发明名称 |
Method and apparatus for accepting a digital identity of a user based on transitive trust among parties |
摘要 |
Method and apparatus for accepting a digital identity of a user based on transitive trust among parties are described. One aspect of the invention relates to managing a digital identity of a user. The digital identity is provided to a first party, where the digital identity includes a self-asserted claim. An acceptance token is obtained from the first party. The acceptance token purports authenticity of the self-asserted claim according to the first party. The digital identity and the acceptance token are provided to a second party to request validation of the self-asserted claim by the second party based on the acceptance token. |
申请公布号 |
US8881253(B2) |
申请公布日期 |
2014.11.04 |
申请号 |
US200711729381 |
申请日期 |
2007.03.28 |
申请人 |
Symantec Corporation |
发明人 |
Satish Sourabh;Hernacki Brian |
分类号 |
H04L29/06;G06F21/33 |
主分类号 |
H04L29/06 |
代理机构 |
Wilmer Cutler Pickering Hale and Dorr LLP |
代理人 |
Wilmer Cutler Pickering Hale and Dorr LLP |
主权项 |
1. A method of managing a digital identity of a user, comprising:
providing the digital identity from a computer to a relying party, the digital identity having a self-asserted claim, wherein the user functions as a first identity provider for the digital identity; obtaining an acceptance token from the relying party, the acceptance token purporting authenticity of the self-asserted claim according to the relying party and comprising a representation of the self-asserted claim digitally signed by the relying party using a private key of the relying party; providing the digital identity and the acceptance token to a second party to request validation of the self-asserted claim by the second party based on the acceptance token, wherein the second party relies on the acceptance token to indicate authenticity of the self-asserted claim as verified by the relying party; providing, as part of a digital certificate digitally signed by a certificate authority, a public key of the relying party to the second party for use in verifying the acceptance token as digitally signed by the relying party; and receiving a managed digital identity from a second identity provider, the managed digital identity including a claim corresponding to the self-asserted claim, the managed identity purporting authenticity of the claim according to the second identity provider; wherein the managed digital identity comprises one or more of a managed digital identity having one or more claims that have been validated by the second identity provider and a managed digital identity having one or more claims that have been validated by one or more relying parties that the second identity provider trusts. |
地址 |
Mountain View CA US |