主权项 |
1. Method of management and control of different identity data of an individual, these data corresponding to several identity domains organised into a structured set, in which at least one controlling system can be used for a given identity domain to implement an authentication of the individual from the identity data associated with this domain for the individual,
characterised in that identity data can be generated for a derived identity domain for which identity data are necessary for one or more parent domains, an authentication processing of the individual is implemented for each parent identity domain starting from identity data of the individual for the parent domain, on a management server of the derived identity domain, during which:
information dependent on the parent domain identity data and at least one item of information to prove validity of these data are transmitted to the derived identity domain management server,the derived identity management server authenticates the individual for the parent domain and uses the proof information to control that the information transmitted is valid, and in that, depending on the authentication and control results:
the derived identity management server generates at least some of the identity data with which the individual can authenticate himself with a service provider for the derived identity domain, as a function of the information transmitted, for the individual,said derived identity management server stores derived information containing all or some of the information exchanged during the authentication processing so that the link between identity data of the derived identity domain and identity data of the parent domain can be made later if required, depending on link information transmitted by a parent domain, the generation processing done by the different identity servers being such that no link can be created from two authentications in two distinct domains if this link information is not available. |