[go: up one dir, main page]

WO2008020991B1 - Notarized federated identity management - Google Patents

Notarized federated identity management

Info

Publication number
WO2008020991B1
WO2008020991B1 PCT/US2007/017047 US2007017047W WO2008020991B1 WO 2008020991 B1 WO2008020991 B1 WO 2008020991B1 US 2007017047 W US2007017047 W US 2007017047W WO 2008020991 B1 WO2008020991 B1 WO 2008020991B1
Authority
WO
WIPO (PCT)
Prior art keywords
assertion
entity
user
notarized
receiving
Prior art date
Application number
PCT/US2007/017047
Other languages
French (fr)
Other versions
WO2008020991A3 (en
WO2008020991A2 (en
Inventor
Michael T Goodrich
Danfeng Yao
Roberto Tamassia
Original Assignee
Univ Brown
Michael T Goodrich
Danfeng Yao
Roberto Tamassia
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Univ Brown, Michael T Goodrich, Danfeng Yao, Roberto Tamassia filed Critical Univ Brown
Publication of WO2008020991A2 publication Critical patent/WO2008020991A2/en
Publication of WO2008020991A3 publication Critical patent/WO2008020991A3/en
Publication of WO2008020991B1 publication Critical patent/WO2008020991B1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/388Payment protocols; Details thereof using mutual authentication without cards, e.g. challenge-response
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/389Keeping log of transactions for guaranteeing non-repudiation of a transaction
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The exemplary embodiments of this invention provides notarized federated identity management that may have application like supporting efficient user authentication when providers are unknown to each other and/or for avoiding direct communication between identity providers and service providers, which provides improved privacy protection for users. In one non-limiting, exemplary embodiment, a method includes: receiving through a data communication network an assertion generated by a first entity; notarizing the assertion to obtain a corresponding notarized assertion; and in response to receiving from a second entity via the same or a different data communication; network a query corresponding to the assertion, returning the corresponding notarized assertion. The method further includes: determining a user private key for the user identity information; and returning the user private key to the user as data to be stored on a storage medium.

Claims

AMENDED CLAIMS received by the International Bureau on 06 May 2008 (06.05.2008)
What is claimed is:
1. A method comprising: receiving through a data communication network an assertion generated by a first entity; notarizing the assertion to obtain a corresponding notarized assertion; and in response to receiving from a second entity via the same or a different data communication network a query corresponding to the assertion, returning the corresponding notarized assertion.
2. A method as in claim 1, wherein the assertion comprises a signed blinded assertion.
3. A method as in any one of the preceding claims, further comprising: in response to receiving from the second entity via the same or a different data communication network the query corresponding to the assertion, returning a proof corresponding to the query.
4. A method as in any one of the preceding claims, wherein the method is executed within a secure transaction management system (STMS), wherein the notarized assertion comprises the assertion and a STMS proof, the method further comprising: obtaining, by the second entity, a signed STMS basis of a current time quantum from the first entity; verifying, by the second entity, the STMS proof using the signed STMS basis; and verifying, by the second entity, the signature of the STMS basis using a public key of the first entity.
5. A method as in any one of the preceding claims, further comprising: archiving signatures on requests and assertions;
37 encrypting the received assertions; and using an authenticated-dictionary technique to provide verification.
6. A method as in any one of the preceding claims, further comprising: encrypting the received assertion to obtain an encrypted assertion; and storing the encrypted assertion, wherein the notarized assertion comprises a proof indicating that the assertion is stored by a notary entity.
7. A method as in any one of the preceding claims, wherein the notarized assertion does not comprise an identification of the first entity.
8. A method as in any one of the preceding claims, wherein receiving the assertion is performed in response to the first entity receiving a signed request from the second entity comprising session identification information, the method further comprising: receiving via the data communication network the session identification information from the first entity, wherein the session identification information comprises a random value.
9. A method as in any one of the preceding claims, further comprising: determining a user private key for a corresponding user public key consisting of at least one piece of user identity information; and returning the user private key to the user as data to be stored on a storage medium.
10. A method as in claim 9, further comprising: authenticating a user by engaging in a challenge-response protocol utilizing the user public key; and querying a revocation entity to determine if the user public key has been revoked.
11. A computer program product comprising program instructions embodied on a tangible computer-readable medium, execution of the program instructions resulting in operations comprising: receiving through a data communication network an assertion generated by a first
38 comprises one of a user or a service provider.
17. A system as in any one of claims 14-16, further comprising a third entity configured to determine a user private key for a corresponding user public key consisting of at least one piece of user identity information and to return the user private key to the second entity as data to be stored on a storage medium.
18. A system as in any one of claims 14-17, wherein the first entity is further configured to authenticate the second entity by engaging in a challenge-response protocol utilizing the user public key and to query a revocation entity to determine if the user public key has been revoked.
19. A system as in any one of claims 14-18, wherein the notary component is further configured to encrypt the received assertion to obtain an encrypted assertion and to store the encrypted assertion, wherein the notarized assertion comprises a proof indicating that the assertion is stored by the notary component.
20. A system as in anyone of claims 14-19, wherein the notarized assertion does not comprise an identification of the first entity.
40
PCT/US2007/017047 2006-07-28 2007-07-30 Notarized federated identity management WO2008020991A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US83398306P 2006-07-28 2006-07-28
US60/833,983 2006-07-28

Publications (3)

Publication Number Publication Date
WO2008020991A2 WO2008020991A2 (en) 2008-02-21
WO2008020991A3 WO2008020991A3 (en) 2008-08-14
WO2008020991B1 true WO2008020991B1 (en) 2008-10-02

Family

ID=39082524

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2007/017047 WO2008020991A2 (en) 2006-07-28 2007-07-30 Notarized federated identity management

Country Status (1)

Country Link
WO (1) WO2008020991A2 (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6689754B1 (en) 1998-04-10 2004-02-10 G. D. Searle & Co. Heterocyclic glycyl β-alanine derivatives
US9465800B2 (en) 2013-10-01 2016-10-11 Trunomi Ltd. Systems and methods for sharing verified identity documents
ES2828701T3 (en) * 2013-10-22 2021-05-27 Eteam Software Pty Ltd System and method to certify information
US9569634B1 (en) 2013-12-16 2017-02-14 Amazon Technologies, Inc. Fine-grained structured data store access using federated identity management
CN106330442B (en) * 2015-06-17 2020-04-28 中兴通讯股份有限公司 Identity authentication method, device and system
US10778707B1 (en) 2016-05-12 2020-09-15 Amazon Technologies, Inc. Outlier detection for streaming data using locality sensitive hashing
CZ2019221A3 (en) * 2019-04-08 2020-06-17 Aducid S.R.O. A method of authenticating a user to a relying party in an electronic identity federation system
EP4248612B1 (en) 2020-11-18 2025-08-20 Visa International Service Association Integrating identity tokens and privacy-preserving identity attribute attestations into interactions
IL305646A (en) 2021-03-05 2023-11-01 Sepior Aps A method for authenticating a user towards a multi-node party
CN113468614B (en) * 2021-07-23 2024-10-18 成都卓拙科技有限公司 Bulletproofs-based Kerberos cross-domain authentication method

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7162635B2 (en) * 1995-01-17 2007-01-09 Eoriginal, Inc. System and method for electronic transmission, storage, and retrieval of authenticated electronic original documents
JP2002024177A (en) * 2000-07-10 2002-01-25 Asia Shoken Insatsu Kk Electronic notarization system and method
US20040093497A1 (en) * 2002-11-08 2004-05-13 Arangio Joseph P. Authentication and ownership system, method and database
US7346923B2 (en) * 2003-11-21 2008-03-18 International Business Machines Corporation Federated identity management within a distributed portal server

Also Published As

Publication number Publication date
WO2008020991A3 (en) 2008-08-14
WO2008020991A2 (en) 2008-02-21

Similar Documents

Publication Publication Date Title
US10979231B2 (en) Cross-chain authentication method, system, server, and computer-readable storage medium
WO2008020991B1 (en) Notarized federated identity management
CN107493273B (en) Identity authentication method, system and computer readable storage medium
JP6142026B2 (en) Secure time function for wireless devices
US8462955B2 (en) Key protectors based on online keys
US8509449B2 (en) Key protector for a storage volume using multiple keys
CN106452764B (en) A method and cryptographic system for automatic update of identification private key
US8848919B2 (en) Revocation status using other credentials
US20140112470A1 (en) Method and system for key generation, backup, and migration based on trusted computing
CN110537346A (en) Secure Decentralized Domain Name System
CN109474437B (en) A method for applying digital certificate based on biometric information
US9438583B2 (en) Certificate generation method, certificate generation apparatus, information processing apparatus, and communication device
WO2008026060B1 (en) Method, system and device for synchronizing between server and mobile device
CN114257376B (en) Digital certificate updating method, device, computer equipment and storage medium
US10439809B2 (en) Method and apparatus for managing application identifier
US11509468B2 (en) Method and system for verifying secret decryption capability of escrow agents
Rana et al. Secure and ubiquitous authenticated content distribution framework for IoT enabled DRM system
CN106992978B (en) Network security management method and server
US20140149738A1 (en) Method for accessing a service of a service provider by providing anonymously an attribute or a set of attributes of a user
JP6096327B2 (en) Method and system for preparing communication between a user device and a server
Alzomai et al. The mobile phone as a multi OTP device using trusted computing
Kim et al. A secure channel establishment method on a hardware security module
Tanwar et al. Design and Implementation of Database Security for Various type of Digital Signature
CN116962397A (en) Cross-domain resource access methods, devices, equipment and storage media
Verslype et al. Ubiquitous Privacy-Preserving Identity Managment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07836352

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase in:

Ref country code: DE

NENP Non-entry into the national phase in:

Ref country code: RU

122 Ep: pct application non-entry in european phase

Ref document number: 07836352

Country of ref document: EP

Kind code of ref document: A2