EP3811253A1 - A personal identification method comprising e-signature and blockchain layers - Google Patents

A personal identification method comprising e-signature and blockchain layers

Info

Publication number
EP3811253A1
EP3811253A1 EP19845920.8A EP19845920A EP3811253A1 EP 3811253 A1 EP3811253 A1 EP 3811253A1 EP 19845920 A EP19845920 A EP 19845920A EP 3811253 A1 EP3811253 A1 EP 3811253A1
Authority
EP
European Patent Office
Prior art keywords
user
information
company
server system
client device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP19845920.8A
Other languages
German (de)
French (fr)
Inventor
Can ORHUN
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Plum Technologies BV
Original Assignee
Plum Technologies BV
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Plum Technologies BV filed Critical Plum Technologies BV
Publication of EP3811253A1 publication Critical patent/EP3811253A1/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/41User authentication where a single sign-on provides access to a plurality of computers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication

Definitions

  • the present invention relates to a personal identification method which provides a legal basis for electronic authentication processes using legally binding electronic signature certificates on blockchain technology.
  • the e-signature (electronic signature), which has the same legal validity as the wet- ink signature, is a verification (authentication) method ensuring that the information sent in the electronic transactions does not change in the course of transmission, belongs to the sender, and cannot be denied.
  • legal digital identities are created by legally recognized Electronic Certificate Service Providers and/or Qualified Certification authorities upon request of people by performing identity authentication.
  • the critical information regarding the electronic certificates is delivered to the person within hardware that only the e-signature holders can access with a password. There are as many individuals holding a piece of distributed information as the number of individuals who have been given e- signatures. This information cannot be changed, manipulated or used by anyone other than the authorized person. E-signatures are also disabled when they expire.
  • various e-wallets such as desktop wallets, mobile wallets, online wallets and hardware wallets are created.
  • Blockchain technology is a technology that is built with a chaining model, which can be tracked but cannot be broken, and allows operation without being connected to a center. Thus, sales transactions can be carried out directly between two parties (i.e. buyer and seller) and in a secure manner. Thus, the intermediaries for the sale transaction are eliminated.
  • the present invention integrates e- signature or mobile signature with the distributed data in the blockchain with smart contracts, thereby providing a digital identity that the user can, at her/his own discretion, use the desired ID information on the blockchain at any desired time. It is an important advantage that the present invention is the most reliable method available, since it operates on the blockchain and there is a distributed structure in the blockchain as there is in the e-signature.
  • the fact that the identities, which are previously verified by legally recognized Electronic Certification Service Providers and/or Qualified Certification authorities, are used provides a high level of security and legal binding in the concerned countries.
  • Figure 1 is a flowchart of the inventive personal identification method.
  • Figure 2 is a schematic of the inventive personal identification system.
  • a system (100) used for running the personal identification method of the present invention essentially comprises client devices (200) for entering the user identification information by the users and companies; a server system (300) having a database for storing the user identification information and one or more servers adapted for user authentication; and a wired or wireless communication network to provide the data communication between the client devices (200) and the server system (300).
  • the client device (200) is an electronic device such as smart phones, tablets, desktop computers, laptop computers, etc., and comprise a display, a data communication module for wired or wireless data communication (e.g. a Wifi ((Wireless Fidelity), Ethernet card, 3G/4G/4.5G... module, GSM module, GPRS module, etc.) and a data input interface (e.g. touch sensitive screen, keyboard, mouse, etc.) for entering user information.
  • the client devices (200) may also comprise an internal or external camera and a biometric data entry unit (such as a fingerprint reader) for entry of biometric data and swiping QR codes.
  • the users may use more than one client device (200), for instance a smart phone and a desktop computer, when using the system (100).
  • the server system (300) comprises a first server (301) adapted to run a website comprising a user interface for the users and companies to be able to perform preregistration by client devices (200) via the said user interface; a second server (302) adapted to run an admin panel for verification of company information; a third server (303) adapted to generate a user wallet for the users and a company wallet for the verified companies; a fourth server (304) comprising a database for saving user and company information and the said wallets; and a company server (305) adapted to run the website of the companies.
  • the server system (300) is not limited to these, so it may comprise smaller or greater number of servers and the method steps described in the following paragraphs can be carried out.
  • the server system (300) also includes an SMTP server (306) adapted to send a confirmation e-mail to the e-mail address of the user for confirming the e-mail address of the user.
  • an SMTP server (306) adapted to send a confirmation e-mail to the e-mail address of the user for confirming the e-mail address of the user.
  • the personal identification method of the present invention comprises the following steps carried out by using a system (100) essentially comprising client devices (200) including a data input interface and a display for use by the users and companies; a server system (300) having a database and adapted to run a website comprising a user interface; and a communication network to carry out the data communication between the client devices (200) and the server system (300):
  • a user For creating a user wallet for the users; a user logging in to the website operated by the server system (300) via the data input interface of a client device (200) and entering the user information into the user interface of the website;
  • client device (200) transmitting the certificate information of said electronic signature or mobile signature to the server system (300) and saving it into the database;
  • the server system (300) creating a user service agreement and displaying it on the screen of the client device (200);
  • the server system (300) creating a user account and a user wallet associated with the said user account and containing blockchain;
  • the server system (300) creating a smart contract, incorporating the user service agreement signed by the user into said smart contract and saving the said user wallet and the smart contract into the database;
  • the company logging into the website run by the server system (300) via a client device (200) and entering the company information into the user interface of the website;
