Centralized authentication system with safe private data storage and method

US 8,327,141 B2
Filed: 11/09/2009
Issued: 12/04/2012
Est. Priority Date: 02/05/2009
Status: Active Grant

First Claim

Patent Images

1. A token-based centralized authentication and data retrieval method for providing access to a service provider to user information associated with a user'"'"'s relationship with the service provider, comprising the steps of:

authenticating using a user token a user presenting the user token at a user terminal, the user token having stored thereon a user ID;

deriving a resource identifier using at least two data input elements, the at least two data input elements including the user ID of the user and a service provider ID of the service provider, wherein the user information is stored in a storage network and the resource identifier is associated with the user information, wherein the user ID and service provider ID are separately received by an authentication system in communication with the storage network, wherein the authentication system performs the step of deriving the resource identifier using the user ID and service provider ID;

retrieving the user information from the storage network using the resource identifier; and

providing the retrieved user information to the service provider, the method further comprising the steps of;

issuing from the authentication system a temporary transaction identifier to one of the user terminal and a service provider agent, the temporary transaction identifier being associated with an access or authentication request;

receiving the temporary transaction identifier from the other of the user terminal and the service provider agent; and

performing the resource identifier deriving step after receiving the temporary transaction identifier at the authentication system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A token-based centralized authentication method for providing access to a service provider to user information associated with a user'"'"'s relationship with the service provider includes the steps of: authenticating a user presenting a user token at a user terminal, the user token having stored thereon a user ID; deriving a resource identifier using at least two data input elements, the at least two data input elements including the user ID of the user and a service provider ID of the service provider, wherein the user information is stored in a storage network and the resource identifier is associated with the user information; retrieving the user information from the storage network using the resource identifier; and providing the retrieved user information to the service provider.

234 Citations

26 Claims

1. A token-based centralized authentication and data retrieval method for providing access to a service provider to user information associated with a user'"'"'s relationship with the service provider, comprising the steps of:
- authenticating using a user token a user presenting the user token at a user terminal, the user token having stored thereon a user ID;
  
  deriving a resource identifier using at least two data input elements, the at least two data input elements including the user ID of the user and a service provider ID of the service provider, wherein the user information is stored in a storage network and the resource identifier is associated with the user information, wherein the user ID and service provider ID are separately received by an authentication system in communication with the storage network, wherein the authentication system performs the step of deriving the resource identifier using the user ID and service provider ID;
  
  retrieving the user information from the storage network using the resource identifier; and
  
  providing the retrieved user information to the service provider, the method further comprising the steps of;
  
  issuing from the authentication system a temporary transaction identifier to one of the user terminal and a service provider agent, the temporary transaction identifier being associated with an access or authentication request;
  
  receiving the temporary transaction identifier from the other of the user terminal and the service provider agent; and
  
  performing the resource identifier deriving step after receiving the temporary transaction identifier at the authentication system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the storage network is a dispersed storage network comprising a plurality of storage nodes, wherein the user information is stored in the storage network in accordance with an information dispersal algorithm (IDA).
  - 3. The method of claim 2, wherein the storage network has stored therein for each user token a data container including a status of the user token and one or more encryption keys specific to the user token.
  - 4. The method of claim 2, further comprising the steps of deriving a second resource identifier using at least an ID specific to the user token and a second data element that is not specific to the user token, and retrieving the data container using the second resource identifier.
  - 5. The method of claim 2, wherein the user information retrieving step includes the step of reconstructing the user information from the plurality of storage nodes, wherein the reconstructed user information is provided to the service provider.
  - 6. The method of claim 1, wherein the deriving step includes the step of deriving the resource identifier using a one way function.
  - 7. The method of claim 1, further comprising the step of the one of the user terminal and a service provider agent forwarding the temporary transaction identifier to the other of the user terminal and the service provider agent.
  - 8. The method of claim 7, wherein the authentication system issues the temporary transaction identifier to the user terminal, the method further comprising the step of authenticating the service provider after the user terminal forwards the temporary transaction identifier to the service provider agent.
  - 9. The method of claim 7, wherein the authentication system issues the temporary transaction identifier to the service provider agent, the method further comprising the step of authenticating the service provider before authenticating the user.
  - 10. The method of claim 1,wherein the temporary transaction identifier is issued to the service provider agent, the temporary transaction identifier including a name identifier associated with the service provider, the method further comprising the steps of:
    - transmitting the temporary transaction identifier to the user terminal from the service provider agent for display of the name identifier to the user using the token;
      
      receiving a consent indication from the user; and
      
      after receipt of the consent indication, receiving the temporary transaction identifier from the user terminal.
  - 11. The method of claim 1, wherein the storage network stores a plurality of separate sets of user information associated with the user, each set being associated with a respective user/service provider pair, wherein each set of user information is retrievable using a respective resource identifier derived using the user ID and a respective service provider ID.
  - 12. The method of claim 1, wherein the user token is a hardware token.
  - 13. The method of claim 1, further comprising the step of, after providing the retrieved user information to the service provider, receiving a set of user data for the user from the service provider for storage in the storage network in association with the resource identifier, wherein the storage network serves as the service provider'"'"'s permanent storage of the received user data.
  - 14. The method of claim 1, wherein the user data is all or part of the user'"'"'s customer profile with the service provider.
  - 15. The method of claim 1, wherein the step of deriving the resource identifier includes the steps of:
    - combining the user ID and service provider ID to provide a data element; and
      
      encrypting the data element with a public key of a public/private key encryption pair.

