WO2009036511A1 - Verifying a personal characteristic of users of online resources - Google Patents
Verifying a personal characteristic of users of online resources Download PDFInfo
- Publication number
- WO2009036511A1 WO2009036511A1 PCT/AU2008/001392 AU2008001392W WO2009036511A1 WO 2009036511 A1 WO2009036511 A1 WO 2009036511A1 AU 2008001392 W AU2008001392 W AU 2008001392W WO 2009036511 A1 WO2009036511 A1 WO 2009036511A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user
- public key
- key certificate
- trusted
- storage device
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3265—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate chains, trees or paths; Hierarchical trust model
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/42—Anonymization, e.g. involving pseudonyms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
Definitions
- the present invention relates to controlling access to online resources according to personal characteristics such as user age, while allowing preservation of user privacy.
- the present invention provides for verification of the personal characteristic of the user, without requiring disclosure of the user's identity to the operator of the online resource, and without requiring contemporaneous averment by a third party.
- Social networking is an important new type of online service enabled essentially by Internet technologies.
- social networking groups of people with common interests or attributes can communicate with one another, share data, undertake discussions, be introduced to like-minded new friends and colleagues, and so on.
- access to social networking resources is qualified by some means in order to preserve the collective identity of the group, and protect the privacy of participants,
- the most important qualification is the age of the user.
- qualifications such as age for participating in social networking services have been difficult to enforce.
- a technically comparable problem is associated with controlling the access to online resources intended only for adults (generally speaking, persons who have attained the age of majority).
- Such resources include online gambling, dating and introduction services, "adult” or pornographic content, and other classified content (films, television programs, literature and so on).
- new regulations introduced in 2007 require age verification for content delivered over the Internet or to multimedia wireless devices such as mobile telephones when that content has been given a conventional film & television classification of "MA15+” (intended only for a "Mature Audience" over the age of 15) or "Rl 8+” (Restricted to persons over the age of 18).
- One approach to the age verification problem is to have a trusted third party vouch for the age of a first party (the user) at the time when the user is accessing services of a second party (the online service provider).
- Some approaches to such age verification involve a new type of trusted third party that provides age verification services possibly on a commercial basis, typically by accessing authoritative repositories of age information.
- a service provider wishes to confirm the age of a given user, they inquire with the third party as to the person's age. This approach requires the user to provide personal details when registering with the trusted third party, which represents an effort and possible additional expense not normally associated with the use of such resources as online social networking sites.
- This type of approach also complicates the processes by which the service provider deals with its users, and can involve the disclosure of personal details of the user to the service provider. Moreover, this approach requires a timely response from the third party as user participation is prevented until verification is provided by the third party.
- the present invention provides a method for controlling access to an electronically accessible resource provided for a defined demographic group, the method comprising: securely storing in a storage device of a user a cryptographic Private Key; issuing to the user a Public Key Certificate corresponding to said Private Key, the Public Key Certificate including data that indicates that the user is a member of the defined demographic group, and the Public Key Certificate being signed by or on behalf of a Trusted Third Party trusted to attest to the user being a member of the defined demographic group; and an access control system associated with the electronically accessible resource using said Public Key Certificate to verify that the user is eligible to access the electronically accessible resource.
- the present invention provides a method for providing a user with demographic verification, the method comprising: securely storing in a storage device of the user a cryptographic Private Key; and issuing to the user a Public Key Certificate corresponding to said Private Key, the Public Key Certificate including data that indicates that the user is a member of a defined demographic group, and the Public Key Certificate being signed by or on behalf of a Trusted Third Party trusted to attest to the user being a member of the defined demographic group, wherein the Public Key Certificate is such that an access control system associated with an electronically accessible resource provided for the defined demographic group can use said Public Key Certificate to verify that the user is eligible to access the electronically accessible resource.
- the present invention provides a method for verifying user eligibility to access an electronically accessible resource provided for a defined demographic group, the method comprising: a user causing provision of a Public Key Certificate to an access control system associated with the electronically accessible resource; and the access control system verifying whether the user is eligible to access the electronically accessible resource by determining whether said signed Public Key Certificate includes data indicating that the user is a member of the defined demographic group, and determining whether the Public Key Certificate has been signed by or on behalf of a Trusted Third Party trusted to attest to the user being a member of the defined demographic group.
- the present invention provides a storage device securely storing a cryptographic Private Key, and a Public Key Certificate corresponding to said Private Key and including data that indicates that the user is a member of a defined demographic group, and the Public Key Certificate being signed by or on behalf of a Trusted Third Party trusted to attest to the user being a member of the defined demographic group.
- the present invention provides a computer program element comprising computer program code means to make a computer execute a procedure for controlling access to an electronically accessible resource, the computer program element comprising: computer program code means for obtaining from a user a Public Key
- the present invention thus provides for the Public Key Certificate to verify that the user is a member of a particular demographic group, such as being within a particular age group, without requiring that any other personal details about the user such as their identity be revealed.
