Credential management

US 9,397,980 B1
Filed: 04/01/2013
Issued: 07/19/2016
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method, performed by a credential management system, comprising:

receiving a registration request from a mobile device to create a credential management account for a user associated with the mobile device, the registration request including a unique identifier for the mobile device and a unique identifier for the user associated with the mobile device;

generating a public key for the user and a paired private key for the credential management account for the user;

storing, by the credential management system, the public key and the private key for the credential management account;

transmitting a certificate signing request to a certificate authority system, the certificate signing request comprising the public key, the unique identifier for the mobile device, and the unique identifier for the user associated with the mobile device;

receiving a digital certificate from the certificate authority system, the digital certificate comprising the public key and the unique identifier for the user;

receiving, from the mobile device by the credential management system, the public key and the private key, a request to retrieve a credential for the user from a credential issuing organization system, the credential issuing organization system being different from the certificate authority system;

in response to receiving the request to retrieve the credential for the user from the credential issuing organization system, transmitting a request for the credential for the user to the credential issuing organization system, the credential providing access to a physical location, the request for the credential for the user comprising the digital certificate;

receiving, from the credential issuing organization system, a token identifying the credential, the token encrypted using the public key for the user;

in response to receiving the encrypted token from the credential issuing organization system, decrypting the encrypted token using the private key for the user to yield decrypted data and transmitting the decrypted token to the credential issuing organization system;

receiving data for the credential for the user from the credential issuing organization system; and

transmitting data encoding a portion of a badge representing the credential for the user to the mobile device, wherein the badge is a graphical representation of the requested credential which is read by a sensor.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In general, one aspect of the subject matter described in this specification can be embodied in methods that include receiving a registration request from a mobile device to create a credential management account for a user associated with the mobile device; generating a public key and a paired private key associated with the credential management account; transmitting a certificate signing request to a certificate authority system; receiving a digital certificate from the certificate authority system; receiving a request to retrieve a credential for the user from a credential issuing organization; transmitting a request for the credential for the user to the credential issuing organization system; receiving, from the credential issuing organization; transmitting the decrypted data to the credential issuing organization; receiving data for the credential for the user from the credential issuing organization system; and transmitting data encoding a portion of a badge representing the credential.

47 Citations

View as Search Results

9 Claims

1. A method, performed by a credential management system, comprising:
- receiving a registration request from a mobile device to create a credential management account for a user associated with the mobile device, the registration request including a unique identifier for the mobile device and a unique identifier for the user associated with the mobile device;
  
  generating a public key for the user and a paired private key for the credential management account for the user;
  
  storing, by the credential management system, the public key and the private key for the credential management account;
  
  transmitting a certificate signing request to a certificate authority system, the certificate signing request comprising the public key, the unique identifier for the mobile device, and the unique identifier for the user associated with the mobile device;
  
  receiving a digital certificate from the certificate authority system, the digital certificate comprising the public key and the unique identifier for the user;
  
  receiving, from the mobile device by the credential management system, the public key and the private key, a request to retrieve a credential for the user from a credential issuing organization system, the credential issuing organization system being different from the certificate authority system;
  
  in response to receiving the request to retrieve the credential for the user from the credential issuing organization system, transmitting a request for the credential for the user to the credential issuing organization system, the credential providing access to a physical location, the request for the credential for the user comprising the digital certificate;
  
  receiving, from the credential issuing organization system, a token identifying the credential, the token encrypted using the public key for the user;
  
  in response to receiving the encrypted token from the credential issuing organization system, decrypting the encrypted token using the private key for the user to yield decrypted data and transmitting the decrypted token to the credential issuing organization system;
  
  receiving data for the credential for the user from the credential issuing organization system; and
  
  transmitting data encoding a portion of a badge representing the credential for the user to the mobile device, wherein the badge is a graphical representation of the requested credential which is read by a sensor.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, further comprising:
    - storing the data for the credential in a record associated with the credential management account.
  - 3. The method of claim 1, further comprising:
    - receiving data for a second credential from the credential issuing organization system;
      
      storing the data for the second credential in a record associated with the credential management account; and
      
      transmitting data encoding a portion of a badge representing the second credential to the mobile device.

