Method and apparatus for accepting a digital identity of a user based on transitive trust among parties
First Claim
Patent Images
1. A method of managing a digital identity of a user, comprising:
- providing the digital identity from a computer to a relying party, the digital identity having a self-asserted claim, wherein the user functions as a first identity provider for the digital identity;
obtaining an acceptance token from the relying party, the acceptance token purporting authenticity of the self-asserted claim according to the relying party and comprising a representation of the self-asserted claim digitally signed by the relying party using a private key of the relying party;
providing the digital identity and the acceptance token to a second party to request validation of the self-asserted claim by the second party based on the acceptance token, wherein the second party relies on the acceptance token to indicate authenticity of the self-asserted claim as verified by the relying party;
providing, as part of a digital certificate digitally signed by a certificate authority, a public key of the relying party to the second party for use in verifying the acceptance token as digitally signed by the relying party; and
receiving a managed digital identity from a second identity provider, the managed digital identity including a claim corresponding to the self-asserted claim, the managed identity purporting authenticity of the claim according to the second identity provider;
wherein the managed digital identity comprises one or more of a managed digital identity having one or more claims that have been validated by the second identity provider and a managed digital identity having one or more claims that have been validated by one or more relying parties that the second identity provider trusts.
6 Assignments
0 Petitions
Accused Products
Abstract
Method and apparatus for accepting a digital identity of a user based on transitive trust among parties are described. One aspect of the invention relates to managing a digital identity of a user. The digital identity is provided to a first party, where the digital identity includes a self-asserted claim. An acceptance token is obtained from the first party. The acceptance token purports authenticity of the self-asserted claim according to the first party. The digital identity and the acceptance token are provided to a second party to request validation of the self-asserted claim by the second party based on the acceptance token.
-
Citations
15 Claims
-
1. A method of managing a digital identity of a user, comprising:
-
providing the digital identity from a computer to a relying party, the digital identity having a self-asserted claim, wherein the user functions as a first identity provider for the digital identity; obtaining an acceptance token from the relying party, the acceptance token purporting authenticity of the self-asserted claim according to the relying party and comprising a representation of the self-asserted claim digitally signed by the relying party using a private key of the relying party; providing the digital identity and the acceptance token to a second party to request validation of the self-asserted claim by the second party based on the acceptance token, wherein the second party relies on the acceptance token to indicate authenticity of the self-asserted claim as verified by the relying party; providing, as part of a digital certificate digitally signed by a certificate authority, a public key of the relying party to the second party for use in verifying the acceptance token as digitally signed by the relying party; and receiving a managed digital identity from a second identity provider, the managed digital identity including a claim corresponding to the self-asserted claim, the managed identity purporting authenticity of the claim according to the second identity provider; wherein the managed digital identity comprises one or more of a managed digital identity having one or more claims that have been validated by the second identity provider and a managed digital identity having one or more claims that have been validated by one or more relying parties that the second identity provider trusts. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for managing a digital identity of a user comprising:
-
one or more processors communicatively coupled to a network;
wherein the one or more processors are configured to;provide the digital identity to a relying party, the digital identity having a self-asserted claim wherein the user functions as a first identity provider for the digital identity; obtain an acceptance token from the relying party, the acceptance token purporting authenticity of the self-asserted claim according to the relying party and comprising a representation of the self-asserted claim digitally signed by the relying party using a private key of the relying party; and provide the digital identity and the acceptance token to a second party to request validation of the self-asserted claim by the second party based on the acceptance token wherein the second party relies on the acceptance token to indicate authenticity of the self-asserted claim as verified by the relying party; provide, as part of a digital certificate digitally signed by a certificate authority, a public key of the relying party to the second party for use in verifying the acceptance token as digitally signed by the relying party; and receive a managed digital identity from a second identity provider, the managed digital identity including a claim corresponding to the self-asserted claim, the managed identity purporting authenticity of the claim according to the second identity provider; wherein the managed digital identity comprises one or more of a managed digital identity having one or more claims that have been validated by the second identity provider and a managed digital identity having one or more claims that have been validated by one or more relying parties that the second identity provider trusts. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method of managing a digital identity of a user, comprising:
-
providing the digital identity from a computer to a relying party, the digital identity having a self-asserted claim, wherein the user functions as a first identity provider for the digital identity; validating the self-asserted claim at the relying party; sending an acceptance token from the relying party to the computer, the acceptance token purporting authenticity of the self-asserted claim according to the relying party and comprising a representation of the self-asserted claim digitally signed by the relying party using a private key of the relying party; providing the digital identity and the acceptance token from the computer to a second party; providing, as part of a digital certificate digitally signed by a certificate authority, a public key of the relying party to the second party for use in verifying the acceptance token as digitally signed by the relying party; and validating the self-asserted claim at the second party based on the acceptance token and a transitive trust established between the relying party and the second party, wherein the second party relies on the acceptance token to indicate authenticity of the self-asserted claim as verified by the relying party; and sending a managed digital identity from a second identity provider to the computer, the managed digital identity including a claim corresponding to the self-asserted claim, the managed digital identity purporting authenticity of the claim according to the second identity provider; wherein the managed digital identity comprises one or more of a managed digital identity having one or more claims that have been validated by the second identity provider and a managed digital identity having one or more claims that have been validated by one or more relying parties that the second identity provider trusts. - View Dependent Claims (12, 13, 14, 15)
-
Specification