WO2020008367A1 - A method of creating a digital id or digital data storage of a person or an organization, and a method of using the digital id or digital data storage for remote identification - Google Patents
A method of creating a digital id or digital data storage of a person or an organization, and a method of using the digital id or digital data storage for remote identification Download PDFInfo
- Publication number
- WO2020008367A1 WO2020008367A1 PCT/IB2019/055645 IB2019055645W WO2020008367A1 WO 2020008367 A1 WO2020008367 A1 WO 2020008367A1 IB 2019055645 W IB2019055645 W IB 2019055645W WO 2020008367 A1 WO2020008367 A1 WO 2020008367A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- digital
- user
- file
- hash code
- personal data
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4016—Transaction verification involving fraud or risk level assessment in transaction processing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
Definitions
- the invention relates to a field of digital identification technologies, namely to digital ID-s and decentralized passports.
- the invention addresses the problem of reliable identification of a person from a distance and reduces the time spent on remote authentication and partially or totally eliminates the need to carry out re-identification processes, saving time and other resources required for the implementation of procedures of identification, creating convenience and comfort for the owner of the digital ID remoting with organizations, institutions and government.
- the remote identification procedure is a costly task; it includes the salaries of employees performing the procedure, organizational expenses, costs for third party services, taxes, and also requires the expenditure of a certain number of man-hours.
- EP3477891 disclosing a method for recording a digital identity of a first user comprising, performed by a computing device of a first verification entity identified by a first verification entity identifier: receiving from the first user at least one first user identity document and extracting user personal identifiable information data elements from said user identity document, after verification, encrypting using a public key of the first verification entity and recording said encrypted user personal identifiable information data elements (304) in a first distributed ledger whose access is authorized to a first set of computing devices only, generating a user identifier (KYC ID) to be sent to said user and recording a hash of said user identifier in a second distributed ledger and, for each verified user personal identifiable information data element, an attestation including the first verification entity identifier and a hash of said user personal identifiable information data element, and recording each generated attestation in said second distributed ledger, for each generated attestation, recording in said second distributed ledger a relationship between the generated user identifier and said generated attestation, wherein said first
- the disadvantage of this system is that the user personal identification data is stored in said first distributed ledger outside the user's personal devices and thus, potentially accessible to non-authorized persons.
- Remote identity identification - eKYC has been conducted in a centralized mode - this means that at a certain point in time, the verification party performs identification and compares information about the physical characteristics of the person in question with information on a physical medium or on a digital copy of the medium provided for identification.
- the goal of the invention is achieved by solving the problem of lack of trust between the parties, to remove the issue of storage of personal data (data is stored by their owner until the decision of the need to disclose them to anyone), to ensure the possibility of re-use of a decentralized passport for a certain period of time without the need to re-pass KYC procedures.
- One aspect of the invention is a method for creating a digital ID of a person as claimed in claims 1 to 5.
- the method of creating a digital ID of a person comprising the steps: receiving by a first computing device at least one identity document, preferably accompanied with any type of additional personal data (for example - Proof of address (POF) documents or Proof of funds (POF) documents or any another data associated with Individual or Organization or any type of Foundation/Corporation/Company/Government or non-Government structure etc.)from said person; storing said at least one identity document or any type of data in a Personal Data Container PDC, in said first computing device; securing said Personal Data Container PDC with access restricting means, e.g., applying password protection, or encrypting the container with person's personal key and creating as a result of this process Encrypted Personal Data Container (EPDC; shown as PDC/EDF on Figs 1 to 3) in said first computing device; preferably, sending said Encrypted Personal Data Container EPDC over a computer network to a second computing device.
- PDC Proof of address
- POF Proof of funds
- the password protected container, or the encrypted file is sent, i.e., it cannot be opened and/or modified in said second computing device; calculating by said first or said second computing device a First Hash Code FHC for said Encrypted Personal Data Container EPDC; preferably, returning said Encrypted Personal Data Container EPDC from said second computing device to said first computing device if any data was previously transmitted from the said first computing device to said second computing device, most preferably at this stage if the said second computing device can offer to the said first computing device to add to EPDC additional data provided by the said second computing device and request to send back an expanded EPDC including additional data provided by said second computing device (salt); storing First Hash Code FHC in a decentralized or distributed database, e.g., in a blockchain.
- said hash code is stored in said decentralized database together with a user ID, and in most preferred embodiment, also user ID is hashed into Hashed ID - HID, so a hashed ID is stored in said decentralized database in connection with said first hash code and; deletion of all data associated with the first computing device, including the Encrypted Personal Data Container EPDC and First Hash Code FHC from said second computing device.
