Search

EP-4742722-A2 - PROVIDING VERIFIED CLAIMS OF USER IDENTITY

EP4742722A2EP 4742722 A2EP4742722 A2EP 4742722A2EP-4742722-A2

Abstract

A device implementing a system for using a verified claim of identity includes at least one processor configured to receive a verified claim including information to identify a user of a device, the verified claim being signed by a server based on verification of the information by an identity verification provider separate from the server, the verified claim being specific to the device. The at least one processor is further configured to send, to a service provider, a request for a service provided by the service provider, and receive, from the service provider and in response to the sending, a request for the verified claim. The at least one processor is further configured to send, in response to the receiving, the verified claim to the service provider.

Inventors

  • SAHA, RUPAMAY
  • LEVENTHAL, Brandon K.
  • SHARP, CHRISTOPHER
  • JANARDHANAN PILLAI, Vishnu
  • FASOLI, GIANPAOLO

Assignees

  • Apple Inc.

Dates

Publication Date
20260513
Application Date
20191127

Claims (15)

  1. A method comprising: receiving, by a server, a first request to revoke a verified claim, the verified claim comprising information to identify a user of a device, wherein the verified claim is specific to the device and is stored on the device and the verified claim being signed by a server based on verification of the information by an identity verification provider separate from the server; and in response to receiving the first request, sending, to the device, a second request to revoke the verified claim on the device, and adding the verified claim to a revocation list.
  2. The method of claim 1, wherein the second request comprises a request to delete the verified claim on the device.
  3. The method of claim 1 or 2, wherein the verified claim is specific to the device by at least one of a hardware reference key that references the device, a software reference key that references the device, a hardware device identifier or a software device identifier.
  4. The method of claim 3, wherein the hardware reference key is a public key of a public-private key pair, a corresponding private key of which is securely stored on the device.
  5. The method of claim 4, wherein the second request comprises a request to delete the private key, and wherein the device is configured to delete the private key securely stored on the device in response to receiving the second request.
  6. The method of claim 3, further comprising, prior to receiving the first request: receiving, from the device, a request for the verified claim, the request comprising the hardware reference key; generating and signing the verified claim based on based on verification of the information by an identity verification provider separate from the server; and transmitting, to the device, the verified claim.
  7. The method of claim 3, wherein the hardware reference key is generated by the device in association with a hardware component of the device.
  8. The method of any preceding claim, further comprising: receiving, from a service provider, a request for a status of the verified claim, wherein the service provider is configured to provide service to the device based on the status of the verified claim; and in response to receiving the request for the status, determining that the verified claim is included on the revocation list, transmitting, to the service provider, an indication that the verified claim is revoked.
  9. The method of any preceding claim, further comprising: providing the revocation list to at least one service provider, wherein the at least one service provider is configured to provide service to the device based on the revocation list.
  10. The method of any preceding claim, wherein the first request is received from a service based on an indication that the device has been lost.
  11. The method of any preceding claim, wherein the first request is received from the device, based on first user input received at the device to revoke the verified claim.
  12. The method of any preceding claim, wherein the device is further configured to: receive second user input to display the information to identify the user; and display, in response to receiving the second user input, the information to identify the user.
  13. The method of any of claims 1 to 11, wherein the device is further configured to: receive second user input to partially revoke the verified claim, the second user input indicating a portion of the information to revoke; and remove, in response to receiving the second user input, the portion of the information from the verified claim.
  14. A system, comprising: at least one processor; and a memory including instructions that, when executed by the at least one processor, cause the at least one processor to: receive a first request to revoke a verified claim, the verified claim comprising information to identify a user of a device, wherein the verified claim includes a hardware reference key of the device, and wherein the hardware reference key is a public key of a public-private key pair, a corresponding private key of which is securely stored on the device; and in response to receiving the first request, send, to the device, a second request to revoke the verified claim on the device, and add the verified claim to a revocation list.
  15. A computer program product comprising instructions stored in a non-transitory computer-readable storage medium, which when executed by one or more processors cause the one or more processors to perform the method of any of claims 1-13.