4. One or more machine-readable media configured to store instructions that are executable by a credential management system comprising one or more processing devices to perform operations comprising:
- receiving a registration request from a mobile device to create a credential management account for a user associated with the mobile device, the registration request including a unique identifier for the mobile device and a unique identifier for the user associated with the mobile device;
  
  generating a public key and a paired private key associated with the credential management account;
  
  storing, by the credential management system, the public key and the private key for the credential management account;
  
  transmitting a certificate signing request to a certificate authority system, the certificate signing request comprising the public key, the unique identifier for the mobile device, and the unique identifier for the user associated with the mobile device;
  
  receiving a digital certificate from the certificate authority system, the digital certificate comprising the public key and the unique identifier for the user;
  
  receiving, from the mobile device, a request to retrieve a credential for the user from a credential issuing organization system, the credential providing access to a physical location, the credential issuing organization system being different from the certificate authority system;
  
  in response to receiving the request to retrieve the credential for the user from the credential issuing organization system, transmitting a request for the credential for the user to the credential issuing organization system, the request for the credential for the user comprising the digital certificate;
  
  receiving, from the credential issuing organization system, a token identifying the credential, the token encrypted using the public key for the user;
  
  in response to receiving encrypted token from the credential issuing organization system, decrypting the encrypted token using the private key for the user to yield decrypted data and transmitting the decrypted token to the credential issuing organization system;
  
  receiving data for the credential for the user from the credential issuing organization system; and
  
  transmitting data encoding a portion of a badge representing the credential for the user to the mobile device, wherein the badge is a graphical representation of the requested credential which is read by a sensor.
- View Dependent Claims (5, 6)
- - 5. The one or more machine-readable media of claim 4, wherein the operations further comprise:
    - storing the data for the credential in a record associated with the credential management account.
  - 6. The one or more machine-readable media of claim 4, wherein the operations further comprise:
    - receiving data for a second credential from the credential issuing organization system;
      
      storing the data for the second credential in a record associated with the credential management account; and
      
      transmitting data encoding a portion of a badge representing the second credential to the mobile device.

7. A credential management system comprising:
- one or more processing devices; and
  
  one or more machine-readable media configured to store instructions that are executable by the one or more processing devices to perform operations comprising;
  
  receiving a registration request from a mobile device to create a credential management account for a user associated with the mobile device, the registration request including a unique identifier for the mobile device and a unique identifier for the user associated with the mobile device;
  
  generating a public key and a paired private key associated with the credential management account;
  
  storing, by the credential management system, the public key and the private key for the credential management account;
  
  transmitting a certificate signing request to a certificate authority system, the certificate signing request comprising the public key, the unique identifier for the mobile device, and the unique identifier for the user associated with the mobile device;
  
  receiving a digital certificate from the certificate authority system, the digital certificate comprising the public key and the unique identifier for the user;
  
  receiving, from the mobile device, a request to retrieve a credential for the user from a credential issuing organization system, the credential providing access to a physical location, the credential issuing organization system being different from the certificate authority system;
  
  in response to receiving the request to retrieve the credential for the user from the credential issuing organization system, transmitting a request for the credential for the user to the credential issuing organization system, the request for the credential for the user comprising the digital certificate;
  
  receiving, from the credential issuing organization system, a token identifying the credential, the token encrypted using the public key for the user;
  
  in response to receiving encrypted token from the credential issuing organization system, decrypting the encrypted token using the private key for the user to yield decrypted data and transmitting the decrypted token to the credential issuing organization system;
  
  receiving data for the credential for the user from the credential issuing organization system; and
  
  transmitting data encoding a portion of a badge representing the credential for the user to the mobile device, wherein the badge is a graphical representation of the requested credential which is read by a sensor.
- View Dependent Claims (8, 9)
- - 8. The electronic system of claim 7, wherein the operations further comprise:
    - storing the data for the credential in a record associated with the credential management account.
  - 9. The electronic system of claim 7, wherein the operations further comprise:
    - receiving data for a second credential from the credential issuing organization system;
      
      storing the data for the second credential in a record associated with the credential management account; and
      
      transmitting data encoding a portion of a badge representing the second credential to the mobile device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microstrategy Incorporated
Original Assignee
Microstrategy Incorporated
Inventors
Chen, Gang
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Zoubair, Noura

Application Number

US13/854,688
Time in Patent Office

1,205 Days
Field of Search

713/156, 713/158, 713/168, 713/171, 705/21, 705/44, 705/76
US Class Current

1/1
CPC Class Codes

G06F 21/33   using certificates

G06F 21/36   by graphic or iconic repres...

G06F 21/45   Structures or tools for the...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/04   for providing a confidentia...

H04L 63/0823   using certificates cryptogr...

H04L 9/321   involving a third party or ...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3263   involving certificates, e.g...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/72   Subscriber identity

H04W 12/77   Graphical identity

Credential management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

47 Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Credential management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links