Privacy-preserving flexible anonymous-pseudonymous access

US 9,154,306 B2
Filed: 06/22/2012
Issued: 10/06/2015
Est. Priority Date: 06/23/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of authorizing access for a user to a relying party (RP), mediated by an identity provider (IdP), comprising:

receiving an indication of a first pseudonym registered by the user at the IdP in a previous session;

upon verification of possession by the user of the first pseudonym, generating, by a processor, a first representation of an access token to the user for accessing the RP, wherein the first representation of the access token selectively encodes a partial disclosure based on one or more characteristics of the user known to the IdP, the partial disclosure being a confirmation of at least some characteristics required for user access at the RP, the first representation of the access token being modifiable by the user to a second representation of the access token that is unlinkable to the first representation of the access token, and the second representation of the access token remaining as a valid access token for accessing the RP; and

providing the first representation of the access token to the user for accessing the RP.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are disclosed for privacy-preserving flexible user-selected anonymous and pseudonymous access at a relying party (RP), mediated by an identity provider (IdP). Anonymous access is unlinkable to any previous or future accesses of the user at the RP. Pseudonymous access allows the user to associate the access to a pseudonym previously registered at the RP. A pseudonym system is disclosed. The pseudonym system allows a large number of different and unlinkable pseudonyms to be generated using only a small number of secrets held by the user. The pseudonym system can generate tokens capable of including rich semantics in both a fixed format and a free format. The tokens can be used in obtaining from the IdP, confirmation of access privilege and/or of selective partial disclosure of user characteristics required for access at the RPs. The pseudonym system and associated protocols also support user-enabled linkability between pseudonyms.

Citations

42 Claims

1. A computer-implemented method of authorizing access for a user to a relying party (RP), mediated by an identity provider (IdP), comprising:
- receiving an indication of a first pseudonym registered by the user at the IdP in a previous session;
  
  upon verification of possession by the user of the first pseudonym, generating, by a processor, a first representation of an access token to the user for accessing the RP, wherein the first representation of the access token selectively encodes a partial disclosure based on one or more characteristics of the user known to the IdP, the partial disclosure being a confirmation of at least some characteristics required for user access at the RP, the first representation of the access token being modifiable by the user to a second representation of the access token that is unlinkable to the first representation of the access token, and the second representation of the access token remaining as a valid access token for accessing the RP; and
  
  providing the first representation of the access token to the user for accessing the RP.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - receiving a modified token from the user, wherein the modified token is generated by a cryptographic transformation from an original token, the original token is generated from a pre-image, and the pre-image supports both fixed-format and free-format information structures and includes information that is revealed to the RP but not to the IdP.
  - 3. The method of claim 1, further comprising:
    - receiving the second representation of the access token, wherein the second representation of the access token is derived from the first representation of the access token by the user; and
      
      verifying the second representation of the access token without an ability to link the second representation of the access token to the first representation of the access token.
  - 4. The method of claim 1, wherein the first representation and the second representation of the access token are publicly verifiable, and the verification of the second representation of the access token is performed by the RP.
  - 5. The method of claim 1, wherein the first representation and the second representation of the access token are privately verifiable by the IdP, and the verification of the second representation of the access token is performed by the IdP.
  - 6. The method of claim 1, wherein the first representation of the access token includes a confirmation of at least some user characteristics to access the RP.
  - 7. The method of claim 6, wherein the IdP is an authority with information regarding user characteristics, and the method further comprises checking access requirements of the RP and verifying the user characteristics for access eligibility at the RP.

8. A non-transitory computer-readable storage medium encoded with a computer program, the program comprising instructions that when executed by one or more computers cause the one or more computers to perform operations comprising:
- receiving an indication of a first pseudonym registered by the user at the IdP in a previous session;
  
  upon verification of possession by the user of the first pseudonym, generating, by a processor, a first representation of an access token to the user for accessing the RP, wherein the first representation of the access token selectively encodes a partial disclosure based on one or more characteristics of the user known to the IdP, the partial disclosure being a confirmation of at least some characteristics required for user access at the RP, the first representation of the access token being modifiable by the user to a second representation of the access token that is unlinkable to the first representation of the access token, and the second representation of the access token remaining as a valid access token for accessing the RP; and
  
  providing the first representation of the access token to the user for accessing the RP.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory computer-readable storage medium of claim 8, wherein the operations further comprise:
    - receiving a modified token from the user, wherein the modified token is generated by a cryptographic transformation from an original token, the original token is generated from a pre-image, and the pre-image supports both fixed-format and free-format information structures and includes information that is revealed to the RP but not to the IdP.
  - 10. The non-transitory computer-readable storage medium of claim 8, wherein the operations further comprise:
    - receiving the second representation of the access token, wherein the second representation of the access token is derived from the first representation of the access token by the user; and
      
      verifying the second representation of the access token without an ability to link the second representation of the access token to the first representation of the access token.
  - 11. The non-transitory computer-readable storage medium of claim 8, wherein the first representation and the second representation of the access token are publicly verifiable, and the verification of the second representation of the access token is performed by the RP.
  - 12. The non-transitory computer-readable storage medium of claim 8, wherein the first representation and the second representation of the access token are privately verifiable by the IdP, and the verification of the second representation of the access token is performed by the IdP.
  - 13. The non-transitory computer-readable storage medium of claim 8, wherein the first representation of the access token includes a confirmation of at least some user characteristics to access the RP.
  - 14. The non-transitory computer-readable storage medium of claim 13, wherein the IdP is an authority with information regarding user characteristics, and the method further comprises checking access requirements of the RP and verifying the user characteristics for access eligibility at the RP.