- the present invention provides a secure means by which to establish the user's authorisation to access the resource in question, without requiring authentication of the user's identity.
- Such a Public Key Certificate in combination with a cryptographic storage device and Private Key provides a particularly strong mechanism for differentiating members of the relevant demographic group, for example for differentiating children from adults.
- Use of a cryptographic storage device and public key infrastructure provides resistance to copying or counterfeiting as might be attempted by an adult that would masquerade as a child.
- Providing the user with a private key gives the user a means to demonstrate that the Public Key Certificate is in fact associated with that individual, so as to prevent copies of the Certificate from being made and used by others.
- the present invention also represents a form of two factor authentication and is therefore more resistant to theft and abuse than are traditional single factor authentication methods such as secret passwords used to control access to social networking services. If a child loses their cryptographic storage device then it is relatively easy to be alerted to that fact and prevent others from inappropriately using the device by cancelling the Certificate, and relatively easy to replace together with a new Public Key Certificate.
- the Certificate may be issued to the user by being stored in connection with a storage device which is required to be kept in the possession of the user for other purposes, for example a driver's license, student concession card, membership card, a telephone or a personal digital assistant (PDA). Loss or theft of such a device is likely to be promptly reported by the user allowing cancellation of the Public Key Certificate to prevent others from using a stolen device to access the electronically accessible resource.
- the storage device could be a magnetic stripe card, a USB storage device, a smart card, a subscriber identity module (SIM) card, a random access memory or read only memory of a telephone or PDA, or other suitable device.
- the trusted third party is a body that, due to existing responsibilities, has the knowledge required to attest to the user's demographic status of interest.
- the demographic group is children of school age
- preferred embodiments of the present invention provide for the trusted third party to be an institution such as a government department of education and/or a body responsible for issuing student concession cards, for example.
- Such embodiments ease implementation of the system of the present invention, by recognising that a typical routine function of such bodies is to produce and issue to school children public transport concession cards and the like, which in effect vouch for the fact that the card holder is a school age child.
- the present invention provides the means for that existing trusted third party to provide verification of age to the child in digital cryptographic form for use online, with the additional benefit in some embodiments of being able to de-identify the child in the online environment.
- embodiments of the present invention are further advantageous in providing a "push" distribution model for certificates, where the trusted third party acts as a 'source of truth' and feeds data to a Certificate Authority for the automatic production of certificates, avoiding the need for individuals to 'pull' down certificates by application.
- the Certificate can be produced without requiring the student to undergo an arduous application process and without engaging any new authorities or service providers.
- Embodiments of the invention preferably provide for one or more Root Certification Authorities each being trusted to attest that particular institutions are authorised to aver demographic characteristics of the user.
- Such embodiments of the invention provide for cross-jurisdictional implementation of the present invention, in providing for verification of a user's demographic characteristic when accessing an electronic resource based in a jurisdiction different to the jurisdiction in which the user is located. That is, such embodiments recognise that the electronically accessible resource may be in a different country or different jurisdiction to the user, and recognise that the provider of the electronically accessible resource may not have first hand knowledge of whether the institution is legitimately authorised to aver the demographic characteristics of the user.
- Root Certification Authority responsible for maintaining a list of appropriately authorised bodies in different jurisdictions
- embodiments of the invention enable access control to the electronically accessible resource to be effected in an automated and rapid manner, by ensuring that the Public Key Certificate presented by the user and issued by an institution properly chains back to the Root Certification Authority.
- To establish such Root Certification requires the simple step of the Root Certification Authority issuing Public Key Certificates to one or more corresponding trusted third party Certification Authorities in each jurisdiction.
- the Root Certification Authority preferably further attests as to which particular demographic characteristic(s) each institution is authorised to aver.
- the Root Certification Authority may attest that a government department of education is authorised to aver that children are minors.
- the Root Certification Authority preferably maintains a code numbering schema, electronic directory service or similar means to identify which particular demographic characteristic is vouched for by the institution through the Public Key Certificates issued to individuals.
- a suitable code numbering schema could for example be constructed using X.500 standard Object Identifiers (OIDs) administered by the Root Certification Authority.
- the demographic group may be defined by any suitable demographic characteristic ⁇ ), such as: age; gender; race; religion; sexual orientation; income; special interests; membership or affiliation with a society, social networking site, online gaming community or virtual world; geographic or virtual location; nationality; residential jurisdiction; disease status; and/or entitlement to social security benefits or old age benefits.
- suitable demographic characteristic ⁇ such as: age; gender; race; religion; sexual orientation; income; special interests; membership or affiliation with a society, social networking site, online gaming community or virtual world; geographic or virtual location; nationality; residential jurisdiction; disease status; and/or entitlement to social security benefits or old age benefits.
