Platform identity architecture with a temporary pseudonymous identity

US 9,798,895 B2
Filed: 09/25/2014
Issued: 10/24/2017
Est. Priority Date: 09/25/2014
Status: Active Grant

First Claim

Patent Images

1. A platform identity client (PIC) device comprising:

a network interface; and

one or more hardware and/or software logic elements comprising a platform identity client engine operable for;

detecting via the network interface an available network service provided by an operator of a venue;

generating a temporary pseudonymous identity (TPI) comprising direct anonymous attestation to the network service provided by the operator of the venue;

sending the TPI to the available network service via the network interface;

accessing the available network service; and

receiving from the operator of the venue an advertisement or promotion for a good or service provided by the venue, wherein the advertising and promotion is directed to a user of the PIC device temporarily uniquely identified by the TPI, and wherein the TPI is dissociated from personally identifying information about the user.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an example, a client-server platform identity architecture is disclosed. The platform identity architecture may be used to enable a venue operator to provide online services and to collect telemetry data and metrics while giving end users greater control over privacy. When entering a compatible venue, the user'"'"'s device generates a signed temporary pseudonymous identity (TPI) in secure hardware or software. Any telemetry uploaded to the venue server includes the signature so that the server can verify that the data are valid. The TPI may have a built-in expiry. The venue server may thus receive useful tracking data during the term of the TPI, while the user is assured that the data are not kept permanently or correlated to personally-identifying information.

Citations

23 Claims

1. A platform identity client (PIC) device comprising:
- a network interface; and
  
  one or more hardware and/or software logic elements comprising a platform identity client engine operable for;
  
  detecting via the network interface an available network service provided by an operator of a venue;
  
  generating a temporary pseudonymous identity (TPI) comprising direct anonymous attestation to the network service provided by the operator of the venue;
  
  sending the TPI to the available network service via the network interface;
  
  accessing the available network service; and
  
  receiving from the operator of the venue an advertisement or promotion for a good or service provided by the venue, wherein the advertising and promotion is directed to a user of the PIC device temporarily uniquely identified by the TPI, and wherein the TPI is dissociated from personally identifying information about the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The platform identity client device of claim 1, wherein detecting the available service comprises identifying an online service.
  - 3. The platform identity client device of claim 1, wherein detecting the available service comprises identifying an available wireless network connection for a physical venue.
  - 4. The platform identity client device of claim 1, wherein detecting the available service comprises communicatively coupling to a public service provider.
  - 5. The platform identity client device of claim 1, wherein the PIC engine is further operable for providing non-personally-identifying demographic data in the TPI.
  - 6. The platform identity client device of claim 1, wherein the PIC engine is further operable for providing telemetry data to the available service.
  - 7. The PIC device of claim 1, wherein the PIC client is further to receive targeted content.
  - 8. The platform identity client device of claim 1, wherein the PIC engine is further operable for setting an expiry for the TPI.
  - 9. The platform identity client device of claim 8, wherein the PIC engine is further operable for destroying the TPI after the expiry.
  - 10. The platform identity client device of claim 1, wherein the PIC engine further comprises a trusted execution environment (TEE), and wherein the PIC engine is further operable for securely signing the TPI in the TEE.
  - 11. The platform identity client device of claim 10, wherein generating the TPI comprises mixing a random or pseudorandom seed with a basename and an expiry.
  - 12. The platform identity client device of claim 10, wherein the TEE comprises a secure memory area or secure hardware.

13. One or more tangible, non-transitory computer-readable mediums having stored thereon instructions for instructing a processor for providing a platform identity client (PIC) engine operable for:
- detecting via the network interface an available network service provided by an operator of a venue;
  
  generating a temporary pseudonymous identity (TPI), comprising direct anonymous attestation to the network service provided by the operator of the venue;
  
  sending the TPI to the available network service via the network interface;
  
  accessing the available network service; and
  
  receiving from the operator of the venue an advertisement or promotion for a good or service provided by the venue, wherein the advertising and promotion is directed to a user of the PIC device temporarily uniquely identified by the TPI, and wherein the TPI is dissociated from personally identifying information about the user.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. The one or more computer-readable mediums of claim 13, wherein the PIC engine is further operable for setting an expiry for the TPI.
  - 15. The one or more computer-readable mediums of claim 13, wherein detecting the available service comprises identifying an online service.
  - 16. The one or more computer-readable mediums of claim 13, wherein detecting the available service comprises identifying an available wireless network connection for a physical venue.
  - 17. The one or more computer-readable mediums of claim 13, wherein the PIC engine is further operable for providing non-personally-identifying demographic data in the TPI.
  - 18. The one or more computer-readable mediums of claim 13, wherein the PIC engine is further operable for providing telemetry data to the available service.
  - 19. The one or more computer-readable mediums of claim 13, wherein the PIC engine is further to receive targeted content.
  - 20. The one or more computer-readable mediums of claim 13, wherein the PIC engine further comprises a trusted execution environment (TEE), and wherein the PIC engine is further operable for securely signing the TPI in the TEE.
  - 21. The one or more computer-readable mediums of claim 20, wherein generating the TPI comprises mixing a random or pseudorandom seed with a basename and an expiry.

22. A platform identity server comprising:
- a network interface; and
  
  one or more logic elements comprising a platform identity server engine operable for;
  
  receiving a connection request from a platform identity client (PIC) over the network interface;
  
  negotiating a service policy with the PIC;
  
  receiving a temporary pseudonymous identity (TPI) from the PIC, the TPI temporarily uniquely identifying a user of the PIC while being dissociated from personally identifying information about the user;
  
  requesting telemetry data from the PIC;
  
  receiving telemetry data from the PIC, the telemetry data identifying attributes of the user; and
  
  based on the telemetry data, providing to the PIC a targeted advertisement or promotion for a good or service provided by an operator of the platform identity server.
- View Dependent Claims (23)
- - 23. The platform identity server of claim 22, wherein the PIC is further operable for:
    - providing the TPI to an attestation server; and
      
      receiving an attestation verification from the attestation server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Nayshtur, Alex, Smith, Ned, Sharaga, Avishay, Pogorelik, Oleg, Bhargav-Spantzel, Abhilasha, Raziel, Michael, Priev, Avi, Shaliv, Adi, Muttik, Igor
Primary Examiner(s)
Lipman, Jacob

Application Number

US14/495,959
Publication Number

US 20160092697A1
Time in Patent Office

1,125 Days
Field of Search

726 26
US Class Current
CPC Class Codes

G06F 21/6254   by anonymising data, e.g. d...

G06Q 30/0261   based on user location

H04L 63/04   for providing a confidentia...

H04L 63/0414   during transmission, i.e. p...

H04W 12/00   Security arrangements; Auth...

H04W 12/02   Protecting privacy or anony...

H04W 12/75   Temporary identity

H04W 4/021   Services related to particu...

H04W 4/21   for social networking appli...

H04W 8/06   Registration at serving net...

Platform identity architecture with a temporary pseudonymous identity

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Platform identity architecture with a temporary pseudonymous identity

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links