WO2011063827A1 - Système et procédé de gestion d'identité personnelle - Google Patents

Système et procédé de gestion d'identité personnelle Download PDF

Info

Publication number
WO2011063827A1
WO2011063827A1 PCT/EP2009/065723 EP2009065723W WO2011063827A1 WO 2011063827 A1 WO2011063827 A1 WO 2011063827A1 EP 2009065723 W EP2009065723 W EP 2009065723W WO 2011063827 A1 WO2011063827 A1 WO 2011063827A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
service provider
management system
identity management
personal information
Prior art date
Application number
PCT/EP2009/065723
Other languages
English (en)
Inventor
Nils Gruschka
Luigi Lo Iacono
Hariharan Rajasekaran
Original Assignee
Nec Europe Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nec Europe Ltd. filed Critical Nec Europe Ltd.
Priority to PCT/EP2009/065723 priority Critical patent/WO2011063827A1/fr
Publication of WO2011063827A1 publication Critical patent/WO2011063827A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2103Challenge-response
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2153Using hardware token as a secondary aspect

Definitions

  • the invention relates to a system and method for controlling personal information of a user.
  • the system may control the transfer and/or the accessibility of personal data.
  • the personal data may be stored on a smartcard belonging to the user and being accessible via the Internet for external service providers.
  • Current identity management solutions generally consist of an organization, the Identity Provider (IdP), running an identity management system IdMS to which users subscribe by creating an account.
  • the IdP provides users with identity credentials which can then be used to access resources at different service providers (SP) who accept the identity credentials provided by the IdP.
  • SP service providers
  • the user's identity information is centrally managed by the IdP.
  • SPs service providers
  • Authentication refers to the procedure where a user is identified as a known individual to the SP. This is usually accomplished by the use of a "credential", which is an attestation of qualification, competence, or authority issued to an individual, for example, by a third party; in particular, credentials in security technology may include certifications, security clearances, identification documents, badges, passwords, user names, keys, etc.
  • Credential is an attestation of qualification, competence, or authority issued to an individual, for example, by a third party; in particular, credentials in security technology may include certifications, security clearances, identification documents, badges, passwords, user names, keys, etc.
  • Authorization is here the procedure where the decision to allow or deny access to a resource is taken.
  • a successful authentication does not always result in an "allow" authorization decision.
  • the credentials used for the authentication procedure is agreed between the user and the SP when the user initially subscribes to the service.
  • An example is the familiar sign-up process for free email services online where a user creates an account with a SP by providing a username and a password. This is the simplest case where the user uses a unique credential to access a single service.
  • the user's identity information is managed by the user at the SP.
  • the SP runs an identity management system IdMS that manages the identity of the users signing up for the service. In case of popular SPs, the number of users managed will run into millions.
  • FIG. 1 shows the case where each SP manages his user's identity on a per service basis.
  • Identity Federation In order to solve the problem of creating and maintaining identities at every SP, identity federation schemes are used which offer users the possibility to access multiple services without going through a new registration processes every time. Identity Federation can be achieved by various methods.
  • a method for different SPs to come together is to form a "Circle of Trust" (CoT) as shown in Fig. 2.
  • CoT Carrier of Trust
  • One or more IdPs exist within a CoT and it is sufficient for the user to create an account at one of these IdPs. Using this account, the user is allowed to access all the services offered within the CoT as all the SPs accept the authentication performed by the central IdP.
  • the SP When the user tries to access a service, he provides the SP the location of his IdP where the credential of the user along with other personal and sensitive information for accessing that particular service is stored.
  • the SP is able to retrieve the user's credential and other relevant information from the IdP.
  • there is a trust relationship between the SP and the IdP and the user has allowed the sharing of identity information to the requesting SP at the IdP's end.
  • the user is authenticated only be the IdP using a unique credential and the SP relies on this authentication step performed by the IdP to provide the service to the user.
  • identity federation offers the user a way to better manage his identity, it does not completely eliminate the multi-identity problem since there can exit a number CoTs with their own individual IdPs which again require an account.
  • known security systems suffer from the fact that - due to the centrally management of the personal information - identity theft in bulk is possible if the security infrastructure of the IdP is compromised. Further, the user has to trust the IdP to ensure that his personal information is not accessed by unauthorized entities or used by the IdP in ways not authorized by the user. Furthermore, the user has usually minimal information about the access attempts made for his identity information at the IdP in real time. It is therefore an object of the present invention to provide a system for controlling personal information from a user and thereby eliminating the need for the user to trust the infrastructure of the IdP. Further, the user shall be enabled to control the access to his personal data/identity data and provide information in real time about the requests made to access his personal data.
  • the invention is related with a system and method for controlling personal information of a user, wherein the user is enabled to allow or deny access requests of an external service provider SP on a case by case basis.
