Patent Grant
8078880
This application is intended to advance the art disclosed in U.S. patent application entitled, “IDENTITY PROVIDERS IN DIGITAL IDENTITY SYSTEM,” Ser. No. 11/361,281 by inventors Cameron et al., and filed Feb. 24, 2006 and is hereby incorporated by reference.
Electronic communications are commonplace in modern society. Often there is a need for a communicating party to ensure the identity of another party. This may be a prerequisite to authorizing the communicating party to access restricted resources, such as transaction interface, device, data repository, and so forth. As encryption technology has improved, it has became increasingly difficult for an unauthorized party to intercept messages, however another communication vulnerability has came to light. This vulnerability is the result of a malicious party forging the identity of a legitimate party, wherein another party is lured into divulging sensitive information by believing the malicious party is the legitimate party.
A user may possess identifying information on a client, which when presented to a relying party provides convincing evidence that the client is who they claim to be. Having such information available on a client facilitates identification, however, a user may wish to be identified on more than one client, such as when a user selects a client from a pool of clients or transitions to another client. Recreating and/or regenerating the identifying information each time a requesting party selects a different client is a burdensome task.
This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope to the claimed subject matter.
A requesting party (hereinafter, “principal”) requests to be identified by a resource with at least one portion being secured (hereinafter, “relying party”) by providing the relying party with identifying information (hereinafter, “claims”). The request may be a preliminary component to the principal obtaining access to a restricted resource protected by the relying party. The relying party then evaluates the claims and, if appropriate, authorizes the principal's access to the secured resource, such as a transaction interface or data repository.
Porting claims from one client to another facilitates identification of the principal without requiring use of a specific client or the regeneration and/or reacquisition of the claims on a subsequent client. Porting the claims is accomplished by binding together a number of claims with associated metadata and backing data. Once bound, the claims, metadata, and backing data are sent to a receiving client.
The principal includes human users and electronic agents, such as software agents, devices, and hardware components. The relying party includes webpages, websites, devices, device portions, commands, command interfaces, or other software or hardware with a secured portion.
User 102A initially selects client 1 (104) to interface with and subsequently selects client 2 (106), thereby becoming user 102B. To facilitate identification of user 102B by relying party 112, without regeneration or reacquisition of personal identity information 110, client 1 (104) ports personal identity information 108 to client 2 (106) to become personal identity information 110. As a result, user 102B, now interfacing with client 2 (106), may be identified by relying party 112. Network 114 facilitates communication between relying party 112 and client 1 (104) and client 2 (106), optionally network 114 facilitates communication between client 1 (104) and client 2 (106). Network 114 is a communication medium and may be embodied in one or more of the following: bus, LAN, WAN, intranet, the Internet, telephone, wireless, and other systems operable to convey data signals between clients.
For purposes of illustration and discussion, and without limitation, three InfoCards, each with associated metadata, are illustrated and described. It will be understood by those skilled in the art that the number of InfoCards may vary without departing form the spirit and scope of the invention, provided at least one InfoCard is “self issued,” such as InfoCard 3 (218).
InfoCards are variously embodied and generally included identity information. More specifically, InfoCards represent a token issuance relationship between a principal, such as user 102, and a particular identity provider, such an identity providers 1, 2, 3 (202, 204, 206).
InfoCards 214, 216, 218 can include, among other information, the identity provider's issuance policy for security tokens, including the type of tokens that can be issued, the claim types for which it has authority, and/or the credentials to use for authentication when requesting security tokens. In example embodiments, InfoCards 214, 216, 218 are represented as XML documents that are issued by identity providers 202, 204, 206 and stored by principals, such as user 102, on a storage device such as within client 104.
A further discussion of claims and InfoCards is provided in co-pending patent application “IDENTITY PROVIDERS IN DIGITAL IDENTITY SYSTEM,” U.S. Ser. No. 11/361,281, which is expressly incorporated herein by reference.