- the storage device may be issued to the user by the trusted third party and may serve other purposes such as being a transport concession card for a student, or a driver's license for an adult.
- the storage device may be incorporated into another electronic device such as a portable digital assistance (PDA), mobile telephone handset, or personal computer.
- PDA portable digital assistance
- Embodiments utilising a portable device provide benefits including resistance to replay attack, identity theft, counterfeiting and the like, provide ease of use, and provide improved confidence in the user acting consensually in the use of the Private Key since it is unlikely that a physical device is used inadvertently.
- the Private Key and the Public Key Certificate are preferably stored in the same device, and may both be stored in a single storage means of the device.
- the storage device may comprise any suitable storage device such as a smartcard, a cryptographic USB key, a regular USB key, a mobile telephone Subscriber Identification Module (SIM) card, other memory of a mobile telephone or Personal Data Assistant, tamper resistant storage, or a hardware security module such as a Trusted Platform Module.
- SIM Subscriber Identification Module
- the Public Key Certificate is anonymous in so far as the certificate contents do not include any personally identifiable information, and reveal only the fact averred by the Trusted Third Party that the user belongs to a certain demographic group such as being of a certain age.
- the storage device may be equipped with visual indicia identifying the user, or alternatively may carry no visual means to identify the user.
- the storage device may store one or more other Private Keys or Public Key Certificates for other purposes, for example to establish the identity of the user in other applications.
- the cryptographic storage device includes a built-in function for generating Public Key / Private Key pairs, such that following generation the Private Key never leaves the confines of the storage device.
- a built-in function for generating Public Key / Private Key pairs, such that following generation the Private Key never leaves the confines of the storage device.
- the storage device when applied to the demographic group of children of minority age the storage device is preferably a tamper resistant cryptographic USB key.
- a tamper resistant cryptographic USB key is advantageous as being relatively easy to use by children, and is further advantageous in exploiting that USB devices are inexpensive, in widespread use, and are compatible with the great majority of contemporary personal computers and thus require no special reader device in order to be interfaced to a personal computer.
- any suitable technique may be applied, for example the
- Private Key of the user may be used to produce a cryptogram from a challenge in a challenge-response protocol. Additionally or alternatively the Private Key of the user may be used to produce a cryptogram from a transactional data object where said cryptogram may be verifiable by means of the Public Key Certificate corresponding to said Private Key.
- Figure 1 illustrates a system for issuing to children cryptographic USB keys including Public Key Certificates that verify the age of those children when accessing online resources;
- Figure 2 illustrates a general-purpose computing device that may be used in an exemplary system for implementing the invention
- the presently described embodiment of the present invention recognises the specific relationship that children as students can have with institutions such as Departments of Education, which have established processes for issuing to children documents or cards that aver eligibility for such concessions as discounted public transport fares.
- a Department of Education acts as a Trusted Third Party that issues Public Key Certificates that verify the age of each child receiving such a certificate. Any provider of online resources intended only for children can design their access control systems to use such Public Key Certificates to distinguish between children verified as such by the Department of Education, and other illegitimate users such as adults.
- a Department of Education 110 maintains a database 112 of school age children.
- the Department of Education 110 issues to a child 101 listed in the database 112 a cryptographic USB key 150.
- the cryptographic USB key 150 includes a processor chip 155.
- the processor chip 155 generates a Public Key - Private
- a Public Key Certificate 120 corresponding to said Public Key - Private Key pair is created and signed by a Certification Authority 114 operated by the
- 114 may be a separate party engaged by the Department of Education for this purpose.
- the Public Key Certificate 120 includes a data item 122 that attests that the child 101 is of school age.
- the Public Key Certificate 120 also includes a digital signature 124 of the Department of Education 110.
- the Public Key Certificate 120 is anonymous in that the identity of the child 101 is not included in the Public Key Certificate 120, in this embodiment.
- Child 101 uses computer 130 to access via the Internet 199 online resources 220 provided by service provider 200 and intended only for children.
- the child 101 connects the cryptographic USB key 150 to a personal computer 130 as part of the access control procedure.
- An access control module 210 associated with the online resources 220 operates so as to distinguish legitimate users such as child 101 from illegitimate users such as adults.
- the access control module 210 effects verification by examining the Public Key Certificate 120, checking that the digital signature 124 corresponds to the Department of Education 110, and checking that the data item 122 does indicate that the holder of the Public Key Certificate 120 (namely the child 101) is of school age. If said checks are satisfied then the access control module 210 grants child 101 access to the online resources 220.
- the Certification Authority 114 is itself certified by a Root Certification Authority 314 which issues CA Public Key Certificate 320 containing a data item 326 that attests that the Certification Authority 114 is recognised as being authoritative over the particular demographic characteristic in question, in this case the fact that the child 101 is of school age.
