Remote access of digital identities
First Claim
1. A method of using a digital identity representation, comprising:
- sending, from a second device, a request to a relying party for authentication requirements of the relying party;
sending to a first device a request from the second device to obtain the digital identity representation based on the authentication requirements of the relying party;
receiving at the second device the digital identity representation, the digital identity representation including metadata describing at least a first claim about a principal;
sending from the second device a request to use the digital identity representation;
receiving at the second device permission to use the digital identity representation;
using the digital identity representation to request an identity token;
receiving the identity token; and
providing the identity token to the relying party.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for controlling distribution and use of digital identity representations (“DIRs”) increases security, usability, and oversight of DIR use. A DIR stored on a first device may be obtained by a second device for use in satisfying the security policy of a relying party. Release of the DIR to the second device requires permission from a device or entity that may be different from the device or entity attempting to access the relying party. Further, the use of the DIR to obtain an identity token may separately require permission of even a different person or entity and may be conditioned upon receiving satisfactory information relating to the intended use of the DIR (e.g., the name of the relying party, type of operation being attempted, etc.). By controlling the distribution and use of DIRs, security of the principal'"'"'s identity and supervisory control over a principal'"'"'s activities are enhanced.
-
Citations
20 Claims
-
1. A method of using a digital identity representation, comprising:
-
sending, from a second device, a request to a relying party for authentication requirements of the relying party; sending to a first device a request from the second device to obtain the digital identity representation based on the authentication requirements of the relying party; receiving at the second device the digital identity representation, the digital identity representation including metadata describing at least a first claim about a principal; sending from the second device a request to use the digital identity representation; receiving at the second device permission to use the digital identity representation; using the digital identity representation to request an identity token; receiving the identity token; and providing the identity token to the relying party. - View Dependent Claims (2, 3, 4, 18, 19, 20)
-
-
5. A system for using a digital identity representation, comprising:
-
at least one processor; memory, operatively connected to the at least one processor and including instructions that, when executed by the at least one processor, cause the at least one processor to; send, from a second device, a request to a relying party for authentication requirements of the relying party; send to a first device a request from the second device to obtain the digital identity representation based on the authentication requirements of the relying party; receive at the second device the digital identity representation, wherein the digital identity representation includes metadata describing at least a first claim about a principal; send from the second device a request to use the digital identity representation; receive at the second device permission to use the digital identity representation; use the digital identity representation to request an identity token; receive the identity token; and provide the identity token to the relying party. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
Specification