Privacy-preserving flexible anonymous-pseudonymous access
First Claim
1. A computer-implemented method of authorizing access for a user to a relying party (RP), mediated by an identity provider (IdP), comprising:
- receiving an indication of a first pseudonym registered by the user at the IdP in a previous session;
upon verification of possession by the user of the first pseudonym, generating, by a processor, a first representation of an access token to the user for accessing the RP, wherein the first representation of the access token selectively encodes a partial disclosure based on one or more characteristics of the user known to the IdP, the partial disclosure being a confirmation of at least some characteristics required for user access at the RP, the first representation of the access token being modifiable by the user to a second representation of the access token that is unlinkable to the first representation of the access token, and the second representation of the access token remaining as a valid access token for accessing the RP; and
providing the first representation of the access token to the user for accessing the RP.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are disclosed for privacy-preserving flexible user-selected anonymous and pseudonymous access at a relying party (RP), mediated by an identity provider (IdP). Anonymous access is unlinkable to any previous or future accesses of the user at the RP. Pseudonymous access allows the user to associate the access to a pseudonym previously registered at the RP. A pseudonym system is disclosed. The pseudonym system allows a large number of different and unlinkable pseudonyms to be generated using only a small number of secrets held by the user. The pseudonym system can generate tokens capable of including rich semantics in both a fixed format and a free format. The tokens can be used in obtaining from the IdP, confirmation of access privilege and/or of selective partial disclosure of user characteristics required for access at the RPs. The pseudonym system and associated protocols also support user-enabled linkability between pseudonyms.
-
Citations
42 Claims
-
1. A computer-implemented method of authorizing access for a user to a relying party (RP), mediated by an identity provider (IdP), comprising:
-
receiving an indication of a first pseudonym registered by the user at the IdP in a previous session; upon verification of possession by the user of the first pseudonym, generating, by a processor, a first representation of an access token to the user for accessing the RP, wherein the first representation of the access token selectively encodes a partial disclosure based on one or more characteristics of the user known to the IdP, the partial disclosure being a confirmation of at least some characteristics required for user access at the RP, the first representation of the access token being modifiable by the user to a second representation of the access token that is unlinkable to the first representation of the access token, and the second representation of the access token remaining as a valid access token for accessing the RP; and providing the first representation of the access token to the user for accessing the RP. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable storage medium encoded with a computer program, the program comprising instructions that when executed by one or more computers cause the one or more computers to perform operations comprising:
-
receiving an indication of a first pseudonym registered by the user at the IdP in a previous session; upon verification of possession by the user of the first pseudonym, generating, by a processor, a first representation of an access token to the user for accessing the RP, wherein the first representation of the access token selectively encodes a partial disclosure based on one or more characteristics of the user known to the IdP, the partial disclosure being a confirmation of at least some characteristics required for user access at the RP, the first representation of the access token being modifiable by the user to a second representation of the access token that is unlinkable to the first representation of the access token, and the second representation of the access token remaining as a valid access token for accessing the RP; and providing the first representation of the access token to the user for accessing the RP. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
one or more computers; and a computer-readable storage medium coupled to the one or more computers having instructions stored thereon which, when executed by the one or more computers, cause the one or more computers to perform operations comprising; receiving an indication of a first pseudonym registered by the user at the IdP in a previous session; upon verification of possession by the user of the first pseudonym, generating, by a processor, a first representation of an access token to the user for accessing the RP, wherein the first representation of the access token selectively encodes a partial disclosure based on one or more characteristics of the user known to the IdP, the partial disclosure being a confirmation of at least some characteristics required for user access at the RP, the first representation of the access token being modifiable by the user to a second representation of the access token that is unlinkable to the first representation of the access token, and the second representation of the access token remaining as a valid access token for accessing the RP; and providing the first representation of the access token to the user for accessing the RP. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A computer-implemented method of allowing access for a user to a relying party (RP), mediated by an identity provider (IdP), comprising:
-
receiving a request to access the RP from the user, the request comprising a second representation of an access token, the second representation of the access token being modifiable by the user based on a first representation of the access token issued to the user by the IdP, the second representation of the access token being unlinkable to the first representation of the access token by the RP and the IdP individually, and the second representation of the access token being unlinkable to the first representation of the access token by the RP and the IdP in collusion; if the first representation of the access token is publicly verifiable, verifying, by a processor, the second representation of the access token; and providing access to the user upon successful verification of the second representation of the access token; if the first representation of the access token is privately verifiable by the IdP, presenting the second representation of the access token to the IdP for verification; and providing access to the user if the IdP successfully verifies the second representation of the access token. - View Dependent Claims (23, 24, 25, 26, 27, 28)
-
-
29. A tangible computer-readable storage medium encoded with a computer program, the program comprising instructions that when executed by one or more computers cause the one or more computers to perform operations comprising:
-
receiving a request to access the RP from a user, the request comprising a second representation of an access token, the second representation of the access token being modifiable by the user based on a first representation of the access token issued to the user by the IdP, the second representation of the access token being unlinkable to the first representation of the access token by the RP and the IdP individually, and the second representation of the access token being unlinkable to the first representation of the access token by the RP and the IdP in collusion; if the first representation of the access token is publicly verifiable, verifying, by a processor, the second representation of the access token; and providing access to the user upon successful verification of the second representation of the access token; if the first representation of the access token is privately verifiable by the IdP, presenting the second representation of the access token to the IdP for verification; and providing access to the user if the IdP successfully verifies the second representation of the access token. - View Dependent Claims (30, 31, 32, 33, 34, 35)
-
-
36. A system comprising:
-
one or more computers; and a computer-readable storage medium coupled to the one or more computers having instructions stored thereon which, when executed by the one or more computers, cause the one or more computers to perform operations comprising; receiving a request to access the RP from a user, the request comprising a second representation of an access token, the second representation of the access token being modifiable by the user based on a first representation of the access token issued to the user by the IdP, the second representation of the access token being unlinkable to the first representation of the access token by the RP and the IdP individually, and the second representation of the access token being unlinkable to the first representation of the access token by the RP and the IdP in collusion; if the first representation of the access token is publicly verifiable, verifying, by a processor, the second representation of the access token; and providing access to the user upon successful verification of the second representation of the access token; if the first representation of the access token is privately verifiable by the IdP, presenting the second representation of the access token to the IdP for verification; and providing access to the user if the IdP successfully verifies the second representation of the access token. - View Dependent Claims (37, 38, 39, 40, 41, 42)
-
Specification