The data within an InfoCard that provides identity data of the principal are known as claims. InfoCards 214, 216, 218, 226, 228, 230 preferably each contain at least one claim with identifying data. Claims are generated by an identity provider and provide a statement or assertion made about the principal related to the principal's identity or information about the principal such as, for example, name, address, social security number, age, etc. Claims may be an individual datum (e.g., “over 21=True”), a plurality of data (e.g., address of residence), and one or more claims may be bundled in a claim bundle.
It is understood that the use of the plural term “claims,” herein, shall not exclude claim bundles unless explicitly stated. It is also understood that the use of the singular term “claim,” herein, shall not exclude single claims within such a claim bundle unless explicitly stated. It is further understood that the use of the term “InfoCard” shall refer to a container operable to hold one or more claims within a structure, the structure optionally including additional data (e.g., “name of the InfoCard,” “creator of the InfoCard”). Additional background on claims is found in the incorporated Ser. No. 11/361,281 patent application (see above).
Claims may be missing, incomplete, or erroneous such as when claims are awaiting population by identity providers 1, 2, 3 (202, 204, 206), empty, or forged. Relying party 112 receiving less than all required claims, claims that are incomplete, or claims that are otherwise erroneous, would at least decline to identify user 102.
InfoCard 1 (214) contains claims provided by identity provider 1 (202). Identity provider 1 (202) accesses backing data 208 containing data utilized in the generation of claims for InfoCard 1 (214). Similarly, InfoCard 2 (216) contains claims provided by identity provider 2 (204). Identity provider 2 (204) accesses backing data 210 containing data utilized in the generation of claims for InfoCard 2 (216). In one embodiment, backing data 208, 210 contains claim source data (e.g., social security number, passport, frequent flier program number, data of birth, et cetera). In another embodiment, backing data 208, 210 contains cryptographic source data (e.g., keys, encryption methodology, seed values, et cetera).
Information provider 3 (206) generates the claims for InfoCard 3 (218). In one embodiment, information provider 3 (206) is user 102. In another embodiment, identity provider 3 (206) operates under the control of user 102 and accesses backing data 212, which is also under the control of user 102, to produce self-issued InfoCard 3 (218). In one embodiment, self-issued InfoCard 3 (218) contains claims that are difficult for non-user controlled identity providers, such as identity providers 1 and 2 (202, 204), to provide accurately. For example, a preferred email address or current phone number may not be accurately reflected in stale repositories, such as backing data 208, 210. In another embodiment, self-issued InfoCard 3 (218) contains claims that are deemed to be less sensitive thereby making interaction with third-party identity providers, such as identity providers 1 and 2 (202, 204), uneconomical. For example, when claim data is publicly available or when relying party 112 would prefer or require claims generated from data controlled by user 102, such as to obtain a future mailing address, user-controlled backing data 212 is utilized for generating InfoCard 3 (218) and self-generated claims therein. In yet another embodiment, backing data 212 contains cryptographic data (e.g., public keys, private keys, encryption methodology, seed values).
Metadata 1, 2, 3, (220, 222, 224) is logically appended to InfoCard 1, 2, 3 (214, 216, 218), respectively. In one embodiment, metadata 1, 2, 3, (220, 222, 224) provides implementation specific descriptors associated with their respective InfoCards 214, 216, 218. In another embodiment, at least one of metadata 1, 2, 3 (220, 222, 224) is a cryptographic descriptor (e.g., decryption methodology, parameters, time stamps) associated with at least one encrypted claim within a respective InfoCard 1, 2, 3 (214, 216, 218). In another embodiment, at least one of metadata 1, 2, 3, (220, 222, 224) is a claim descriptor (e.g., name, purpose, source, time stamp) associated with at least one claim within a respective InfoCard 1, 2, 3 (214, 216, 218).
