Method and apparatus for providing identity claim validation

摘要

A method and apparatus for providing claim validation without storing user information within the IDM system. During enrollment, the IDM system creates a hash representative of the identification information provided by a user. The user information is discarded, i.e., not stored within the IDM system. Only a hash representing that information is stored within the system. Upon a user providing information to a service provider, the service provider requests that the user's information be authenticated by a third party IDS system. The service provider will request such authentication from the IDM system identified by the user. The IDM system generates, from the user's information that was provided to the service provider, a signed token that is sent to the user for use by the user to access the service provider's services. In this manner, the IDM system does not store identification information of the user. Yet, the IDM system provides identification validation services to any service provider requesting such services to ensure that a user is authentic.

主权项

1. An apparatus for validating identity claims comprising:
an identification management system comprising at least one hardware processor and at least one memory coupled to the at least one hardware processor, the identification management system configured to:
receive at least one identity claim;validate the at least one identity claim using a hash of verified identification information without using stored identification information, wherein the hash is created based at least in part on identification information supplied by a user, wherein the hash is stored in the at least one memory, and wherein the identification information supplied by the user is discarded; andcreate a signed token using the hash based on the validated at least one identity claim, wherein the signed token supports multifactor authentication.