Classifications

• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
  • G06F21/31—User authentication
  • G06F21/41—User authentication where a single sign-on provides access to a plurality of computers
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
  • G06F21/31—User authentication
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
  • H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
  • H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
  • H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
  • G06F21/31—User authentication
  • G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
  • G06F21/31—User authentication
  • G06F21/33—User authentication using certificates
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
  • G06F21/31—User authentication
  • G06F21/36—User authentication by graphic or iconic representation
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
  • H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
  • H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
  • H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
  • H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
  • H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
  • H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication

Definitions

• the present invention relates to a personal identification method which provides a legal basis for electronic authentication processes using legally binding electronic signature certificates on blockchain technology.
• the e-signature (electronic signature), which has the same legal validity as the wet- ink signature, is a verification (authentication) method ensuring that the information sent in the electronic transactions does not change in the course of transmission, belongs to the sender, and cannot be denied.
• legal digital identities are created by legally recognized Electronic Certificate Service Providers and/or Qualified Certification authorities upon request of people by performing identity authentication.
• the critical information regarding the electronic certificates is delivered to the person within hardware that only the e-signature holders can access with a password. There are as many individuals holding a piece of distributed information as the number of individuals who have been given e- signatures. This information cannot be changed, manipulated or used by anyone other than the authorized person. E-signatures are also disabled when they expire.
• various e-wallets such as desktop wallets, mobile wallets, online wallets and hardware wallets are created.
• Blockchain technology is a technology that is built with a chaining model, which can be tracked but cannot be broken, and allows operation without being connected to a center. Thus, sales transactions can be carried out directly between two parties (i.e. buyer and seller) and in a secure manner. Thus, the intermediaries for the sale transaction are eliminated.
• the present invention integrates e- signature or mobile signature with the distributed data in the blockchain with smart contracts, thereby providing a digital identity that the user can, at her/his own discretion, use the desired ID information on the blockchain at any desired time. It is an important advantage that the present invention is the most reliable method available, since it operates on the blockchain and there is a distributed structure in the blockchain as there is in the e-signature.
• the fact that the identities, which are previously verified by legally recognized Electronic Certification Service Providers and/or Qualified Certification authorities, are used provides a high level of security and legal binding in the concerned countries.
• Figure 1 is a flowchart of the inventive personal identification method.
• Figure 2 is a schematic of the inventive personal identification system.
• a system (100) used for running the personal identification method of the present invention essentially comprises client devices (200) for entering the user identification information by the users and companies; a server system (300) having a database for storing the user identification information and one or more servers adapted for user authentication; and a wired or wireless communication network to provide the data communication between the client devices (200) and the server system (300).
• the client device (200) is an electronic device such as smart phones, tablets, desktop computers, laptop computers, etc., and comprise a display, a data communication module for wired or wireless data communication (e.g. a Wifi ((Wireless Fidelity), Ethernet card, 3G/4G/4.5G... module, GSM module, GPRS module, etc.) and a data input interface (e.g. touch sensitive screen, keyboard, mouse, etc.) for entering user information.
• the client devices (200) may also comprise an internal or external camera and a biometric data entry unit (such as a fingerprint reader) for entry of biometric data and swiping QR codes.
• the users may use more than one client device (200), for instance a smart phone and a desktop computer, when using the system (100).
• the server system (300) comprises a first server (301) adapted to run a website comprising a user interface for the users and companies to be able to perform preregistration by client devices (200) via the said user interface; a second server (302) adapted to run an admin panel for verification of company information; a third server (303) adapted to generate a user wallet for the users and a company wallet for the verified companies; a fourth server (304) comprising a database for saving user and company information and the said wallets; and a company server (305) adapted to run the website of the companies.