User 102A is able to request identification from relying party 112 by providing claims of personal identity information 108 located on client 1 (104). When user 102A wishes to be identified by relying party 112 via client 2 (106), personal identity information 108 is ported to client 2 (106). Accordingly, personal identity information (108) on client 1 (104) is bound and sent to client 2 (106) to become personal identity information 110, comprising InfoCards 1, 2, 3 (226, 228, 230), backing data 238, and metadata 1, 2, 3 (220, 222, 224). It is understood that “sending,” refers to the copying of data to a destination and optionally deleting the data from the source, as well as, physically moving a medium with the data thereon. Binding personal identity information 108 ties together infoCards 1, 2, 3 (214, 216, 218), metadata 1, 2, 3 (220, 222, 224), and backing data 212 and is more fully discussed in the embodiments that follow.
In one embodiment, binding operation 302 incorporates a container to bind at least one claim, metadata, and backing data. The container is variously embodied and includes object-oriented objects, data structures, database records, database tables, files, and other structures operable to contain claims, metadata, and backing data. In further embodiments, the container is embodied within at least one claim, metadata, and/or backing data. In another embodiment, the container is distinct from the claims, metadata, and backing data.
In one embodiment, the container encapsulates the bound personal identity information. In a further embodiment, the encapsulated bound personal identity information is a copy of the at least one claim, metadata, and backing data. In another embodiment, the container binds by maintaining links (e.g., addresses, pointers, file names, URIs, URLs, et cetera) to the bound personal identity information.
Method 300 then proceeds to sending operation 304. According to an embodiment, sending operation 304 sends the bound personal identity information, bound in operation 302, to a receiving client, such as client 106 of
In yet another embodiment, sending operation 304 sends the bound personal identity information to receiving client which is a medium for data storage. In another embodiment, sending operation 304 is the physical moving of a medium, with the bound personal identity information encoded therein, from an originating client to the receiving client. The medium then being physically and communicatively attached to the receiving client.
In another embodiment, the personal identity information is standardized prior to sending 304. Standardization is variously embodied to include standardization for language, computing platform (e.g., operating system), and personal identity information format standards. In another embodiment, the personal identity data is encrypted prior to sending 304.
In a further embodiment, sending operation 304 traverses a container having links to portions of the bound personal identity information and then sends the bound personal identity information identified by the links.
Receiving operation 502 is variously embodied and includes receiving an email, file, instant message, inter-process message, data packet(s), or other communication containing bound personal identity information. In another embodiment, receiving operation is the communicative and physical attachment of a medium with the bound personal identity information stored thereon.
In another embodiment, receiving operation 502 is associated with the logical and physical attachment of removable storage to the receiving client. The removable storage medium having bound personal identity information encoded thereon.
In a further embodiment, receiving operation 502, upon successfully receiving the bound personal identity information, signals the originating client of the receipt of the bound personal identity information.
Method 500 then continues to unbinding operation 504. Unbinding operation 504 extracts at least one claim and, preferably, extracts all claims from the bound personal identity information, metadata, and backing data.
The received bound personal identity information may require additional processing to be usable by the receiving client. Accordingly, in one embodiment, receiving operation 502 further comprises decrypting the bound personal identity information. In a further embodiment, decryption occurs after unbinding operation 502, wherein at least one of the 1) at least one claim, 2) metadata associated with the at least one claim, and 3) backing data associated with the at least one claim is encrypted.
In another embodiment, method 500 further comprises locally storing the personal identity information.
Method or step embodiment of the invention are optionally embodied as computer-readable mediums having computer-executable instructions for performing the said methods or steps.
Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Memory 604, removable storage 608 and non-removable storage 610 are all examples of computer storage media. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by system 600. Any such computer storage media may be part of system 600.
System 600 may also contain communications connection(s) 612 that allow the system to communicate with other devices. Communications connection(s) 612 is an example of communication media. Communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. The term “modulated data signal” means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communication media includes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, RF, infrared and other wireless media. The term computer readable media as used herein includes both storage media and communication media.