- Such hash code of the PDC file, or a digital "fingerprint" clearly and uniquely identifies the file it was created from, and at the same time it is impossible to restore the file from such hash code.
- the hash code data is stored in a decentralized database, such as in a blockchain system, in a distributed ledger; the principles of blockchain quarantee that such records cannot be altered.
- Another aspect of the invention is a method for verifying and approving a digital ID as claimed in claims 6 to 7.
- the person may send it over the computer network to a third computer devices, configured to carry out verification and attestion processes.
- Such third computer device can be operated by an organization, entitled or obliged to carry out verification and attestion processes, e.g., know your customers KYC, such as banks (the verifier).
- Such third computer device after receiving the PDC file, will retrieve the hash code from said decentralized database and compares it with a hash code calculated for the PDC file to confirm the authenticity of the PDC file.
- the third computer opens the PDC, allowing the verifier to carry out necessary processes, and write the result (verified, not verified; attested, not attested) into said decentralized database in connection with said hashcode.
- the verifier can carry out necessary processes, and write the result (verified, not verified; attested, not attested) into said decentralized database in connection with said hashcode.
- Yet another aspect of the invention is a method for using a digital ID for login, authorization, sign-up and sign-in processes as claimed in claim 8.
- Yet another aspect of the invention is a computer system as claimed in claim 9, configured to carry out the methods of claims 1 to 8.
- Fig 1. shows a flowchart of the process of creating a digital ID, such as decentralized digital passport.
- Fig 2. shows a flowchart of the process of verifying and approving of the decentralized digital passport.
- Fig 3. shows a flowchart of a login, authorization, sign up and sign in process.
- FIG. 1 An exemplary method of creating a digital ID, e.g., a decentralized digital passport is shown in Fig. 1, comprising the steps of: receiving by a first computer a personal data 100 from a person (also known as the data owner), receiving a video flow 102, e.g., in real time, or recorded, from said person, comprising, e.g., the image of the person, combining said personal data and video flow or with any another additional means of protecting information or any other way to confirm the authenticity of the person involved in the process, for example, using biometric data, in a processing step 104, optionally checking in step 106 the personal data, such as the SMS, the e-mail, phone number and other contact data, and/or applying face and/or ID recognition ; receiving from said person a user ID and password input 108 (optionally, checking the availability and uniqueness of the ID from a decentralized database in step 110) and encrypting and packing in step 112 said personal data 100 into an Encrypted Personal Data
- the EPDC is only stored in a personal computing device such as smart phone, or PC, and is not stored in a computer or computer systems of any other persons or organizations without direct authorization from said owner of the data;
- the method further comprises creating second or subsequent hash code corresponding to said user ID (hash ID), and storing the second or third or N (where N is an integer) hash code together with said first hash code in said decentralized database, it does not exclude the possibility of creating any number of additional PDC/EDF files containing data provided by a third party added to the encrypted or unencrypted original personal data file.
- Fig 2 shows the method for verifying and approving of a digital ID, such as decentralized passport, comprising the steps of receiving by the computer system of the know your customer KYC anti-money laundry AML service 200 from the user's computing device, over a computer network, a verification request and said EPD file 114, preferably together with additional personal data input 202, video flow 204 and a password 206 for removing protection; the verifying (checking) party calculating in step 208 the hash code of the EPD file and comparing it with the hash code stored in said decentralized database, i.e., KYC blockchain network and database node 120; the verifying (checking) party retrieving from said decentralized database 120 info and history associated with said calculated hash code in step 209; unpacking and/or decrypting said PDC/EDF file in step 210; performing KYC data checking processes in step 212, preferably checking in step 214 any additional data, such as SMS, Email, telephone and other contact data; said processes resulting in decision that the user is either
- Fig 3 shows a method for identifying a user in a login, authorization, sign up and/or sign in process with a digital ID, such as decentralized passport, the method comprising: receiving by the service or company where the user wants to sign up/sign in (third party) 300, from the user the Enrypted Personal Data Container (PDC/EDF ) 114 and preferably, a password input 206 the third party calculating in step 208 the hash code of the PDC/EDF file and comparing it with the hash code stored in said decentralized database, i.e., KYC blockchain network and database node 120; calculating a hash code in step 208, checking the hash code from a know your customer blockchain network and database node 120; the third party 300 requesting and retrieving from said decentralized database 120 info and history associated with said calculated hash code in step 209, ; unpacking and decrypting in step 210 said PDC/EDF file, recovering user id and other data; and granting access to the user to the services in step
- the third party makes a request to the decentralized database (blockchain or another type of database) and gets the history of the creation and existence of a decentralized passport (when it is created, by whom and when it is checked, by whom and when it is repeatedly checked, by whom and when it is canceled, etc.)lf the third party is satisfied with the result of data verification and the password from the container has not been received before, the third party asks the owner of the personal data password to access the the EPDC file;
- the third party unpacks and decrypts the provided file, the information available inside is used to obtain personal data about the client;
- a third party identifies the user;
- the third party interacts with the owner of personal data (authorizes the use and begins the provision of services at the request of the identified owner of personal data.