- the CA Public Key Certificate 320 also includes a digital signature 324 of the Root Certification Authority 314. This arrangement thus effects an international or otherwise cross-jurisdictional mechanism for endorsing Certification Authority 114 so that the legitimacy of their verification of age of student 101 may be automatically verified by the service provider 200 even where the Certification Authority 114 is unknown to the service provider 200.
- This cross-jurisdictional ability of this embodiment recognises that in respective jurisdictions there could be one or more bodies that are authoritative in vouching for certain demographic characteristics. For instance, in addition to Department of Education 110 acting as an authoritative body in vouching for child 101 being of school age, a driver licensing bureau might act as an authoritative body in vouching for individuals being of the age of majority.
- the infrastructure provided by this embodiment, specifically Root Certification Authority 314, enables the standing of such deemed authoritative bodies to be rapidly determined by a secure automated process even across jurisdictional borders.
- any service provider 200 anywhere in the world can confirm whether a given individual 101 is of school age, no matter where that individual resides. This is because the service provider 200 can check if the person's Public Key Certificate 120 firstly chains back to the Root Certification Authority 314, and secondly that Public Key Certificate 120 contains a code number indicating that the Public Key Certificate issuer 114 is deemed by the Root Certification Authority 314 to be authoritative as to the demographic characteristic of being of school age.
- Root Certification Authority 314 Once the Root Certification Authority 314 is established and its Root Public Key promulgated across all social networking sites such as child social networking site 220, new Certification authorities 114 can be joined to the scheme at any time, to provide age verification for example, or verification of any other demographic characteristic, again without requiring identification of users.
- service provider 200 is able to gain additional confirmation of the authority of the Department of Education 110 by verifying also that the Public Key Certificate 120 correctly chains cryptographically to CA Public Key Certificate 320 signed by the Root Certification Authority 314. If the Public Key Certificate 120 does correctly chain cryptographically to CA Public Key Certificate 320 then service provider 200 can infer that the Certification Authority 114 is a recognised member of the inter-jurisdictional set of authoritative bodies able to vouch for demographic characteristics. If the data item 326 further indicates that the Certification Authority 114 has been certified by the Root Certification Authority 314 as being authoritative over the demographic property of being of school age, then the service provider 200 gains additional confirmation of the authority of the Department of Education 110.
- This embodiment thus maintains the privacy of child 101 by not requiring the child at any time to provide their actual name or any other identifying details to the social networking service 220. Because the child's age is attested to by the department of education 110, nor does the child need to divulge their name or personal details to third parties. Even in alternative embodiments where the certification authority 114 is a separate party to the department of education 110, that authority 114 does not receive any details identifying the child in their task of producing the certificate 120.
- This embodiment thus takes advantage of knowledge that an existing trusted authority, namely department of education 110, already has about the age of the child 101, and further ensures that only the pertinent personal quality is revealed, in that the child is of the age of minority.
- This embodiment thus avoids introducing or imposing additional parties into the relationship between the service provider 200 and the user 101, providing a verification model which is simple, less risky, cheaper to implement, and lower cost to operate.
- this embodiment enables verification to be performed substantially offline. This is because the face- validity of the child's certificate 120 is evident to the service provider 200 without the provider 200 having to make any online inquiries at all, provided they have a trusted copy of the PKI root key.
- the currency of the child's age verification certificate 120 might need to be checked in real time by provider 200, to ensure that it has not been revoked, however such a real time check can be done with relatively high performance and low bandwidth requirements using the industry standard OCSP protocol supported by all commercial CAs.
- the present invention also relates to apparatus for performing the operations herein.
- This apparatus may be specially constructed for the required purposes, or it may comprise a general purpose computer selectively activated or reconfigured by a computer program stored in the computer.
- a computer program may be stored in a computer readable storage medium, such as, but is not limited to, any type of disk including floppy disks, optical disks, CD-ROMs, and magnetic-optical disks, read-only memories (ROMs), random access memories (RAMs), EPROMs, EEPROMs, magnetic or optical cards, or any type of media suitable for storing electronic instructions, and each coupled to a computer system bus.
- a machine-readable medium includes any mechanism for storing or transmitting information in a form readable by a machine (e.g., a computer).
- a machine-readable medium includes read only memory ("ROM”); random access memory (“RAM”); magnetic disk storage media; optical storage media; flash memory devices; electrical, optical, acoustical or other form of propagated signals (e.g., carrier waves, infrared signals, digital signals, etc.); etc.
- FIG. 2 the invention is illustrated as being implemented in a suitable computing environment.
- program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types.
- program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types.
- program modules may be located in both local and remote memory storage devices.
- a general purpose computing device is shown in the form of a conventional personal computer 20, including a processing unit 21, a system memory 22, and a system bus 23 that couples various system components including the system memory to the processing unit 21.