  • the server system (300) creating a company user account in accordance with the company information, a company wallet associated with the said company account and containing blockchain, and a smart contract; and saving them into the database;
  • the user confirming or rejecting the smart contract in the company wallet, o if the smart contract has been confirmed by the user, incorporating the user information, user certificate and the concerned agreement previously signed by the user into the blockchain in the user wallet stored in the database and sharing the said information with the said company;
  • the users and companies are registered to the system (100) to have an electronic wallet.
  • the steps related to the said registration process and steps of creating a user/company wallet are provided below.
  • the users log in to a website, which is run by the first server (301) via the client devices (200) and includes a user interface, and carry out a pre -registration process by inputting the user information (such as name, surname, email address, mobile phone number, and preferably biometric data such as fingerprints) via the user interface of the said website.
  • the user information such as name, surname, email address, mobile phone number, and preferably biometric data such as fingerprints
  • information about the memberships is transmitted by the first server (301) to the client devices (200) of the users by secure methods, preferably by two-way AES encryption techniques (Advanced Encryption Standard).
  • the user information entered by the user to the user interface are passed through the proxy and web service layer of the first server (301) and transmitted to the fourth server (304) and are saved in the database in the fourth server (304).
  • a verification e-mail is transmitted by the SMTP server (306) to the e-mail address of the user registered in the database to verify the e- mail address, and after the e-mail is verified by the user (for example by entering a sent link), the data processing on the first server (301) resumes.
  • the users can complete the registration in the system (100) in different ways (for example by using electronic signature, using mobile signature, using information from different systems with which authentication agreement is concluded, or using a cloud signature issued by the European Union Electronic Signature Regulation elDAS (Electronic Identification and Trust Services Regulation)).
  • elDAS Electronic Identification and Trust Services Regulation
  • the users enter some of the user information (e.g. Turkish Republic identification number and/or mobile phone number) related to the e-signature or mobile signature via the user interface of the said website, and verification is carried out through conventional methods via the client device (200) according to the selected signature.
  • the client device (200) For example, during verification by the e-signature, a code is generated in the website after the user information (e.g. Turkish Republic identification number) is entered to the website and this code is entered to the user interface of an official application installed in the client device (200), and after a pin code predefined to the user for the e-signature is entered, the signing process is performed.
  • a pin code predefined for mobile signature is entered via the mobile client device (200) and verification is carried out.
  • a part of the user information e.g. Turkish Republic identification number
  • verification of the telephone information preregistered for e-signature can also be enabled via the first server (301).
  • a random four digit number is generated by using an SMS OTP (Short Message Service One-Time Password) service run by the first server (301) and it is sent by the SMS OTP service to the mobile client device (200) of the user.
  • SMS OTP Short Message Service One-Time Password
  • this number When this number is entered by the user to the user interface of the said website, it is compared with the number (one-time password) sent to the user, thereby carrying out verification of the mobile telephone number. As a result of the verification, the e-signature user information (name, surname, telephone number, e-mail address, etc.) and certificate information are passed through the proxy and web service layer of the first server (301) and transmitted to the fourth server (304) and saved into the database.
  • the user enters some of the user information (e.g. Turkish Republic identification number and mobile telephone number) related to the mobile signature. Since the mobile telephone number is already verified, an additional verification method is not required, and the user information (name, surname, telephone number, e-mail address, etc.) and certificate information are passed through the proxy and web service layer of the first server (301) and transmitted to the fourth server (304) and saved into the database.
  • the user information to be saved in the database is retrieved from the certificate in the e- signature or mobile signature.
  • the information in the said certificate is the information which is previously generated by the Electronic Certificate Service Providers and/or Qualified Certificate Authorities. Therefore, all of the information in the certificate are considered correct and saved into the system (100) as the user information. This user information cannot be changed afterwards by the user or by a different person/institution.
  • a user service agreement is created by the first server (301) and is displayed to the user on the display of the client device (200).
  • the said user service agreement is signed by using e-signature or mobile signature (in other words, the agreement is signed by using the services related to the signing libraries).
  • the signed user service agreement is passed through the proxy and web service layer of the first server (301) and transmitted to the third server (303).
  • a user wallet (in other words, an electronic wallet) is created by the third server (303) simultaneously with the user account (e.g. user name and password) by using a user account specific to this user and blockchain technology.
  • a smart contract is generated by the third server (303) within the user wallet and the user service agreement signed by the user is incorporated into the smart contract. This contract cannot be edited or changed afterwards.
  • the user wallet and the smart contract that are created are transmitted to the fourth server (304) and saved in the database. Another person/institution cannot interfere with the user wallet created with the said user information.
  • the users can access their user accounts, in other words their user wallets, via the client device (200) by the user account information (user name and passwords) or biometric data (e.g. face, iris, retina, voice, fingerprint, palm print), and thus use the system.
  • the users can log in to their user accounts via the client devices (200), through for example a website opened on a web browser installed in a desktop computer, tablet or mobile device, or through an official application/program installed on these devices by means of their user name and passwords or biometric data (e.g. face recognition via telephone camera, voice recognition via microphone, fingerprint recognition by fingerprint reader, etc.).
  • the users can use the system (100) by camera and barcode via the said official applications installed on the client device (200), and by push notifications via any other applications.
  • companies wishing to use the system (100) of the present invention should also subscribe to the system (100).
  • an authorized operator in the companies carries out a pre-registration to the system (100) by using a client device (200) via the user interface of a website run by the first server (301).