• the server system (300) is not limited to these, so it may comprise smaller or greater number of servers and the method steps described in the following paragraphs can be carried out.
• the server system (300) also includes an SMTP server (306) adapted to send a confirmation e-mail to the e-mail address of the user for confirming the e-mail address of the user.
• an SMTP server (306) adapted to send a confirmation e-mail to the e-mail address of the user for confirming the e-mail address of the user.
• the personal identification method of the present invention comprises the following steps carried out by using a system (100) essentially comprising client devices (200) including a data input interface and a display for use by the users and companies; a server system (300) having a database and adapted to run a website comprising a user interface; and a communication network to carry out the data communication between the client devices (200) and the server system (300):
• a user For creating a user wallet for the users; a user logging in to the website operated by the server system (300) via the data input interface of a client device (200) and entering the user information into the user interface of the website;
• client device (200) transmitting the certificate information of said electronic signature or mobile signature to the server system (300) and saving it into the database;
• the server system (300) creating a user service agreement and displaying it on the screen of the client device (200);
• the server system (300) creating a user account and a user wallet associated with the said user account and containing blockchain;
• the server system (300) creating a smart contract, incorporating the user service agreement signed by the user into said smart contract and saving the said user wallet and the smart contract into the database;
• the company logging into the website run by the server system (300) via a client device (200) and entering the company information into the user interface of the website;
• the server system (300) creating a company user account in accordance with the company information, a company wallet associated with the said company account and containing blockchain, and a smart contract; and saving them into the database;
• the user confirming or rejecting the smart contract in the company wallet, o if the smart contract has been confirmed by the user, incorporating the user information, user certificate and the concerned agreement previously signed by the user into the blockchain in the user wallet stored in the database and sharing the said information with the said company;
• the users and companies are registered to the system (100) to have an electronic wallet.
• the steps related to the said registration process and steps of creating a user/company wallet are provided below.
• the users log in to a website, which is run by the first server (301) via the client devices (200) and includes a user interface, and carry out a pre -registration process by inputting the user information (such as name, surname, email address, mobile phone number, and preferably biometric data such as fingerprints) via the user interface of the said website.
• the user information such as name, surname, email address, mobile phone number, and preferably biometric data such as fingerprints
• information about the memberships is transmitted by the first server (301) to the client devices (200) of the users by secure methods, preferably by two-way AES encryption techniques (Advanced Encryption Standard).
• the user information entered by the user to the user interface are passed through the proxy and web service layer of the first server (301) and transmitted to the fourth server (304) and are saved in the database in the fourth server (304).
• a verification e-mail is transmitted by the SMTP server (306) to the e-mail address of the user registered in the database to verify the e- mail address, and after the e-mail is verified by the user (for example by entering a sent link), the data processing on the first server (301) resumes.
• the users can complete the registration in the system (100) in different ways (for example by using electronic signature, using mobile signature, using information from different systems with which authentication agreement is concluded, or using a cloud signature issued by the European Union Electronic Signature Regulation elDAS (Electronic Identification and Trust Services Regulation)).
• elDAS Electronic Identification and Trust Services Regulation
• the users enter some of the user information (e.g. Turkish Republic identification number and/or mobile phone number) related to the e-signature or mobile signature via the user interface of the said website, and verification is carried out through conventional methods via the client device (200) according to the selected signature.
• the client device (200) For example, during verification by the e-signature, a code is generated in the website after the user information (e.g. Turkish Republic identification number) is entered to the website and this code is entered to the user interface of an official application installed in the client device (200), and after a pin code predefined to the user for the e-signature is entered, the signing process is performed.
• a pin code predefined for mobile signature is entered via the mobile client device (200) and verification is carried out.
• a part of the user information e.g. Turkish Republic identification number
• verification of the telephone information preregistered for e-signature can also be enabled via the first server (301).