- the system bus 23 may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures.
- the system memory includes read only memory (ROM) 24 and random access memory (RAM) 25.
- ROM read only memory
- RAM random access memory
- BIOS basic input/output system
- BIOS basic routines that help to transfer information between elements within the personal computer 20, such as during start-up, is stored in ROM 24.
- the personal computer 20 further includes a hard disk drive 27 for reading from and writing to a hard disk 60, a magnetic disk drive 28 for reading from or writing to a removable magnetic disk 29, and an optical disk drive 30 for reading from or writing to a removable optical disk 31 such as a CD ROM or other optical media.
- the hard disk drive 27, magnetic disk drive 28, and optical disk drive 30 are connected to the system bus 23 by a hard disk drive interface 32, a magnetic disk drive interface 33, and an optical disk drive interface 34, respectively.
- the drives and their associated computer-readable media provide nonvolatile storage of computer readable instructions, data structures, program modules and other data for the personal computer 20.
- exemplary environment shown employs a hard disk 60, a removable magnetic disk 29, and a removable optical disk 31, it will be appreciated by those skilled in the art that other types of computer readable media which can store data that is accessible by a computer, such as magnetic cassettes, flash memory cards, digital video disks, Bernoulli cartridges, random access memories, read only memories, storage area networks, and the like may also be used in the exemplary operating environment.
- a number of program modules may be stored on the hard disk 60, magnetic disk 29, optical disk 31, ROM 24 or RAM 25, including an operating system 35, one or more applications programs 36, other program modules 37, and program data 38.
- a user may enter commands and information into the personal computer 20 through input devices such as a keyboard 40 and a pointing device 42.
- Other input devices may include a microphone, joystick, game pad, satellite dish, scanner, or the like.
- serial port interface 46 that is coupled to the system bus, but may be connected by other interfaces, such as a parallel port, game port or a universal serial bus (USB) or a network interface card.
- a monitor 47 or other type of display device is also connected to the system bus
- peripheral output devices not shown, such as speakers and printers.
- the personal computer 20 may operate in a networked environment using logical connections to one or more remote computers, such as a remote computer 49.
- the remote computer 49 may be another personal computer, a server, a router, a network
- PC a peer device or other common network node, and typically includes many or all of the elements described above relative to the personal computer 20, although only a memory storage device 50 has been illustrated.
- the logical connections depicted include a local area network (LAN) 51 and a wide area network (WAN) 52.
- LAN local area network
- WAN wide area network
- the personal computer 20 When used in a LAN networking environment, the personal computer 20 is connected to the local network 51 through a network interface or adapter 53. When used in a WAN networking environment, the personal computer 20 typically includes a modem 54 or other means for establishing communications over the WAN 52.
- the modem 54 which may be internal or external, is connected to the system bus 23 via the serial port interface 46.
- program modules depicted relative to the personal computer 20, or portions thereof may be stored in the remote memory storage device. It will be appreciated that the network connections shown are exemplary and other means of establishing a communications link between the computers may be used.
- the present embodiment relates to verifying the age of users of online resources intended only for children
- the present invention is applicable to enforcing other types of access control rules for online resources.
- Such other rules include without limitation verifying that the user has reached the age of majority, as may be attested to by a driver's license regulator or other suitable trusted body.
- Such verification of age of majority may be employed by social networking sites intended for adults only and/or sites providing classified content, adult content or gambling content, whether delivered via the Internet to personal computers and the like or via multimedia services to mobile telephones or other wireless devices.
- the present invention may be employed in verifying that the user attends a certain school, as may be attested to by that school or by a government department of education.
- the demographic grouping may be by disease status, for example to attest to the user being free of sexually communicable diseases, as may be attested to by a certified health professional for example.
- the demographic group may be membership of a romantic dating community, whereby the user's membership of the community is attested to by a community registrar.
- the demographic group may be membership of an online virtual world community or an online game such as a massively multiplayer online role playing game, whereby the user's membership of the community is attested to by a community registrar.
- existing members of the community may be permitted to introduce new members by signing the new member's application using their Private Key and Public Key Certificate in order to effect an introduction.
- the demographic group may be social security or old age benefit recipients, as may be attested to by a social security agency.
- the computing device may comprise a suitably configured "multimedia" or 3G mobile telephone.
- this invention allows differentiation between children and adults in connection to controlling access to online resources intended only for children. In another instance, this invention allows differentiation of users in connection with online resources intended only for adults.
- a Certificate may be relied upon to verify that the user is a member of a particular demographic group, such as being within a particular age group, without requiring that any other personal details about the user such as their identity be revealed. This affords a means by which to establish the user's authorisation to access the resource in question, without requiring authentication of the user's identity nor use of a private key.