  • pre registration can also be performed via mobile applications or by conventional methods.
  • Information about the memberships is delivered to the client devices (200) of the companies by secure methods (e.g., duplex AES encryption techniques).
  • the company information entered during the above-mentioned registration process (for example, the title, address, telephone number, e-mail address of the company) is passed to the proxy and web service layers of the first server (301) and transmitted to the fourth server (304) and stored in the database.
  • an authorized person in the system (100) issues a confirmation for the company wishing to be registered to the system (100) via an admin panel on the second server (302).
  • this confirmation information is transmitted to the third server (303), and a company user account (e.g. company user name and password) and a company wallet associated with this company user account is created by using blockchain technology.
  • a smart contract containing the web site information of the said company is created, and the company user account, company wallet and smart contract are transmitted to the fourth server (304) and saved in the database.
  • Companies can update their company information and logos by logging in with the company user account via the user interface of the website run by the first server (301). This updated information passes through the proxy layer of the first server (301) and transmitted to the web service and then transmitted to the fourth server (304) via the web service and saved in the database.
  • companies are integrated to the system (100) via web services.
  • the companies define their ApiKeys (Application Programming Interface Key) and the restrictions required to access these ApiKeys by means of the ApiKey generation function on the first server (301). This information is saved in the database on the fourth server (304) again via the proxy and web services.
  • ApiKeys Application Programming Interface Key
  • All of the web services mentioned in this system (100) are positioned so as to provide services preferably via HTTPS protocol (Secure Hypertext Transfer Protocol).
  • HTTPS protocol Secure Hypertext Transfer Protocol
  • the functions other than the login process convey the user name and password information (authorization data) to the web services. Services that can be recalled without user login are isolated from the other services.
  • the users recall a web service by means of a client device (200) through a recall link on the user interface of a web page of the company or by swiping a QR code.
  • the said web service recalls the smart contract from the company wallet that is saved in the database of the fourth server (304).
  • the said smart contract displays the site information on the user application screen and provides confirm and reject buttons.
  • the company then generates a QR code for the said user specific to that instant, and publishes it on the verification screen of the website.
  • the said QR code generation process takes place as follows: the company uses ApiKey in iframe on its web page, and then retrieves the QR code information (company and time information encrypted by the AES encryption technique) from the first server (301) and publishes it preferably on its web site for a certain period of time (e.g. 30 seconds).
  • the related web services on the first server (301) are recalled and the said web services retrieve the company information in the database of the fourth server (304) and process this information into a QR code.
  • a QR code specific to that instant is generated for a user who logs in to the web site of the concerned company for authentication.
  • the user logs in to the mobile application of a client device (200) via the user account information (e.g. user name and password) or biometric data, and uses the camera of the client device (200) to swipe the QR code via the QR code swiping feature within the application; and according to preference, confirms or rejects the said smart contract and thus shares or declines to share the information (signed contract, certificate information, etc.).
  • user account information e.g. user name and password
  • biometric data e.g. user name and password
  • biometric data e.g. user name and password
  • the user uses the camera of the client device (200) to swipe the QR code via the QR code swiping feature within the application; and according to preference, confirms or rejects the said smart contract and thus shares or declines to share the information (signed contract, certificate information, etc.).
  • the web services on the first server (301) map the user by comparing the user walletid in the fourth server (304) with the user account information (for example, user name and password) with which the user logged in to the mobile application. If approved by the user, the user information (for example, the user's name and surname), the user certificate, and the said agreement previously signed by the user are added by the third server (303) to the blockchain in the user wallet stored in the database of the fourth server (304). If the smart contract is not approved by the user, the information that the user did not approve the contract is saved into the blockchain in the said user wallet again via the third server (303). These operations are then saved into the database of the fourth server (304).
  • the said user information (name surname, etc.), signed contract, certificate information, etc. stored in the database of the fourth server (304) are delivered to the company server (305) to share with the company.
  • the said information stored in the database is not transmitted to the company server (305), and thus this information is not shared with the company.
  • the process of identity sharing by smart contracts without a second intervention is completed under full user control.
  • all of the information mentioned in the above given paragraph are kept in the database of the fourth server (304), but the invention is not limited thereto.
  • a part of the above-mentioned information is stored in the database of the fourth server (304), while another part is stored in another server, preferably the third server (303).
  • all of the information mentioned above is stored both in the database of the fourth server (304) and in another server, preferably the third server (303).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The present invention relates to a personal identification method which provides a legal basis for electronic authentication processes using legally binding electronic signature certificates on blockchain technology. In this method, after the users and the companies are registered to the system (100), an electronic wallet is created for them including a smart contract for the said users and companies and blockchain. Following the registration process, identities of the user are authenticated by electronic signature or mobile signature. Then, when a user registered in the system (100) logs into the web site of a company registered in the system (100), the web site information provided in the smart contract in the company wallet provided in the database of the server system (300) and a QR code generated for that instant by the server system (300) are displayed to the user on the display of the client device (200). The user in turn, swipes the said QR code by means of the camera of the client device (200), confirms or rejects the smart contract in the company wallet, and shares or does not share the information with the said company.

Description

A PERSONAL IDENTIFICATION METHOD COMPRISING
E-SIGNATURE AND BLOCKCHAIN LAYERS
Field of the Invention
The present invention relates to a personal identification method which provides a legal basis for electronic authentication processes using legally binding electronic signature certificates on blockchain technology.
Background of the Invention
The e-signature (electronic signature), which has the same legal validity as the wet- ink signature, is a verification (authentication) method ensuring that the information sent in the electronic transactions does not change in the course of transmission, belongs to the sender, and cannot be denied. For the said e- signature, legal digital identities are created by legally recognized Electronic Certificate Service Providers and/or Qualified Certification Authorities upon request of people by performing identity authentication. The critical information regarding the electronic certificates is delivered to the person within hardware that only the e-signature holders can access with a password. There are as many individuals holding a piece of distributed information as the number of individuals who have been given e- signatures. This information cannot be changed, manipulated or used by anyone other than the authorized person. E-signatures are also disabled when they expire.
The current solutions used for personal identification has a configuration wherein people share their digital identities, which they create by saving their unverified identification information manually into the system according to their declaration, with the relevant persons or institutions. These methods are not subject to any laws and regulations.
In these applications, the identity information added to the system by the individual does not have legal validity. These identities are created by personal statement. They are not verified by any authority, therefore these identities are insecure. Again in these applications, a person can have dozens of digital identities containing different identification information.
The blockchain that has come to the fore by Bitcoin, which is one of the cryptocurrencies, is a distributed database which enables to carry out encrypted transactions and wherein the data are stored in a distributed manner, as in e- signature. With blockchain technology, various e-wallets, such as desktop wallets, mobile wallets, online wallets and hardware wallets are created. Blockchain technology is a technology that is built with a chaining model, which can be tracked but cannot be broken, and allows operation without being connected to a center. Thus, sales transactions can be carried out directly between two parties (i.e. buyer and seller) and in a secure manner. Thus, the intermediaries for the sale transaction are eliminated.
Problems Solved by the Invention
The present invention integrates e- signature or mobile signature with the distributed data in the blockchain with smart contracts, thereby providing a digital identity that the user can, at her/his own discretion, use the desired ID information on the blockchain at any desired time. It is an important advantage that the present invention is the most reliable method available, since it operates on the blockchain and there is a distributed structure in the blockchain as there is in the e-signature.
In the present invention, the fact that the identities, which are previously verified by legally recognized Electronic Certification Service Providers and/or Qualified Certification Authorities, are used provides a high level of security and legal binding in the concerned countries.
By means of the present invention, individuals complete the identification procedure only once, and then can use these identities everywhere. Thus, the necessity of declaring identity to too many places, which has become one of the biggest problems of today, is eliminated.
Some of the advantages brought by the present invention to the individuals can be listed as follows:
- Eliminating the requirement of entering separate passwords, ensuring password security, keeping account information, keeping the information up-to-date,
- Storing the identification information of the individuals in a secure medium,
- The personal information being accessible to only the individuals that they belong,
- Ability to share personal data anytime and anywhere desired.
Some of the advantages brought by the present invention to the companies can be listed as follows:
- Providing easy customer recognition and financial security,
- Minimizing the operational risks,
- Providing high standardization,
- Improving customer experience,
- Reducing the cost of data acquisition,
- Increasing labor and process efficiency,
- Providing the convenience of working with legally recognized data.
Detailed Description of the Invention
A personal identification system and method developed to fulfill the objective of the present invention are illustrated in the accompanying figures, in which; Figure 1 is a flowchart of the inventive personal identification method.
Figure 2 is a schematic of the inventive personal identification system.
The components in the figures are given reference numbers as follows:
100. System
200. Client device
300. Server system
301. First server
302. Second server
303. Third server
304. Fourth server
305. Company server
306. SMTP server
In a preferred embodiment of the present invention, a system (100) used for running the personal identification method of the present invention essentially comprises client devices (200) for entering the user identification information by the users and companies; a server system (300) having a database for storing the user identification information and one or more servers adapted for user authentication; and a wired or wireless communication network to provide the data communication between the client devices (200) and the server system (300).
In one embodiment of the present invention, the client device (200) is an electronic device such as smart phones, tablets, desktop computers, laptop computers, etc., and comprise a display, a data communication module for wired or wireless data communication (e.g. a Wifi ((Wireless Fidelity), Ethernet card, 3G/4G/4.5G... module, GSM module, GPRS module, etc.) and a data input interface (e.g. touch sensitive screen, keyboard, mouse, etc.) for entering user information. The client devices (200) may also comprise an internal or external camera and a biometric data entry unit (such as a fingerprint reader) for entry of biometric data and swiping QR codes. The users may use more than one client device (200), for instance a smart phone and a desktop computer, when using the system (100).
In one embodiment of the invention, the server system (300) comprises a first server (301) adapted to run a website comprising a user interface for the users and companies to be able to perform preregistration by client devices (200) via the said user interface; a second server (302) adapted to run an admin panel for verification of company information; a third server (303) adapted to generate a user wallet for the users and a company wallet for the verified companies; a fourth server (304) comprising a database for saving user and company information and the said wallets; and a company server (305) adapted to run the website of the companies. However, the server system (300) is not limited to these, so it may comprise smaller or greater number of servers and the method steps described in the following paragraphs can be carried out.
In one embodiment of the invention, the server system (300) also includes an SMTP server (306) adapted to send a confirmation e-mail to the e-mail address of the user for confirming the e-mail address of the user.
The personal identification method of the present invention comprises the following steps carried out by using a system (100) essentially comprising client devices (200) including a data input interface and a display for use by the users and companies; a server system (300) having a database and adapted to run a website comprising a user interface; and a communication network to carry out the data communication between the client devices (200) and the server system (300):
For creating a user wallet for the users; a user logging in to the website operated by the server system (300) via the data input interface of a client device (200) and entering the user information into the user interface of the website;
saving the entered user information into the database provided in the server system (300);
the user signing by using an electronic signature or a mobile signature via the data input interface of the client device (200);
client device (200) transmitting the certificate information of said electronic signature or mobile signature to the server system (300) and saving it into the database;
the server system (300) creating a user service agreement and displaying it on the screen of the client device (200);
the user signing the said user service agreement via the client device (200) by using electronic signature or mobile signature information;
the server system (300) creating a user account and a user wallet associated with the said user account and containing blockchain;
the server system (300) creating a smart contract, incorporating the user service agreement signed by the user into said smart contract and saving the said user wallet and the smart contract into the database;
For creating a user wallet for the companies;
the company logging into the website run by the server system (300) via a client device (200) and entering the company information into the user interface of the website;
the server system (300) creating a company user account in accordance with the company information, a company wallet associated with the said company account and containing blockchain, and a smart contract; and saving them into the database;
For authentication of the users,
a user registered in the system (100) logging in to the website of a company registered in the system (100) and recalling a web service; the web service recalling the smart contract in the company wallet provided in the database of the server system (300);
displaying the website information of the company provided in the smart contract and a QR code on the display of the client device (200);
the user logging in to the mobile application of the client device (200) by user account;
swiping the QR code via the camera of the client device (200);
the server system (300) mapping the user by comparing the user wallet information in the database with the user account information used by the user to log in to the mobile application;
the user confirming or rejecting the smart contract in the company wallet, o if the smart contract has been confirmed by the user, incorporating the user information, user certificate and the concerned agreement previously signed by the user into the blockchain in the user wallet stored in the database and sharing the said information with the said company;
o if the smart contract has been rejected by the user, incorporating the information regarding the rejection of the user into the blockchain in the user wallet stored in the database and not sharing the said information with the said company.
In the personal identification method, firstly, the users and companies are registered to the system (100) to have an electronic wallet. The steps related to the said registration process and steps of creating a user/company wallet are provided below.
The users log in to a website, which is run by the first server (301) via the client devices (200) and includes a user interface, and carry out a pre -registration process by inputting the user information (such as name, surname, email address, mobile phone number, and preferably biometric data such as fingerprints) via the user interface of the said website. During this pre-registration process, information about the memberships is transmitted by the first server (301) to the client devices (200) of the users by secure methods, preferably by two-way AES encryption techniques (Advanced Encryption Standard).
The user information entered by the user to the user interface are passed through the proxy and web service layer of the first server (301) and transmitted to the fourth server (304) and are saved in the database in the fourth server (304).
In the next step, preferably a verification e-mail is transmitted by the SMTP server (306) to the e-mail address of the user registered in the database to verify the e- mail address, and after the e-mail is verified by the user (for example by entering a sent link), the data processing on the first server (301) resumes.
