Invented by Margaret Bouse, Idemia Identity and Security USA LLC

The market for System and Method for Identity Management is rapidly growing as organizations worldwide recognize the importance of safeguarding sensitive information and ensuring secure access to their systems. With the increasing number of cyber threats and data breaches, businesses are actively seeking robust identity management solutions to protect their assets and maintain regulatory compliance. Identity management refers to the processes and technologies used to manage and control user identities and their access to various systems and resources within an organization. It involves verifying and authenticating user identities, granting appropriate access privileges, and monitoring user activities to detect any suspicious behavior. The market for System and Method for Identity Management is driven by several factors. Firstly, the proliferation of cloud computing and mobile devices has led to a significant increase in the number of users accessing corporate networks remotely. This has created a need for identity management solutions that can securely manage user identities across multiple platforms and devices. Secondly, the growing adoption of Bring Your Own Device (BYOD) policies in organizations has further complicated the identity management landscape. With employees using their personal devices to access corporate resources, organizations need to ensure that only authorized individuals can access sensitive data. System and Method for Identity Management solutions offer features such as multi-factor authentication and device recognition, which enhance security and mitigate the risks associated with BYOD. Moreover, regulatory requirements and industry standards have become more stringent, mandating organizations to implement robust identity management practices. Compliance with regulations such as the General Data Protection Regulation (GDPR) and the Payment Card Industry Data Security Standard (PCI DSS) necessitates the implementation of secure identity management systems to protect customer data and prevent unauthorized access. The market for System and Method for Identity Management is also driven by the increasing awareness of the potential risks associated with weak identity management practices. High-profile data breaches and cyber-attacks have highlighted the need for organizations to invest in advanced identity management solutions to prevent unauthorized access and protect sensitive information. Several key players dominate the market for System and Method for Identity Management, offering a wide range of solutions tailored to different industries and organizational needs. These solutions typically include features such as single sign-on, role-based access control, user provisioning, and identity governance. Vendors also provide integration capabilities with existing IT infrastructure, ensuring seamless implementation and minimal disruption to business operations. As the market continues to grow, innovation in identity management technologies is expected to drive further advancements. Artificial intelligence and machine learning are being integrated into identity management solutions to enhance threat detection and automate user access management processes. Additionally, the adoption of blockchain technology is gaining traction, offering decentralized and immutable identity management solutions. In conclusion, the market for System and Method for Identity Management is witnessing significant growth due to the increasing need for secure access to systems and protection of sensitive information. Organizations across various industries are recognizing the importance of implementing robust identity management solutions to mitigate the risks associated with cyber threats and data breaches. As technology continues to evolve, the market is expected to witness further advancements and innovations in identity management solutions.

The Idemia Identity and Security USA LLC invention works as follows

The computer-implemented methods include: receiving a demand for associating an index of privileges, and permissions, with an identity token, where the first token specifically encodes the privileges, and permissions, of a subscriber who has access to transactional data from the requester. This request includes the identity token that identifies the person, and which was issued to the user by a trusted party through a vetting procedure; upon determining the validity of the token and verifying the requester

Background for System and Method for Identity Management

Transactions between consumers and providers may be susceptible to identity theft, fraud, spoofing or phishing. All of these risks could potentially hamper the flow of commerce.

In one aspect, certain implementations provide a machine-implemented method for determining a trustworthiness of a transaction request. The transaction request is submitted by a user to access data managed by the participant entity. “In one aspect, some implementations provide a computer-implemented method 1.

Implementations may include any or all of the following features. The method can include submitting a further inquiry to an authentication policy server in order to determine the scope of rights possessed by the participating entity to verify the identities of users using the transaction authentication engines; receiving a response from the authentication engine, which includes a computed valid score indicative of scope of rights of participant entity for verifying identities of users via the transaction authentication engines; based on both the computed authenticity and the computed validation score, determining whether the transaction request made by the user is trustworthy; and notifying participant entity about the

Additionally submitting the 2nd inquiry at the authentication server can include submitting a second inquiry to determine the scope of rights of the participant to use a specific identity database. Receiving the reply from the authentication engine includes receiving a reply that includes a score computed indicative of the scope for the right of the user entity.

Also, receiving a result of a query from a particular identity database according to the scope of access rights for the participant entity, where the result is a result provided by the identity databases to a query submitted at the identity databases.

Furthermore determining trustworthiness of a transaction request includes determining trustworthiness on the basis of the query results, as well as the computed authorisation score and the computed valid score.

The method can include “Still the method can further include storing received query results and the corresponding queries at the transaction authentication engines for temporary storage, and allowing future query to the particular database access to the temporarily stored query results according to the determined scope for the participant entity’s right to access that particular database.

