Patent Issued for Digital credentials for visitor network access (USPTO 11792180): Workday Inc.

2023 NOV 02 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- A patent by the inventors Hamel, Bjorn (Dublin, CA, US), Ruggiero, Jonathan David (Danville, CA, US), filed on March 26, 2019, was published online on October 17, 2023, according to news reporting originating from Alexandria, Virginia, by NewsRx correspondents.

Patent number 11792180 is assigned to Workday Inc. (Pleasanton, California, United States).

The following quote was obtained by the news editors from the background information supplied by the inventors: “A database system distributes cryptographic digital credentials to a user to allow the user to prove qualifications (e.g., a degree, employment experience, health insurance coverage, etc.). Credentials can be assigned to a user by a trusted third party client of the database system (e.g., a university, an insurer). Digital credentials can be used to authenticate access to a guest network system, however, using credentials for authentication requires a system designed to use the credentials securely.”

In addition to the background information obtained for this patent, NewsRx journalists also obtained the inventors’ summary information for this patent: “The invention can be implemented in numerous ways, including as a process; an apparatus; a system; a composition of matter; a computer program product embodied on a computer readable storage medium; and/or a processor, such as a processor configured to execute instructions stored on and/or provided by a memory coupled to the processor. In this specification, these implementations, or any other form that the invention may take, may be referred to as techniques. In general, the order of the steps of disclosed processes may be altered within the scope of the invention. Unless stated otherwise, a component such as a processor or a memory described as being configured to perform a task may be implemented as a general component that is temporarily configured to perform the task at a given time or a specific component that is manufactured to perform the task. As used herein, the term ‘processor’ refers to one or more devices, circuits, and/or processing cores configured to process data, such as computer program instructions.

“A detailed description of one or more embodiments of the invention is provided below along with accompanying figures that illustrate the principles of the invention. The invention is described in connection with such embodiments, but the invention is not limited to any embodiment. The scope of the invention is limited only by the claims and the invention encompasses numerous alternatives, modifications and equivalents. Numerous specific details are set forth in the following description in order to provide a thorough understanding of the invention. These details are provided for the purpose of example and the invention may be practiced according to the claims without some or all of these specific details. For the purpose of clarity, technical material that is known in the technical fields related to the invention has not been described in detail so that the invention is not unnecessarily obscured.

“The system for digital credentialing is designed to empower individual users to own their verifiable professional identity and to be able to enable this identity to be useable in scenarios where a verified identity allows access by providing proof of identity. An application might use the system to prove the identity or verify a user’s access ability to something. The application queries the system regarding a proof of identity and the user provides the proof using a credential to the system that is ultimately passed to the application to prove identity of the user. The system allows an application developer to pick attributes that an application challenges for and the sources that will satisfy any given challenge. The proof of identity is embodied in a digital credential that is able to be secured using a combination of cryptography and a distributed ledger (e.g., a decentralized ledger, a permissioned ledger, a public ledger, etc.) to assure legitimacy of the proof of identity.

“A system for digital credentialing receives the digital credential from a credential issuing system. The system for digital credentialing stores user information for the user. The system for digital credentialing further determines a set of credentials available to the user based on the user information as well as stores a record of previously issued credentials. The credentials comprise categories satisfied by the user information at differing levels of specificity (e.g., greater than an amount, in a range of amounts, less than an amount, etc.). For example, in the case where the user comprises an employee earning $95,000 per year, the system for digital credentialing could determine credentials available to the user indicating that the user earns more than $60,000 per year, that the user earns more than $80,000 per year, that the user earns in the range of $90,000-$100,000 per year, etc. When the user interacts with the system for digital credentialing using a credential requesting app or application, the system determines the set of credentials available to the user and provides the list of credentials to the credential requesting app or application. The user can then provide (e.g., from a storage on a user device) one or more available credentials to the credential requesting app or application.

“In various embodiments, a credential comprises data that is validated or verified to be authentic-for example, data verifying academic diplomas, academic degrees, certifications, security clearances, identification documents, badges, passwords, user names, keys, powers of attorney, human resource data, personal information, or any other relevant information,”

The claims supplied by the inventors are:

“1. A system for credential authentication, comprising: an interface configured to: receive an indication to connect to a guest wifi network from an authentication device; and a processor configured to: in response to receiving the connect indication: provide a captive portal to the authentication device, wherein the captive portal comprises an application for authenticating access to the guest wifi network and wherein the captive portal redirects to a digital credentials application that receives, from a user of the authentication device, a create indication to create a visitor network credential comprising a selection of the visitor network credential from a list of credentials, create the visitor network credential, register the visitor network credential in a distributed ledger, and provide the visitor network credential to the authentication device; receive a certify indication to certify use of the guest wifi network from the authentication device, wherein the certify indication comprises a request for a proof request; in response to receiving the certify indication, provide the proof request to the authentication device; receive a proof response from the authentication device, wherein the proof response comprises the visitor network credential; validate the proof response, comprising determining that a public key from the distributed ledger matches a decentralized identifier (DID) in the visitor network credential, wherein the public key corresponds to a private key stored on the authentication device; in response to determining that the public key matches the DID, generate a network certificate; and provide the network certificate to the authentication device, wherein the authentication device presents the network certificate to the captive portal, wherein the captive portal validates the network certificate, and wherein the captive portal creates a network session for the authentication device to access the guest wifi network in response to determining that the network certificate is valid.