In the following step, the users can complete the registration in the system (100) in different ways (for example by using electronic signature, using mobile signature, using information from different systems with which authentication agreement is concluded, or using a cloud signature issued by the European Union Electronic Signature Regulation elDAS (Electronic Identification and Trust Services Regulation)).
In a preferred embodiment of the invention, in order to complete this registration process, the users enter some of the user information (e.g. Turkish Republic identification number and/or mobile phone number) related to the e-signature or mobile signature via the user interface of the said website, and verification is carried out through conventional methods via the client device (200) according to the selected signature. For example, during verification by the e-signature, a code is generated in the website after the user information (e.g. Turkish Republic identification number) is entered to the website and this code is entered to the user interface of an official application installed in the client device (200), and after a pin code predefined to the user for the e-signature is entered, the signing process is performed. During verification by mobile signature, after the user information (e.g. Turkish Republic identification number and/or mobile phone number) is entered to the user interface of the website, a pin code predefined for mobile signature is entered via the mobile client device (200) and verification is carried out.
In this step, if registration by e-signature is selected by the users for completing the registration process, after entering a part of the user information (e.g. Turkish Republic identification number) related to the e- signature, verification of the telephone information preregistered for e-signature can also be enabled via the first server (301). For example, for mobile telephone verification, preferably a random four digit number (in other words, a one-time password) is generated by using an SMS OTP (Short Message Service One-Time Password) service run by the first server (301) and it is sent by the SMS OTP service to the mobile client device (200) of the user. When this number is entered by the user to the user interface of the said website, it is compared with the number (one-time password) sent to the user, thereby carrying out verification of the mobile telephone number. As a result of the verification, the e-signature user information (name, surname, telephone number, e-mail address, etc.) and certificate information are passed through the proxy and web service layer of the first server (301) and transmitted to the fourth server (304) and saved into the database.
If the users have selected registration by mobile signature instead of e-signature for completing the registration process, the user enters some of the user information (e.g. Turkish Republic identification number and mobile telephone number) related to the mobile signature. Since the mobile telephone number is already verified, an additional verification method is not required, and the user information (name, surname, telephone number, e-mail address, etc.) and certificate information are passed through the proxy and web service layer of the first server (301) and transmitted to the fourth server (304) and saved into the database. In the two alternative embodiments mentioned above, the user information to be saved in the database is retrieved from the certificate in the e- signature or mobile signature. The information in the said certificate is the information which is previously generated by the Electronic Certificate Service Providers and/or Qualified Certificate Authorities. Therefore, all of the information in the certificate are considered correct and saved into the system (100) as the user information. This user information cannot be changed afterwards by the user or by a different person/institution.
In a next step, a user service agreement is created by the first server (301) and is displayed to the user on the display of the client device (200). The said user service agreement is signed by using e-signature or mobile signature (in other words, the agreement is signed by using the services related to the signing libraries). The signed user service agreement is passed through the proxy and web service layer of the first server (301) and transmitted to the third server (303). A user wallet (in other words, an electronic wallet) is created by the third server (303) simultaneously with the user account (e.g. user name and password) by using a user account specific to this user and blockchain technology. Simultaneously with creating the user wallet, a smart contract is generated by the third server (303) within the user wallet and the user service agreement signed by the user is incorporated into the smart contract. This contract cannot be edited or changed afterwards.
The user wallet and the smart contract that are created are transmitted to the fourth server (304) and saved in the database. Another person/institution cannot interfere with the user wallet created with the said user information.
The users can access their user accounts, in other words their user wallets, via the client device (200) by the user account information (user name and passwords) or biometric data (e.g. face, iris, retina, voice, fingerprint, palm print), and thus use the system. In one embodiment of the present invention, the users can log in to their user accounts via the client devices (200), through for example a website opened on a web browser installed in a desktop computer, tablet or mobile device, or through an official application/program installed on these devices by means of their user name and passwords or biometric data (e.g. face recognition via telephone camera, voice recognition via microphone, fingerprint recognition by fingerprint reader, etc.). Furthermore, the users can use the system (100) by camera and barcode via the said official applications installed on the client device (200), and by push notifications via any other applications.
Companies wishing to use the system (100) of the present invention should also subscribe to the system (100). For this purpose, an authorized operator in the companies carries out a pre-registration to the system (100) by using a client device (200) via the user interface of a website run by the first server (301). For registration to the system (100), as an alternative to the said website, pre registration can also be performed via mobile applications or by conventional methods. Information about the memberships is delivered to the client devices (200) of the companies by secure methods (e.g., duplex AES encryption techniques).