The method can also include getting an authentication policy off the authentication server. The authentication policy governs communication between the transaction verification engine and the authentication authentication engine. It may also include configuring a communication protocol with the authentication engine. Configuring the protocol can also include configuring it according to the authentication policies purchased by the participating entity. Configuring the protocol for communication can also include configuring two protocol components: a first component to encrypt data transmitted by the transaction verification engine to the authentication confirmation engine, and a second component to decrypt data received by the authentication verification engines from the transaction verification engine.

The method includes: receiving an inquiry from an authentication verification system and a transaction authentication engine regarding a request from a user to access data that is managed by a participant entity; using the information to identify the user to construct a query for verifying the identity of the requestor; sending the query to an Identity Database in communication with the authentication confirmation engine; receiving a response from the database in answer to the query; receiving an authenticity score from the database based upon the reply; computing the authenticity score based upon the reply to quantify the

Implementations can include additional features. The method can also include gathering information identifying a user by calling a method individually embedded in the transaction request, receiving a returned value as a consequence of calling the method, and retrieving information identifying a user from the received return value. Moreover, gathering the information that identifies the user includes: encoding information about a user’s biometric. The information that identifies the user can include gathering information about the user. The information gathering may include encoding information for a user-name/password pair to access an online account. The information gathering process can include obtaining data from the identification document of a user.

The method can include configuring a communication protocol with the identity databases, where the protocol is determined by an authentication policy that governs data access rights for the participant entity in the identity database. The protocol configuration may also include configuring it for communication in accordance with the authentication policy purchased by the entity. Configuring the protocol may include configuring the first protocol component to encrypt data transmitted by the authentication verifier engine to the Identity Database; and the second protocol component to decrypt data received by the verification engine from the database.

The method can also include configuring the component fields of user data that are admitted to the identity database via a vetting procedure. The method can also include managing attributes that correspond to component fields in the identity data, and configuring access to component fields within the identity database according to protocol. Configuring the protocol to communicate with the identity databases may also include configuring a protocol for communicating with an identity database that is provided by a public entity. The government entity will administer a background check on the user prior to entering the corresponding user identity data into the database. Configuring the protocol to communicate with the identity databases may also include: configuring a protocol for communication between an identity database that is provided by a different entity than a government entity or the participant entity.

The method includes: receiving an inquiry from a Transaction Authentication Engine regarding a Participant Entity attempting to confirm the identity of a User submitting a request for a transaction at the Participant Entity; determining the authentication policy for the Participant entity to prove the identity; computing a valid score for the Participant entity based on the authentication policy; and providing the computed score to the Transaction Authentication Engine for determining the trustworthiness for the transaction request submitted by user at the participating entity.

Implementations can include the following features. The method can also include: gathering information about the participant entity based upon the received inquiry; determining the authentication policies based upon the gathered information. The method can include: based upon the received inquiry, logging the verification activities requested by participant entity; analyzing the logs of verification activities to determine usage by participant entity. The method can further include logging requests to access an ID database as part the verification activities requested.

The method can also include profiling of the log queries to determine the pattern of usage by the participant entity of the identity database. Based on the usage determined, the method can also include performing accounting in order to determine the use fee that will be charged to the participating entity for accessing an identity database. Accounting may also include measuring one or more of the following: the number of queries made by the participant to the database, the amount of data that was sent by the entity to access the database, the number of responses to those queries sent to the entity and the amount of data received by the entity. Calculating the validity score can include comparing the determined use by the participating entity with the authentication policies of the participant entities.

The method can also include an administrative interface that reports the determined usage to an administrator. In addition, the method can include providing feedback information based on determined usage to enable load-balancing for future queries submitted to the identity database. The method can also include providing an application-programming interface, through which the authentication engine extends its service to the participant entity in order for it to access other identities databases than the identity database. The method can also include providing an application program to allow another authentication policy engine access the identity databases serviced by the authentication engine.

The method includes: determining the identity and the identity of both the user and participant entity. Then, querying the database of the verified identity system based on this information.

The method can further include, when determining that a transaction request was originally sent by the user to a participant entity, and that this participant entity has not been authorized as a business partner by the user, adding the participant entity to the database of the verified identity engine.

The method can also include: if the transaction request submitted by the user is a response to the participant entity’s solicitation, the verification identity engine will query the database to determine if the participant entity has been authorized as a business partner by the user.

The method can also include alerting the user if the participant entity has not been authorized as a business partner by the user. The method can also include alerting the users that the participant is not authorized as a business partner.

The database of the verified-identity engine can be queried to determine if the participant entity is an authorized business partner to the user.

Click here to view the patent on Google Patents.