Credential management
First Claim
1. A method, performed by a credential management system, comprising:
- receiving a registration request from a mobile device to create a credential management account for a user associated with the mobile device, the registration request including a unique identifier for the mobile device and a unique identifier for the user associated with the mobile device;
generating a public key for the user and a paired private key for the credential management account for the user;
storing, by the credential management system, the public key and the private key for the credential management account;
transmitting a certificate signing request to a certificate authority system, the certificate signing request comprising the public key, the unique identifier for the mobile device, and the unique identifier for the user associated with the mobile device;
receiving a digital certificate from the certificate authority system, the digital certificate comprising the public key and the unique identifier for the user;
receiving, from the mobile device by the credential management system, the public key and the private key, a request to retrieve a credential for the user from a credential issuing organization system, the credential issuing organization system being different from the certificate authority system;
in response to receiving the request to retrieve the credential for the user from the credential issuing organization system, transmitting a request for the credential for the user to the credential issuing organization system, the credential providing access to a physical location, the request for the credential for the user comprising the digital certificate;
receiving, from the credential issuing organization system, a token identifying the credential, the token encrypted using the public key for the user;
in response to receiving the encrypted token from the credential issuing organization system, decrypting the encrypted token using the private key for the user to yield decrypted data and transmitting the decrypted token to the credential issuing organization system;
receiving data for the credential for the user from the credential issuing organization system; and
transmitting data encoding a portion of a badge representing the credential for the user to the mobile device, wherein the badge is a graphical representation of the requested credential which is read by a sensor.
2 Assignments
0 Petitions
Accused Products
Abstract
In general, one aspect of the subject matter described in this specification can be embodied in methods that include receiving a registration request from a mobile device to create a credential management account for a user associated with the mobile device; generating a public key and a paired private key associated with the credential management account; transmitting a certificate signing request to a certificate authority system; receiving a digital certificate from the certificate authority system; receiving a request to retrieve a credential for the user from a credential issuing organization; transmitting a request for the credential for the user to the credential issuing organization system; receiving, from the credential issuing organization; transmitting the decrypted data to the credential issuing organization; receiving data for the credential for the user from the credential issuing organization system; and transmitting data encoding a portion of a badge representing the credential.
47 Citations
9 Claims
-
1. A method, performed by a credential management system, comprising:
-
receiving a registration request from a mobile device to create a credential management account for a user associated with the mobile device, the registration request including a unique identifier for the mobile device and a unique identifier for the user associated with the mobile device; generating a public key for the user and a paired private key for the credential management account for the user; storing, by the credential management system, the public key and the private key for the credential management account; transmitting a certificate signing request to a certificate authority system, the certificate signing request comprising the public key, the unique identifier for the mobile device, and the unique identifier for the user associated with the mobile device; receiving a digital certificate from the certificate authority system, the digital certificate comprising the public key and the unique identifier for the user; receiving, from the mobile device by the credential management system, the public key and the private key, a request to retrieve a credential for the user from a credential issuing organization system, the credential issuing organization system being different from the certificate authority system; in response to receiving the request to retrieve the credential for the user from the credential issuing organization system, transmitting a request for the credential for the user to the credential issuing organization system, the credential providing access to a physical location, the request for the credential for the user comprising the digital certificate; receiving, from the credential issuing organization system, a token identifying the credential, the token encrypted using the public key for the user; in response to receiving the encrypted token from the credential issuing organization system, decrypting the encrypted token using the private key for the user to yield decrypted data and transmitting the decrypted token to the credential issuing organization system; receiving data for the credential for the user from the credential issuing organization system; and transmitting data encoding a portion of a badge representing the credential for the user to the mobile device, wherein the badge is a graphical representation of the requested credential which is read by a sensor. - View Dependent Claims (2, 3)
-
-
4. One or more machine-readable media configured to store instructions that are executable by a credential management system comprising one or more processing devices to perform operations comprising:
-
receiving a registration request from a mobile device to create a credential management account for a user associated with the mobile device, the registration request including a unique identifier for the mobile device and a unique identifier for the user associated with the mobile device; generating a public key and a paired private key associated with the credential management account; storing, by the credential management system, the public key and the private key for the credential management account; transmitting a certificate signing request to a certificate authority system, the certificate signing request comprising the public key, the unique identifier for the mobile device, and the unique identifier for the user associated with the mobile device; receiving a digital certificate from the certificate authority system, the digital certificate comprising the public key and the unique identifier for the user; receiving, from the mobile device, a request to retrieve a credential for the user from a credential issuing organization system, the credential providing access to a physical location, the credential issuing organization system being different from the certificate authority system; in response to receiving the request to retrieve the credential for the user from the credential issuing organization system, transmitting a request for the credential for the user to the credential issuing organization system, the request for the credential for the user comprising the digital certificate; receiving, from the credential issuing organization system, a token identifying the credential, the token encrypted using the public key for the user; in response to receiving encrypted token from the credential issuing organization system, decrypting the encrypted token using the private key for the user to yield decrypted data and transmitting the decrypted token to the credential issuing organization system; receiving data for the credential for the user from the credential issuing organization system; and transmitting data encoding a portion of a badge representing the credential for the user to the mobile device, wherein the badge is a graphical representation of the requested credential which is read by a sensor. - View Dependent Claims (5, 6)
-
-
7. A credential management system comprising:
-
one or more processing devices; and one or more machine-readable media configured to store instructions that are executable by the one or more processing devices to perform operations comprising; receiving a registration request from a mobile device to create a credential management account for a user associated with the mobile device, the registration request including a unique identifier for the mobile device and a unique identifier for the user associated with the mobile device; generating a public key and a paired private key associated with the credential management account; storing, by the credential management system, the public key and the private key for the credential management account; transmitting a certificate signing request to a certificate authority system, the certificate signing request comprising the public key, the unique identifier for the mobile device, and the unique identifier for the user associated with the mobile device; receiving a digital certificate from the certificate authority system, the digital certificate comprising the public key and the unique identifier for the user; receiving, from the mobile device, a request to retrieve a credential for the user from a credential issuing organization system, the credential providing access to a physical location, the credential issuing organization system being different from the certificate authority system; in response to receiving the request to retrieve the credential for the user from the credential issuing organization system, transmitting a request for the credential for the user to the credential issuing organization system, the request for the credential for the user comprising the digital certificate; receiving, from the credential issuing organization system, a token identifying the credential, the token encrypted using the public key for the user; in response to receiving encrypted token from the credential issuing organization system, decrypting the encrypted token using the private key for the user to yield decrypted data and transmitting the decrypted token to the credential issuing organization system; receiving data for the credential for the user from the credential issuing organization system; and transmitting data encoding a portion of a badge representing the credential for the user to the mobile device, wherein the badge is a graphical representation of the requested credential which is read by a sensor. - View Dependent Claims (8, 9)
-
Specification