  • the key idea of the invention may be formulated as to host the IdP on an infrastructure that is secure and owned by as well as under the complete control of the user though still accessible by service providers via the internet.
  • the invention provides a system for controlling personal information of a user, wherein the system comprises a device and an identity management system.
  • the device has a microprocessor with a microprocessor interface, wherein the microprocessor interface is configured to communicate with an IP network.
  • the identity management system is configured to be run on the device and contains the personal information of the user.
  • the identity management system is configured to be modified by the user and is adapted to provide a communication interface so that the identity management system is accessible for a service provider present on the IP network and is configured to provide the service provider with the personal information of the user if a confirmation from the user is present.
  • the device having the microprocessor is a device to which the user has physical access.
  • the device having the microprocessor may be a smartcard preferably connectable to a further device such as a mobile phone and/or a personal computer.
  • the device provides an interface for a plug-and-socket-connection to a read/write device such as a mobile phone or a personal computer.
  • a read/write device such as a mobile phone or a personal computer.
  • Such a device may have a smartcard reader, may be capable of getting an IP connection from a network provider, and/or may be provided with onboard application that helps the user to access, configure and install IdMSs on the smartcard in a secure manner.
  • a smartcard may offer an on board microprocessor to perform computations independent of the device to which it is connected.
  • a smartcard may further provide a memory for storing data, for example the personal information and/or identity-related and/or sensitive data such as cryptographic secrets.
  • the smartcard may offer restricted interfaces to the memory and/or the microprocessor to make it an ideal secure platform with in built tamper-resistance.
  • a smartcard may be capable of running a secure software platform (e.g. a virtual machine) on which multiple virtual Web servers may have their own dedicated memory space.
  • the IdMS may run on the Web server and its remote configuration and installation may be supported by a secure method controllable by the system according to the present invention.
  • the smartcard may be provided with a communication interface that supports IP-based communication protocols such as TCP, TLS, HTTP, HTTPS.
  • IP-based communication protocols such as TCP, TLS, HTTP, HTTPS.
  • a smartcard may be advantageous for realizing the possibility for the user to physically access his personal information contained in the IdMS on the smartcard.
  • the user may easily carry his smartcard with him, and the smartcard is easily connectable to a read/write device for providing access to any Internet service.
  • the identity management system may comprise a software realizing the above-defined features of the identity management system.
  • a user runs a personal IdMS on a smartcard on which he stores his personal/identity information.
  • the personal/identity information may be a username together with a password for different services, user's preferences, user details such as name, payment information etc..
  • the system of the invention realizes an "infrastructure at the user's end" for securely controlling any transmission of personal information and/or any access to the personal information by an (external) SP.
  • “Infrastructure at the user's end” refers to an infrastructure to which the user has physical access and is completely under his control.
  • An example of such an infrastructure can be a smartcard as explained above and that the user carries with him, or his personal computer or a device present at his home. This concept is to distinguish from infrastructures which belong to the user, but are hosted on a third party premises. For example, a personal web server of the user which is hosted on the infrastructure offered by a hosting provider on the Internet will not come under the definition of "infrastructure at the user's end".
  • the infrastructure at the user' s end may be provided by a smartcard capable of rurining a web server which hosts the IdP application (this setup of/on the smartcard may be identified as the "identity management system").
  • the IdMS on the smartcard may offer a communication interface that supports IP-based protocols such as TCP, TLS, HTTP, and HTTPS.
  • IP-based protocols such as TCP, TLS, HTTP, and HTTPS.
  • the smartcard may make use of another device to obtain the power and the network connectivity required for its operation.
  • This other device can be a mobile phone or computer of the user with a smartcard reader and IP network connectivity.
  • a mobile phone may be used as the smartcard reader
  • the Java Card Platform 3 smartcard system may be used as the above-defined device having the microprocessor.
  • the user may be enabled to run his own IdMS or an IdMS authorized by one or more IdPs, and to monitor his identity information traffic in real time (for example, who/what institution is requesting what kind of information).
  • the user may also be enabled to control/permit/deny access requests to his identity information from service providers (even in cases where the requesting service provider is previously authorized to access such information), so that he may be enabled to securely log his identity information traffic.
  • the need to rely on and trust the IdP infrastructure to manage and store the user's identity and profile information in a secure and expected manner is removed.
  • the user can easily identify if an SP hijacks him to a different domain since he won't get a prompt from his personal IdMS running on his device to provide his confirmation and/or his authentication credentials.
  • the occurrence of phishing attacks by malicious SPs may be decreased or even stopped, since the user has to confirm an application associated with the IdMS running on his device/smartcard. In doing so, the user may stricter control internet-based services, thereby resulting in an increased transparency and confidence in these services.
