WO2020008367A1 - A method of creating a digital id or digital data storage of a person or an organization, and a method of using the digital id or digital data storage for remote identification - Google Patents

A method of creating a digital id or digital data storage of a person or an organization, and a method of using the digital id or digital data storage for remote identification Download PDF

Info

Publication number
WO2020008367A1
WO2020008367A1 PCT/IB2019/055645 IB2019055645W WO2020008367A1 WO 2020008367 A1 WO2020008367 A1 WO 2020008367A1 IB 2019055645 W IB2019055645 W IB 2019055645W WO 2020008367 A1 WO2020008367 A1 WO 2020008367A1
Authority
WO
WIPO (PCT)
Prior art keywords
digital
user
file
hash code
personal data
Prior art date
Application number
PCT/IB2019/055645
Other languages
French (fr)
Inventor
Yury MYSHINSKIY
Original Assignee
Bitchange Oü
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bitchange Oü filed Critical Bitchange Oü
Publication of WO2020008367A1 publication Critical patent/WO2020008367A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]

Definitions

  • the invention relates to a field of digital identification technologies, namely to digital ID-s and decentralized passports.
  • the invention addresses the problem of reliable identification of a person from a distance and reduces the time spent on remote authentication and partially or totally eliminates the need to carry out re-identification processes, saving time and other resources required for the implementation of procedures of identification, creating convenience and comfort for the owner of the digital ID remoting with organizations, institutions and government.
  • the remote identification procedure is a costly task; it includes the salaries of employees performing the procedure, organizational expenses, costs for third party services, taxes, and also requires the expenditure of a certain number of man-hours.
  • EP3477891 disclosing a method for recording a digital identity of a first user comprising, performed by a computing device of a first verification entity identified by a first verification entity identifier: receiving from the first user at least one first user identity document and extracting user personal identifiable information data elements from said user identity document, after verification, encrypting using a public key of the first verification entity and recording said encrypted user personal identifiable information data elements (304) in a first distributed ledger whose access is authorized to a first set of computing devices only, generating a user identifier (KYC ID) to be sent to said user and recording a hash of said user identifier in a second distributed ledger and, for each verified user personal identifiable information data element, an attestation including the first verification entity identifier and a hash of said user personal identifiable information data element, and recording each generated attestation in said second distributed ledger, for each generated attestation, recording in said second distributed ledger a relationship between the generated user identifier and said generated attestation, wherein said first
  • the disadvantage of this system is that the user personal identification data is stored in said first distributed ledger outside the user's personal devices and thus, potentially accessible to non-authorized persons.
  • Remote identity identification - eKYC has been conducted in a centralized mode - this means that at a certain point in time, the verification party performs identification and compares information about the physical characteristics of the person in question with information on a physical medium or on a digital copy of the medium provided for identification.
  • the goal of the invention is achieved by solving the problem of lack of trust between the parties, to remove the issue of storage of personal data (data is stored by their owner until the decision of the need to disclose them to anyone), to ensure the possibility of re-use of a decentralized passport for a certain period of time without the need to re-pass KYC procedures.
  • One aspect of the invention is a method for creating a digital ID of a person as claimed in claims 1 to 5.
  • the method of creating a digital ID of a person comprising the steps: receiving by a first computing device at least one identity document, preferably accompanied with any type of additional personal data (for example - Proof of address (POF) documents or Proof of funds (POF) documents or any another data associated with Individual or Organization or any type of Foundation/Corporation/Company/Government or non-Government structure etc.)from said person; storing said at least one identity document or any type of data in a Personal Data Container PDC, in said first computing device; securing said Personal Data Container PDC with access restricting means, e.g., applying password protection, or encrypting the container with person's personal key and creating as a result of this process Encrypted Personal Data Container (EPDC; shown as PDC/EDF on Figs 1 to 3) in said first computing device; preferably, sending said Encrypted Personal Data Container EPDC over a computer network to a second computing device.
  • PDC Proof of address
  • POF Proof of funds
  • the password protected container, or the encrypted file is sent, i.e., it cannot be opened and/or modified in said second computing device; calculating by said first or said second computing device a First Hash Code FHC for said Encrypted Personal Data Container EPDC; preferably, returning said Encrypted Personal Data Container EPDC from said second computing device to said first computing device if any data was previously transmitted from the said first computing device to said second computing device, most preferably at this stage if the said second computing device can offer to the said first computing device to add to EPDC additional data provided by the said second computing device and request to send back an expanded EPDC including additional data provided by said second computing device (salt); storing First Hash Code FHC in a decentralized or distributed database, e.g., in a blockchain.
  • said hash code is stored in said decentralized database together with a user ID, and in most preferred embodiment, also user ID is hashed into Hashed ID - HID, so a hashed ID is stored in said decentralized database in connection with said first hash code and; deletion of all data associated with the first computing device, including the Encrypted Personal Data Container EPDC and First Hash Code FHC from said second computing device.
  • Such hash code of the PDC file, or a digital "fingerprint" clearly and uniquely identifies the file it was created from, and at the same time it is impossible to restore the file from such hash code.
  • the hash code data is stored in a decentralized database, such as in a blockchain system, in a distributed ledger; the principles of blockchain quarantee that such records cannot be altered.
  • Another aspect of the invention is a method for verifying and approving a digital ID as claimed in claims 6 to 7.
  • the person may send it over the computer network to a third computer devices, configured to carry out verification and attestion processes.
  • Such third computer device can be operated by an organization, entitled or obliged to carry out verification and attestion processes, e.g., know your customers KYC, such as banks (the verifier).
  • Such third computer device after receiving the PDC file, will retrieve the hash code from said decentralized database and compares it with a hash code calculated for the PDC file to confirm the authenticity of the PDC file.
  • the third computer opens the PDC, allowing the verifier to carry out necessary processes, and write the result (verified, not verified; attested, not attested) into said decentralized database in connection with said hashcode.
  • the verifier can carry out necessary processes, and write the result (verified, not verified; attested, not attested) into said decentralized database in connection with said hashcode.
  • Yet another aspect of the invention is a method for using a digital ID for login, authorization, sign-up and sign-in processes as claimed in claim 8.
  • Yet another aspect of the invention is a computer system as claimed in claim 9, configured to carry out the methods of claims 1 to 8.
  • Fig 1. shows a flowchart of the process of creating a digital ID, such as decentralized digital passport.
  • Fig 2. shows a flowchart of the process of verifying and approving of the decentralized digital passport.
  • Fig 3. shows a flowchart of a login, authorization, sign up and sign in process.
  • FIG. 1 An exemplary method of creating a digital ID, e.g., a decentralized digital passport is shown in Fig. 1, comprising the steps of: receiving by a first computer a personal data 100 from a person (also known as the data owner), receiving a video flow 102, e.g., in real time, or recorded, from said person, comprising, e.g., the image of the person, combining said personal data and video flow or with any another additional means of protecting information or any other way to confirm the authenticity of the person involved in the process, for example, using biometric data, in a processing step 104, optionally checking in step 106 the personal data, such as the SMS, the e-mail, phone number and other contact data, and/or applying face and/or ID recognition ; receiving from said person a user ID and password input 108 (optionally, checking the availability and uniqueness of the ID from a decentralized database in step 110) and encrypting and packing in step 112 said personal data 100 into an Encrypted Personal Data
  • the EPDC is only stored in a personal computing device such as smart phone, or PC, and is not stored in a computer or computer systems of any other persons or organizations without direct authorization from said owner of the data;
  • the method further comprises creating second or subsequent hash code corresponding to said user ID (hash ID), and storing the second or third or N (where N is an integer) hash code together with said first hash code in said decentralized database, it does not exclude the possibility of creating any number of additional PDC/EDF files containing data provided by a third party added to the encrypted or unencrypted original personal data file.
  • Fig 2 shows the method for verifying and approving of a digital ID, such as decentralized passport, comprising the steps of receiving by the computer system of the know your customer KYC anti-money laundry AML service 200 from the user's computing device, over a computer network, a verification request and said EPD file 114, preferably together with additional personal data input 202, video flow 204 and a password 206 for removing protection; the verifying (checking) party calculating in step 208 the hash code of the EPD file and comparing it with the hash code stored in said decentralized database, i.e., KYC blockchain network and database node 120; the verifying (checking) party retrieving from said decentralized database 120 info and history associated with said calculated hash code in step 209; unpacking and/or decrypting said PDC/EDF file in step 210; performing KYC data checking processes in step 212, preferably checking in step 214 any additional data, such as SMS, Email, telephone and other contact data; said processes resulting in decision that the user is either
  • Fig 3 shows a method for identifying a user in a login, authorization, sign up and/or sign in process with a digital ID, such as decentralized passport, the method comprising: receiving by the service or company where the user wants to sign up/sign in (third party) 300, from the user the Enrypted Personal Data Container (PDC/EDF ) 114 and preferably, a password input 206 the third party calculating in step 208 the hash code of the PDC/EDF file and comparing it with the hash code stored in said decentralized database, i.e., KYC blockchain network and database node 120; calculating a hash code in step 208, checking the hash code from a know your customer blockchain network and database node 120; the third party 300 requesting and retrieving from said decentralized database 120 info and history associated with said calculated hash code in step 209, ; unpacking and decrypting in step 210 said PDC/EDF file, recovering user id and other data; and granting access to the user to the services in step
  • the third party makes a request to the decentralized database (blockchain or another type of database) and gets the history of the creation and existence of a decentralized passport (when it is created, by whom and when it is checked, by whom and when it is repeatedly checked, by whom and when it is canceled, etc.)lf the third party is satisfied with the result of data verification and the password from the container has not been received before, the third party asks the owner of the personal data password to access the the EPDC file;
  • the third party unpacks and decrypts the provided file, the information available inside is used to obtain personal data about the client;
  • a third party identifies the user;
  • the third party interacts with the owner of personal data (authorizes the use and begins the provision of services at the request of the identified owner of personal data.
  • the invention may be implemented as a mechanism with a consistent passage of procedures for the creation, verification and re-remote and direct use of a decentralized passport for the purpose of identifying the owner of personal data.
  • Multiple use of a decentralized passport may be using a multi-level system of trust and is conditioned by any additional parameters: the level of trust between the verifying parties (the country of verification, who conducted the audit: notary, bank, remote identification with video stream, no video stream, post office, etc.) the validity period of verification, any additional entries in the decentralized database (lockbox) about the change in the status of the owner of personal data, the necessity or absence of the need for additional biometric means second identification.
  • the use and functionality of the decentralized passport is not limited to the examples shown in Figs. 1 to 3.
  • the decentralized passport can be extended, cancelled, updated, re-verified, get a note about the loss, get a note about the refusal of acceptance by any of the organizations with or without specifying the reasons (which can be an indicator of confidence for other organizations - participants of the decentralized passport system), be used for any other legitimate purposes at the initiative of the holders of decentralized passports and data acceptors.
  • a decentralized passport may have a time limit, as well as "automatically" extended on the initiative of the owner of personal data in the course of the agreed parties or approved procedures.
  • a decentralized passport can be used (but not limited to these applications) to work with: financial and technological services, remote access to any services and services provided through communication channels and using public and private networks, including the Internet, the provision of public services, crossing of borders, use of transport services, notariate, remote signing of contracts and any other documents, filing of applications, demands, letters, suits, document circulation, creation of defenses for remote voting in elections, for participation in any other open voting, as a signature for petitions, appeals, requests requiring a clear indication of the person, when collecting signatures for any needs, for example, for nominating candidates for elected government bodies and for public organization.
  • a decentralized passport can be used to create digital copies of any type of documents or data that are stored on the one hand by the data owner, on the other hand the history of their use and life cycle is available to a third party, which allows for an additional degree of freedom to work with digital information and with the history of using this digital information without disclosing the content of this digital information to a party not expressly indicated by the owner of this data.
  • One of the advantages of using a decentralized passport is the ability of the data owner to control all the participants to whom he is allowed to use the data contained in the decentralized passport or the EPD / PDC file, for example by prohibiting some participants from further using the provided data as the owner of which he is.
  • a decentralized passport allows a third party (for example, a bank, service company, or the state or any other party involved in the process of interacting with a decentralized passport) to mark flags with appropriate USER / PDC / EDF / UID entries in case of important events, for example in case of compromise of personal data by a third party, or the implementation of suspicious transactions in the account of the owner of the decentralized passport, or in the case of marriage, childbirth, arrest, bankruptcy, insured event, tax evasion, drives to the police, existing and emerging legal restrictions or any other event, for example, in the event of the death of the owner of the decentralized passport, which can be reported by the third computing system connected to the decentralized passport network).
  • a third party for example, a bank, service company, or the state or any other party involved in the process of interacting with a decentralized passport

Abstract

A method of digital ID, e.g., decentralized digital passport of a person is disclosed, the method comprising the steps of the providing a personal data; storing said personal data in a secure digital file, calculating a hash code for said secure digital file, and storing said hash code in a decentralized database, such decentralized database being, e.g., a blockchain system. Also disclosed are a method for creating a digital passport, a method for verifying and approving of a digital passport, and a method for identifying a user in a login, authorization, sign up and sign in process with such digital ID.

Description

A METHOD OF CREATING A DIGITAL ID OR DIGITAL DATA STORAGE OF A PERSON OR AN ORGANIZATION AND A METHOD OF USING THE DIGITAL ID OR DIGITAL DATA STORAGE FOR REMOTE IDENTIFICATION
Field of the invention
The invention relates to a field of digital identification technologies, namely to digital ID-s and decentralized passports. The invention addresses the problem of reliable identification of a person from a distance and reduces the time spent on remote authentication and partially or totally eliminates the need to carry out re-identification processes, saving time and other resources required for the implementation of procedures of identification, creating convenience and comfort for the owner of the digital ID remoting with organizations, institutions and government.
Background of the invention
Many organizations are required to verify the identity of a user or customer before letting him access data or benefit from a service, such as banks required to verify the identity of a customer before opening him a bank account, or airplane companies required to verify the identity of a client before letting him board into a plane. In order to perform such a verification, the user or customer is required to provide documents, such as an identity card or a passport, based on which the organizations may verify that the user or customer is indeed authorized to access the data or service he requires. Such organizations may also be required to prove their knowledge and verification of the identity of any customer or user to a regulator. For example, in the banking sector, before opening a new bank account, banks are required to collect various pieces of information about any new client, to verify that this client is allowed to open an account and to inform the regulator of such information through the Know Your Customer KYC process, in order to minimize the risk of fraud or money laundering.
As a result, each time a customer performs an activity requiring him to prove his identity, such as opening a new bank account into a new bank, the customer is required to provide again the same documents, and a verification authority is required to verify these documents, even if the same documents have already been provided and verified earlier by another verification authority, for example by another bank when creating another bank account for the same customer.
The need for repeated checks of the identity of a person in each case of establishing contacts and the beginning of interaction between a person and an organization having a need to determine with whom the organization is dealing specifically is a serious drawback.
The remote identification procedure is a costly task; it includes the salaries of employees performing the procedure, organizational expenses, costs for third party services, taxes, and also requires the expenditure of a certain number of man-hours.
With the increase in the number of remotely delivered services, the costs of conducting remote identification procedures are proportionally increasing.
Known is EP3477891, disclosing a method for recording a digital identity of a first user comprising, performed by a computing device of a first verification entity identified by a first verification entity identifier: receiving from the first user at least one first user identity document and extracting user personal identifiable information data elements from said user identity document, after verification, encrypting using a public key of the first verification entity and recording said encrypted user personal identifiable information data elements (304) in a first distributed ledger whose access is authorized to a first set of computing devices only, generating a user identifier (KYC ID) to be sent to said user and recording a hash of said user identifier in a second distributed ledger and, for each verified user personal identifiable information data element, an attestation including the first verification entity identifier and a hash of said user personal identifiable information data element, and recording each generated attestation in said second distributed ledger, for each generated attestation, recording in said second distributed ledger a relationship between the generated user identifier and said generated attestation, wherein said first and second distributed ledgers are configured such that access to the first distributed ledger is more restricted than access to the second distributed ledger.
The disadvantage of this system is that the user personal identification data is stored in said first distributed ledger outside the user's personal devices and thus, potentially accessible to non-authorized persons. B
Remote identity identification - eKYC, has been conducted in a centralized mode - this means that at a certain point in time, the verification party performs identification and compares information about the physical characteristics of the person in question with information on a physical medium or on a digital copy of the medium provided for identification.
In view of the absence of a mechanism for ensuring trust between the parties involved in the KYC procedure, such procedures are performed repeatedly, each time a new relationship is established between the parties.
Even if the credentials are used repeatedly (if the parties have a special case of implementing the mechanism of trust), the technologies used previously have the following limitations: many types of identification documents in different countries, different languages, differences in the requirements of state bodies of different countries, lack of a mechanism of trust between any parties involved in the KYC procedure.
Disclosure of Invention The goal of the invention is achieved by solving the problem of lack of trust between the parties, to remove the issue of storage of personal data (data is stored by their owner until the decision of the need to disclose them to anyone), to ensure the possibility of re-use of a decentralized passport for a certain period of time without the need to re-pass KYC procedures. One aspect of the invention is a method for creating a digital ID of a person as claimed in claims 1 to 5. According to first aspect of the invented method, the method of creating a digital ID of a person, the method comprising the steps: receiving by a first computing device at least one identity document, preferably accompanied with any type of additional personal data (for example - Proof of address (POF) documents or Proof of funds (POF) documents or any another data associated with Individual or Organization or any type of Foundation/Corporation/Company/Government or non-Government structure etc.)from said person; storing said at least one identity document or any type of data in a Personal Data Container PDC, in said first computing device; securing said Personal Data Container PDC with access restricting means, e.g., applying password protection, or encrypting the container with person's personal key and creating as a result of this process Encrypted Personal Data Container (EPDC; shown as PDC/EDF on Figs 1 to 3) in said first computing device; preferably, sending said Encrypted Personal Data Container EPDC over a computer network to a second computing device. In preferred embodiment only the password protected container, or the encrypted file, is sent, i.e., it cannot be opened and/or modified in said second computing device; calculating by said first or said second computing device a First Hash Code FHC for said Encrypted Personal Data Container EPDC; preferably, returning said Encrypted Personal Data Container EPDC from said second computing device to said first computing device if any data was previously transmitted from the said first computing device to said second computing device, most preferably at this stage if the said second computing device can offer to the said first computing device to add to EPDC additional data provided by the said second computing device and request to send back an expanded EPDC including additional data provided by said second computing device (salt); storing First Hash Code FHC in a decentralized or distributed database, e.g., in a blockchain. In preferred embodiment, said hash code is stored in said decentralized database together with a user ID, and in most preferred embodiment, also user ID is hashed into Hashed ID - HID, so a hashed ID is stored in said decentralized database in connection with said first hash code and; deletion of all data associated with the first computing device, including the Encrypted Personal Data Container EPDC and First Hash Code FHC from said second computing device. Such hash code of the PDC file, or a digital "fingerprint", clearly and uniquely identifies the file it was created from, and at the same time it is impossible to restore the file from such hash code.
The hash code data is stored in a decentralized database, such as in a blockchain system, in a distributed ledger; the principles of blockchain quarantee that such records cannot be altered.
Another aspect of the invention is a method for verifying and approving a digital ID as claimed in claims 6 to 7.
After the hash code is created and stored in a blockchain, said person may send it over the computer network to a third computer devices, configured to carry out verification and attestion processes. Such third computer device can be operated by an organization, entitled or obliged to carry out verification and attestion processes, e.g., know your customers KYC, such as banks (the verifier). Such third computer device, after receiving the PDC file, will retrieve the hash code from said decentralized database and compares it with a hash code calculated for the PDC file to confirm the authenticity of the PDC file. Then, after the person provides the third computer device with a password, the third computer opens the PDC, allowing the verifier to carry out necessary processes, and write the result (verified, not verified; attested, not attested) into said decentralized database in connection with said hashcode. Thus, any person can track the history related to said hashcode; by whom it was verified, attested and when, whether it has any restrictions or expiration dates.
Yet another aspect of the invention is a method for using a digital ID for login, authorization, sign-up and sign-in processes as claimed in claim 8.
Yet another aspect of the invention is a computer system as claimed in claim 9, configured to carry out the methods of claims 1 to 8. Brief Description of the Drawings
The following description and the annexed drawings set forth in detail certain illustrative aspects and are indicative of but a few of the various ways in which the principles of the embodiments may be employed. Other advantages and novel features will become apparent from the following detailed description when considered in conjunction with the drawings and the disclosed embodiments are intended to include all such aspects and their equivalents.
Fig 1. shows a flowchart of the process of creating a digital ID, such as decentralized digital passport.
Fig 2. shows a flowchart of the process of verifying and approving of the decentralized digital passport.
Fig 3. shows a flowchart of a login, authorization, sign up and sign in process.
Modes for carrying out the invention An exemplary method of creating a digital ID, e.g., a decentralized digital passport is shown in Fig. 1, comprising the steps of: receiving by a first computer a personal data 100 from a person (also known as the data owner), receiving a video flow 102, e.g., in real time, or recorded, from said person, comprising, e.g., the image of the person, combining said personal data and video flow or with any another additional means of protecting information or any other way to confirm the authenticity of the person involved in the process, for example, using biometric data, in a processing step 104, optionally checking in step 106 the personal data, such as the SMS, the e-mail, phone number and other contact data, and/or applying face and/or ID recognition ; receiving from said person a user ID and password input 108 (optionally, checking the availability and uniqueness of the ID from a decentralized database in step 110) and encrypting and packing in step 112 said personal data 100 into an Encrypted Personal Data Container (shown as PDC/EDF file) 114, calculating in step 116 an hash code for said PDC/EDF file; storing 118 said hash code (together with user ID, and/or additional information) in a decentralized database, such as know your customer (KYC) blockchain network in a database node 120; and returning and/or storing in step 122 said PDC/EDF file 114 in said first computer; Personal data is stored in a secure digital file, encrypted personal data container (EPDC) file, after which the EPDC file is returned to the owner of the data. Only the owner of the data has the password necessary to open the EPDC file. Preferably, the EPDC is only stored in a personal computing device such as smart phone, or PC, and is not stored in a computer or computer systems of any other persons or organizations without direct authorization from said owner of the data;
Preferably, the method further comprises creating second or subsequent hash code corresponding to said user ID (hash ID), and storing the second or third or N (where N is an integer) hash code together with said first hash code in said decentralized database, it does not exclude the possibility of creating any number of additional PDC/EDF files containing data provided by a third party added to the encrypted or unencrypted original personal data file.
Fig 2 shows the method for verifying and approving of a digital ID, such as decentralized passport, comprising the steps of receiving by the computer system of the know your customer KYC anti-money laundry AML service 200 from the user's computing device, over a computer network, a verification request and said EPD file 114, preferably together with additional personal data input 202, video flow 204 and a password 206 for removing protection; the verifying (checking) party calculating in step 208 the hash code of the EPD file and comparing it with the hash code stored in said decentralized database, i.e., KYC blockchain network and database node 120; the verifying (checking) party retrieving from said decentralized database 120 info and history associated with said calculated hash code in step 209; unpacking and/or decrypting said PDC/EDF file in step 210; performing KYC data checking processes in step 212, preferably checking in step 214 any additional data, such as SMS, Email, telephone and other contact data; said processes resulting in decision that the user is either verified or not verified 216; and the verifying (checking) party writing in step 218 said result of the KYC processes (verified, not verified) into said KYC blockchain network and database node 120, preferably together with additional service information, for example: date, by whom the verification is performed, user ID, hash code, validity period of verification, additional conditions, organizations, services, and / or countries to which verification is applied and any other additional data.
Fig 3 shows a method for identifying a user in a login, authorization, sign up and/or sign in process with a digital ID, such as decentralized passport, the method comprising: receiving by the service or company where the user wants to sign up/sign in (third party) 300, from the user the Enrypted Personal Data Container (PDC/EDF ) 114 and preferably, a password input 206 the third party calculating in step 208 the hash code of the PDC/EDF file and comparing it with the hash code stored in said decentralized database, i.e., KYC blockchain network and database node 120; calculating a hash code in step 208, checking the hash code from a know your customer blockchain network and database node 120; the third party 300 requesting and retrieving from said decentralized database 120 info and history associated with said calculated hash code in step 209, ; unpacking and decrypting in step 210 said PDC/EDF file, recovering user id and other data; and granting access to the user to the services in step 302. The third party makes a request to the decentralized database (blockchain or another type of database) and gets the history of the creation and existence of a decentralized passport (when it is created, by whom and when it is checked, by whom and when it is repeatedly checked, by whom and when it is canceled, etc.)lf the third party is satisfied with the result of data verification and the password from the container has not been received before, the third party asks the owner of the personal data password to access the the EPDC file;
The third party unpacks and decrypts the provided file, the information available inside is used to obtain personal data about the client;
A third party identifies the user; The third party interacts with the owner of personal data (authorizes the use and begins the provision of services at the request of the identified owner of personal data.
The invention may be implemented as a mechanism with a consistent passage of procedures for the creation, verification and re-remote and direct use of a decentralized passport for the purpose of identifying the owner of personal data. Multiple use of a decentralized passport may be using a multi-level system of trust and is conditioned by any additional parameters: the level of trust between the verifying parties (the country of verification, who conducted the audit: notary, bank, remote identification with video stream, no video stream, post office, etc.) the validity period of verification, any additional entries in the decentralized database (lockbox) about the change in the status of the owner of personal data, the necessity or absence of the need for additional biometric means second identification.
The use and functionality of the decentralized passport is not limited to the examples shown in Figs. 1 to 3. The decentralized passport can be extended, cancelled, updated, re-verified, get a note about the loss, get a note about the refusal of acceptance by any of the organizations with or without specifying the reasons (which can be an indicator of confidence for other organizations - participants of the decentralized passport system), be used for any other legitimate purposes at the initiative of the holders of decentralized passports and data acceptors. In addition, a decentralized passport may have a time limit, as well as "automatically" extended on the initiative of the owner of personal data in the course of the agreed parties or approved procedures.
A decentralized passport can be used (but not limited to these applications) to work with: financial and technological services, remote access to any services and services provided through communication channels and using public and private networks, including the Internet, the provision of public services, crossing of borders, use of transport services, notariate, remote signing of contracts and any other documents, filing of applications, demands, letters, suits, document circulation, creation of defenses for remote voting in elections, for participation in any other open voting, as a signature for petitions, appeals, requests requiring a clear indication of the person, when collecting signatures for any needs, for example, for nominating candidates for elected government bodies and for public organization.
In addition, within the container containing the data (EPD / PDC), any additional data and copies of documents that, when checked and approved by a third party, thus receive an additional level of trust on top of all digital means of data authentication, for example: copies of original documents about birth, education or advanced training, driving permits for any transport, aircraft, wheeled or water transport, any documents issued by the state, employer, organization or individual.
Thus, a decentralized passport can be used to create digital copies of any type of documents or data that are stored on the one hand by the data owner, on the other hand the history of their use and life cycle is available to a third party, which allows for an additional degree of freedom to work with digital information and with the history of using this digital information without disclosing the content of this digital information to a party not expressly indicated by the owner of this data.
One of the advantages of using a decentralized passport is the ability of the data owner to control all the participants to whom he is allowed to use the data contained in the decentralized passport or the EPD / PDC file, for example by prohibiting some participants from further using the provided data as the owner of which he is. In addition, a decentralized passport allows a third party (for example, a bank, service company, or the state or any other party involved in the process of interacting with a decentralized passport) to mark flags with appropriate USER / PDC / EDF / UID entries in case of important events, for example in case of compromise of personal data by a third party, or the implementation of suspicious transactions in the account of the owner of the decentralized passport, or in the case of marriage, childbirth, arrest, bankruptcy, insured event, tax evasion, drives to the police, existing and emerging legal restrictions or any other event, for example, in the event of the death of the owner of the decentralized passport, which can be reported by the third computing system connected to the decentralized passport network).

Claims

Claims
1. A method of creating a digital ID or digital data storage of a person or an organisation, the method comprising the steps:
receiving by a first computing device at least one identity document from said person or said organisation;
storing said at least one identity document in an encrypted personal data container EPDC;
calculating a first hash code for said EPDC file;
returning said EPDC file to said first computing device; and
storing said hash code in association with a user ID in a decentralized database, such as blockchain network and database node.
2. A method as in claim 1, comprising hashing said user ID into hashed ID HID and storing said user ID in said decentralized database as HID.
3. A method as in claims 1 to 2, receiving additionally a video flow of a person.
4. A method as in claim 2, comprising checking the personal data, e.g., a phone number, an e-mail address; using face recognition or ID recognition.
5. A method as in claims 2 and 3, comprising associating said personal data with user ID and a password.
6. A method as in claims 2 to 4, comprising checking the user ID availability from the know your customer blockchaing network and database node.
7. A method for verifying and approving of a digital ID, the method comprising receiving from a user by a know your customer and anti money laundry service with a file with Encrypted Personal Data EPD, receiving personal data input, video flow and a password from said user; unpacking and decrypting said EPD file, recovering user IDand other data, calculating a hash code, and checking the hash code from a know your customer blockchain network and database node.
8. A method as in claim 6, comprising writing into a blockchain network and database node the result of the know your customer process in the know your customer blockchain network and database node.
9. A method for identifying a user in a login, authorization, sign up and sign in process with a digital ID, the method comprising providing a file with Enrypted Personal Data (EPD), providing a password, unpacking and decrypting said EPD file calculating a hash code, checking the hash code from a know your customer blockchain network and database node, and granting an access to said service.
10. A computer program, configured to perform any of the methods as claimed in claims 1 to 9.
PCT/IB2019/055645 2018-07-02 2019-07-02 A method of creating a digital id or digital data storage of a person or an organization, and a method of using the digital id or digital data storage for remote identification WO2020008367A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EEPCT/EE2018/050001 2018-07-02
EE2018050001 2018-07-02

Publications (1)

Publication Number Publication Date
WO2020008367A1 true WO2020008367A1 (en) 2020-01-09

Family

ID=67809538

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2019/055645 WO2020008367A1 (en) 2018-07-02 2019-07-02 A method of creating a digital id or digital data storage of a person or an organization, and a method of using the digital id or digital data storage for remote identification

Country Status (1)

Country Link
WO (1) WO2020008367A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111475865A (en) * 2020-04-13 2020-07-31 北京新能源汽车技术创新中心有限公司 Automobile data verification method and verification device
CN111711619A (en) * 2020-06-04 2020-09-25 江苏荣泽信息科技股份有限公司 Block chain-based network security connection system
CN112199721A (en) * 2020-10-13 2021-01-08 腾讯科技(北京)有限公司 Authentication information processing method, device, equipment and storage medium
CN112966285A (en) * 2021-03-26 2021-06-15 江苏省生态环境监控中心(江苏省环境信息中心) Automatic acquisition and integration method and system for instrument data for environmental monitoring
CN115664861A (en) * 2022-12-27 2023-01-31 中国信息通信研究院 Identity information verification method and device based on block chain, equipment and medium
US11693948B2 (en) 2020-08-04 2023-07-04 International Business Machines Corporation Verifiable labels for mandatory access control
WO2024074865A1 (en) 2022-10-03 2024-04-11 Cibex Ag Method for creating a tokenized personal identification, a computer program, and a data processing system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170222814A1 (en) * 2015-10-14 2017-08-03 Cambridge Blockchain, LLC Systems and methods for managing digital identities
US20170302450A1 (en) * 2015-05-05 2017-10-19 ShoCard, Inc. Identity Management Service Using A Blockchain Providing Certifying Transactions Between Devices
AU2018100478A4 (en) * 2016-10-26 2018-06-07 Black Gold Coin, Inc. Systems and methods for providing a universal decentralized solution for verification of users with cross-verification features
EP3477891A1 (en) 2017-10-26 2019-05-01 Gemalto Sa Methods for recording and sharing a digital identity of a user using distributed ledgers

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170302450A1 (en) * 2015-05-05 2017-10-19 ShoCard, Inc. Identity Management Service Using A Blockchain Providing Certifying Transactions Between Devices
US20170222814A1 (en) * 2015-10-14 2017-08-03 Cambridge Blockchain, LLC Systems and methods for managing digital identities
AU2018100478A4 (en) * 2016-10-26 2018-06-07 Black Gold Coin, Inc. Systems and methods for providing a universal decentralized solution for verification of users with cross-verification features
EP3477891A1 (en) 2017-10-26 2019-05-01 Gemalto Sa Methods for recording and sharing a digital identity of a user using distributed ledgers

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111475865A (en) * 2020-04-13 2020-07-31 北京新能源汽车技术创新中心有限公司 Automobile data verification method and verification device
CN111711619A (en) * 2020-06-04 2020-09-25 江苏荣泽信息科技股份有限公司 Block chain-based network security connection system
US11693948B2 (en) 2020-08-04 2023-07-04 International Business Machines Corporation Verifiable labels for mandatory access control
CN112199721A (en) * 2020-10-13 2021-01-08 腾讯科技(北京)有限公司 Authentication information processing method, device, equipment and storage medium
CN112966285A (en) * 2021-03-26 2021-06-15 江苏省生态环境监控中心(江苏省环境信息中心) Automatic acquisition and integration method and system for instrument data for environmental monitoring
WO2024074865A1 (en) 2022-10-03 2024-04-11 Cibex Ag Method for creating a tokenized personal identification, a computer program, and a data processing system
CN115664861A (en) * 2022-12-27 2023-01-31 中国信息通信研究院 Identity information verification method and device based on block chain, equipment and medium
CN115664861B (en) * 2022-12-27 2023-02-28 中国信息通信研究院 Identity information verification method and device based on block chain, equipment and medium

Similar Documents

Publication Publication Date Title
US11200340B2 (en) Method and system for managing personal information within independent computer systems and digital networks
WO2020008367A1 (en) A method of creating a digital id or digital data storage of a person or an organization, and a method of using the digital id or digital data storage for remote identification
US10810290B2 (en) Robust method and an apparatus for authenticating a client in non-face-to-face online interactions based on a combination of live biometrics, biographical data, blockchain transactions and signed digital certificates
US20210385219A1 (en) Method and system for data security within independent computer systems and digital networks
US7690032B1 (en) Method and system for confirming the identity of a user
US7527192B1 (en) Network based method of providing access to information
US7779457B2 (en) Identity verification system
US8832800B2 (en) Method for producing an electro-biometric signature allowing legal interaction between and identification of persons
US20040158723A1 (en) Methods for providing high-integrity enrollments into biometric authentication databases
CN108540449B (en) Intelligent seal control method and system and computer storage medium
CN110462658A (en) For providing system and method for the digital identity record to verify the identity of user
US20150101065A1 (en) User controlled data sharing platform
US20140244510A1 (en) Privacy protection system and method
US20220188836A1 (en) Anti-Money Laundering Blockchain Technology
EP2254093B1 (en) Method and system for confirming the identity of a user
KR102279342B1 (en) Banking service providing system and method using cryptocurrency
KR20130048532A (en) Next generation financial system
KR101303915B1 (en) A system for financial deals
Edu et al. Exploring the risks and challenges of national electronic identity (NeID) system
AU2009227510B2 (en) Method and system for confirming the identity of a user
US11823092B2 (en) Coordination platform for generating and managing authority tokens
Veena et al. Aadhaar Secure: An Authentication System for Aadhaar Base Citizen Services using Blockchain
US11663590B2 (en) Privacy-preserving assertion system and method
Widayanto et al. Identity Management Technology Using Blockchain in Indonesia
JP2023554555A (en) Network identity

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19761951

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 23/04/2021)

122 Ep: pct application non-entry in european phase

Ref document number: 19761951

Country of ref document: EP

Kind code of ref document: A1