16. A method of providing secure data storage and access to stored data, comprising the steps of:
- receiving user information;
  
  storing the user information in a dispersed storage network comprising a plurality of storage nodes in accordance with an information dispersal algorithm (IDA); and
  
  associating the user information with a resource identifier for use in retrieving the user information from the dispersed storage network;
  
  receiving the resource identifier and retrieving the user information from the dispersed storage network using the resource identifier, wherein the resource identifier is derived from an output of a one way function using at least two data input elements comprising a user ID and a service provider ID, wherein the user ID and service provider ID are separately received by an authentication system, wherein the authentication system derives the resource identifier using the user ID and service provider ID after receiving a temporary transaction identifier associated with an access or authentication request, the method further comprising the steps of;
  
  issuing, from the authentication system and to one of a user terminal and a service provider agent, the temporary transaction identifier; and
  
  receiving the temporary transaction identifier from the other of the user terminal and the service provider agent.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16, wherein the user information retrieving step includes the step of reconstructing the user information from the plurality of storage nodes.
  - 18. The method of claim 16, wherein the user information is associated with a user'"'"'s relationship with a service provider, the method further comprising the step of providing the retrieved user information to the service provider.

19. A token-based centralized authentication and data retrieval system for providing access to a service provider to user information associated with a user'"'"'s relationship with the service provider, comprising:
- an authentication and data storage management system in network communication with a service provider agent and a user terminal, including;
  
  a user front end, the user front end configured to communicate with a user token through the user terminal for authenticating a user, the user token having stored thereon a user ID;
  
  a service provider front end, the service provider front end configured to communicate with the service provider agent for authenticating a service provider; and
  
  a data storage management engine in communication with the user front end, the service provider front end and a storage network having stored therein the user information, the data storage management engine configured to receive a resource identifier and retrieve the user information from the storage network using the resource identifier and provide the retrieved user information for communication to the service provider agent,wherein the resource identifier is derived by the authentication and data storage management system using a function having at least two data input elements, the at least two data input elements including the user ID and a service provider ID of the service provider, wherein the authentication and data storage management system is configured to issue a temporary transaction identifier to one of the user terminal and the service provider agent, the temporary transaction identifier being associated with an access or authentication request, to receive the temporary transaction identifier from the other of the user terminal and the service provider agent, and to perform the resource identifier deriving step after receiving the temporary transaction identifier at the authentication system.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The system of claim 19,wherein the storage network is a dispersed storage network comprising a plurality of storage nodes, wherein the user information is stored in the storage network in accordance with an information dispersal algorithm (IDA),wherein the data storage management engine includes a data collector configured to retrieve and reconstruct the user information from the plurality of storage nodes, wherein the reconstructed user information is provided to the service provider.
  - 21. The system of claim 19, wherein the the resource identifier is derived using a one way function.
  - 22. The system of claim 19,wherein the user front end is configured to issue a temporary transaction identifier to the user terminal, and the service provider front end is configured to receive the temporary transaction identifier from the service provide agent and authenticate the service provider after receipt of the temporary transaction identifier, orwherein the service provider front end is configured to issue the temporary transaction identifier to the service provider agent, and the user front end is configured to receive the temporary transaction identifier from the user terminal and authenticate the user after receipt of the temporary transaction identifier.
  - 23. The system of claim 19, wherein the storage network stores a plurality of separate sets of user information associated with the user, each set being associated with a respective user/service provider pair, wherein each set of user information is retrievable using a respective resource identifier derived using the user ID and a respective service provider ID.
  - 24. The system of claim 19, wherein the function combines the at least two data input elements into a data element and encrypts the data element with a public key of a public/private key encryption pair.

25. A system for providing secure data storage and access to stored data, comprising:
- a dispersed storage network comprising a plurality of storage nodes; and
  
  a data storage management system configured to receive user information and store the user information in the dispersed storage network in accordance with an information dispersal algorithm (IDA), wherein the user information is associated with a resource identifier for use in retrieving the user information from the dispersed storage network and wherein the resource identifier is derived from an output of a one way function using at least two data input elements, wherein the data storage management system includes a data collector for retrieving the user information from the dispersed storage network using the resource identifier by reconstructing the user information from the plurality of storage nodes,an authentication system configured to issue to one of a user terminal and a service provider agent a temporary transaction identifier, the temporary transaction identifier being associated with an access or authentication request, and receive the temporary transaction identifier from the other of the user terminal and the service provider agent,wherein the at least two data input elements comprise a user ID and a service provider ID,wherein the authentication system is further configured to receive the user ID and the service provider ID and derive the resource identifier after receiving the temporary transaction identifier.
- View Dependent Claims (26)
- - 26. The system of claim 25, wherein the user information is associated with a user'"'"'s relationship with a service provider, wherein the data storage management system is further configured to provide the retrieved user information for communication to a service provider agent.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
WwPass Corp.
Original Assignee
WwPass Corp.
Inventors
Vysogorets, Mikhail, Shablygin, Eugene
Primary Examiner(s)
Yalew, Fikremariam A

Application Number

US12/614,670
Publication Number

US 20100199089A1
Time in Patent Office

1,121 Days
Field of Search

None
US Class Current

713/168
CPC Class Codes

G06F 21/34 involving the use of extern...

Centralized authentication system with safe private data storage and method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

234 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Centralized authentication system with safe private data storage and method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

234 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links