“2. The system of claim 1, wherein the create indication to create the visitor network credential is associated with an email address.

“3. The system of claim 1, wherein the interface is further configured to receive a claim indication from the authentication device to claim the visitor network credential.

“4. The system of claim 3, wherein the claim indication from the authentication device to claim the visitor network credential comprises a one-time token being used that causes generation of a DID keypair, wherein the private key component is stored on the authentication device and the public key component is stored on the distributed ledger, and that causes providing the visitor network credential to the authentication device.

“5. The system of claim 3, wherein the claim indication from the authentication device to claim the visitor network credential is provided in response to an authentication device digital identification app setup.

“6. The system of claim 5, wherein the authentication device digital identification app setup is in response to an email sent as part of a human resources system guest setup process.

“7. The system of claim 1, wherein the processor is further configured to verify the visitor network credential is associated with the authentication device.

“8. The system of claim 1, wherein the certify indication to certify the authentication device to use the network is received from a digital credential app on the authentication device.

“9. The system of claim 8, wherein the authentication device provides the certify indication to certify the authentication device to use the network to the system for credential authentication in response to a user confirmation.

“10. The system of claim 8, wherein the digital credential app is initiated by the captive portal.

“11. The system of claim 1, wherein validating the proof response using the distributed ledger comprises determining that a credential associated with the proof response satisfies the proof request, determining that a proof response signature is valid, determining that the credential associated with the proof response is not expired, or determining that the credential associated with the proof response is not revoked by looking in the distributed ledger.

“12. The system of claim 1, wherein the network certificate comprises an X.509 certificate.

“13. The system of claim 1, wherein the network certificate comprises user identity data.

“14. The system of claim 13, wherein the user identity data is based at least in part on user identity data stored by the visitor network credential.

“15. The system of claim 1, wherein network session settings for the network session comprise at least one of available bandwidth, session time, available session connections, session speed, access to a sandboxed network, and access to a limited set of connections.

“16. The system of claim 1, wherein the create indication to create the visitor network credential is provided by a human resources system guest setup process.

“17. The system of claim 1, wherein the information included in the network certificate comprises visitor network credential data.

“18. The system of claim 1, wherein the information included in the network certificate comprises authentication device identifier data.

“19. The system of claim 1, wherein creating the network session for the authentication device comprises providing network access to the authentication device.

“20. The system of claim 1, wherein the application comprises a user interface element for a user to indicate to use a digital credential to authenticate access to the guest wifi network.

“21. The system of claim 1, wherein the certify indication is provided in response to a user indicating to use a digital credential to authenticate access to the guest wifi network.

“22. A method for credential authentication, comprising: receiving an indication to connect to a guest wifi network from an authentication device; and in response to receiving the connect indication: providing, using a processor, a captive portal to the authentication device, wherein the captive portal comprises an application for authenticating access to the guest wifi network and wherein the captive portal redirects to a digital credentials application that receives, from a user of the authentication device, a create indication to create a visitor network credential comprising a selection of the visitor network credential from a list of credentials, creating the visitor network credential, registering the visitor network credential in a distributed ledger, and providing the visitor network credential to the authentication device; receiving a certify indication to certify use of the guest wifi network from the authentication device, wherein the certify indication comprises a request for a proof request; in response to receiving the certify indication, providing the proof request to the authentication device; receiving a proof response from the authentication device, wherein the proof response comprises the visitor network credential; validating the proof response, comprising determining that a public key from the distributed ledger matches a decentralized identifier (DID) in the visitor network credential, wherein the public key corresponds to a private key stored on the authentication device; in response to determining that the public key matches the DID, generating a network certificate; and providing the network certificate to the authentication device, wherein the authentication device presents the network certificate to the captive portal, wherein the captive portal validates the network certificate, and wherein the captive portal creates a network session for the authentication device to access the guest wifi network in response to determining that the network certificate is valid.”

There are additional claims. Please visit full patent to read further.

URL and more information on this patent, see: Hamel, Bjorn. Digital credentials for visitor network access. U.S. Patent Number 11792180, filed March 26, 2019, and published online on October 17, 2023. Patent URL (for desktop use only): https://ppubs.uspto.gov/pubwebapp/external.html?q=(11792180)&db=USPAT&type=ids

(Our reports deliver fact-based news of research and discoveries from around the world.)