- the invention may be implemented as a mechanism with a consistent passage of procedures for the creation, verification and re-remote and direct use of a decentralized passport for the purpose of identifying the owner of personal data.
- Multiple use of a decentralized passport may be using a multi-level system of trust and is conditioned by any additional parameters: the level of trust between the verifying parties (the country of verification, who conducted the audit: notary, bank, remote identification with video stream, no video stream, post office, etc.) the validity period of verification, any additional entries in the decentralized database (lockbox) about the change in the status of the owner of personal data, the necessity or absence of the need for additional biometric means second identification.
- the use and functionality of the decentralized passport is not limited to the examples shown in Figs. 1 to 3.
- the decentralized passport can be extended, cancelled, updated, re-verified, get a note about the loss, get a note about the refusal of acceptance by any of the organizations with or without specifying the reasons (which can be an indicator of confidence for other organizations - participants of the decentralized passport system), be used for any other legitimate purposes at the initiative of the holders of decentralized passports and data acceptors.
- a decentralized passport may have a time limit, as well as "automatically" extended on the initiative of the owner of personal data in the course of the agreed parties or approved procedures.
- a decentralized passport can be used (but not limited to these applications) to work with: financial and technological services, remote access to any services and services provided through communication channels and using public and private networks, including the Internet, the provision of public services, crossing of borders, use of transport services, notariate, remote signing of contracts and any other documents, filing of applications, demands, letters, suits, document circulation, creation of defenses for remote voting in elections, for participation in any other open voting, as a signature for petitions, appeals, requests requiring a clear indication of the person, when collecting signatures for any needs, for example, for nominating candidates for elected government bodies and for public organization.
- a decentralized passport can be used to create digital copies of any type of documents or data that are stored on the one hand by the data owner, on the other hand the history of their use and life cycle is available to a third party, which allows for an additional degree of freedom to work with digital information and with the history of using this digital information without disclosing the content of this digital information to a party not expressly indicated by the owner of this data.
- One of the advantages of using a decentralized passport is the ability of the data owner to control all the participants to whom he is allowed to use the data contained in the decentralized passport or the EPD / PDC file, for example by prohibiting some participants from further using the provided data as the owner of which he is.
- a decentralized passport allows a third party (for example, a bank, service company, or the state or any other party involved in the process of interacting with a decentralized passport) to mark flags with appropriate USER / PDC / EDF / UID entries in case of important events, for example in case of compromise of personal data by a third party, or the implementation of suspicious transactions in the account of the owner of the decentralized passport, or in the case of marriage, childbirth, arrest, bankruptcy, insured event, tax evasion, drives to the police, existing and emerging legal restrictions or any other event, for example, in the event of the death of the owner of the decentralized passport, which can be reported by the third computing system connected to the decentralized passport network).
- a third party for example, a bank, service company, or the state or any other party involved in the process of interacting with a decentralized passport
Abstract
A method of digital ID, e.g., decentralized digital passport of a person is disclosed, the method comprising the steps of the providing a personal data; storing said personal data in a secure digital file, calculating a hash code for said secure digital file, and storing said hash code in a decentralized database, such decentralized database being, e.g., a blockchain system. Also disclosed are a method for creating a digital passport, a method for verifying and approving of a digital passport, and a method for identifying a user in a login, authorization, sign up and sign in process with such digital ID.
Description
A METHOD OF CREATING A DIGITAL ID OR DIGITAL DATA STORAGE OF A PERSON OR AN ORGANIZATION AND A METHOD OF USING THE DIGITAL ID OR DIGITAL DATA STORAGE FOR REMOTE IDENTIFICATION
Field of the invention
The invention relates to a field of digital identification technologies, namely to digital ID-s and decentralized passports. The invention addresses the problem of reliable identification of a person from a distance and reduces the time spent on remote authentication and partially or totally eliminates the need to carry out re-identification processes, saving time and other resources required for the implementation of procedures of identification, creating convenience and comfort for the owner of the digital ID remoting with organizations, institutions and government.