• a random four digit number is generated by using an SMS OTP (Short Message Service One-Time Password) service run by the first server (301) and it is sent by the SMS OTP service to the mobile client device (200) of the user.
• SMS OTP Short Message Service One-Time Password
• this number When this number is entered by the user to the user interface of the said website, it is compared with the number (one-time password) sent to the user, thereby carrying out verification of the mobile telephone number. As a result of the verification, the e-signature user information (name, surname, telephone number, e-mail address, etc.) and certificate information are passed through the proxy and web service layer of the first server (301) and transmitted to the fourth server (304) and saved into the database.
• the user enters some of the user information (e.g. Turkish Republic identification number and mobile telephone number) related to the mobile signature. Since the mobile telephone number is already verified, an additional verification method is not required, and the user information (name, surname, telephone number, e-mail address, etc.) and certificate information are passed through the proxy and web service layer of the first server (301) and transmitted to the fourth server (304) and saved into the database.
• the user information to be saved in the database is retrieved from the certificate in the e- signature or mobile signature.
• the information in the said certificate is the information which is previously generated by the Electronic Certificate Service Providers and/or Qualified Certificate Authorities. Therefore, all of the information in the certificate are considered correct and saved into the system (100) as the user information. This user information cannot be changed afterwards by the user or by a different person/institution.
• a user service agreement is created by the first server (301) and is displayed to the user on the display of the client device (200).
• the said user service agreement is signed by using e-signature or mobile signature (in other words, the agreement is signed by using the services related to the signing libraries).
• the signed user service agreement is passed through the proxy and web service layer of the first server (301) and transmitted to the third server (303).
• a user wallet (in other words, an electronic wallet) is created by the third server (303) simultaneously with the user account (e.g. user name and password) by using a user account specific to this user and blockchain technology.
• a smart contract is generated by the third server (303) within the user wallet and the user service agreement signed by the user is incorporated into the smart contract. This contract cannot be edited or changed afterwards.
• the user wallet and the smart contract that are created are transmitted to the fourth server (304) and saved in the database. Another person/institution cannot interfere with the user wallet created with the said user information.
• the users can access their user accounts, in other words their user wallets, via the client device (200) by the user account information (user name and passwords) or biometric data (e.g. face, iris, retina, voice, fingerprint, palm print), and thus use the system.
• the users can log in to their user accounts via the client devices (200), through for example a website opened on a web browser installed in a desktop computer, tablet or mobile device, or through an official application/program installed on these devices by means of their user name and passwords or biometric data (e.g. face recognition via telephone camera, voice recognition via microphone, fingerprint recognition by fingerprint reader, etc.).
• the users can use the system (100) by camera and barcode via the said official applications installed on the client device (200), and by push notifications via any other applications.
• companies wishing to use the system (100) of the present invention should also subscribe to the system (100).
• an authorized operator in the companies carries out a pre-registration to the system (100) by using a client device (200) via the user interface of a website run by the first server (301).
• pre registration can also be performed via mobile applications or by conventional methods.
• Information about the memberships is delivered to the client devices (200) of the companies by secure methods (e.g., duplex AES encryption techniques).
• the company information entered during the above-mentioned registration process (for example, the title, address, telephone number, e-mail address of the company) is passed to the proxy and web service layers of the first server (301) and transmitted to the fourth server (304) and stored in the database.
• an authorized person in the system (100) issues a confirmation for the company wishing to be registered to the system (100) via an admin panel on the second server (302).
• this confirmation information is transmitted to the third server (303), and a company user account (e.g. company user name and password) and a company wallet associated with this company user account is created by using blockchain technology.
• a smart contract containing the web site information of the said company is created, and the company user account, company wallet and smart contract are transmitted to the fourth server (304) and saved in the database.
• Companies can update their company information and logos by logging in with the company user account via the user interface of the website run by the first server (301). This updated information passes through the proxy layer of the first server (301) and transmitted to the web service and then transmitted to the fourth server (304) via the web service and saved in the database.
