Methods and systems for secure identity management
First Claim
1. A method for authenticating a virtual identity with a resource accessible through a computer network, the method comprising:
- registering the virtual identity with the resource by;
sending, from an access device to the resource, a first access device key that is specific to the resource; and
sending, from the access device to the resource, a first identity repository key that is specific to the resource; and
authenticating a use of the virtual identity with the resource by;
sending, from the access device to the resource, a request to access the resource using the virtual identity;
accessing, by the access device, a resource challenge that is acceptable to the resource;
sending, from the access device to an identity repository, the resource challenge;
receiving, by the access device and from the identity repository, a first signed resource challenge that is signed by the identity repository using a second identity repository key that is paired with the first identity repository key;
signing, by the access device, the resource challenge to generate a second signed resource challenge that is signed by the access device using a second access device key that is paired with the first access device key;
sending, from the access device to the resource, the first signed resource challenge and the second signed resource challenge, wherein the resource authenticates the virtual identity using the first signed resource challenge, first access device key, the second signed resource challenge, and the first identity repository key; and
receiving, by the access device and from the resource, an authentication result in response to a verification of the first signed resource challenge and the second signed resource challenge by the resource.
6 Assignments
0 Petitions
Accused Products
Abstract
A method for authorizing a virtual identity using an access device may include sending, from an access device, a request to a resource through a network. The method may also include accessing a resource challenge that is acceptable to the resource and sending the resource challenge to an identity repository. The method may additionally include receiving, from the identity repository, a first signed resource challenge and signing the resource challenge to generate a second signed resource challenge. The method may further include sending an authorization for the virtual identity to the resource through the network. The authorization may include the first signed resource challenge and the second signed resource challenge.
-
Citations
24 Claims
-
1. A method for authenticating a virtual identity with a resource accessible through a computer network, the method comprising:
-
registering the virtual identity with the resource by; sending, from an access device to the resource, a first access device key that is specific to the resource; and sending, from the access device to the resource, a first identity repository key that is specific to the resource; and authenticating a use of the virtual identity with the resource by; sending, from the access device to the resource, a request to access the resource using the virtual identity; accessing, by the access device, a resource challenge that is acceptable to the resource; sending, from the access device to an identity repository, the resource challenge; receiving, by the access device and from the identity repository, a first signed resource challenge that is signed by the identity repository using a second identity repository key that is paired with the first identity repository key; signing, by the access device, the resource challenge to generate a second signed resource challenge that is signed by the access device using a second access device key that is paired with the first access device key; sending, from the access device to the resource, the first signed resource challenge and the second signed resource challenge, wherein the resource authenticates the virtual identity using the first signed resource challenge, first access device key, the second signed resource challenge, and the first identity repository key; and receiving, by the access device and from the resource, an authentication result in response to a verification of the first signed resource challenge and the second signed resource challenge by the resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory, computer-readable medium comprising instructions that, when executed by one or more hardware processors, cause the one or more hardware processors to perform operations comprising:
-
registering a virtual identity with a resource by; sending, from an access device to the resource, a first access device key that is specific to the resource; and sending, from the access device to the resource, a first identity repository key that is specific to the resource; and authenticating a use of the virtual identity with the resource by; sending, from the access device to the resource, a request to access the resource using the virtual identity; accessing, by the access device, a resource challenge that is acceptable to the resource; sending, from the access device to an identity repository, the resource challenge; receiving, by the access device and from the identity repository, a first signed resource challenge that is signed by the identity repository using a second identity repository key that is paired with the first identity repository key; signing, by the access device, the resource challenge to generate a second signed resource challenge that is signed by the access device using a second access device key that is paired with the first access device key; sending, from the access device to the resource, the first signed resource challenge and the second signed resource challenge, wherein the resource authenticates the virtual identity using the first signed resource challenge, first access device key, the second signed resource challenge, and the first identity repository key; and receiving, by the access device and from the resource, an authentication result in response to a verification of the first signed resource challenge and the second signed resource challenge by the resource. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An access device comprising:
-
one or more hardware processors; and one or more memory devices comprising instructions that, when executed by the one or more hardware processors, cause the one or more hardware processors to perform operations comprising; registering a virtual identity with a resource by; sending, from the access device to the resource, a first access device key that is specific to the resource; and sending, from the access device to the resource, a first identity repository key that is specific to the resource; and authenticating a use of the virtual identity with the resource by; sending, from the access device to the resource, a request to access the resource using the virtual identity; accessing, by the access device, a resource challenge that is acceptable to the resource; sending, from the access device to an identity repository, the resource challenge; receiving, by the access device and from the identity repository, a first signed resource challenge that is signed by the identity repository using a second identity repository key that is paired with the first identity repository key; signing, by the access device, the resource challenge to generate a second signed resource challenge that is signed by the access device using a second access device key that is paired with the first access device key; sending, from the access device to the resource, the first signed resource challenge and the second signed resource challenge, wherein the resource authenticates the virtual identity using the first signed resource challenge, first access device key, the second signed resource challenge, and the first identity repository key; and receiving, by the access device and from the resource, an authentication result in response to a verification of the first signed resource challenge and the second signed resource challenge by the resource. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification