Credential management

摘要

In general, one aspect of the subject matter described in this specification can be embodied in methods that include receiving a registration request from a mobile device to create a credential management account for a user associated with the mobile device; generating a public key and a paired private key associated with the credential management account; transmitting a certificate signing request to a certificate authority system; receiving a digital certificate from the certificate authority system; receiving a request to retrieve a credential for the user from a credential issuing organization; transmitting a request for the credential for the user to the credential issuing organization system; receiving, from the credential issuing organization; transmitting the decrypted data to the credential issuing organization; receiving data for the credential for the user from the credential issuing organization system; and transmitting data encoding a portion of a badge representing the credential.

主权项

1. A method, performed by a credential management system, comprising:
receiving a registration request from a mobile device to create a credential management account for a user associated with the mobile device, the registration request including a unique identifier for the mobile device and a unique identifier for the user associated with the mobile device; generating a public key for the user and a paired private key for the credential management account for the user; storing, by the credential management system, the public key and the private key for the credential management account; transmitting a certificate signing request to a certificate authority system, the certificate signing request comprising the public key, the unique identifier for the mobile device, and the unique identifier for the user associated with the mobile device; receiving a digital certificate from the certificate authority system, the digital certificate comprising the public key and the unique identifier for the user; receiving, from the mobile device by the credential management system, the public key and the private key, a request to retrieve a credential for the user from a credential issuing organization system, the credential issuing organization system being different from the certificate authority system; in response to receiving the request to retrieve the credential for the user from the credential issuing organization system, transmitting a request for the credential for the user to the credential issuing organization system, the credential providing access to a physical location, the request for the credential for the user comprising the digital certificate; receiving, from the credential issuing organization system, a token identifying the credential, the token encrypted using the public key for the user; in response to receiving the encrypted token from the credential issuing organization system, decrypting the encrypted token using the private key for the user to yield decrypted data and transmitting the decrypted token to the credential issuing organization system; receiving data for the credential for the user from the credential issuing organization system; and transmitting data encoding a portion of a badge representing the credential for the user to the mobile device, wherein the badge is a graphical representation of the requested credential which is read by a sensor.