| 主权项 |
1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
receive, at a privacy broker, a brokered authentication request corresponding to an interaction between a first user and a first entity; identify, at the privacy broker, an identity provider corresponding to the first user, wherein the identity provider stores user data identifying the first user and at least a portion of the user data is to be hidden from the privacy broker and the first entity; receive confirmation, at the privacy broker, that the identity provider authenticated the first user to a user profile maintained by the identity provider and associated with the user data; generate, at the privacy broker, a unique persistent user identifier for the first user using a joint hash function, wherein inputs to the joint hash function comprise a first input from the privacy broker and a second input from the identity provider, the user identifier is unique, within a system, to a pairing of the first user with the first entity, the first input value is derived from a first secret value unknown to the identity provider and corresponding to the first entity, and the second input value is derived from a second secret value unknown to the privacy broker and corresponding to the portion of the user data; and cause the user identifier to be communicated to the first entity for authenticating the first user in interactions with the first entity, wherein the user identifier abstracts identity of the first user to the first entity, the first entity is to provide online resources to the first user based at least in part on the user identifier, and identity of the first entity to be interacted with in the interaction is invisible to the identity provider. |