Background of the invention
Many organizations are required to verify the identity of a user or customer before letting him access data or benefit from a service, such as banks required to verify the identity of a customer before opening him a bank account, or airplane companies required to verify the identity of a client before letting him board into a plane. In order to perform such a verification, the user or customer is required to provide documents, such as an identity card or a passport, based on which the organizations may verify that the user or customer is indeed authorized to access the data or service he requires. Such organizations may also be required to prove their knowledge and verification of the identity of any customer or user to a regulator. For example, in the banking sector, before opening a new bank account, banks are required to collect various pieces of information about any new client, to verify that this client is allowed to open an account and to inform the regulator of such information through the Know Your Customer KYC process, in order to minimize the risk of fraud or money laundering.
As a result, each time a customer performs an activity requiring him to prove his identity, such as opening a new bank account into a new bank, the customer is required to provide again the same documents, and a verification authority is required to verify these documents, even if the same documents have already been provided and verified earlier by
another verification authority, for example by another bank when creating another bank account for the same customer.
The need for repeated checks of the identity of a person in each case of establishing contacts and the beginning of interaction between a person and an organization having a need to determine with whom the organization is dealing specifically is a serious drawback.
The remote identification procedure is a costly task; it includes the salaries of employees performing the procedure, organizational expenses, costs for third party services, taxes, and also requires the expenditure of a certain number of man-hours.
With the increase in the number of remotely delivered services, the costs of conducting remote identification procedures are proportionally increasing.
Known is EP3477891, disclosing a method for recording a digital identity of a first user comprising, performed by a computing device of a first verification entity identified by a first verification entity identifier: receiving from the first user at least one first user identity document and extracting user personal identifiable information data elements from said user identity document, after verification, encrypting using a public key of the first verification entity and recording said encrypted user personal identifiable information data elements (304) in a first distributed ledger whose access is authorized to a first set of computing devices only, generating a user identifier (KYC ID) to be sent to said user and recording a hash of said user identifier in a second distributed ledger and, for each verified user personal identifiable information data element, an attestation including the first verification entity identifier and a hash of said user personal identifiable information data element, and recording each generated attestation in said second distributed ledger, for each generated attestation, recording in said second distributed ledger a relationship between the generated user identifier and said generated attestation, wherein said first and second distributed ledgers are configured such that access to the first distributed ledger is more restricted than access to the second distributed ledger.
The disadvantage of this system is that the user personal identification data is stored in said first distributed ledger outside the user's personal devices and thus, potentially accessible to non-authorized persons.
B
Remote identity identification - eKYC, has been conducted in a centralized mode - this means that at a certain point in time, the verification party performs identification and compares information about the physical characteristics of the person in question with information on a physical medium or on a digital copy of the medium provided for identification.
In view of the absence of a mechanism for ensuring trust between the parties involved in the KYC procedure, such procedures are performed repeatedly, each time a new relationship is established between the parties.
Even if the credentials are used repeatedly (if the parties have a special case of implementing the mechanism of trust), the technologies used previously have the following limitations: many types of identification documents in different countries, different languages, differences in the requirements of state bodies of different countries, lack of a mechanism of trust between any parties involved in the KYC procedure.
Disclosure of Invention The goal of the invention is achieved by solving the problem of lack of trust between the parties, to remove the issue of storage of personal data (data is stored by their owner until the decision of the need to disclose them to anyone), to ensure the possibility of re-use of a decentralized passport for a certain period of time without the need to re-pass KYC procedures. One aspect of the invention is a method for creating a digital ID of a person as claimed in claims 1 to 5. According to first aspect of the invented method, the method of creating a digital ID of a person, the method comprising the steps: receiving by a first computing device at least one identity document, preferably accompanied with any type of additional personal data (for example - Proof of address (POF) documents or Proof of funds (POF) documents or any another data associated with Individual or Organization or any type of Foundation/Corporation/Company/Government or non-Government structure etc.)from said person;
storing said at least one identity document or any type of data in a Personal Data Container PDC, in said first computing device; securing said Personal Data Container PDC with access restricting means, e.g., applying password protection, or encrypting the container with person's personal key and creating as a result of this process Encrypted Personal Data Container (EPDC; shown as PDC/EDF on Figs 1 to 3) in said first computing device; preferably, sending said Encrypted Personal Data Container EPDC over a computer network to a second computing device. In preferred embodiment only the password protected container, or the encrypted file, is sent, i.e., it cannot be opened and/or modified in said second computing device; calculating by said first or said second computing device a First Hash Code FHC for said Encrypted Personal Data Container EPDC; preferably, returning said Encrypted Personal Data Container EPDC from said second computing device to said first computing device if any data was previously transmitted from the said first computing device to said second computing device, most preferably at this stage if the said second computing device can offer to the said first computing device to add to EPDC additional data provided by the said second computing device and request to send back an expanded EPDC including additional data provided by said second computing device (salt); storing First Hash Code FHC in a decentralized or distributed database, e.g., in a blockchain. In preferred embodiment, said hash code is stored in said decentralized database together with a user ID, and in most preferred embodiment, also user ID is hashed into Hashed ID - HID, so a hashed ID is stored in said decentralized database in connection with said first hash code and; deletion of all data associated with the first computing device, including the Encrypted Personal Data Container EPDC and First Hash Code FHC from said second computing device.