System 600 may also have input device(s) 614 such as keyboard, mouse, pen, voice input device, touch input device, etc. Output device(s) 616 such as a display, speakers, printer, etc. may also be included. All these devices are well know in the art and need not be discussed at length here.
It should be noted that the specific details described are not intended to limit the scope of the invention and are provided for illustrative purposes only.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5442704 | Holtey | Aug 1995 | A |
| 5657388 | Weiss | Aug 1997 | A |
| 5659616 | Sudia | Aug 1997 | A |
| 5678015 | Goh | Oct 1997 | A |
| 5887131 | Angelo | Mar 1999 | A |
| 5907838 | Miyasaka et al. | May 1999 | A |
| 5995625 | Sudia et al. | Nov 1999 | A |
| 6005939 | Fortenberry | Dec 1999 | A |
| 6016476 | Maes et al. | Jan 2000 | A |
| 6161125 | Traversat | Dec 2000 | A |
| 6442532 | Kawan | Aug 2002 | B1 |
| 6526434 | Carlson et al. | Feb 2003 | B1 |
| 6553494 | Glass | Apr 2003 | B1 |
| 6754829 | Butt et al. | Jun 2004 | B1 |
| 6785810 | Lirov | Aug 2004 | B1 |
| 6791583 | Tang et al. | Sep 2004 | B2 |
| 6802002 | Corella | Oct 2004 | B1 |
| 6810480 | Parker | Oct 2004 | B1 |
| 6817521 | Matada | Nov 2004 | B1 |
| 6836765 | Sussman | Dec 2004 | B1 |
| 6839690 | Foth | Jan 2005 | B1 |
| 6856963 | Hurwitz | Feb 2005 | B1 |
| 6879769 | Kawai | Apr 2005 | B1 |
| 6934841 | Boyles | Aug 2005 | B2 |
| 6934913 | Le | Aug 2005 | B2 |
| 6955295 | Hosogoe | Oct 2005 | B2 |
| 6957338 | Sumino | Oct 2005 | B1 |
| 6981043 | Botz et al. | Dec 2005 | B2 |
| 6993659 | Milgramm | Jan 2006 | B2 |
| 7000108 | Yarsa et al. | Feb 2006 | B1 |
| 7003495 | Burger et al. | Feb 2006 | B1 |
| 7007298 | Shinzaki | Feb 2006 | B1 |
| 7020474 | Scott | Mar 2006 | B2 |
| 7020778 | Miettinen | Mar 2006 | B1 |
| 7047418 | Ferren | May 2006 | B1 |
| 7069447 | Corder | Jun 2006 | B1 |
| 7083095 | Hendrick | Aug 2006 | B2 |
| 7103773 | Erickson | Sep 2006 | B2 |
| 7131583 | Jaros et al. | Nov 2006 | B2 |
| 7146159 | Zhu | Dec 2006 | B1 |
| 7162475 | Ackerman | Jan 2007 | B2 |
| 7162581 | Newman et al. | Jan 2007 | B2 |
| 7206432 | Iwamura | Apr 2007 | B2 |
| 7231371 | Cantini et al. | Jun 2007 | B1 |
| 7266705 | Peck et al. | Sep 2007 | B2 |
| 7356837 | Asghari-Kamrani et al. | Apr 2008 | B2 |
| 7409543 | Bjorn | Aug 2008 | B1 |
| 7424457 | Khaishgi | Sep 2008 | B2 |
| 7451921 | Dowling et al. | Nov 2008 | B2 |
| 7475429 | Carro | Jan 2009 | B2 |
| 7680819 | Mellmer | Mar 2010 | B1 |
| 7788499 | Cameron et al. | Aug 2010 | B2 |
