Identity binding systems and methods in a personal data store in an online trust system

US 10,348,699 B2
Filed: 12/19/2016
Issued: 07/09/2019
Est. Priority Date: 02/11/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for managing a personal data store binding one or more identities of different types associated with a user, wherein the computer-implemented method is implemented in a trust system comprising one or more processing devices communicatively coupled to a network, the computer-implemented method comprising:

receiving one or more self-asserted first attributes by the user and second attributes asserted by an Attribute Provider;

utilizing one or more of the first attributes and the second attributes as inputs to obtain and/or produce one or more cryptographically signed attributes signed by an associated Attribute Provider;

storing the first attributes, the second attributes, and the one or more cryptographically signed attributes in a personal data store associated with the user, wherein the storing comprises encrypting each of the first attributes, the second attributes, and the one or more cryptographically signed attributes with an attribute specific symmetric key and then encrypting the symmetric key with a public key of the user; and

utilizing one or more of the first attributes, the second attributes, and the one or more cryptographically signed attributes to respond to a request from a Relying Party.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for managing a personal data store is described for binding one or more identities of different types associated with a user. The computer-implemented method is implemented in a trust system including one or more processing devices communicatively coupled to a network. The computer-implemented method includes receiving one or more self-asserted first attributes by the user and second attributes asserted by an Attribute Provider; utilizing one or more of the first attributes and the second attributes as inputs to obtain and/or produce one or more cryptographically signed attributes signed by an associated Attribute Provider; storing the first attributes, the second attributes, and the one or more cryptographically signed attributes in a personal data store associated with the user; and utilizing one or more of the first attributes, the second attributes, and the one or more cryptographically signed attributes to respond to a request from a Relying Party.

26 Citations

View as Search Results

17 Claims

1. A computer-implemented method for managing a personal data store binding one or more identities of different types associated with a user, wherein the computer-implemented method is implemented in a trust system comprising one or more processing devices communicatively coupled to a network, the computer-implemented method comprising:
- receiving one or more self-asserted first attributes by the user and second attributes asserted by an Attribute Provider;
  
  utilizing one or more of the first attributes and the second attributes as inputs to obtain and/or produce one or more cryptographically signed attributes signed by an associated Attribute Provider;
  
  storing the first attributes, the second attributes, and the one or more cryptographically signed attributes in a personal data store associated with the user, wherein the storing comprises encrypting each of the first attributes, the second attributes, and the one or more cryptographically signed attributes with an attribute specific symmetric key and then encrypting the symmetric key with a public key of the user; and
  
  utilizing one or more of the first attributes, the second attributes, and the one or more cryptographically signed attributes to respond to a request from a Relying Party.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-implemented method of claim 1, wherein each device associated with the user is associated with a unique public key, and wherein subsequent devices are registered and associated with a different public key and provided access to the first attributes, the second attributes, and the one or more cryptographically signed attributes.
  - 3. The computer-implemented method of claim 1, wherein the personal data store is located in a data store communicatively coupled to the trust system and a private key associated with the public key is located in a user device.
  - 4. The computer-implemented method of claim 1, further comprising:
    - during the utilizing one or more of the first attributes and the second attributes as inputs, performing attribute provenance to tie the inputs to the one or more cryptographically signed attributes as outputs.
  - 5. The computer-implemented method of claim 4, wherein the attribute provenance comprises hash pointers used to both check integrity of an associated attribute and provide a link to inputs by using associated data in creation of the hash pointers.
  - 6. The computer-implemented method of claim 5, further comprising:
    - utilizing the hash pointers to provide verification of an associated attribute without disclosing underlying data of the associated attribute.
  - 7. The computer-implemented method of claim 1, wherein the first attributes comprise any of name, date of birth, address, social security number, email address, phone number, driver'"'"'s license number, andwherein the second attributes comprise any of background checks, credit scores, verified version of the one or more self-asserted attributes, academic credentials, and professional licenses, accreditations, and memberships.
  - 8. The computer-implemented method of claim 1, wherein the first attributes comprise one or more addresses which are either physical or virtual for the user receiving information, and wherein the utilizing comprises granular and general controls by the user to indicate which Relying Parties are able to make which types of requests.