Such hash code of the PDC file, or a digital "fingerprint", clearly and uniquely identifies the file it was created from, and at the same time it is impossible to restore the file from such hash code.
The hash code data is stored in a decentralized database, such as in a blockchain system, in a distributed ledger; the principles of blockchain quarantee that such records cannot be altered.
Another aspect of the invention is a method for verifying and approving a digital ID as claimed in claims 6 to 7.
After the hash code is created and stored in a blockchain, said person may send it over the computer network to a third computer devices, configured to carry out verification and attestion processes. Such third computer device can be operated by an organization, entitled or obliged to carry out verification and attestion processes, e.g., know your customers KYC, such as banks (the verifier). Such third computer device, after receiving the PDC file, will retrieve the hash code from said decentralized database and compares it with a hash code calculated for the PDC file to confirm the authenticity of the PDC file. Then, after the person provides the third computer device with a password, the third computer opens the PDC, allowing the verifier to carry out necessary processes, and write the result (verified, not verified; attested, not attested) into said decentralized database in connection with said hashcode. Thus, any person can track the history related to said hashcode; by whom it was verified, attested and when, whether it has any restrictions or expiration dates.
Yet another aspect of the invention is a method for using a digital ID for login, authorization, sign-up and sign-in processes as claimed in claim 8.
Yet another aspect of the invention is a computer system as claimed in claim 9, configured to carry out the methods of claims 1 to 8. Brief Description of the Drawings
The following description and the annexed drawings set forth in detail certain illustrative aspects and are indicative of but a few of the various ways in which the principles of the embodiments may be employed. Other advantages and novel features will become apparent
from the following detailed description when considered in conjunction with the drawings and the disclosed embodiments are intended to include all such aspects and their equivalents.
Fig 1. shows a flowchart of the process of creating a digital ID, such as decentralized digital passport.
Fig 2. shows a flowchart of the process of verifying and approving of the decentralized digital passport.
Fig 3. shows a flowchart of a login, authorization, sign up and sign in process.
Modes for carrying out the invention An exemplary method of creating a digital ID, e.g., a decentralized digital passport is shown in Fig. 1, comprising the steps of: receiving by a first computer a personal data 100 from a person (also known as the data owner), receiving a video flow 102, e.g., in real time, or recorded, from said person, comprising, e.g., the image of the person, combining said personal data and video flow or with any another additional means of protecting information or any other way to confirm the authenticity of the person involved in the process, for example, using biometric data, in a processing step 104, optionally checking in step 106 the personal data, such as the SMS, the e-mail, phone number and other contact data, and/or applying face and/or ID recognition ; receiving from said person a user ID and password input 108 (optionally, checking the availability and uniqueness of the ID from a decentralized database in step 110) and encrypting and packing in step 112 said personal data 100 into an Encrypted Personal Data Container (shown as PDC/EDF file) 114, calculating in step 116 an hash code for said PDC/EDF file;
storing 118 said hash code (together with user ID, and/or additional information) in a decentralized database, such as know your customer (KYC) blockchain network in a database node 120; and returning and/or storing in step 122 said PDC/EDF file 114 in said first computer; Personal data is stored in a secure digital file, encrypted personal data container (EPDC) file, after which the EPDC file is returned to the owner of the data. Only the owner of the data has the password necessary to open the EPDC file. Preferably, the EPDC is only stored in a personal computing device such as smart phone, or PC, and is not stored in a computer or computer systems of any other persons or organizations without direct authorization from said owner of the data;
Preferably, the method further comprises creating second or subsequent hash code corresponding to said user ID (hash ID), and storing the second or third or N (where N is an integer) hash code together with said first hash code in said decentralized database, it does not exclude the possibility of creating any number of additional PDC/EDF files containing data provided by a third party added to the encrypted or unencrypted original personal data file.