| 20010034746 | Tsakiris | Oct 2001 | A1 |
| 20010054148 | Hoornaert | Dec 2001 | A1 |
| 20020010862 | Ebara | Jan 2002 | A1 |
| 20020026397 | Ieta et al. | Feb 2002 | A1 |
| 20020046041 | Lang | Apr 2002 | A1 |
| 20020103801 | Lyons | Aug 2002 | A1 |
| 20020124115 | McLean | Sep 2002 | A1 |
| 20020133535 | Lucovsky | Sep 2002 | A1 |
| 20020175916 | Nichols | Nov 2002 | A1 |
| 20020184508 | Bialick et al. | Dec 2002 | A1 |
| 20020194139 | Kianian | Dec 2002 | A1 |
| 20030005305 | Brickell | Jan 2003 | A1 |
| 20030018585 | Butler et al. | Jan 2003 | A1 |
| 20030046575 | Bhogal | Mar 2003 | A1 |
| 20030046591 | Ashghari-Kamrani | Mar 2003 | A1 |
| 20030048904 | Wang et al. | Mar 2003 | A1 |
| 20030074660 | McCormack | Apr 2003 | A1 |
| 20030135500 | Chevrel et al. | Jul 2003 | A1 |
| 20030149781 | Yared | Aug 2003 | A1 |
| 20030172090 | Asunmaa | Sep 2003 | A1 |
| 20030177356 | Abela | Sep 2003 | A1 |
| 20030182421 | Faybishenko | Sep 2003 | A1 |
| 20030188019 | Wesley | Oct 2003 | A1 |
| 20030200175 | Wang | Oct 2003 | A1 |
| 20030200217 | Ackerman | Oct 2003 | A1 |
| 20030216136 | McBrearty et al. | Nov 2003 | A1 |
| 20030229783 | Hardt | Dec 2003 | A1 |
| 20030233580 | Keeler et al. | Dec 2003 | A1 |
| 20040010720 | Singh | Jan 2004 | A1 |
| 20040054913 | West | Mar 2004 | A1 |
| 20040064708 | Angelo et al. | Apr 2004 | A1 |
| 20040103040 | Ronaghi | May 2004 | A1 |
| 20040103324 | Band | May 2004 | A1 |
| 20040111520 | Krantz | Jun 2004 | A1 |
| 20040114571 | Timmins | Jun 2004 | A1 |
| 20040122926 | Moore et al. | Jun 2004 | A1 |
| 20040162786 | Cross | Aug 2004 | A1 |
| 20040205243 | Hurvig et al. | Oct 2004 | A1 |
| 20040230831 | Spelman | Nov 2004 | A1 |
| 20040250084 | Hamid | Dec 2004 | A1 |
| 20050044423 | Mellmer | Feb 2005 | A1 |
| 20050050363 | Naka et al. | Mar 2005 | A1 |
| 20050059494 | Kammler | Mar 2005 | A1 |
| 20050065810 | Bouron | Mar 2005 | A1 |
| 20050074028 | Wugofski | Apr 2005 | A1 |
| 20050091264 | Cameron et al. | Apr 2005 | A1 |
| 20050091290 | Cameron et al. | Apr 2005 | A1 |
| 20050091492 | Benson | Apr 2005 | A1 |
| 20050091495 | Cameron et al. | Apr 2005 | A1 |
| 20050108575 | Yung | May 2005 | A1 |
| 20050114447 | Cameron et al. | May 2005 | A1 |
| 20050122926 | Cromer | Jun 2005 | A1 |
| 20050124320 | Ernst | Jun 2005 | A1 |
| 20050125677 | Michaelides | Jun 2005 | A1 |
| 20050125678 | Shaw | Jun 2005 | A1 |
| 20050149383 | Zacharia | Jul 2005 | A1 |
| 20050152544 | Kizawa | Jul 2005 | A1 |
| 20050172229 | Remo et al. | Aug 2005 | A1 |
| 20050182741 | Grossman | Aug 2005 | A1 |