9. A trust system, comprising:
- a network interface communicatively coupled to a user device associated with a user;
  
  a processor communicatively coupled to the network interface; and
  
  memory storing instructions that, when executed, cause the processor toreceive one or more self-asserted first attributes by the user and second attributes asserted by an Attribute Provider;
  
  utilize one or more of the first attributes and the second attributes as inputs to obtain and/or produce one or more cryptographically signed attributes signed by an associated Attribute Provider;
  
  store the first attributes, the second attributes, and the one or more cryptographically signed attributes in a personal data store associated with the user; and
  
  utilize one or more of the first attributes, the second attributes, and the one or more cryptographically signed attributes to respond to a request from a Relying Party,wherein each of the first attributes, the second attributes, and the one or more cryptographically signed attributes are encrypted when stored with an attribute specific symmetric key and the attribute specific symmetric key is encrypted with a public key of the user.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The trust system of claim 9, wherein each device associated with the user is associated with a unique public key, and wherein subsequent devices are registered and associated with a different public key and provided access to the first attributes, the second attributes, and the one or more cryptographically signed attributes.
  - 11. The trust system of claim 9, wherein the personal data store is located in a data store communicatively coupled to the trust system and a private key associated with the public key is located in a user device.
  - 12. The trust system of claim 9, wherein the memory storing instructions that, when executed, further cause the processor toduring the utilize one or more of the first attributes and the second attributes as inputs, perform attribute provenance to tie the inputs to the one or more cryptographically signed attributes as outputs.
  - 13. The trust system of claim 12, wherein the attribute provenance comprises hash pointers used to both check integrity of an associated attribute and provide a link to inputs by using associated data in creation of the hash pointers.
  - 14. The trust system of claim 13, wherein the memory storing instructions that, when executed, further cause the processor toutilize the hash pointers to provide verification of an associated attribute without disclosing underlying data of the associated attribute.
  - 15. The trust system of claim 9, wherein the first attributes comprise any of name, date of birth, address, social security number, email address, phone number, driver'"'"'s license number, andwherein the second attributes comprise any of background checks, credit scores, verified version of the one or more self-asserted attributes, academic credentials, and professional licenses, accreditations, and memberships.
  - 16. The trust system of claim 9, wherein the first attributes comprise one or more addresses which are either physical or virtual for the user receiving information, and wherein the utilizing comprises granular and general controls by the user to indicate which Relying Parties are able to make which types of requests.

17. A user device, comprising:
- a network interface communicatively coupled to a trust system;
  
  a processor communicatively coupled to the network interface; and
  
  memory storing instructions that, when executed, cause the processor toprovide one or more self-asserted first attributes by the user;
  
  access, in a personal data store associated with the trust system, the first attributes, second attributes asserted by an Attribute Provider, and one or more cryptographically signed attributes signed by an associated Attribute Provider which are obtained and/or produced by the trust system based on one or more of the first attributes and the second attributes; and
  
  permit use of one or more of the first attributes, the second attributes, and the one or more cryptographically signed attributes to respond to a request from the Relying Party,wherein each of the first attributes, the second attributes, and the one or more cryptographically signed attributes are encrypted when stored with an attribute specific symmetric key and the attribute specific symmetric key is encrypted with a public key of the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Evident ID, Inc.
Original Assignee
Evident ID, Inc.
Inventors
Starosielsky, Damian A., Thomas, William David, Brzeczko, Jr., Albert W., Rowe, Nathan S.
Primary Examiner(s)
Pwu, Jeffrey C
Assistant Examiner(s)
Truong, Thong P

Application Number

US15/383,868
Publication Number

US 20170237717A1
Time in Patent Office

932 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/57   Certifying or maintaining t...

G06F 21/602   Providing cryptographic fac...

H04L 2463/062   applying encryption of the ...

H04L 63/0435   wherein the sending and rec...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3268   using certificate validatio...

Identity binding systems and methods in a personal data store in an online trust system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

26 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Identity binding systems and methods in a personal data store in an online trust system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links