System and method for identity management

US 10,135,802 B2
Filed: 07/19/2016
Issued: 11/20/2018
Est. Priority Date: 08/23/2013
Status: Active Grant

First Claim

Patent Images

1. A machine-assisted method for determining a trustworthiness of a requested transaction, the method comprising:

transmitting, from a computer at a relying party to an authentication server system, a request to determine a trustworthiness of a particular transaction request for an underlying transaction, the particular transaction request initially submitted by a user from a user computing device to access data managed by the relying party, the request to determine trustworthiness causing the authentication server system to perform the operations of;

based on the particular transaction request, summarizing the particular transaction request into transactional characteristics to obviate details of the particular transaction request such that the transactional characteristics is smaller in size than the transaction request or the underlying transaction, the transactional characteristics including a time stamp but devoid of source assets of the underlying transaction being requested, the source assets including credential information of the user, the credential information of the relying party, or information content of the underlying transaction being requested;

generating first machine-readable data encoding transactional characteristics of the underlying transaction being requested, the transactional characteristics unique to the particular transaction request such that the transactional characteristics provide one and only one match when used to validate an otherwise valid transaction request;

submitting a first inquiry at a first engine to determine an access eligibility of the user submitting the transaction request, the first inquiry including the credential information of the submitting user, as well as the summarized transactional characteristics that is applicable only once to the particular transaction request and the underlying transaction being requested; and

receiving the access eligibility determination from the first engine, wherein the access eligibility determination factors in a validity of the particular transaction request as determined, at least in part, by virtue of the summarized transactional characteristics being matched;

such that the computer at relying party is notified of the trustworthiness of the transaction request determined based on, at least in part, on the access eligibility determination.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some implementations may provide a machine-assisted method for determining a trustworthiness of a requested transaction, the method including: receiving, from a relying party, a request to determine a trustworthiness of a particular transaction request, the transaction request initially submitted by a user to access data managed by the relying party; based on the transaction request, summarizing the particular transaction request into transactional characteristics, the transactional characteristics devoid of source assets of the transaction, the source assets including credential information of the user, the credential information of the relying party, or information content of the requested transaction; generating first machine-readable data encoding transactional characteristics of the underlying transaction as requested, the transactional characteristics unique to the particular transaction request; submitting a first inquiry at a first engine to determine an access eligibility of the user submitting the transaction request, the first inquiry including the credential information of the submitting user, as well as the summarized transactional characteristics that is applicable only once to the underlying transaction request; and receiving the access eligibility determination from the first engine.

81 Citations

View as Search Results

20 Claims

1. A machine-assisted method for determining a trustworthiness of a requested transaction, the method comprising:
- transmitting, from a computer at a relying party to an authentication server system, a request to determine a trustworthiness of a particular transaction request for an underlying transaction, the particular transaction request initially submitted by a user from a user computing device to access data managed by the relying party, the request to determine trustworthiness causing the authentication server system to perform the operations of;
  
  based on the particular transaction request, summarizing the particular transaction request into transactional characteristics to obviate details of the particular transaction request such that the transactional characteristics is smaller in size than the transaction request or the underlying transaction, the transactional characteristics including a time stamp but devoid of source assets of the underlying transaction being requested, the source assets including credential information of the user, the credential information of the relying party, or information content of the underlying transaction being requested;
  
  generating first machine-readable data encoding transactional characteristics of the underlying transaction being requested, the transactional characteristics unique to the particular transaction request such that the transactional characteristics provide one and only one match when used to validate an otherwise valid transaction request;
  
  submitting a first inquiry at a first engine to determine an access eligibility of the user submitting the transaction request, the first inquiry including the credential information of the submitting user, as well as the summarized transactional characteristics that is applicable only once to the particular transaction request and the underlying transaction being requested; and
  
  receiving the access eligibility determination from the first engine, wherein the access eligibility determination factors in a validity of the particular transaction request as determined, at least in part, by virtue of the summarized transactional characteristics being matched;
  