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2008301230A AU2008301230A1 (en) | 2007-09-19 | 2008-09-19 | Verifying a personal characteristic of users of online resources |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2007216833 | 2007-09-19 | ||
AU2007216833 | 2007-09-19 | ||
AU2008901033A AU2008901033A0 (en) | 2008-03-03 | Verifying a personal characteristic of users of online resources | |
AU2008901033 | 2008-03-03 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2009036511A1 true WO2009036511A1 (en) | 2009-03-26 |
Family
ID=40467435
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/AU2008/001392 WO2009036511A1 (en) | 2007-09-19 | 2008-09-19 | Verifying a personal characteristic of users of online resources |
Country Status (2)
Country | Link |
---|---|
AU (1) | AU2008301230A1 (en) |
WO (1) | WO2009036511A1 (en) |
Cited By (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102009031817A1 (en) * | 2009-07-03 | 2011-01-05 | Charismathics Gmbh | Method for display, examination and distribution of digital certificates for use in public key infrastructure, involves evaluating confidential status for certificate of certificate owner |
WO2011119809A2 (en) * | 2010-03-25 | 2011-09-29 | Boku, Inc. | Systems and methods to provide access control via mobile phones |
US8386353B2 (en) | 2009-05-27 | 2013-02-26 | Boku, Inc. | Systems and methods to process transactions based on social networking |
US8392274B2 (en) | 2009-10-01 | 2013-03-05 | Boku, Inc. | Systems and methods for purchases on a mobile communication device |
US8412155B2 (en) | 2010-12-20 | 2013-04-02 | Boku, Inc. | Systems and methods to accelerate transactions based on predictions |
US8412626B2 (en) | 2009-12-10 | 2013-04-02 | Boku, Inc. | Systems and methods to secure transactions via mobile devices |
US8543087B2 (en) | 2011-04-26 | 2013-09-24 | Boku, Inc. | Systems and methods to facilitate repeated purchases |
US8548426B2 (en) | 2009-02-20 | 2013-10-01 | Boku, Inc. | Systems and methods to approve electronic payments |
US8566188B2 (en) | 2010-01-13 | 2013-10-22 | Boku, Inc. | Systems and methods to route messages to facilitate online transactions |
US8583496B2 (en) | 2010-12-29 | 2013-11-12 | Boku, Inc. | Systems and methods to process payments via account identifiers and phone numbers |
US8583504B2 (en) | 2010-03-29 | 2013-11-12 | Boku, Inc. | Systems and methods to provide offers on mobile devices |
US8589290B2 (en) | 2010-08-11 | 2013-11-19 | Boku, Inc. | Systems and methods to identify carrier information for transmission of billing messages |
US8660911B2 (en) | 2009-09-23 | 2014-02-25 | Boku, Inc. | Systems and methods to facilitate online transactions |
US8699994B2 (en) | 2010-12-16 | 2014-04-15 | Boku, Inc. | Systems and methods to selectively authenticate via mobile communications |
US8700530B2 (en) | 2009-03-10 | 2014-04-15 | Boku, Inc. | Systems and methods to process user initiated transactions |
US8700524B2 (en) | 2011-01-04 | 2014-04-15 | Boku, Inc. | Systems and methods to restrict payment transactions |
US8768778B2 (en) | 2007-06-29 | 2014-07-01 | Boku, Inc. | Effecting an electronic payment |
US9191217B2 (en) | 2011-04-28 | 2015-11-17 | Boku, Inc. | Systems and methods to process donations |
CN105809434A (en) * | 2014-12-31 | 2016-07-27 | 北京华虹集成电路设计有限责任公司 | Second-generation USB Key method using operators network to transmit data and device |
US9449313B2 (en) | 2008-05-23 | 2016-09-20 | Boku, Inc. | Customer to supplier funds transfer |
US9519892B2 (en) | 2009-08-04 | 2016-12-13 | Boku, Inc. | Systems and methods to accelerate transactions |
US9595028B2 (en) | 2009-06-08 | 2017-03-14 | Boku, Inc. | Systems and methods to add funds to an account via a mobile communication device |
US9652761B2 (en) | 2009-01-23 | 2017-05-16 | Boku, Inc. | Systems and methods to facilitate electronic payments |
US9697510B2 (en) | 2009-07-23 | 2017-07-04 | Boku, Inc. | Systems and methods to facilitate retail transactions |
US9830622B1 (en) | 2011-04-28 | 2017-11-28 | Boku, Inc. | Systems and methods to process donations |
US9990623B2 (en) | 2009-03-02 | 2018-06-05 | Boku, Inc. | Systems and methods to provide information |
CN108696349A (en) * | 2017-03-31 | 2018-10-23 | 英特尔公司 | The trusted third party that credible performing environment is used as proving to provide privacy |
WO2020086668A1 (en) * | 2018-10-23 | 2020-04-30 | Visa International Service Association | Validation service for account verification |
