×

System and method of dynamic issuance of privacy preserving credentials

  • US 9,825,917 B2
  • Filed: 12/20/2013
  • Issued: 11/21/2017
  • Est. Priority Date: 12/21/2012
  • Status: Active Grant
First Claim
Patent Images

1. A method for authenticating a user, operating a web application on a host computer, to a web-based service of a service provider, comprising:

  • receiving, by the web application from the service provider, a request to present a credential indicative of satisfying an access requirement of the service provider;

    forwarding the request to present a credential, by the web application, to a security device connected to the host computer;

    if the security device has possession of a verifiable credential proving that an identity provider vouches for the satisfaction of the access requirement, presenting a presentation token to the service provider, the presentation token providing proof of the possession of a verifiable credential indicative of satisfying the access requirement of the service provider;

    if the security device is not in possession of the verifiable credential, operating the service provider to transmit a first request to the web application in which the web application is requested to obtain the verifiable credential by displaying a user interface directing the user to the identity provider;

    in response to receiving the first request and user indication to proceed to the identity provider to obtain the verifiable credential, operating the web application to redirect the first request received from the service provider to the identity provider via a separator, by;

    transmitting the first request from the web application to the separator without identifying the user;

    operating the separator to transmit a second request for the verifiable credential to the identity provider without identifying the service provider as originator;

    operating the identity provider and the security device associated with the user in response to the second request;

    to engage in a privacy-preserving credential creation exchange in cooperation with the identity provider including verification and attestation by the identity provider of validity of attributes that the user needs to prove to the service provider to satisfy the access requirement of the service provider;

    operating the security device;

    to generate the presentation token from the privacy-preserving credential; and

    to present the presentation token to the service provider as proof of the validity.

View all claims
  • 5 Assignments
Timeline View
Assignment View
    ×
    ×