Method and system for interoperable identity and interoperable credentials

US 9,940,452 B2
Filed: 12/24/2014
Issued: 04/10/2018
Est. Priority Date: 08/28/2014
Status: Active Grant

First Claim

Patent Images

1. A method implemented on a computing device having at least one processor, storage, and a communication platform capable of making a connection to a network for authenticating a person, wherein the person is associated with an actual name of the person and the person is associated with a first credential verifiable by a first credential service agent, the first credential being associated with a first credential identifier, the method comprising the steps of:

receiving, by the computing device, an actual name of the person;

determining the first credential identifier associated with the person based on the received actual name;

verifying the first credential provided by the person via the first credential service agent using the determined first credential identifier of the person;

soliciting, after successful verification of the first credential provided by the person, a peripheral name from the person;

generating a universal name by combining a symbol, the actual name, and the peripheral name of the person;

associating the universal name with the first credential identifier in a data store;

receiving information related to a second credential associated with the person, the second credential being associated with a second credential identifier, the second credential being verifiable via a second credential service agent;

associating the universal name with the second credential identifier in the data store;

receiving a request for verifying the first credential, the request being for a trusted application and specifying the universal name and the first credential;

determining, using the universal name, the first credential identifier associated with the universal name;

providing, by the computing device, the first credential identifier and the first credential from the request to the first credential service agent; and

providing, by the computing device, a response from the first credential service agent to the trusted application that completes the verification request, wherein the trusted application is associated with the second credential.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present teaching relates to generating an identifier for a person. In one example, an actual name of the person is received. The identity of the person that is associated with the actual name of the person is proved at a pre-determined level of assurance (LOA) required by an identity management system. When the identity of the person has been proved, a peripheral name is solicited from the person. An identifier that includes the actual name and the peripheral name of the person is created. Whether the identifier is unique is determined. The steps of soliciting, creating, and determining are repeated until the identifier is unique. The peripheral name is associated with the person. The identifier is associated with the person.

26 Citations

View as Search Results

20 Claims

1. A method implemented on a computing device having at least one processor, storage, and a communication platform capable of making a connection to a network for authenticating a person, wherein the person is associated with an actual name of the person and the person is associated with a first credential verifiable by a first credential service agent, the first credential being associated with a first credential identifier, the method comprising the steps of:
- receiving, by the computing device, an actual name of the person;
  
  determining the first credential identifier associated with the person based on the received actual name;
  
  verifying the first credential provided by the person via the first credential service agent using the determined first credential identifier of the person;
  
  soliciting, after successful verification of the first credential provided by the person, a peripheral name from the person;
  
  generating a universal name by combining a symbol, the actual name, and the peripheral name of the person;
  
  associating the universal name with the first credential identifier in a data store;
  
  receiving information related to a second credential associated with the person, the second credential being associated with a second credential identifier, the second credential being verifiable via a second credential service agent;
  
  associating the universal name with the second credential identifier in the data store;
  
  receiving a request for verifying the first credential, the request being for a trusted application and specifying the universal name and the first credential;
  
  determining, using the universal name, the first credential identifier associated with the universal name;
  
  providing, by the computing device, the first credential identifier and the first credential from the request to the first credential service agent; and
  
  providing, by the computing device, a response from the first credential service agent to the trusted application that completes the verification request, wherein the trusted application is associated with the second credential.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the actual name includes a first name and a last name of the person.
  - 3. The method of claim 1, further comprising:
    - determining whether the universal name is unique; and
      
      repeating the steps of soliciting, creating, and determining until the universal name is unique.
  - 4. The method of claim 3, wherein the step of determining comprises:
    - determining a dissimilarity between the universal name and each of one or more existing universal names; and
      
      assessing whether the universal name is unique based on the dissimilarities and a threshold.
  - 5. The method of claim 4, wherein the dissimilarity is determined based on at least one of:
    - Jaro-Winkler distance, Levenshtein distance, Euclidean distance, cosine/sine distance, Chapman length, Soundex clustering, linear clustering, and non-linear clustering.
  - 6. The method of claim 4, wherein the dissimilarity is determined using a machine learning approach.
  - 7. The method of claim 1, wherein the first credential is associated with a first level of assurance and the second credential is associated with a second level of assurance, the first level of assurance being at least as secure as the second level of assurance.
  - 8. The method of claim 1, further comprising:
    - receiving a second request for verifying the first credential, the second request specifying the universal name and the first credential and being for a second trusted application, the second trusted application lacking an associated credential;
      
