Proxy authentication network
First Claim
1. A system for performing a transaction, comprising:
- a first storage to store first personally identifiable information for a first subscriber, the first personally identifiable information not including a certificate, where the first storage is managed by a first party;
a second storage to store second personally identifiable information for a second subscriber, the second personally identifiable information not including a certificate;
a server storing a first credential for the first subscriber and a second credential for the second subscriber, neither the first credential nor the second credential including a certificate, where the server is managed by a second party that is different from the first party and the first credential and the second credential each have a state;
an authenticator to authenticate the first subscriber using the first credential and the second subscriber using the second credential; and
a receipt generator to generate a receipt that identifies the first subscriber and the second subscriber without providing the personally identifiable information about the first subscriber and the second subscriber.
1 Assignment
0 Petitions
Accused Products
Abstract
A Proxy Authentication Network includes a server that stores credentials for subscribers, along with combinations of devices and locations from which individual subscribers want to be authenticated. Data is stored in storage: the storage can be selected by the subscriber. The data stored in the storage, which can be personally identifiable information, can be stored in an encrypted form. The key used to encrypt such data can be divided between the storage and server. In addition, third parties can store portions of the encrypting key. Subscribers can be authenticated using their credentials from recognized device/location combinations; out-of-band authentication supports authenticating subscribers from other locations. Once authenticated, a party can request that the encrypted data be released. The portions of the key are then assembled at the storage. The storage then decrypts the data, generates a new key, and re-encrypts the data for transmission to the requester.
16 Citations
38 Claims
-
1. A system for performing a transaction, comprising:
-
a first storage to store first personally identifiable information for a first subscriber, the first personally identifiable information not including a certificate, where the first storage is managed by a first party; a second storage to store second personally identifiable information for a second subscriber, the second personally identifiable information not including a certificate; a server storing a first credential for the first subscriber and a second credential for the second subscriber, neither the first credential nor the second credential including a certificate, where the server is managed by a second party that is different from the first party and the first credential and the second credential each have a state; an authenticator to authenticate the first subscriber using the first credential and the second subscriber using the second credential; and a receipt generator to generate a receipt that identifies the first subscriber and the second subscriber without providing the personally identifiable information about the first subscriber and the second subscriber. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method for a first subscriber and a second subscriber to perform a transaction using a server, comprising:
-
registering the first subscriber; registering the second subscriber; receiving a first credential from the first subscriber, the first credential including a state and not including a certificate; receiving a second credential from the second subscriber, the second credential including a state and not including a certificate; authenticating the first subscriber using the first credential by the server; authenticating the second subscriber using the second credential by the server; and providing the first subscriber and the second subscriber with a receipt, the receipt identifying the first subscriber and the second subscriber without providing personally identifiable information about the first subscriber and the second subscriber. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. A method for releasing data stored in a storage encrypted by a key, comprising:
-
receiving a receipt of identity from a server; receiving a first portion of the key from the server; accessing a second portion of the key from the storage; assembling the key from at least the first portion and the second portion; decrypting the data; generating a new key based in part on the receipt of identity from the server and in part on other data; re-encrypting the data using the new key; transmitting the re-encrypted data to a requester; and transmitting the other data used in generating the new key to the requester. - View Dependent Claims (36, 37, 38)
-
Specification