System and method for identity management

US 10,108,794 B2
Filed: 11/18/2016
Issued: 10/23/2018
Est. Priority Date: 08/23/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for utilizing a token set that computationally associates permissions and privileges with a digital foundation identity token, the method comprising:

transmitting, over a communications network and from a computing device of a requester to a computing device of a certification authority, a first request for computationally associating a first index of privileges and permissions with a digital foundation identity token, the first index specifically encoding the privileges and permissions of a first third-party subscriber to access transactional data of the requester, the request including the digital foundation identity token that identifies a person and has been issued to the requester by a trusted entity through a vetting process;

in response to the certification authority determining that the digital foundation identity token is valid and verifying that the requester is the person identified by the digital foundation identity token, receiving, over the communications network and from the computing device of the certification authority, the digital foundation identity token detachably associated with the first index of privileges and permissions of the first third-party subscriber;

based on the digital foundation identity token computationally associated with the first index of privileges and permissions of the first third-party subscriber, issuing a digital token to the first third-party subscriber such that transactional data of the requester becomes accessible to the first third-party subscriber in accordance with the first index of privileges and permissions, the requester being different from the first third-party subscriber;

providing the issued digital token to a computing device of the first third-party subscriber in order to form a computational association between the issued digital token and a second digital foundation identity token that identifies a second person and has been issued to the first third-party subscriber by the trusted entity through a vetting process;

the computational association allowing the first third-party subscriber to access the transactional data of the requester in accordance with the first index of privileges and permissions after the certification authority, using the second digital foundation identity token, authenticates the first third-party subscriber by determining that the second digital foundation identity token is valid and verifies that the third party subscriber is the second person identified by the second digital foundation identity token.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method includes: receiving a request for associating a first index of privileges and permissions with an identity token, the first index specifically encoding the privileges and permissions of a first subscriber in accessing transactional data of the requester, the request including the identity token that identifies a person and has been issued to the requester by a trusted entity through a vetting process; in response to determining that the identity token is valid and verifying that the requester is the person identified by the identity token, associating the first index of privileges and permissions of the first subscriber with the identity token; and providing the identity token associated with the first index of privileges and permissions of the first subscriber, the identity token enabling the first subscriber to access transactional data of the requester in accordance with the first index of privileges and permissions.

40 Citations

View as Search Results

12 Claims

1. A computer-implemented method for utilizing a token set that computationally associates permissions and privileges with a digital foundation identity token, the method comprising:
- transmitting, over a communications network and from a computing device of a requester to a computing device of a certification authority, a first request for computationally associating a first index of privileges and permissions with a digital foundation identity token, the first index specifically encoding the privileges and permissions of a first third-party subscriber to access transactional data of the requester, the request including the digital foundation identity token that identifies a person and has been issued to the requester by a trusted entity through a vetting process;
  
  in response to the certification authority determining that the digital foundation identity token is valid and verifying that the requester is the person identified by the digital foundation identity token, receiving, over the communications network and from the computing device of the certification authority, the digital foundation identity token detachably associated with the first index of privileges and permissions of the first third-party subscriber;
  
  based on the digital foundation identity token computationally associated with the first index of privileges and permissions of the first third-party subscriber, issuing a digital token to the first third-party subscriber such that transactional data of the requester becomes accessible to the first third-party subscriber in accordance with the first index of privileges and permissions, the requester being different from the first third-party subscriber;
  
  providing the issued digital token to a computing device of the first third-party subscriber in order to form a computational association between the issued digital token and a second digital foundation identity token that identifies a second person and has been issued to the first third-party subscriber by the trusted entity through a vetting process;
  
  the computational association allowing the first third-party subscriber to access the transactional data of the requester in accordance with the first index of privileges and permissions after the certification authority, using the second digital foundation identity token, authenticates the first third-party subscriber by determining that the second digital foundation identity token is valid and verifies that the third party subscriber is the second person identified by the second digital foundation identity token.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising:
    - transmitting, from the requester over a communications network and at to the computing device of the certification authority, a second request for computationally associating a second index of privileges and permissions with the digital foundation identity token already associated with the first index, the second index specifically encoding the privileges and permissions of a second third-party subscriber, different from the first third-party subscriber, to access transactional data of the requester, the second request including the digital foundation identity token that identifies the person and has been issued to the requester by the trusted entity through the vetting process;
      
      in response to the certification authority determining that the digital foundation identity token is valid and verifying that the requester is the person identified by the digital foundation identity token, receiving, over the communications network and from the computing device of the certification authority, the digital foundation identity token detachably associated with the first index as well as the second index of privileges and permissions of the second third-party subscriber;
      