Description

CROSS REFERENCE TO RELATED APPLICATIONS This application claims the benefit of priority to: U.S. Provisional Patent Application No. 62/786,309 entitled "Providing Verified Claims of User Identity," filed on December 28, 2018; U.S. Provisional Patent Application No. 62/795,528 entitled "Providing Verified Claims of User Identity," filed on January 22, 2019; U.S. Provisional Patent Application No. 62/820,820 entitled "Providing Verified Claims of User Identity," filed on March 19, 2019; U.S. Provisional Patent Application No. 62/822,987 entitled "Providing Verified Claims of User Identity," filed on March 24, 2019; and U.S. Provisional Patent Application No. 62/822,988 entitled "Providing Verified Claims of User Identity," filed on March 24, 2019; the disclosure of each of which is hereby incorporated herein in its entirety. TECHNICAL FIELD The present description relates generally to providing verified user identity claims, including providing a verified user identity claim that may be used by a user to confirm their identity, such as to a service provider. BACKGROUND Some service provider(s) may require identity and verification to register users. The verification may be performed by an identity verification provider. BRIEF DESCRIPTION OF THE DRAWINGS Certain features of the subject technology are set forth in the appended claims. However, for purpose of explanation, several embodiments of the subject technology are set forth in the following figures. FIG. 1 illustrates an example network environment for enrolling for and/or sharing a verified claim of identity in accordance with one or more implementations.FIG. 2 illustrates an example electronic device that may implement the subject system for enrolling for and/or sharing a verified claim of identity in accordance with one or more implementations.FIG. 3 illustrates an example process for enrolling for and/or sharing a verified claim of identity in accordance with one or more implementations.FIG. 4 illustrates an example user interface for enrolling for a verified claim of identity in accordance with one or more implementations.FIG. 5 illustrates an example user interface for displaying information of a verified claim of identity in accordance with one or more implementations.FIG. 6 illustrates an example user interface for registering with a service provider in accordance with one or more implementations.FIG. 7 illustrates an example of storing user identity information of a verified claim in a Merkle tree in accordance with one or more implementations.FIG. 8 illustrates examples of enrollment and sharing a verified claim of identity in accordance with one or more implementations.FIGS. 9A-9D illustrate another process for enrolling for and/or sharing a verified claim of identity in accordance with one or more implementations.FIG. 10 illustrates a flow diagram of an example process for using a verified claim to receive service from a service provider in accordance with one or more implementations.FIG. 11 illustrates a flow diagram of an example process for providing a confidence assessment for a verified claim in accordance with one or more implementations.FIG. 12 illustrates a flow diagram of an example process for requesting additional information from a user based on the information included with a verified claim in accordance with one or more implementations.FIG. 13 illustrates a flow diagram of an example process for providing service to a device based on a response vector for a verified claim in accordance with one or more implementations.FIG. 14 illustrates a flow diagram of an example process for revoking a verified claim in accordance with one or more implementations.FIG. 15 illustrates an example electronic system with which aspects of the subject technology may be implemented in accordance with one or more implementations. DETAILED DESCRIPTION The detailed description set forth below is intended as a description of various configurations of the subject technology and is not intended to represent the only configurations in which the subject technology can be practiced. The appended drawings are incorporated herein and constitute a part of the detailed description. The detailed description includes specific details for the purpose of providing a thorough understanding of the subject technology. However, the subject technology is not limited to the specific details set forth herein and can be practiced using one or more other implementations. In one or more implementations, structures and components are shown in block diagram form in order to avoid obscuring the concepts of the subject technology. A user may wish to use their device to serve as a form of digital identity for the user. For example, as noted above, some service providers require identity and verification to register users. As such, these service providers may need to establish their own identity and verification processes (e.g., based on the level of verification required to access t