Method and apparatus for accepting a digital identity of a user based on transitive trust among parties

US 8,881,253 B2
Filed: 03/28/2007
Issued: 11/04/2014
Est. Priority Date: 03/28/2007
Status: Active Grant

First Claim

Patent Images

1. A method of managing a digital identity of a user, comprising:

providing the digital identity from a computer to a relying party, the digital identity having a self-asserted claim, wherein the user functions as a first identity provider for the digital identity;

obtaining an acceptance token from the relying party, the acceptance token purporting authenticity of the self-asserted claim according to the relying party and comprising a representation of the self-asserted claim digitally signed by the relying party using a private key of the relying party;

providing the digital identity and the acceptance token to a second party to request validation of the self-asserted claim by the second party based on the acceptance token, wherein the second party relies on the acceptance token to indicate authenticity of the self-asserted claim as verified by the relying party;

providing, as part of a digital certificate digitally signed by a certificate authority, a public key of the relying party to the second party for use in verifying the acceptance token as digitally signed by the relying party; and

receiving a managed digital identity from a second identity provider, the managed digital identity including a claim corresponding to the self-asserted claim, the managed identity purporting authenticity of the claim according to the second identity provider;

wherein the managed digital identity comprises one or more of a managed digital identity having one or more claims that have been validated by the second identity provider and a managed digital identity having one or more claims that have been validated by one or more relying parties that the second identity provider trusts.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method and apparatus for accepting a digital identity of a user based on transitive trust among parties are described. One aspect of the invention relates to managing a digital identity of a user. The digital identity is provided to a first party, where the digital identity includes a self-asserted claim. An acceptance token is obtained from the first party. The acceptance token purports authenticity of the self-asserted claim according to the first party. The digital identity and the acceptance token are provided to a second party to request validation of the self-asserted claim by the second party based on the acceptance token.

Citations

15 Claims

1. A method of managing a digital identity of a user, comprising:
- providing the digital identity from a computer to a relying party, the digital identity having a self-asserted claim, wherein the user functions as a first identity provider for the digital identity;
  
  obtaining an acceptance token from the relying party, the acceptance token purporting authenticity of the self-asserted claim according to the relying party and comprising a representation of the self-asserted claim digitally signed by the relying party using a private key of the relying party;
  
  providing the digital identity and the acceptance token to a second party to request validation of the self-asserted claim by the second party based on the acceptance token, wherein the second party relies on the acceptance token to indicate authenticity of the self-asserted claim as verified by the relying party;
  
  providing, as part of a digital certificate digitally signed by a certificate authority, a public key of the relying party to the second party for use in verifying the acceptance token as digitally signed by the relying party; and
  
  receiving a managed digital identity from a second identity provider, the managed digital identity including a claim corresponding to the self-asserted claim, the managed identity purporting authenticity of the claim according to the second identity provider;
  
  wherein the managed digital identity comprises one or more of a managed digital identity having one or more claims that have been validated by the second identity provider and a managed digital identity having one or more claims that have been validated by one or more relying parties that the second identity provider trusts.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising:
    - augmenting the digital identity to include the acceptance token as an optional claim therein.
  - 3. The method of claim 1, wherein the acceptance token includes information indicative of a time period over which authenticity of the self-asserted claim has been maintained by the relying party.
  - 4. The method of claim 1, wherein the second party is the second identity provider.
  - 5. The method of claim 1, wherein the identity of the relying party is not included in the managed digital identity.

6. A system for managing a digital identity of a user comprising:
- one or more processors communicatively coupled to a network;
  
  wherein the one or more processors are configured to;
  
  provide the digital identity to a relying party, the digital identity having a self-asserted claim wherein the user functions as a first identity provider for the digital identity;
  
  obtain an acceptance token from the relying party, the acceptance token purporting authenticity of the self-asserted claim according to the relying party and comprising a representation of the self-asserted claim digitally signed by the relying party using a private key of the relying party; and
  
  provide the digital identity and the acceptance token to a second party to request validation of the self-asserted claim by the second party based on the acceptance token wherein the second party relies on the acceptance token to indicate authenticity of the self-asserted claim as verified by the relying party;
  
  provide, as part of a digital certificate digitally signed by a certificate authority, a public key of the relying party to the second party for use in verifying the acceptance token as digitally signed by the relying party; and
  
  receive a managed digital identity from a second identity provider, the managed digital identity including a claim corresponding to the self-asserted claim, the managed identity purporting authenticity of the claim according to the second identity provider;
  
  wherein the managed digital identity comprises one or more of a managed digital identity having one or more claims that have been validated by the second identity provider and a managed digital identity having one or more claims that have been validated by one or more relying parties that the second identity provider trusts.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system of claim 6, wherein the one or more processors are further configured to:
    - augment the digital identity to include the acceptance token as an optional claim therein.
  - 8. The system of claim 6, wherein the acceptance token includes information indicative of a time period over which authenticity of the self-asserted claim has been maintained by the relying party.
  - 9. The system of claim 6, wherein the second party is the second identity provider.
  - 10. The system of claim 6, wherein the identity of the relying party is not included in the managed digital identity.

11. A method of managing a digital identity of a user, comprising:
- providing the digital identity from a computer to a relying party, the digital identity having a self-asserted claim, wherein the user functions as a first identity provider for the digital identity;
  
  validating the self-asserted claim at the relying party;
  
  sending an acceptance token from the relying party to the computer, the acceptance token purporting authenticity of the self-asserted claim according to the relying party and comprising a representation of the self-asserted claim digitally signed by the relying party using a private key of the relying party;
  
  providing the digital identity and the acceptance token from the computer to a second party;
  
  providing, as part of a digital certificate digitally signed by a certificate authority, a public key of the relying party to the second party for use in verifying the acceptance token as digitally signed by the relying party; and
  
  validating the self-asserted claim at the second party based on the acceptance token and a transitive trust established between the relying party and the second party, wherein the second party relies on the acceptance token to indicate authenticity of the self-asserted claim as verified by the relying party; and
  
  sending a managed digital identity from a second identity provider to the computer, the managed digital identity including a claim corresponding to the self-asserted claim, the managed digital identity purporting authenticity of the claim according to the second identity provider;
  
  wherein the managed digital identity comprises one or more of a managed digital identity having one or more claims that have been validated by the second identity provider and a managed digital identity having one or more claims that have been validated by one or more relying parties that the second identity provider trusts.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, further comprising:
    - augmenting the digital identity to include the acceptance token as an optional claim therein.
  - 13. The method of claim 11, wherein the acceptance token includes information indicative of a time period over which authenticity of the self-asserted claim has been maintained by the relying party.
  - 14. The method of claim 11, wherein the second party is the second identity provider.
  - 15. The method of claim 11, wherein the identity of the relying party is not included in the managed digital identity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gen Digital Inc.
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Satish, Sourabh, Hernacki, Brian
Primary Examiner(s)
Bali, Vikkram
Assistant Examiner(s)
Mangialaschi, Tracy

Application Number

US11/729,381
Publication Number

US 20080244722A1
Time in Patent Office

2,778 Days
Field of Search

713/185, 726/9
US Class Current

726/9
CPC Class Codes

G06F 21/33 using certificates

H04L 63/0823 using certificates cryptogr...

Method and apparatus for accepting a digital identity of a user based on transitive trust among parties

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for accepting a digital identity of a user based on transitive trust among parties

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links