  such that the computer at relying party is notified of the trustworthiness of the transaction request determined based on, at least in part, on the access eligibility determination.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1, further comprising:
    - in response to the transaction request being determined as trustworthy, proceeding with the underlying transaction by granting the user computing device access to the data managed by the relying party.
  - 3. The method of claim 1, further comprising:
    - in response to the transaction request being determined as untrustworthy, terminating the underlying transaction by denying the user computing device access to the data managed by the relying party.
  - 4. The method of claim 3, further comprising:
    - transmitting, to the user computing device, an error message indicating that the requested transaction has failed to go through.
  - 5. The method of claim 1, wherein the request to determine trustworthiness further causes the authentication server system to perform the operation of:
    - logging, at a transaction database associated with a second engine, an entry for the particular transaction request by storing the first machine-readable data encoding the transactional characteristics of the particular transaction request.
  - 6. The method of claim 3, wherein storing the first machine-readable data encoding the transactional characteristics of the particular transaction request includes receiving confirmation that the first machine-readable data has been stored at the transaction database associated with the second engine.
  - 7. The method of claim 4, wherein receiving confirmation comprises receiving the confirmation that the first machine-readable data has been stored at the transaction database associated with the second engine before submitting the first inquiry at the first engine.
  - 8. The method of claim 3, wherein storing the first machine-readable data encoding the transactional characteristics of the particular transaction request includes storing the first machine-readable data for only one retrieval query at the transaction database.
  - 9. The method of claim 3, wherein storing the first machine-readable data encoding the transactional characteristics of the particular transaction request includes storing the first machine-readable data for a retrieval query within a time window at the transaction database.
  - 10. The method of claim 1, wherein the request to determine trustworthiness further causes the authentication server system to perform the operation of:
    - logging, at an identity database associated with the first engine, an entry of the received access eligibility determination as well as the determined trustworthiness of the transaction request.
  - 11. The method of claim 1, wherein the request to determine trustworthiness further causes the authentication server system to perform the operation of:
    - in response to the computer at the relying party proceeding with the requested particular transaction, generating second machine-readable data encoding transactional characteristics of the particular transaction as consummated, the transactional characteristics of the particular consummated transaction devoid of source assets of the consummated transaction, the source assets including credential information of the user, the credential information of the relying party, or information content of the transaction as consummated.
  - 12. The method of claim 11, wherein the request to determine trustworthiness further causes the authentication server system to perform the operation of:
    - logging, at an identity database associated with the first engine, an entry of the particular consummated transaction by storing the second machine-readable data encoding the transactional characteristics of the particular consummated transaction such that the transactional characteristics of the particular consummated transaction provide one and only one match when used to validate a consummated transaction.
  - 13. The method of claim 1, further comprising:
    - generating the request to determine a trustworthiness of the particular transaction request by including credential information attesting to an identity of the submitting user such that the authentication server system, in turn, generates an electronic credential of the submitting user that is unique to the particular transaction request submitted by the user from the user computing device.
  - 14. The method of claim 12, further comprising:
    - causing the electronic credential to be stored at an identity database associated with a first engine.
  - 15. The method of claim 13, wherein the request to determine trustworthiness further causes the authentication server system to perform the operation of submitting a second inquiry at a second engine to validate the particular transaction request,wherein the second inquiry is formed to include the summarized transactional characteristics, andwherein the second engine queries the identity database associated with the first engine to verify the electronic credential stored thereon.
  - 16. The method of claim 1, wherein generating the first machine-readable data further comprises:
    - generating a bar code, an alphanumeric string, or a QR code encoding the transactional characteristics.
  - 17. The method of claim 1, wherein the request to determine trustworthiness further causes the authentication server system to perform the operation of:
    - prior to submitting the first inquiry, submitting an initial query at a second engine to establish a status of the computer at the relying party in processing transaction requests submitted by the user from the user computing device.
  - 18. The method of claim 17, wherein submitting the initial query to establish the status includes submitting the initial query to determine if the transaction request is permitted between the user and the relying party.
  - 19. The method of claim 17, wherein submitting the initial query to establish the status includes submitting the initial query to determine if the computer at the relying party is permitted to access identity databases on behalf of the user.
  - 20. The method of claim 17, wherein the request to determine trustworthiness further causes the authentication server system to perform the operation of:
    - in response to query results from the initial query, placing the relying party on a whitelist of the first engine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Idemia Identity & Security USA, LLC (Advent International Corporation)
Original Assignee
Morphotrust USA Incorporated (Advent International Corporation)
Inventors
Miu, Stephen
Primary Examiner(s)
To, Baotran N

Application Number

US15/213,730
Publication Number

US 20170006010A1
Time in Patent Office

854 Days
Field of Search

726 3, 726 7
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/44   Program or device authentic...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/6218   to a system of files or obj...

G06Q 20/384   using social networks

G06Q 20/401   Transaction verification

G06Q 20/4014   Identity check for transact...

G06Q 20/4016   involving fraud or risk lev...

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

System and method for identity management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

81 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for identity management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

81 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links