System and method for identity management

摘要

A computer-implemented method includes: receiving a request for associating a first index of privileges and permissions with an identity token, the first index specifically encoding the privileges and permissions of a first subscriber in accessing transactional data of the requester, the request including the identity token that identifies a person and has been issued to the requester by a trusted entity through a vetting process; in response to determining that the identity token is valid and verifying that the requester is the person identified by the identity token, associating the first index of privileges and permissions of the first subscriber with the identity token; and providing the identity token associated with the first index of privileges and permissions of the first subscriber, the identity token enabling the first subscriber to access transactional data of the requester in accordance with the first index of privileges and permissions.

主权项

1. A computer-implemented method for generating a token set that computationally associate permissions and privileges with a digital foundation identity token, the method comprising:
receiving, from a requester via a communications network and at a computing device of a certification authority, a first request for computationally associating a first index of privileges and permissions with a digital foundation identity token, the first index specifically encoding the privileges and permissions of a first third-party subscriber to access transactional data of the requester, the request including the digital foundation identity token that identifies a person and has been issued to the requester by a trusted entity through a vetting process; extracting, from the first request, the digital foundation identity token; determining that the extracted digital-foundation identity token is valid; verifying that the requester is the person identified by the digital foundation identity token based on a biometric of the requester matching information from the extracted digital foundation identity token; in response to determining that the digital foundation identity token is valid and verifying that the requester is the person identified by the digital foundation identity token, computationally associating the first index of privileges and permissions of the first third-party subscriber with the digital foundation identity token such that the first index of privileges and permissions of the first third-party subscriber becomes detachably associated with the digital foundation identity token; and returning, to the requester via the communications network, the digital foundation identity token computationally associated with the first index of privileges and permissions of the first third-party subscriber; causing transactional data of the requester to become accessible to the first third-party subscriber in accordance with the first index of privileges and permissions when the requester issues a token—based on the digital foundation identity token computationally associated with the first index of privileges and permissions of the first third-party subscriber—to the first third-party subscriber to grant the first third-party subscriber access to transactional data of the requester, the requester being different from the first third-party subscriber.