  • the personal information comprises data sets, wherein the identity management system is configured to provide a particular data set to the service provider, dependent on the service provider.
  • the personal information contained in the identity management system comprises two data sets, wherein the first one consists of an email address and a password, whereas the second data set consists of an account number and a PIN/TAN number.
  • the email service provider requests information from the IdMS, the IdMS is configured to distinguish between the two data sets and to provide the correct data set (i.e. - in this case - the first one) to the service provider.
  • the transmission of data can be controlled and misuse of data can be decreased or even avoided.
  • the service provider has a public key of a private/public key pair of the user.
  • the public/private key system is a cryptographic system that uses two keys, a public key known to everyone and private key known only to the recipient of a related message. For example, if a first user wants to send a secure message to a second user, the first user uses the second user's public key to encrypt the message. The second user then uses his private key to decrypt the message.
  • One essential concept of this system is that the public and private key are related in such a way that the encryption and decryption only works if these two keys are used in conjunction. Further, it is not possible to deduce the private key from the public key, so that these systems are extremely secure and relatively simple to use.
  • the identity management system is configured to generate the private/public key pair.
  • the identity management system is configured to sign a value received by the service provider with the private key and to provide the service provider with the signed value readable by means of the public key by the service provider.
  • the confirmation from the user is a password authenticating the user.
  • Any transmission of data of personal information and/or an access of a service provider to the IdMS may only be allowed if a confirmation of the user to do so is present.
  • a confirmation may be the typing in of the URL of the IdMS on the user's device (e.g. smartcard) upon request of a SP.
  • the user may confirm a data transmission and/or access of a SP by simply indicating a "yes" or "no" to the IdMS if the IdMS asks the user whether a value of the SP may be signed with the user' s private key.
  • the user may have to authenticate himself to the IdMS on the device (e.g. smartcard), for example, by typing in a password. After this confirmation, the information may be provided to the SP.
  • the device e.g. smartcard
  • the identity management system is configured to track and/or store requests from the service provider.
  • the user may further control any attempt of a service provider to access the user' s IdMS and/ or to get the user' s personal information from the IdMS .
  • the storage of requests from SPs might be useful for proving the existence and/or origin of malicious attempts to get personal data of the user.
  • the identity management system is configured to determine whether the request of the service provider is justified.
  • the IdMS may recognize this discrepancy and may inform the user and/or deny the (additional) request.
  • the device is a JavaTM-based smartcard.
  • the JavaCard platform 3 technology may allow Web servers and small java applets to run securely on the smartcard. It may also offer the possibility to run a Web server on a smartcard that offers an IP-based communication interface making it ideal to run a small lightweight personal web server which a user can carry with him, for instance, connected to his mobile phone or his personal computer.
  • the invention further provides a method for controlling personal information from a user.
  • a communication interface is provided between an identity management system and a service provider present on an ⁇ network, so that the identity management system run on a device is accessible for the service provider, wherein the identity management system contains the personal information of the user and is modifiable by the user.
  • the identity management system provides the service provider with the personal information of the user if a confirmation from the user is present, according to a step (b) of the method.
  • the device may be a smartcard preferably connectable to a further device such as a mobile phone and/or a personal computer.
  • step (b) of the method comprises a step (bl) of receiving a request from the service provider for personal information of the user, and a step (b2) of requesting the user to confirm the providing of the personal information of the user to the service provider.
  • the user confirms the providing of the personal information to the service provider by entering a password and/or a profile address in step (b2).
  • the profile address may be the URL of his personal IdMS.
  • the service provider has a public key of a private/public key pair of the user. Further, after step (b2), the identity management system signs a value from the service provider by using the private key of the user. Furthermore, the service provider then receives and reads the signed value by means of the public key.
  • the invention is further related with the use of the above-described system for controlling personal information of a user, wherein the system is used for accessing an account of the user provided by the service provider.
  • the invention is further related with the use of the above-described system for controlling personal information of a user, wherein the system is used for transferring data to and/or from a profile of the user provided by the service provider.
  • the system is used for transferring data to and/or from a profile of the user provided by the service provider.
  • one or more parts of the specifications defined in ISO/IEC 24727 may be used to implement a subset of the above-described system.
  • Fig. 1 schematically shows a concept in which personal information of a user is managed by a single service provider
  • Fig. 2 schematically shows a concept in which personal information of a user is managed by using a circle of trust