EP3916687A1 (en) * | 2020-05-28 | 2021-12-01 | Morteo Appierto, Luciana | Method and system for conditional access |
US11558425B2 (en) * | 2019-07-31 | 2023-01-17 | EMC IP Holding Company LLC | Dynamic access controls using verifiable claims |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001188757A (en) * | 1999-12-28 | 2001-07-10 | Nippon Telegr & Teleph Corp <Ntt> | Service providing method using certificate |
US6704787B1 (en) * | 1999-12-03 | 2004-03-09 | Intercard Payments, Inc. | Date of birth authentication system and method using demographic and/or geographic data supplied by a subscriber that is verified by a third party |
AU2004201058B1 (en) * | 2004-03-15 | 2004-09-09 | Lockstep Consulting Pty Ltd | Means and method of issuing Anonymous Public Key Certificates for indexing electronic record systems |
US20060047725A1 (en) * | 2004-08-26 | 2006-03-02 | Bramson Steven J | Opt-in directory of verified individual profiles |
US20080168548A1 (en) * | 2007-01-04 | 2008-07-10 | O'brien Amanda Jean | Method For Automatically Controlling Access To Internet Chat Rooms |
-
2008
- 2008-09-19 AU AU2008301230A patent/AU2008301230A1/en not_active Abandoned
- 2008-09-19 WO PCT/AU2008/001392 patent/WO2009036511A1/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6704787B1 (en) * | 1999-12-03 | 2004-03-09 | Intercard Payments, Inc. | Date of birth authentication system and method using demographic and/or geographic data supplied by a subscriber that is verified by a third party |
JP2001188757A (en) * | 1999-12-28 | 2001-07-10 | Nippon Telegr & Teleph Corp <Ntt> | Service providing method using certificate |
AU2004201058B1 (en) * | 2004-03-15 | 2004-09-09 | Lockstep Consulting Pty Ltd | Means and method of issuing Anonymous Public Key Certificates for indexing electronic record systems |
US20060047725A1 (en) * | 2004-08-26 | 2006-03-02 | Bramson Steven J | Opt-in directory of verified individual profiles |
US20080168548A1 (en) * | 2007-01-04 | 2008-07-10 | O'brien Amanda Jean | Method For Automatically Controlling Access To Internet Chat Rooms |
Cited By (37)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8768778B2 (en) | 2007-06-29 | 2014-07-01 | Boku, Inc. | Effecting an electronic payment |
US9449313B2 (en) | 2008-05-23 | 2016-09-20 | Boku, Inc. | Customer to supplier funds transfer |
US9652761B2 (en) | 2009-01-23 | 2017-05-16 | Boku, Inc. | Systems and methods to facilitate electronic payments |
US8548426B2 (en) | 2009-02-20 | 2013-10-01 | Boku, Inc. | Systems and methods to approve electronic payments |
US9990623B2 (en) | 2009-03-02 | 2018-06-05 | Boku, Inc. | Systems and methods to provide information |
US8700530B2 (en) | 2009-03-10 | 2014-04-15 | Boku, Inc. | Systems and methods to process user initiated transactions |
US8386353B2 (en) | 2009-05-27 | 2013-02-26 | Boku, Inc. | Systems and methods to process transactions based on social networking |
US9595028B2 (en) | 2009-06-08 | 2017-03-14 | Boku, Inc. | Systems and methods to add funds to an account via a mobile communication device |
DE102009031817A1 (en) * | 2009-07-03 | 2011-01-05 | Charismathics Gmbh | Method for display, examination and distribution of digital certificates for use in public key infrastructure, involves evaluating confidential status for certificate of certificate owner |
US9697510B2 (en) | 2009-07-23 | 2017-07-04 | Boku, Inc. | Systems and methods to facilitate retail transactions |
US9519892B2 (en) | 2009-08-04 | 2016-12-13 | Boku, Inc. | Systems and methods to accelerate transactions |
US9135616B2 (en) | 2009-09-23 | 2015-09-15 | Boku, Inc. | Systems and methods to facilitate online transactions |
US8660911B2 (en) | 2009-09-23 | 2014-02-25 | Boku, Inc. | Systems and methods to facilitate online transactions |
US8392274B2 (en) | 2009-10-01 | 2013-03-05 | Boku, Inc. | Systems and methods for purchases on a mobile communication device |
US8412626B2 (en) | 2009-12-10 | 2013-04-02 | Boku, Inc. | Systems and methods to secure transactions via mobile devices |
US8566188B2 (en) | 2010-01-13 | 2013-10-22 | Boku, Inc. | Systems and methods to route messages to facilitate online transactions |
US8478734B2 (en) | 2010-03-25 | 2013-07-02 | Boku, Inc. | Systems and methods to provide access control via mobile phones |
WO2011119809A2 (en) * | 2010-03-25 | 2011-09-29 | Boku, Inc. | Systems and methods to provide access control via mobile phones |
WO2011119809A3 (en) * | 2010-03-25 | 2011-12-29 | Boku, Inc. | Systems and methods to provide access control via mobile phones |