      based on the digital foundation identity token detachably associated with the first index of privileges and permissions of the first third-party subscriber and the second index of privileges and permissions of the second third-party subscriber, issuing a second digital token to the second third-party subscriber such that transactional data of the requester becomes accessible to the second third-party subscriber in accordance with the second index of privileges and permissions, the requester being different from the first and second third-party subscribers.
  - 3. The method of claim 1, wherein receiving, over the communications network and from the computing device of the certification authority, the digital foundation identity token detachably associated with the first index of privileges and permissions of the first third-party subscriber comprises:
    - receiving data encoding the digital foundation identity token detachably associated with the first index of privileges and permissions of the first third-party subscriber.
  - 4. The method of claim 3, wherein receiving data encoding the digital foundation identity token detachably associated with the first index of privileges and permissions of the first third-party subscriber further comprises:
    - receiving data encoding the digital foundation identity token that includes a digital signature of the certification authority.
  - 5. The method of claim 4, wherein receiving data encoding the digital foundation identity token that includes a digital signature of the certification authority further comprises:
    - receiving data encoding the digital foundation identity token digitally watermarked with information uniquely identifying the certification authority.
  - 6. The method of claim 4, wherein receiving data encoding the digital foundation identity token further comprises:
    - receiving data encoding the digital foundation identity token encrypted with a digital key of the certification authority.
  - 7. The method of claim 6, wherein receiving the digital foundation identity token detachably associated with the first index of privileges and permissions further comprises:
    - receiving additional data attesting to the integrity of the data encoding the digital foundation identity token.
  - 8. The method of claim 1, wherein transmitting the first request comprises:
    - transmitting a digital foundation identity token issued by a government entity to the requester, the digital foundation identity token being a primary identity certificate that is issued after a vetting process conducted by the government entity on the person identified by the digital foundation identity token.
  - 9. The method of claim 1, wherein the digital foundation identity token comprises:
    - a digital biometric that has been verified by the trusted entity through the vetting process.
  - 10. The method of claim 1, wherein the digital foundation identity token comprises:
    - identity information from a digital identification document issued by the trusted entity after the vetting process.
  - 11. The method of claim 1, further comprising:
    - transmitting, over a communications network and from the computing device of the requester at to the computing device of the certification authority, a third request for computationally revoking a the first index of privileges and permissions from the digital foundation identity token of the first third-party subscriber, the first index specifically encoding the privileges and permissions of the first third-party subscriber to access transactional data of the requester, the request including the digital foundation identity token that identifies a person and has been issued to the requester by a trusted entity through a vetting process, the third request encapsulating the digital foundation identity token;
      
      in response to the certification authority determining that the digital foundation identity token is valid and verifying that the requester is the person identified by the digital foundation identity token, receiving, over the communications network and from the computing device of the certification authority, confirmation that the first index of privileges and permissions have been computationally revoked from the digital identity token of the first third-party subscriber;
      
      causing transactional data of the requester to becomes inaccessible to the first third-party subscriber in accordance with the first index of privileges and permissions, the requester being different from the first third-party subscriber.

12. A computer-implemented method for utilizing a token set that computationally associates permissions and privileges with a digital foundation identity token, the method comprising:
- transmitting, over a communications network and from a computing device of a requester to a computing device of a certification authority, a first request for computationally associating a first index of privileges and permissions with a digital foundation identity token of the requester, the first index specifically encoding the privileges and permissions of a first third-party subscriber to access transactional data of the requester, the request including the digital foundation identity token that identifies a person and has been issued to the requester by a trusted entity through a vetting process, the first request encapsulating the digital foundation identity token;
  
  in response to the certification authority determining that the digital foundation identity token is valid and verifying that the requester is the person identified by the digital foundation identity token, receiving, over the communications network and from the computing device of the certification authority, the digital foundation identity token detachably associated with the first index of privileges and permissions of the first third-party subscriber;
  
  based on the digital foundation identity token computationally associated with the first index of privileges and permissions of the first third-party subscriber, issuing a digital token to the first third-party subscriber such that transactional data of the requester becomes accessible to the first third-party subscriber in accordance with the first index of privileges and permissions, the requester being different from the first third-party subscriber;
  
  providing the issued digital token to the computing device of the certification authority in order to form a computational association between the issued digital token and a second digital foundation identity token that identifies a second person and has been issued to the first third-party subscriber by the trusted entity through a vetting process;
  
  the computational association allowing the first third-party subscriber to access the transactional data of the requester in accordance with the first index of privileges and permissions after the certification authority, using the second digital foundation identity token, authenticates the first third-party subscriber by determining that the second digital foundation identity token is valid and verifies that third party subscriber is the second person identified by the second digital foundation identity token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Idemia Identity & Security USA, LLC (Advent International Corporation)
Original Assignee
Morphotrust USA Incorporated (Advent International Corporation)
Inventors
Bouse, Margaret
Primary Examiner(s)
Thiaw, Catherine B

Application Number

US15/355,401
Publication Number

US 20170116403A1
Time in Patent Office

704 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/2228   Indexing structures

G06F 16/2379   Updates performed during on...

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/6218   to a system of files or obj...

H04L 63/102   Entity profiles

H04L 63/205   involving negotiation or de...

System and method for identity management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

40 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for identity management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links