  • Fig. 3 schematically shows a concept of an identity management system running on a device of the user
  • Fig. 4 schematically shows a smartcard environment containing personal information
  • Fig. 5 schematically shows an operation of an identity management system running on a device of the user
  • Fig. 6 schematically shows an operation of a third-party identity management system running on a device of the user.
  • Fig. 1 shows a case where a SP manages his user's identity on a per service basis.
  • the user 10 registers with the identity server of the service provider 25 during the sign-up process.
  • the user 10 creates an account with the SP 25 by providing a username and a password.
  • the user's personal information i.e. the username in combination with the password
  • the SP 25 runs the identity management system IdMS 20 that manages the identity (the personal information) of the user 10 signing up for the service, for example, for a free email service.
  • the service 30 checks with the identity management system 20 to allow access to the user 10 in a step (3).
  • Fig.2 shows a concept of an identity federation schema which offer users the possibility to access multiple services without going through new registration processes every time.
  • different SPs 50, 51 , 52, 53 , 60, 61 may come together to form a circle of trust 45.
  • one identity provider (IdP) 40 is used within the circle of trust, however, it is possible to have more than one IdP. It is sufficient for the user 10 to create an account at the IdP 40 or at one of the IdPs present in the circle of trust. By using this account, the user 10 is able to access all the services offered within the circle of trust, since all the service providers 50, 51, 52, 53, 60, and 1 accept the authentication performed by the (central) IdP 40.
  • Fig. 3 shows a concept in which a user 100 can control the IdMS on a device 110.
  • the shown concept is in line with the present invention and may be called an "infrastructure at the user's end" 120, meaning that the user 100 has physical access to his personal IdP.
  • the device 110 may be a smartcard.
  • the user' s identity information/personal information is stored in the IdMS on device 110 so that the user 100 can control and monitor the access requests of (external) service providers 130, 132.
  • a system of a "circle of trust" 150 may further be controlled and monitored by the user 100.
  • the circle of trust 150 contains the IdP 140 and service providers 142, 144, 146, 148, for example, providing different services via the Internet.
  • the user 100 has to confirm (for example by inputting a particular password for the IdMS) whether any and/or a well-defined information may be accessible and/or may be transmitted to a service provider and/or an IdP 140 of a circle of trust 150.
  • Fig. 4 shows a smartcard chip 210 on which the user's personal IdMS runs, and is in line with the present invention.
  • the smartcard has a smartcard platform 230 with virtual identity management systems 231 , 232, 233 having corresponding personal information/data 231 a, 232a, 233a and identity servers 231b, 232b, 233b.
  • the personal information/identity data may consist of a username and a password for different services, user's preferences, user details such as name, payment information etc.
  • the IdMS manages the transmission of particular data 231a, 232a, 233a to a service provider via an Internet-Protocol-based communication interface 220 and an interface to a connected device 240.
  • the connected device may be, for example, a mobile phone or a personal computer. Further, it may be possible for a service provider to access a particular identity server 23 lb, 232b, 233b to get a particular personal information/identity data of the user upon confirmation of the user.
  • the identity server 23 lb, 232b, 233b and the corresponding data 23 la, 232a, 233a form the virtual IdMS 231, 232, 233 on the smartcard platform 230, for example, to provide a particular virtual IdMS for a particular service provider.
  • the particular virtual IdMS may contain data 231a, 232a, 233a different from the data 231a, 232a, 233a in the other virtual IdMS on the smartcard platform 230, relating to/depending on the particular service provider to which data shall be transmitted and/or which accesses the IdMS.
  • Fig. 5 shows a setup with a connecting device 310 (e.g. a mobile phone) into which a smartcard of the user 300 was plugged.
  • a connecting device 310 e.g. a mobile phone
  • the user may place the smartcard into the smartcard reader, for example, of a mobile phone.
  • the user may then launch the onboard application to access the smartcard.
  • the user can install and configure an IdMS with his identity/personal information.
  • the mobile phone uses the mobile phone, the user is then able to connect to an IP network (e.g. the Internet).
  • IP network e.g. the Internet
  • the smartcard may be accessible from the outside network in two possible ways: (a) the smartcard is able to get an IP address assigned to it by a network provider; this can be a static IP or a dynamic one.
  • the user configures a Dynamic Domain Name System (DNS) service on the network to redirect the requests sent to the Identity management system to the correct IP address (IP-ended smartcard); (b) alternatively, the smartcard is accessible using a unique URL (IP-accessible smartcard).
  • DNS Dynamic Domain Name System
  • the following actions may take place in order to allow the user 300 to access a service of service provider 330 on the Internet 312, for example, using his personal computer 302 or smart phone, in accordance with an embodiment of the present invention.
  • the service provider 330 may require a user name so that it can show a customized webpage to the user 300.
  • the SP 330 prompts the user 300 to enter the address where it can get the user's identity information/personal information.
  • the user 300 types in the URL of his personal IdMS (e.g. user.personal.com).
  • the SP 330 tries to get the user's identity/personal information from the specified personal IdMS (this request might - for example - go through the dynamic DNS service if dynamic IP addresses are involved).
  • the identity management system on the smartcard on the device 310 provides the