Fig 2 shows the method for verifying and approving of a digital ID, such as decentralized passport, comprising the steps of receiving by the computer system of the know your customer KYC anti-money laundry AML service 200 from the user's computing device, over a computer network, a verification request and said EPD file 114, preferably together with additional personal data input 202, video flow 204 and a password 206 for removing protection; the verifying (checking) party calculating in step 208 the hash code of the EPD file and comparing it with the hash code stored in said decentralized database, i.e., KYC blockchain network and database node 120; the verifying (checking) party retrieving from said decentralized database 120 info and history associated with said calculated hash code in step 209;
unpacking and/or decrypting said PDC/EDF file in step 210; performing KYC data checking processes in step 212, preferably checking in step 214 any additional data, such as SMS, Email, telephone and other contact data; said processes resulting in decision that the user is either verified or not verified 216; and the verifying (checking) party writing in step 218 said result of the KYC processes (verified, not verified) into said KYC blockchain network and database node 120, preferably together with additional service information, for example: date, by whom the verification is performed, user ID, hash code, validity period of verification, additional conditions, organizations, services, and / or countries to which verification is applied and any other additional data.
Fig 3 shows a method for identifying a user in a login, authorization, sign up and/or sign in process with a digital ID, such as decentralized passport, the method comprising: receiving by the service or company where the user wants to sign up/sign in (third party) 300, from the user the Enrypted Personal Data Container (PDC/EDF ) 114 and preferably, a password input 206 the third party calculating in step 208 the hash code of the PDC/EDF file and comparing it with the hash code stored in said decentralized database, i.e., KYC blockchain network and database node 120; calculating a hash code in step 208, checking the hash code from a know your customer blockchain network and database node 120; the third party 300 requesting and retrieving from said decentralized database 120 info and history associated with said calculated hash code in step 209, ; unpacking and decrypting in step 210 said PDC/EDF file, recovering user id and other data; and granting access to the user to the services in step 302.
The third party makes a request to the decentralized database (blockchain or another type of database) and gets the history of the creation and existence of a decentralized passport (when it is created, by whom and when it is checked, by whom and when it is repeatedly checked, by whom and when it is canceled, etc.)lf the third party is satisfied with the result of data verification and the password from the container has not been received before, the third party asks the owner of the personal data password to access the the EPDC file;
The third party unpacks and decrypts the provided file, the information available inside is used to obtain personal data about the client;
A third party identifies the user; The third party interacts with the owner of personal data (authorizes the use and begins the provision of services at the request of the identified owner of personal data.
The invention may be implemented as a mechanism with a consistent passage of procedures for the creation, verification and re-remote and direct use of a decentralized passport for the purpose of identifying the owner of personal data. Multiple use of a decentralized passport may be using a multi-level system of trust and is conditioned by any additional parameters: the level of trust between the verifying parties (the country of verification, who conducted the audit: notary, bank, remote identification with video stream, no video stream, post office, etc.) the validity period of verification, any additional entries in the decentralized database (lockbox) about the change in the status of the owner of personal data, the necessity or absence of the need for additional biometric means second identification.
The use and functionality of the decentralized passport is not limited to the examples shown in Figs. 1 to 3. The decentralized passport can be extended, cancelled, updated, re-verified, get a note about the loss, get a note about the refusal of acceptance by any of the organizations with or without specifying the reasons (which can be an indicator of confidence for other organizations - participants of the decentralized passport system), be used for any other legitimate purposes at the initiative of the holders of decentralized passports and data acceptors.
In addition, a decentralized passport may have a time limit, as well as "automatically" extended on the initiative of the owner of personal data in the course of the agreed parties or approved procedures.
A decentralized passport can be used (but not limited to these applications) to work with: financial and technological services, remote access to any services and services provided through communication channels and using public and private networks, including the Internet, the provision of public services, crossing of borders, use of transport services, notariate, remote signing of contracts and any other documents, filing of applications, demands, letters, suits, document circulation, creation of defenses for remote voting in elections, for participation in any other open voting, as a signature for petitions, appeals, requests requiring a clear indication of the person, when collecting signatures for any needs, for example, for nominating candidates for elected government bodies and for public organization.
In addition, within the container containing the data (EPD / PDC), any additional data and copies of documents that, when checked and approved by a third party, thus receive an additional level of trust on top of all digital means of data authentication, for example: copies of original documents about birth, education or advanced training, driving permits for any transport, aircraft, wheeled or water transport, any documents issued by the state, employer, organization or individual.
Thus, a decentralized passport can be used to create digital copies of any type of documents or data that are stored on the one hand by the data owner, on the other hand the history of their use and life cycle is available to a third party, which allows for an additional degree of freedom to work with digital information and with the history of using this digital information without disclosing the content of this digital information to a party not expressly indicated by the owner of this data.
