
  a data storage management engine in communication with the user front end, the service provider front end and a storage network having stored therein the user information, the data storage management engine configured to receive a resource identifier and retrieve the user information from the storage network using the resource identifier and provide the retrieved user information for communication to the service provider agent,wherein the resource identifier is derived using a function having at least two data input elements, the at least two data input elements including the user ID and a service provider ID of the service provider.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. The system of claim 24,wherein the storage network is a dispersed storage network comprising a plurality of storage nodes, wherein the user information is stored in the storage network in accordance with an information dispersal algorithm (IDA),wherein the data storage management engine includes a data collector configured to retrieve and reconstruct the user information from the plurality of storage nodes, wherein the reconstructed user information is provided to the service provider.
  - 26. The system of claim 24, wherein the data storage management engine is configured to derive the resource identifier using a one way function.
  - 27. The system of claim 24,wherein the user front end is configured to issue a temporary transaction identifier to the user terminal, the temporary transaction identifier being associated with an access or authentication request, and the service provider front end is configured to receive the temporary transaction identifier from the service provide agent and authenticate the service provider after receipt of the temporary transaction identifier, orwherein the service provider front end is configured to issue the temporary transaction identifier to the service provider agent, and the user front end is configured to receive the temporary transaction identifier from the user terminal and authenticate the user after receipt of the temporary transaction identifier.
  - 28. The system of claim 26, wherein the data storage management engine is configured to receive the resource identifier from the user terminal.
  - 29. The system of claim 24, wherein the storage network stores a plurality of separate sets of user information associated with the user, each set being associated with a respective user/service provider pair, wherein each set of user information is retrievable using a respective resource identifier derived using the user ID and a respective service provider ID.
  - 30. The system of claim 24, wherein the function combines the at least two data input elements into a data element and encrypts the data element with a public key of a public/private key encryption pair.

31. A system for providing secure data storage and access to stored data, comprising:
- a dispersed storage network comprising a plurality of storage nodes; and
  
  a data storage management system configured to receive user information and store the user information in the dispersed storage network in accordance with an information dispersal algorithm (IDA), wherein the user information is associated with a resource identifier for use in retrieving the user information from the dispersed storage network and wherein the resource identifier is derived from an output of a one way function using at least two data input elements, wherein the data storage management system includes a data collector for retrieving the user information from the dispersed storage network using the resource identifier by reconstructing the user information from the plurality of storage nodes,wherein the at least two data input elements comprise a user ID and a service provider ID.
- View Dependent Claims (32, 33, 34)
- - 32. The system of claim 31, wherein the user information is associated with a user'"'"'s relationship with a service provider, wherein the data storage management system is further configured to provide the retrieved user information for communication to a service provider agent.
  - 33. The system of claim 32, wherein the data storage management system is further configured to receive the user ID and the service provider ID and derive the resource identifier with the authentication system.
  - 34. The system of claim 33, wherein the data storage management system includes an authentication system configured to issue to one of a user terminal and a service provider agent a temporary transaction identifier, the temporary transaction identifier being associated with an access or authentication request, and receive the temporary transaction identifier from the other of the user terminal and the service provider agent.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
WwPass Corp.
Original Assignee
WwPass Corp.
Inventors
Shablygin, Eugene, Vysogorets, Mikhail
Primary Examiner(s)
Yalew, Fikremariam A

Application Number

US13/652,778
Publication Number

US 20130042110A1
Time in Patent Office

686 Days
Field of Search

None
US Class Current

713/168
CPC Class Codes

G06F 21/34 involving the use of extern...

Centralized authentication system with safe private data storage and method

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Centralized authentication system with safe private data storage and method

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links