  • the IdMS can prompt the user 300 to authorize such an access request and may be able to show and/or store messages regarding the access request (who is requesting which information), etc..
  • the SP 330 receives the user information, it offers the request service to the user 300.
  • the setup used in this embodiment is the same as that as described above in connection with Fig. 5.
  • the user 300 wants to access a free email service offered by a service provider 330 on the Internet 312.
  • any other service instead or in addition to an email service may also be covered by this embodiment.
  • the user generates a private/public key pair using the smartcard connected to the device 310, for example, a mobile phone or a personal computer. The following actions may then take place:
  • the user 300 creates an email address (e.g. userl@serviceA.com) and registers the public key generated by his smartcard or the IdMS on the smarcard for this (email) address at the service provider 330 along with his personal information contained in the IdMS.
  • an email address e.g. userl@serviceA.com
  • the user 300 stores the account information and the associated private key for this particular (email) service in his personal IdMS running on his smartcard connected/connectable to device 310, for example, a mobile phone or a personal computer.
  • the access to this information on the IdMS may be protected by appropriate (email) security means (e.g. passphrase, fingerprint, etc.).
  • the SP 330 asks the user 300 to enter the user's (email) address, wherein the user's IdMS information is stored in the profile associated with the (email) address at the SP 330.
  • the SP 330 requests the IdMS to provide an identity/authentication assertion that can authenticate the user 300 and sends, for example, a random value to the IdMS.
  • the IdMS signs the value with the user's private key (and prompts the user 300 to allow this action) and sends it to the SP 330.
  • the SP 330 can then verify the received assertion with the user's public key, and the user 300 may then be allowed to access his account.
  • the SP 330 stores only the user's (email) address and public key at his end, which are both public information. Hence, even if the SP's identity management infrastructure is compromised, an attacker will not be able to access the user's account. Further, the user is enabled to perform strong authentication (using public key cryptography) instead of a simple password-based authentication. The user just needs to remember one password for his personal IdMS, or biometrics can be used to control access to the personal IdMS. Furthermore, if the SP requires that all users must be traceable by their public key information instead of using the self-generated key pairs, the user can use a PKI (public key infrastructure) certificate issued to him by a certificate issuing authority (e.g.
  • a certificate issuing authority e.g.
  • Fig.6 shows a further embodiment in which a commercial IdP 414 installs and manages its own IdMS on the user's smartcard on device 410.
  • the user acquires the smartcard used in the same way as in the embodiment described in connection with Fig.5.
  • the IdMS can be later verified for its security by the commercial IdP 414 or the smartcard is issued to the user 400 by the commercial IdP 414.
  • the user 400 connects the smartcard in device 410 to the Internet 412.
  • the user 400 accesses the Website of the commercial IdP 414 and agrees to install the commercial IdP's IdMS on his personal smartcard connected to device 410.
  • the commercial IdP 414 installs its IdMS on the user's smartcard in device 410.
  • This IdMS is installed securely inside the smartcard with its own virtual environment with a dedicated memory. Only the IdP has full access to this IdMS while the user 400 may be provided with restricted functionalities to manage his identities/personal information stored on this IdMS. It is assumed that there exist methods and tools for the user to verify that the IdMS comes from the intended IdP 414 and for the IdP 414 to verify that the IdMS is securely installed on the user's smartcard.
  • the IdMS is initialized by the IdP 414 with the user's credentials in a secure manner. Once, the IdMS is initialized with the user's credentials, it may be accessible via a unique URL.
  • the SP 430 accepts users who can be asserted by a given set of MPs including IdP 414.
  • the SP 430 prompts the user 400 to enter the address where it can get the user's identity/personal information from such a server.
  • the user types in the URL of the commercial IdMS running on the smartcard on the device 410 (e.g. user, idservice. com).
  • the SP 430 tries to get the user identity /personal information from the specified commercial IdMS on the smartcard in device 410.
  • the identity management system on the smartcard in device 410 prompts the user 400 to authenticate himself. If the user successfully authenticates himself to the IdMS, the IdMS provides the SP 430 with the required user information.
  • the information provided by the IdMS may be certified using cryptographic means so that the SP 430 can verify that the information indeed came from an IdMS that was installed by the IdP 414.
  • the SP 430 receives the user information, it is able to verify whether the credential was issued by an IdMS of the IdP 414 he trusts. If so, he then offers the requested service to the user 400.
  • the authentication of the user in step (8) has the same meaning as a confirmation from the user that transmission of his personal information/data to the service provider 430may take place.
  • automated identity/personal information requests may be dynamically controlled.
  • a user may control automated identity information requests that come from previously authorized services on the Internet.
  • the user has accounts on a social networking service and a photo sharing service.
  • the user has authorized the social networking service to access the photo sharing service and download any newly uploaded pictures to the user's profile page.
  • the social networking site has to provide a credential issued by an appropriate IdMS running on the user's smart card to the photo sharing site to download the pictures.
  • the social networking service requests such a credential the IdMS on the smartcard notifies the user. The user can then permit/deny such a request.