| 20050183566 | Nash | Aug 2005 | A1 |
| 20050216405 | So | Sep 2005 | A1 |
| 20050283443 | Hardt | Dec 2005 | A1 |
| 20060005020 | Hardt | Jan 2006 | A1 |
| 20060005263 | Hardt | Jan 2006 | A1 |
| 20060010007 | Denman | Jan 2006 | A1 |
| 20060043164 | Dowling et al. | Mar 2006 | A1 |
| 20060080702 | Diez et al. | Apr 2006 | A1 |
| 20060104486 | Le Saint | May 2006 | A1 |
| 20060129509 | Gaines | Jun 2006 | A1 |
| 20060165060 | Dua | Jul 2006 | A1 |
| 20060174323 | Brown et al. | Aug 2006 | A1 |
| 20060174350 | Roever | Aug 2006 | A1 |
| 20060200866 | Cameron | Sep 2006 | A1 |
| 20060206723 | Gil | Sep 2006 | A1 |
| 20060206724 | Schaufele | Sep 2006 | A1 |
| 20060224611 | Dunn | Oct 2006 | A1 |
| 20060253582 | Dixon et al. | Nov 2006 | A1 |
| 20060282670 | Karchov | Dec 2006 | A1 |
| 20070011100 | Libin et al. | Jan 2007 | A1 |
| 20070124269 | Rutter et al. | May 2007 | A1 |
| 20070124596 | Chevrel | May 2007 | A1 |
| 20070143835 | Cameron | Jun 2007 | A1 |
| 20070194884 | Didier et al. | Aug 2007 | A1 |
| 20070203852 | Cameron | Aug 2007 | A1 |
| 20070204168 | Cameron | Aug 2007 | A1 |
| 20070204325 | Cameron | Aug 2007 | A1 |
| 20070300183 | Anttila et al. | Dec 2007 | A1 |
| 20080028215 | Nanda | Jan 2008 | A1 |
| 20080034412 | Wahl | Feb 2008 | A1 |
| 20080103972 | Lanc | May 2008 | A1 |
| 20080178271 | Gajjala | Jul 2008 | A1 |
| 20080178272 | Gajjala | Jul 2008 | A1 |
| 20080184339 | Shewchuk | Jul 2008 | A1 |
| 20080289020 | Cameron | Nov 2008 | A1 |
| 20100227680 | Leopold et al. | Sep 2010 | A1 |
| 20100287369 | Monden | Nov 2010 | A1 |
| Number | Date | Country |
|---|---|---|
| 1456983 | Nov 2003 | CN |
| 1589446 | Mar 2005 | CN |
| 1794284 | Jun 2006 | CN |
| 0 767 418 | Apr 1997 | EP |
| 0 944 218 | Sep 1999 | EP |
| 1 471 685 | Oct 2004 | EP |
| 1 729 480 | Dec 2006 | EP |
| 63-242751 | Oct 1988 | JP |
| 2001-344205 | Dec 2001 | JP |
| 2005-38095 | Feb 2005 | JP |
| 2005-518039 | Jun 2005 | JP |
| 2006-524847 | Nov 2006 | JP |
| 2010-517140 | May 2010 | JP |
| 2010-517176 | May 2010 | JP |
| 1020010110084 | Dec 2001 | KR |
| 1020020096442 | Dec 2002 | KR |
| 1020040048115 | Jul 2004 | KR |
| WO 9949614 | Sep 1999 | WO |
| WO 0129641 | Apr 2001 | WO |
| WO 03-053123 | Jul 2003 | WO |
| WO 2004036348 | Apr 2004 | WO |
| WO 2004044705 | May 2004 | WO |
| WO 2004057796 | Jul 2004 | WO |
| WO 2007097844 | Aug 2007 | WO |
| WO 2008088944 | Jul 2008 | WO |
| WO 2008088945 | Jul 2008 | WO |
| WO 2008144204 | Nov 2008 | WO |
| Number | Date | Country | |
|---|---|---|---|
| 20080028215 A1 | Jan 2008 | US |