• companies are integrated to the system (100) via web services.
• the companies define their ApiKeys (Application Programming Interface Key) and the restrictions required to access these ApiKeys by means of the ApiKey generation function on the first server (301). This information is saved in the database on the fourth server (304) again via the proxy and web services.
• ApiKeys Application Programming Interface Key
• All of the web services mentioned in this system (100) are positioned so as to provide services preferably via HTTPS protocol (Secure Hypertext Transfer Protocol).
• HTTPS protocol Secure Hypertext Transfer Protocol
• the functions other than the login process convey the user name and password information (authorization data) to the web services. Services that can be recalled without user login are isolated from the other services.
• the users recall a web service by means of a client device (200) through a recall link on the user interface of a web page of the company or by swiping a QR code.
• the said web service recalls the smart contract from the company wallet that is saved in the database of the fourth server (304).
• the said smart contract displays the site information on the user application screen and provides confirm and reject buttons.
• the company then generates a QR code for the said user specific to that instant, and publishes it on the verification screen of the website.
• the said QR code generation process takes place as follows: the company uses ApiKey in iframe on its web page, and then retrieves the QR code information (company and time information encrypted by the AES encryption technique) from the first server (301) and publishes it preferably on its web site for a certain period of time (e.g. 30 seconds).
• the related web services on the first server (301) are recalled and the said web services retrieve the company information in the database of the fourth server (304) and process this information into a QR code.
• a QR code specific to that instant is generated for a user who logs in to the web site of the concerned company for authentication.
• the user logs in to the mobile application of a client device (200) via the user account information (e.g. user name and password) or biometric data, and uses the camera of the client device (200) to swipe the QR code via the QR code swiping feature within the application; and according to preference, confirms or rejects the said smart contract and thus shares or declines to share the information (signed contract, certificate information, etc.).
• user account information e.g. user name and password
• biometric data e.g. user name and password
• biometric data e.g. user name and password
• the user uses the camera of the client device (200) to swipe the QR code via the QR code swiping feature within the application; and according to preference, confirms or rejects the said smart contract and thus shares or declines to share the information (signed contract, certificate information, etc.).
• the web services on the first server (301) map the user by comparing the user walletid in the fourth server (304) with the user account information (for example, user name and password) with which the user logged in to the mobile application. If approved by the user, the user information (for example, the user's name and surname), the user certificate, and the said agreement previously signed by the user are added by the third server (303) to the blockchain in the user wallet stored in the database of the fourth server (304). If the smart contract is not approved by the user, the information that the user did not approve the contract is saved into the blockchain in the said user wallet again via the third server (303). These operations are then saved into the database of the fourth server (304).
• the said user information (name surname, etc.), signed contract, certificate information, etc. stored in the database of the fourth server (304) are delivered to the company server (305) to share with the company.
• the said information stored in the database is not transmitted to the company server (305), and thus this information is not shared with the company.
• the process of identity sharing by smart contracts without a second intervention is completed under full user control.
• all of the information mentioned in the above given paragraph are kept in the database of the fourth server (304), but the invention is not limited thereto.
• a part of the above-mentioned information is stored in the database of the fourth server (304), while another part is stored in another server, preferably the third server (303).
• all of the information mentioned above is stored both in the database of the fourth server (304) and in another server, preferably the third server (303).

Landscapes

• Engineering & Computer Science (AREA)
• Computer Security & Cryptography (AREA)
• Computer Hardware Design (AREA)
• General Engineering & Computer Science (AREA)
• Computer Networks & Wireless Communication (AREA)
• Signal Processing (AREA)
• Theoretical Computer Science (AREA)
• Computing Systems (AREA)
• Software Systems (AREA)
• Physics & Mathematics (AREA)
• General Physics & Mathematics (AREA)
• Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Applications Claiming Priority (2)

Publications (1)

Family

ID=64605880

Family Applications (1)

Country Status (3)

Families Citing this family (2)

Family Cites Families (3)

• 2018
  • 2018-06-07 TR TR2018/08119A patent/TR201808119A2/tr unknown
• 2019
  • 2019-05-31 WO PCT/TR2019/050410 patent/WO2020076261A1/en unknown
  • 2019-05-31 EP EP19845920.8A patent/EP3811253A1/de not_active Withdrawn

Also Published As

Similar Documents

Legal Events