Landscapes

  • Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Medical Informatics (AREA)
  • Telephonic Communication Services (AREA)

Abstract

L'invention porte sur un système de contrôle des informations personnelles d'un utilisateur, le système comprenant un dispositif, en particulier une carte à puce, et un système de gestion d'identité. Le dispositif comporte un microprocesseur muni d'une interface de microprocesseur, l'interface de microprocesseur étant configurée pour communiquer avec un réseau IP (Protocole Internet), et l'utilisateur ayant un accès, de préférence physique, au dispositif. Le système de gestion d'identité est configuré pour fonctionner sur le dispositif et contenir les informations personnelles de l'utilisateur. En outre, le système de gestion d'identité est configuré pour être modifié par l'utilisateur et est conçu pour fournir une interface de communication destinée à ce que le système de gestion d'identité soit accessible pour un fournisseur de service présent sur le réseau IP et est configuré pour délivrer au fournisseur de service les informations personnelles de l'utilisateur si une confirmation de l'utilisateur est présente. L'invention porte en outre sur un procédé de contrôle des informations personnelles d'un utilisateur. Selon une étape (a) du procédé, une interface de communication est placée entre un système de gestion d'identité et un fournisseur de service présent sur un réseau IP, afin que le système de gestion d'identité fonctionnant sur un dispositif soit accessible au fournisseur de service, le système de gestion d'identité contenant les informations personnelles de l'utilisateur et pouvant être modifié par l'utilisateur. En outre, le système de gestion d'identité délivre au fournisseur de service les informations personnelles de l'utilisateur si une confirmation de l'utilisateur est présente, selon une étape (b) du procédé. L'invention porte en outre sur l'utilisation du système décrit ci-dessus pour le contrôle des informations personnelles d'un utilisateur, le système étant utilisé pour accéder à un compte de l'utilisateur fourni par le fournisseur de service. L'invention porte en outre sur l'utilisation du système décrit ci-dessus pour le contrôle des informations personnelles d'un utilisateur, le système étant utilisé pour transférer des données à et/ou à partir d'un profil de l'utilisateur fourni par le fournisseur de service.
PCT/EP2009/065723 2009-11-24 2009-11-24 Système et procédé de gestion d'identité personnelle WO2011063827A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2009/065723 WO2011063827A1 (fr) 2009-11-24 2009-11-24 Système et procédé de gestion d'identité personnelle