15. A system comprising:
- one or more computers; and
  
  a computer-readable storage medium coupled to the one or more computers having instructions stored thereon which, when executed by the one or more computers, cause the one or more computers to perform operations comprising;
  
  receiving an indication of a first pseudonym registered by the user at the IdP in a previous session;
  
  upon verification of possession by the user of the first pseudonym, generating, by a processor, a first representation of an access token to the user for accessing the RP, wherein the first representation of the access token selectively encodes a partial disclosure based on one or more characteristics of the user known to the IdP, the partial disclosure being a confirmation of at least some characteristics required for user access at the RP, the first representation of the access token being modifiable by the user to a second representation of the access token that is unlinkable to the first representation of the access token, and the second representation of the access token remaining as a valid access token for accessing the RP; and
  
  providing the first representation of the access token to the user for accessing the RP.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The system of claim 15, wherein the operations further comprise:
    - receiving a modified token from the user, wherein the modified token is generated by a cryptographic transformation from an original token, the original token is generated from a pre-image, and the pre-image supports both fixed-format and free-format information structures and includes information that is revealed to the RP but not to the IdP.
  - 17. The system of claim 15, wherein the operations further comprise:
    - receiving the second representation of the access token, wherein the second representation of the access token is derived from the first representation of the access token by the user; and
      
      verifying the second representation of the access token without an ability to link the second representation of the access token to the first representation of the access token.
  - 18. The system of claim 15, wherein the first representation and the second representation of the access token are publicly verifiable, and the verification of the second representation of the access token is performed by the RP.
  - 19. The system of claim 15, wherein the first representation and the second representation of the access token are privately verifiable by the IdP, and the verification of the second representation of the access token is performed by the IdP.
  - 20. The system of claim 15, wherein the first representation of the access token includes a confirmation of at least some user characteristics to access the RP.
  - 21. The system of claim 20, wherein the IdP is an authority with information regarding user characteristics, and the method further comprises checking access requirements of the RP and verifying the user characteristics for access eligibility at the RP.

22. A computer-implemented method of allowing access for a user to a relying party (RP), mediated by an identity provider (IdP), comprising:
- receiving a request to access the RP from the user, the request comprising a second representation of an access token, the second representation of the access token being modifiable by the user based on a first representation of the access token issued to the user by the IdP, the second representation of the access token being unlinkable to the first representation of the access token by the RP and the IdP individually, and the second representation of the access token being unlinkable to the first representation of the access token by the RP and the IdP in collusion;
  
  if the first representation of the access token is publicly verifiable,verifying, by a processor, the second representation of the access token; and
  
  providing access to the user upon successful verification of the second representation of the access token;
  
  if the first representation of the access token is privately verifiable by the IdP,presenting the second representation of the access token to the IdP for verification; and
  
  providing access to the user if the IdP successfully verifies the second representation of the access token.
- View Dependent Claims (23, 24, 25, 26, 27, 28)
- - 23. The method of claim 22, wherein the request is for anonymous access at the RP, and the anonymous access is unlinkable to any previous and future access at the RP.
  - 24. The method of claim 22, wherein the request is for pseudonymous access at the RP, and the pseudonymous access is linkable to a pseudonym previously registered at the RP.
  - 25. The method of claim 24, further comprising:
    - receiving proof of possession of the pseudonym previously registered at the RP, wherein the proof is made by a zero-knowledge proof, by signing, or by decrypting a challenge.
  - 26. The method of claim 22, wherein the request further comprises a pre-image, the pre-image supports both fixed-format and free-format information structures, the pre-image includes user-specific information that is revealed to the RP but not to the IdP, and the first representation of the access token is generated from the pre-image through cryptographic transformations by the user and the IdP.
  - 27. The method of claim 26, wherein the RP is one of a plurality of RPs, the IdP is one of a plurality of IdPs, and the pre-image encodes information that is specific to the RP and the IdP.
  - 28. The method of claim 22, wherein the information token selectively encodes a partial disclosure based on one or more characteristics of the user known to the IdP, the partial disclosure being a confirmation of at least some characteristics required for user access at the RP.

