Identity binding systems and methods in a personal data store in an online trust system
First Claim
1. A computer-implemented method for managing a personal data store binding one or more identities of different types associated with a user, wherein the computer-implemented method is implemented in a trust system comprising one or more processing devices communicatively coupled to a network, the computer-implemented method comprising:
- receiving one or more self-asserted first attributes by the user and second attributes asserted by an Attribute Provider;
utilizing one or more of the first attributes and the second attributes as inputs to obtain and/or produce one or more cryptographically signed attributes signed by an associated Attribute Provider;
storing the first attributes, the second attributes, and the one or more cryptographically signed attributes in a personal data store associated with the user, wherein the storing comprises encrypting each of the first attributes, the second attributes, and the one or more cryptographically signed attributes with an attribute specific symmetric key and then encrypting the symmetric key with a public key of the user; and
utilizing one or more of the first attributes, the second attributes, and the one or more cryptographically signed attributes to respond to a request from a Relying Party.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer-implemented method for managing a personal data store is described for binding one or more identities of different types associated with a user. The computer-implemented method is implemented in a trust system including one or more processing devices communicatively coupled to a network. The computer-implemented method includes receiving one or more self-asserted first attributes by the user and second attributes asserted by an Attribute Provider; utilizing one or more of the first attributes and the second attributes as inputs to obtain and/or produce one or more cryptographically signed attributes signed by an associated Attribute Provider; storing the first attributes, the second attributes, and the one or more cryptographically signed attributes in a personal data store associated with the user; and utilizing one or more of the first attributes, the second attributes, and the one or more cryptographically signed attributes to respond to a request from a Relying Party.
26 Citations
17 Claims
-
1. A computer-implemented method for managing a personal data store binding one or more identities of different types associated with a user, wherein the computer-implemented method is implemented in a trust system comprising one or more processing devices communicatively coupled to a network, the computer-implemented method comprising:
-
receiving one or more self-asserted first attributes by the user and second attributes asserted by an Attribute Provider; utilizing one or more of the first attributes and the second attributes as inputs to obtain and/or produce one or more cryptographically signed attributes signed by an associated Attribute Provider; storing the first attributes, the second attributes, and the one or more cryptographically signed attributes in a personal data store associated with the user, wherein the storing comprises encrypting each of the first attributes, the second attributes, and the one or more cryptographically signed attributes with an attribute specific symmetric key and then encrypting the symmetric key with a public key of the user; and utilizing one or more of the first attributes, the second attributes, and the one or more cryptographically signed attributes to respond to a request from a Relying Party. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A trust system, comprising:
-
a network interface communicatively coupled to a user device associated with a user; a processor communicatively coupled to the network interface; and memory storing instructions that, when executed, cause the processor to receive one or more self-asserted first attributes by the user and second attributes asserted by an Attribute Provider; utilize one or more of the first attributes and the second attributes as inputs to obtain and/or produce one or more cryptographically signed attributes signed by an associated Attribute Provider; store the first attributes, the second attributes, and the one or more cryptographically signed attributes in a personal data store associated with the user; and utilize one or more of the first attributes, the second attributes, and the one or more cryptographically signed attributes to respond to a request from a Relying Party, wherein each of the first attributes, the second attributes, and the one or more cryptographically signed attributes are encrypted when stored with an attribute specific symmetric key and the attribute specific symmetric key is encrypted with a public key of the user. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A user device, comprising:
-
a network interface communicatively coupled to a trust system; a processor communicatively coupled to the network interface; and memory storing instructions that, when executed, cause the processor to provide one or more self-asserted first attributes by the user; access, in a personal data store associated with the trust system, the first attributes, second attributes asserted by an Attribute Provider, and one or more cryptographically signed attributes signed by an associated Attribute Provider which are obtained and/or produced by the trust system based on one or more of the first attributes and the second attributes; and permit use of one or more of the first attributes, the second attributes, and the one or more cryptographically signed attributes to respond to a request from the Relying Party, wherein each of the first attributes, the second attributes, and the one or more cryptographically signed attributes are encrypted when stored with an attribute specific symmetric key and the attribute specific symmetric key is encrypted with a public key of the user.
-
Specification