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2009/065723 WO2011063827A1 (fr) 2009-11-24 2009-11-24 Système et procédé de gestion d'identité personnelle

Publications (1)

Publication Number Publication Date
WO2011063827A1 true WO2011063827A1 (fr) 2011-06-03

Family

ID=42668877

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2009/065723 WO2011063827A1 (fr) 2009-11-24 2009-11-24 Système et procédé de gestion d'identité personnelle

Country Status (1)

Country Link
WO (1) WO2011063827A1 (fr)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002073455A1 (fr) * 2001-03-14 2002-09-19 C.R. Group Pty Limited Procede et systeme de securisation de l'information
US20050124321A1 (en) * 2003-12-05 2005-06-09 Christian Kraft Mobile phone business administration tool

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002073455A1 (fr) * 2001-03-14 2002-09-19 C.R. Group Pty Limited Procede et systeme de securisation de l'information
US20050124321A1 (en) * 2003-12-05 2005-06-09 Christian Kraft Mobile phone business administration tool

Similar Documents

Publication Publication Date Title
US8713644B2 (en) System and method for providing security in browser-based access to smart cards
US9055107B2 (en) Authentication delegation based on re-verification of cryptographic evidence
CA2689847C (fr) Verification et authentification de transaction sur reseau
US8532620B2 (en) Trusted mobile device based security
EP2258094B1 (fr) Authentification deleguée
CA3035817A1 (fr) Systeme et methode d'authentification decentralisee employant une machine d'etat fondee sur une transaction distribuee
US20090025080A1 (en) System and method for authenticating a client to a server via an ipsec vpn and facilitating a secure migration to ssl vpn remote access
WO2009001197A2 (fr) Procédé pour empêcher des extensions de navigateur web à partir de piratage d'informations d'utilisateur
EP1214637A2 (fr) Systeme a carte a puce virtuelle et procede d'utilisation
JP2016521029A (ja) セキュリティ管理サーバおよびホームネットワークを備えるネットワークシステム、およびそのネットワークシステムにデバイスを含めるための方法
Alnahari et al. Authentication of IoT device and IoT server using security key
GB2554082A (en) User sign-in and authentication without passwords
Nongbri et al. A survey on single sign-on
KR20090054774A (ko) 분산 네트워크 환경에서의 통합 보안 관리 방법
KR101619928B1 (ko) 이동단말기의 원격제어시스템
US11985118B2 (en) Computer-implemented system and authentication method
Lazarev et al. Analysis of applicability of open single sign-on protocols in distributed information-computing environment
KR20190114505A (ko) 토큰 관리 데몬을 이용한 싱글 사인 온 서비스 인증 방법 및 시스템
Yasin et al. Enhancing anti-phishing by a robust multi-level authentication technique (EARMAT).
CN112970017A (zh) 设备到云存储的安全链接
WO2011063827A1 (fr) Système et procédé de gestion d'identité personnelle
RU2722393C2 (ru) Телекоммуникационная система для осуществления в ней защищенной передачи данных и устройство, связанное с этой системой
Krolo et al. Security of Web level user identity management
CN114003892A (zh) 可信认证方法、安全认证设备及用户终端
Zakaria et al. A Page Token Prototype of OpenID Single Sign-On (SSO) to Thwart Phishing Attack

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09810877

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: COMMUNICATION NOT DELIVERED. NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112 EPC (EPO FORM 1205A DATED 05.09.12)

122 Ep: pct application non-entry in european phase

Ref document number: 09810877

Country of ref document: EP

Kind code of ref document: A1