The company information entered during the above-mentioned registration process (for example, the title, address, telephone number, e-mail address of the company) is passed to the proxy and web service layers of the first server (301) and transmitted to the fourth server (304) and stored in the database. After this registration process, an authorized person in the system (100) issues a confirmation for the company wishing to be registered to the system (100) via an admin panel on the second server (302). When the said company registration is confirmed, this confirmation information is transmitted to the third server (303), and a company user account (e.g. company user name and password) and a company wallet associated with this company user account is created by using blockchain technology. In addition to this company wallet, a smart contract containing the web site information of the said company is created, and the company user account, company wallet and smart contract are transmitted to the fourth server (304) and saved in the database.
Companies can update their company information and logos by logging in with the company user account via the user interface of the website run by the first server (301). This updated information passes through the proxy layer of the first server (301) and transmitted to the web service and then transmitted to the fourth server (304) via the web service and saved in the database. In the present invention, companies are integrated to the system (100) via web services.
The companies define their ApiKeys (Application Programming Interface Key) and the restrictions required to access these ApiKeys by means of the ApiKey generation function on the first server (301). This information is saved in the database on the fourth server (304) again via the proxy and web services.
All of the web services mentioned in this system (100) are positioned so as to provide services preferably via HTTPS protocol (Secure Hypertext Transfer Protocol). The functions other than the login process convey the user name and password information (authorization data) to the web services. Services that can be recalled without user login are isolated from the other services.
After the user and company registration process is completed, when the users intend to perform authentication for the concerned website, mobile application, etc., they recall a web service by means of a client device (200) through a recall link on the user interface of a web page of the company or by swiping a QR code. The said web service recalls the smart contract from the company wallet that is saved in the database of the fourth server (304). The said smart contract displays the site information on the user application screen and provides confirm and reject buttons. The company then generates a QR code for the said user specific to that instant, and publishes it on the verification screen of the website. The said QR code generation process takes place as follows: the company uses ApiKey in iframe on its web page, and then retrieves the QR code information (company and time information encrypted by the AES encryption technique) from the first server (301) and publishes it preferably on its web site for a certain period of time (e.g. 30 seconds). In other words, the related web services on the first server (301) are recalled and the said web services retrieve the company information in the database of the fourth server (304) and process this information into a QR code. Thus, a QR code specific to that instant is generated for a user who logs in to the web site of the concerned company for authentication.
The user logs in to the mobile application of a client device (200) via the user account information (e.g. user name and password) or biometric data, and uses the camera of the client device (200) to swipe the QR code via the QR code swiping feature within the application; and according to preference, confirms or rejects the said smart contract and thus shares or declines to share the information (signed contract, certificate information, etc.).
When the smart contract is approved (confirmed) or rejected by the user, the web services on the first server (301) map the user by comparing the user walletid in the fourth server (304) with the user account information (for example, user name and password) with which the user logged in to the mobile application. If approved by the user, the user information (for example, the user's name and surname), the user certificate, and the said agreement previously signed by the user are added by the third server (303) to the blockchain in the user wallet stored in the database of the fourth server (304). If the smart contract is not approved by the user, the information that the user did not approve the contract is saved into the blockchain in the said user wallet again via the third server (303). These operations are then saved into the database of the fourth server (304). When the users approve the smart contract, the said user information (name surname, etc.), signed contract, certificate information, etc. stored in the database of the fourth server (304) are delivered to the company server (305) to share with the company. When the smart contract is not approved by the users, the said information stored in the database is not transmitted to the company server (305), and thus this information is not shared with the company. Thus, the process of identity sharing by smart contracts without a second intervention is completed under full user control.
In the preferred embodiment of the invention, all of the information mentioned in the above given paragraph (user information (name, surname, etc.), signed contract, certificate information, etc.) are kept in the database of the fourth server (304), but the invention is not limited thereto. In one embodiment of the invention, a part of the above-mentioned information is stored in the database of the fourth server (304), while another part is stored in another server, preferably the third server (303). In another embodiment of the invention, all of the information mentioned above is stored both in the database of the fourth server (304) and in another server, preferably the third server (303).

