US 2017/0195336 A1 - Method And System For Non-authoritative Identity And Identity Permissions Broker And Use Thereof - The Lens

Method And System For Non-authoritative Identity And Identity Permissions Broker And Use Thereof

Published: Jul 6, 2017
Earliest Priority: Jan 05 2016
Family: 3
Cited Works: 1
Cited by: 5
Cites: 10
Additional Info: Full text

Abstract

A credentialing system comprises an identity source storing identity attributes for users, identity wallets for users that enable access to the identity attributes in the identity source, and identity brokers for accessing the identity source on behalf of access control systems of organizations. This system can address both the data privacy and trust issues allowing a non-authoritative identity source in a distributed environment to be used for all identity purposes through the ability to broker the identity and attributes of the identity across any number of physical or logical credentials and across different organizations. The system further implements an identity score stored along with identity attributes. The score rates the strength of the identity from the global non-authoritative source.

Claims

A credentialing system, comprising:
an identity source storing identity attributes for users;

identity wallets for users that enable access to the identity attributes in the identity source; and

identity brokers for accessing the identity source on behalf of access control systems of organizations.
The system according to claim 1, further comprising an identity score engine for generating an identity score for each of the users that rates the strength of the identity of the users embodied by the identity attributes stored in the identity source for each of the users.
The system according to claim 2, wherein the identity score is stored in the identity source.
The system according to claim 1, wherein the identity brokers access the identity score and will block access to users that have an inadequate identity score.
The system according to claim 1, wherein the identity brokers access the identity attributes based on authority granted via the identity wallets.
The system according to claim 1, wherein the identity source is distributed over multiple nodes.
The system according to claim 1, wherein the same identity source is utilized by multiple business and/or governmental entities.
The system according to claim 1, wherein the identity attributes are stored in a block chain.
The system according to claim 1, further comprising a biometric reader for providing access to the identity wallets.
The system according to claim 1, wherein the identity wallets are stored on mobile computing devices.
The system according to claim 1, wherein the identity brokers access the identity source on behalf of access control systems of organizations.
A credentialing method, comprising:
storing identity attributes for users in an identity source accessible by multiple organizations;

the users enabling access to the identity attributes in the identity source via identity wallets; and

identity brokers accessing the identity source on behalf of access control systems of the organizations.
The method according to claim 12, further comprising generating an identity score for each of the users that rates the strength of the identity of the users embodied by the identity attributes stored in the identity source for each of the users.
The method according to claim 13, wherein the identity score is stored in the identity source.
The method according to claim 12, wherein the identity brokers access the identity attributes based on authority granted via the identity wallets of the users.
The method according to claim 12, wherein the identity source is distributed over multiple nodes.
The method according to claim 12, wherein the identity attributes are stored in a block chain.
The method according to claim 12, further comprising reading biometric features of the users to provide access to the identity wallets.
The method according to claim 12, wherein the identity wallets are stored on mobile computing devices.
The method according to claim 12, further comprising the identity brokers accessing the identity source on behalf of access control systems of organizations.