      determining, using the universal name, the first credential identifier for the first credential;
      
      providing the first credential identifier and the first credential from the second request to the first credential service agent; and
      
      providing a response from the first credential service agent to the second trusted application that completes the verification request.
  - 9. The method of claim 1, wherein the peripheral name is in one or more languages.
  - 10. The method of claim 1, further comprising:
    - associating an identity proofing record for the first credential in the data store.
  - 11. The method of claim 1, wherein the symbol connects the actual name and the peripheral name.
  - 12. The method of claim 1, wherein the symbol includes at least one symbol from a group comprising:
    - “
      
      +,”
      
      “
      
      ;
      
      ,”
      
      “
      
      %,”
      
      “
      
      @,”
      
      “
      
      ˜
      
      ,”
      
      “
      
      #,”
      
      “
      
      ^,”
      
      “
      
      &
      
      ,” and
      
      “
      
      *.”
      
      .
  - 13. The method of claim 1, further comprising:
    - generating a globally unique digital identifier (GUID); and
      
      binding the GUID to the person in the data store.

14. A machine-readable, non-transitory and tangible medium having instructions recorded thereon for authenticating a person, the person being associated with an actual name of the person and with a first credential verifiable by a first credential service agent, and the first credential having a first credential identifier, and the medium, when read by the machine, causes the machine to perform the following:
- receiving an actual name of the person;
  
  determining the first credential identifier associated with the person based on the received actual name;
  
  verifying the first credential provided by the person via the first credential service agent using the determined first credential identifier of the person;
  
  soliciting, after successful verification of the first credential provided by the person, a peripheral name from the person;
  
  generating a universal name by combining a symbol, the actual name, and the peripheral name of the person;
  
  associating the universal name with the first credential identifier in a data store;
  
  receiving information related to a second credential associated with the person, the second credential being associated with a second credential identifier, the second credential being verifiable via a second credential service agent;
  
  associating the universal name with the second credential identifier in the data store;
  
  receiving a request for verifying the first credential, the request being for a trusted application and specifying the universal name and the first credential;
  
  determining, using the universal name, the first credential identifier associated with the universal name;
  
  providing the first credential identifier and the first credential from the request to the first credential service agent; and
  
  providing a response from the first credential service agent to the trusted application that completes the verification request,wherein the trusted application is associated with the second credential.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The medium of claim 14, wherein the actual name includes a first name and a last name of the person.
  - 16. The medium of claim 14, wherein the medium further causes the machine to perform the following:
    - determining whether the universal name is unique; and
      
      repeating the steps of soliciting, creating, and determining until the universal name is unique.
  - 17. The medium of claim 16, wherein the step of determining whether the universal name is unique includes:
    - determining a dissimilarity between the universal name and each of one or more existing universal names; and
      
      assessing whether the universal name is unique based on the dissimilarities and a threshold.
  - 18. The medium of claim 16, wherein the step of determining whether the universal name is unique includes:
    - determining a match between the universal name and each of one or more existing universal names.
  - 19. The medium of claim 14, wherein the first credential is associated with a first level of assurance and the second credential is associated with a second level of assurance, the first level of assurance being at least as secure as the second level of assurance.
  - 20. The medium of claim 14, wherein the symbol connects the actual name and the peripheral name.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
DrFirst.com, Incorported
Original Assignee
DrFirst.com, Incorported
Inventors
Chen, James F., Qian, Chen, Tang, Zilong
Primary Examiner(s)
LE, KHOI V

Application Number

US14/582,666
Publication Number

US 20160063239A1
Time in Patent Office

1,203 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/45   Structures or tools for the...

G06F 21/46   by designing passwords or c...

G06F 2221/2117   User registration

G06Q 10/00   Administration; Management

G06Q 50/265   Personal security, identity...

H04L 63/0421   Anonymous communication, i....

H04L 63/08   for authentication of entit...

H04L 63/0884   by delegation of authentica...

H04L 63/10   for controlling access to d...

H04L 67/60   Scheduling or organising th...

Method and system for interoperable identity and interoperable credentials

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

26 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for interoperable identity and interoperable credentials

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links