One of the advantages of using a decentralized passport is the ability of the data owner to control all the participants to whom he is allowed to use the data contained in the decentralized passport or the EPD / PDC file, for example by prohibiting some participants from further using the provided data as the owner of which he is. In addition, a decentralized passport allows a third party (for example, a bank, service company, or the state or any
other party involved in the process of interacting with a decentralized passport) to mark flags with appropriate USER / PDC / EDF / UID entries in case of important events, for example in case of compromise of personal data by a third party, or the implementation of suspicious transactions in the account of the owner of the decentralized passport, or in the case of marriage, childbirth, arrest, bankruptcy, insured event, tax evasion, drives to the police, existing and emerging legal restrictions or any other event, for example, in the event of the death of the owner of the decentralized passport, which can be reported by the third computing system connected to the decentralized passport network).
Claims
1. A method of creating a digital ID or digital data storage of a person or an organisation, the method comprising the steps:
receiving by a first computing device at least one identity document from said person or said organisation;
storing said at least one identity document in an encrypted personal data container EPDC;
calculating a first hash code for said EPDC file;
returning said EPDC file to said first computing device; and
storing said hash code in association with a user ID in a decentralized database, such as blockchain network and database node.
2. A method as in claim 1, comprising hashing said user ID into hashed ID HID and storing said user ID in said decentralized database as HID.
3. A method as in claims 1 to 2, receiving additionally a video flow of a person.
4. A method as in claim 2, comprising checking the personal data, e.g., a phone number, an e-mail address; using face recognition or ID recognition.
5. A method as in claims 2 and 3, comprising associating said personal data with user ID and a password.
6. A method as in claims 2 to 4, comprising checking the user ID availability from the know your customer blockchaing network and database node.
7. A method for verifying and approving of a digital ID, the method comprising receiving from a user by a know your customer and anti money laundry service with a file with Encrypted Personal Data EPD, receiving personal data input, video flow and a password from said user; unpacking and decrypting said EPD file, recovering user IDand other data, calculating a hash code, and checking the hash code from a know your customer blockchain network and database node.
8. A method as in claim 6, comprising writing into a blockchain network and database node the result of the know your customer process in the know your customer blockchain network and database node.
9. A method for identifying a user in a login, authorization, sign up and sign in process with a digital ID, the method comprising providing a file with Enrypted Personal Data (EPD), providing a password, unpacking and decrypting said EPD file calculating a hash code, checking the hash code from a know your customer blockchain network and database node, and granting an access to said service.
10. A computer program, configured to perform any of the methods as claimed in claims 1 to 9.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EEPCT/EE2018/050001 | 2018-07-02 | ||
EE2018050001 | 2018-07-02 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2020008367A1 true WO2020008367A1 (en) | 2020-01-09 |
Family
ID=67809538
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IB2019/055645 WO2020008367A1 (en) | 2018-07-02 | 2019-07-02 | A method of creating a digital id or digital data storage of a person or an organization, and a method of using the digital id or digital data storage for remote identification |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2020008367A1 (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111475865A (en) * | 2020-04-13 | 2020-07-31 | 北京新能源汽车技术创新中心有限公司 | Automobile data verification method and verification device |
CN111711619A (en) * | 2020-06-04 | 2020-09-25 | 江苏荣泽信息科技股份有限公司 | Block chain-based network security connection system |
CN112199721A (en) * | 2020-10-13 | 2021-01-08 | 腾讯科技(北京)有限公司 | Authentication information processing method, device, equipment and storage medium |
CN112966285A (en) * | 2021-03-26 | 2021-06-15 | 江苏省生态环境监控中心(江苏省环境信息中心) | Automatic acquisition and integration method and system for instrument data for environmental monitoring |
CN115664861A (en) * | 2022-12-27 | 2023-01-31 | 中国信息通信研究院 | Identity information verification method and device based on block chain, equipment and medium |
US11693948B2 (en) | 2020-08-04 | 2023-07-04 | International Business Machines Corporation | Verifiable labels for mandatory access control |
WO2024074865A1 (en) | 2022-10-03 | 2024-04-11 | Cibex Ag | Method for creating a tokenized personal identification, a computer program, and a data processing system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170222814A1 (en) * | 2015-10-14 | 2017-08-03 | Cambridge Blockchain, LLC | Systems and methods for managing digital identities |