US8583504B2 (en) | 2010-03-29 | 2013-11-12 | Boku, Inc. | Systems and methods to provide offers on mobile devices |
US8589290B2 (en) | 2010-08-11 | 2013-11-19 | Boku, Inc. | Systems and methods to identify carrier information for transmission of billing messages |
US8699994B2 (en) | 2010-12-16 | 2014-04-15 | Boku, Inc. | Systems and methods to selectively authenticate via mobile communications |
US8958772B2 (en) | 2010-12-16 | 2015-02-17 | Boku, Inc. | Systems and methods to selectively authenticate via mobile communications |
US8412155B2 (en) | 2010-12-20 | 2013-04-02 | Boku, Inc. | Systems and methods to accelerate transactions based on predictions |
US8583496B2 (en) | 2010-12-29 | 2013-11-12 | Boku, Inc. | Systems and methods to process payments via account identifiers and phone numbers |
US8700524B2 (en) | 2011-01-04 | 2014-04-15 | Boku, Inc. | Systems and methods to restrict payment transactions |
US9202211B2 (en) | 2011-04-26 | 2015-12-01 | Boku, Inc. | Systems and methods to facilitate repeated purchases |
US8774758B2 (en) | 2011-04-26 | 2014-07-08 | Boku, Inc. | Systems and methods to facilitate repeated purchases |
US8543087B2 (en) | 2011-04-26 | 2013-09-24 | Boku, Inc. | Systems and methods to facilitate repeated purchases |
US8774757B2 (en) | 2011-04-26 | 2014-07-08 | Boku, Inc. | Systems and methods to facilitate repeated purchases |
US9830622B1 (en) | 2011-04-28 | 2017-11-28 | Boku, Inc. | Systems and methods to process donations |
US9191217B2 (en) | 2011-04-28 | 2015-11-17 | Boku, Inc. | Systems and methods to process donations |
CN105809434A (en) * | 2014-12-31 | 2016-07-27 | 北京华虹集成电路设计有限责任公司 | Second-generation USB Key method using operators network to transmit data and device |
CN108696349A (en) * | 2017-03-31 | 2018-10-23 | 英特尔公司 | The trusted third party that credible performing environment is used as proving to provide privacy |
WO2020086668A1 (en) * | 2018-10-23 | 2020-04-30 | Visa International Service Association | Validation service for account verification |
US11558425B2 (en) * | 2019-07-31 | 2023-01-17 | EMC IP Holding Company LLC | Dynamic access controls using verifiable claims |
EP3916687A1 (en) * | 2020-05-28 | 2021-12-01 | Morteo Appierto, Luciana | Method and system for conditional access |
Also Published As
Publication number | Publication date |
---|---|
AU2008301230A1 (en) | 2009-03-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2009036511A1 (en) | Verifying a personal characteristic of users of online resources | |
US10652018B2 (en) | Methods and apparatus for providing attestation of information using a centralized or distributed ledger | |
US10829088B2 (en) | Identity management for implementing vehicle access and operation management | |
US11481768B2 (en) | System and method of generating and validating encapsulated cryptographic tokens based on multiple digital signatures | |
US10410213B2 (en) | Encapsulated security tokens for electronic transactions | |
JP2004519874A (en) | Trusted Authentication Digital Signature (TADS) System | |
JPH10504150A (en) | A method for securely using digital signatures in commercial cryptosystems | |
US11250423B2 (en) | Encapsulated security tokens for electronic transactions | |
US20180205559A1 (en) | Method and apparatus for authenticating a service user for a service that is to be provided | |
CN112507300A (en) | Electronic signature system based on eID and electronic signature verification method | |
US10867326B2 (en) | Reputation system and method | |
Fumy et al. | Handbook of EID Security: Concepts, Practical Experiences, Technologies | |
Chadwick et al. | Openid for verifiable credentials | |
Gladney | Safe deals between strangers | |
Smedinghoff | Federated identity management: balancing privacy rights, liability risks, and the duty to authenticate | |
Martínez-Peláez et al. | Digital Pseudonym Identity for e-Commerce | |
Richards et al. | It's Okay To Be A Dog On The Internet–Privacy And Trust In e-Government |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 08800027 Country of ref document: EP Kind code of ref document: A1 |
|
DPE1 | Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101) | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2008301230 Country of ref document: AU |
|
ENP | Entry into the national phase |
Ref document number: 2008301230 Country of ref document: AU Date of ref document: 20080919 Kind code of ref document: A |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 08800027 Country of ref document: EP Kind code of ref document: A1 |