29. A tangible computer-readable storage medium encoded with a computer program, the program comprising instructions that when executed by one or more computers cause the one or more computers to perform operations comprising:
- receiving a request to access the RP from a user, the request comprising a second representation of an access token, the second representation of the access token being modifiable by the user based on a first representation of the access token issued to the user by the IdP, the second representation of the access token being unlinkable to the first representation of the access token by the RP and the IdP individually, and the second representation of the access token being unlinkable to the first representation of the access token by the RP and the IdP in collusion;
  
  if the first representation of the access token is publicly verifiable,verifying, by a processor, the second representation of the access token; and
  
  providing access to the user upon successful verification of the second representation of the access token;
  
  if the first representation of the access token is privately verifiable by the IdP,presenting the second representation of the access token to the IdP for verification; and
  
  providing access to the user if the IdP successfully verifies the second representation of the access token.
- View Dependent Claims (30, 31, 32, 33, 34, 35)
- - 30. The computer-readable storage medium of claim 29, wherein the request is for anonymous access at the RP, and the anonymous access is unlinkable to any previous and future access at the RP.
  - 31. The computer-readable storage medium of claim 29, wherein the request is for pseudonymous access at the RP, and the pseudonymous access is linkable to a pseudonym previously registered at the RP.
  - 32. The computer-readable storage medium of claim 31, wherein the operations further comprise:
    - receiving proof of possession of the pseudonym previously registered at the RP, wherein the proof is made by a zero-knowledge proof, by signing, or by decrypting a challenge.
  - 33. The computer-readable storage medium of claim 29, wherein the request further comprises a pre-image, the pre-image supports both fixed-format and free-format information structures, the pre-image includes user-specific information that is revealed to the RP but not to the IdP, and the first representation of the access token is generated from the pre-image through cryptographic transformations by the user and the IdP.
  - 34. The computer-readable storage medium of claim 33, wherein the RP is one of a plurality of RPs, the IdP is one of a plurality of IdPs, and the pre-image encodes information that is specific to the RP and the IdP.
  - 35. The computer-readable storage medium of claim 29, wherein the information token selectively encodes a partial disclosure based on one or more characteristics of the user known to the IdP, the partial disclosure being a confirmation of at least some characteristics required for user access at the RP.

36. A system comprising:
- one or more computers; and
  
  a computer-readable storage medium coupled to the one or more computers having instructions stored thereon which, when executed by the one or more computers, cause the one or more computers to perform operations comprising;
  
  receiving a request to access the RP from a user, the request comprising a second representation of an access token, the second representation of the access token being modifiable by the user based on a first representation of the access token issued to the user by the IdP, the second representation of the access token being unlinkable to the first representation of the access token by the RP and the IdP individually, and the second representation of the access token being unlinkable to the first representation of the access token by the RP and the IdP in collusion;
  
  if the first representation of the access token is publicly verifiable,verifying, by a processor, the second representation of the access token; and
  
  providing access to the user upon successful verification of the second representation of the access token;
  
  if the first representation of the access token is privately verifiable by the IdP,presenting the second representation of the access token to the IdP for verification; and
  
  providing access to the user if the IdP successfully verifies the second representation of the access token.
- View Dependent Claims (37, 38, 39, 40, 41, 42)
- - 37. The system of claim 36, wherein the request is for anonymous access at the RP, and the anonymous access is unlinkable to any previous and future access at the RP.
  - 38. The system of claim 36, wherein the request is for pseudonymous access at the RP, and the pseudonymous access is linkable to a pseudonym previously registered at the RP.
  - 39. The system of claim 38, wherein the operations further comprise:
    - receiving proof of possession of the pseudonym previously registered at the RP, wherein the proof is made by a zero-knowledge proof, by signing, or by decrypting a challenge.
  - 40. The system of claim 36, wherein the request further comprises a pre-image, the pre-image supports both fixed-format and free-format information structures, the pre-image includes user-specific information that is revealed to the RP but not to the IdP, and the first representation of the access token is generated from the pre-image through cryptographic transformations by the user and the IdP.
  - 41. The system of claim 40, wherein the RP is one of a plurality of RPs, the IdP is one of a plurality of IdPs, and the pre-image encodes information that is specific to the RP and the IdP.
  - 42. The system of claim 36, wherein the information token selectively encodes a partial disclosure based on one or more characteristics of the user known to the IdP, the partial disclosure being a confirmation of at least some characteristics required for user access at the RP.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Laurie, Bennet, Moti Yung, Marcel M.
Primary Examiner(s)
MOORTHY, ARAVIND K

Application Number

US13/530,438
Publication Number

US 20120265997A1
Time in Patent Office

1,201 Days
Field of Search

713/185, 713/151, 713/155, 713/161, 713/165, 713/168, 726/5, 726/6, 726/26, 709/217, 709/224, 709/225
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

H04L 2209/42   Anonymization, e.g. involvi...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/60   Digital content management,...

H04L 63/0421   Anonymous communication, i....

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 9/3013   involving the discrete loga...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3218   using proof of knowledge, e...

H04L 9/3257   using blind signatures

Privacy-preserving flexible anonymous-pseudonymous access

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Privacy-preserving flexible anonymous-pseudonymous access

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links