US20170302450A1 (en) * | 2015-05-05 | 2017-10-19 | ShoCard, Inc. | Identity Management Service Using A Blockchain Providing Certifying Transactions Between Devices |
AU2018100478A4 (en) * | 2016-10-26 | 2018-06-07 | Black Gold Coin, Inc. | Systems and methods for providing a universal decentralized solution for verification of users with cross-verification features |
EP3477891A1 (en) | 2017-10-26 | 2019-05-01 | Gemalto Sa | Methods for recording and sharing a digital identity of a user using distributed ledgers |
-
2019
- 2019-07-02 WO PCT/IB2019/055645 patent/WO2020008367A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170302450A1 (en) * | 2015-05-05 | 2017-10-19 | ShoCard, Inc. | Identity Management Service Using A Blockchain Providing Certifying Transactions Between Devices |
US20170222814A1 (en) * | 2015-10-14 | 2017-08-03 | Cambridge Blockchain, LLC | Systems and methods for managing digital identities |
AU2018100478A4 (en) * | 2016-10-26 | 2018-06-07 | Black Gold Coin, Inc. | Systems and methods for providing a universal decentralized solution for verification of users with cross-verification features |
EP3477891A1 (en) | 2017-10-26 | 2019-05-01 | Gemalto Sa | Methods for recording and sharing a digital identity of a user using distributed ledgers |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111475865A (en) * | 2020-04-13 | 2020-07-31 | 北京新能源汽车技术创新中心有限公司 | Automobile data verification method and verification device |
CN111711619A (en) * | 2020-06-04 | 2020-09-25 | 江苏荣泽信息科技股份有限公司 | Block chain-based network security connection system |
US11693948B2 (en) | 2020-08-04 | 2023-07-04 | International Business Machines Corporation | Verifiable labels for mandatory access control |
CN112199721A (en) * | 2020-10-13 | 2021-01-08 | 腾讯科技(北京)有限公司 | Authentication information processing method, device, equipment and storage medium |
CN112966285A (en) * | 2021-03-26 | 2021-06-15 | 江苏省生态环境监控中心(江苏省环境信息中心) | Automatic acquisition and integration method and system for instrument data for environmental monitoring |
WO2024074865A1 (en) | 2022-10-03 | 2024-04-11 | Cibex Ag | Method for creating a tokenized personal identification, a computer program, and a data processing system |
CN115664861A (en) * | 2022-12-27 | 2023-01-31 | 中国信息通信研究院 | Identity information verification method and device based on block chain, equipment and medium |
CN115664861B (en) * | 2022-12-27 | 2023-02-28 | 中国信息通信研究院 | Identity information verification method and device based on block chain, equipment and medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11200340B2 (en) | Method and system for managing personal information within independent computer systems and digital networks | |
WO2020008367A1 (en) | A method of creating a digital id or digital data storage of a person or an organization, and a method of using the digital id or digital data storage for remote identification | |
US10810290B2 (en) | Robust method and an apparatus for authenticating a client in non-face-to-face online interactions based on a combination of live biometrics, biographical data, blockchain transactions and signed digital certificates | |
US20210385219A1 (en) | Method and system for data security within independent computer systems and digital networks | |
US7690032B1 (en) | Method and system for confirming the identity of a user | |
US7527192B1 (en) | Network based method of providing access to information | |
US7779457B2 (en) | Identity verification system | |
US8832800B2 (en) | Method for producing an electro-biometric signature allowing legal interaction between and identification of persons | |
US20040158723A1 (en) | Methods for providing high-integrity enrollments into biometric authentication databases | |
CN108540449B (en) | Intelligent seal control method and system and computer storage medium | |
CN110462658A (en) | For providing system and method for the digital identity record to verify the identity of user | |
US20150101065A1 (en) | User controlled data sharing platform | |
US20140244510A1 (en) | Privacy protection system and method | |
US20220188836A1 (en) | Anti-Money Laundering Blockchain Technology | |
EP2254093B1 (en) | Method and system for confirming the identity of a user | |
KR102279342B1 (en) | Banking service providing system and method using cryptocurrency | |
KR20130048532A (en) | Next generation financial system | |
KR101303915B1 (en) | A system for financial deals | |
Edu et al. | Exploring the risks and challenges of national electronic identity (NeID) system | |
AU2009227510B2 (en) | Method and system for confirming the identity of a user | |
US11823092B2 (en) | Coordination platform for generating and managing authority tokens | |
Veena et al. | Aadhaar Secure: An Authentication System for Aadhaar Base Citizen Services using Blockchain | |
US11663590B2 (en) | Privacy-preserving assertion system and method | |
Widayanto et al. | Identity Management Technology Using Blockchain in Indonesia | |
JP2023554555A (en) | Network identity |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 19761951 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 23/04/2021) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 19761951 Country of ref document: EP Kind code of ref document: A1 |