Claims

1. A personal identification method comprising the following steps carried out by using a system (100) essentially comprising client devices (200) including a data input interface and a display for use by the users and companies; a server system (300) having a database and adapted to run a website comprising a user interface; and a communication network to carry out the data communication between the client devices (200) and the server system (300):
for creating a user wallet for the users;
a user logging in to the website operated by the server system (30) via the data input interface of a client device (200) and entering the user information into the user interface of the website;
saving the entered user information into the database provided in the server system (300);
the user signing into the said website by using an electronic signature or a mobile signature information via the data input interface of the client device (200);
client device (200) transmitting the certificate information of said electronic signature or mobile signature to the server system (300) and saving it into the database;
the server system (300) creating a user service agreement and displaying it on the screen of the client device (200);
the user signing the said user service agreement via the client device (200) by using electronic signature or mobile signature;
the server system (300) creating a user account and a user wallet associated with the said user account and containing blockchain;
the server system (300) creating a smart contract, incorporating the user service agreement signed by the user into said smart contract and saving the said user wallet and the smart contract into the database;
for creating a user wallet for the companies; the company logging into the website run by the server system (300) via a client device (200) and entering the company information into the user interface of the website;
the server system (300) creating a company user account in accordance with the company information, a company wallet associated with the said company account and containing blockchain, and a smart contract; and saving them into the database;
for authentication of the users,
a user registered in the system (100) logging in to the website of a company registered in the system (100) and recalling a web service;
the web service recalling the smart contract in the company wallet provided in the database of the server system (300);
displaying the website information of the company provided in the smart contract and a QR code on the display of the client device (200);
the user logging in to the mobile application of the client device (200) by user account;
swiping the QR code via the camera of the client device (200);
the server system (300) mapping the user by comparing the user wallet information in the database with the user account information used by the user to log in to the mobile application;
the user confirming or rejecting the smart contract in the company wallet, if the smart contract has been confirmed by the user, incorporating the user information, user certificate and the concerned agreement previously signed by the user into the blockchain in the user wallet stored in the database and sharing the said information with the said company;
if the smart contract has been rejected by the user, incorporating the information regarding the rejection of the user into the blockchain in the user wallet stored in the database and not sharing the said information with the said company.
2. Personal identification method according to Claim 1 comprising, after the step of the user logging in to the web site run by the server system (300) via a client device (200) and entering the user information to the user interface of the web site, the step of sending a verification e-mail by the SMTP server (306) to the e-mail address of the user to verify the e-mail address and thereby verifying the e-mail of the user.
3. Personal identification method according to Claim 1 comprising the step of sending a one-time verification password to the telephone number of the user for verification of the telephone information, if the electronic signature information is entered in the step of the user logging in to the said web site by using an electronic signature or a mobile signature.
4. Personal identification method according to Claim 1, characterized by the step of the server system (300) retrieving the company and time information from the database and generating a QR code which is valid for a certain period of time, in the step of displaying the web site information of the company in the smart contract and a QR code on the display of the client device (200).
EP19845920.8A 2018-06-07 2019-05-31 A personal identification method comprising e-signature and blockchain layers Withdrawn EP3811253A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
TR2018/08119A TR201808119A2 (en) 2018-06-07 2018-06-07 METHOD OF IDENTIFICATION OF E-SIGNATURE AND BLOCKCHAIN LAYERS
PCT/TR2019/050410 WO2020076261A1 (en) 2018-06-07 2019-05-31 A personal identification method comprising e-signature and blockchain layers

Publications (1)

Publication Number Publication Date
EP3811253A1 true EP3811253A1 (en) 2021-04-28

Family

ID=64605880

Family Applications (1)

Application Number Title Priority Date Filing Date
EP19845920.8A Withdrawn EP3811253A1 (en) 2018-06-07 2019-05-31 A personal identification method comprising e-signature and blockchain layers

Country Status (3)

Country Link
EP (1) EP3811253A1 (en)
TR (1) TR201808119A2 (en)
WO (1) WO2020076261A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110046482A (en) * 2018-12-25 2019-07-23 阿里巴巴集团控股有限公司 Identity verification method and its system
CN111614687A (en) * 2020-05-26 2020-09-01 牛津(海南)区块链研究院有限公司 Identity verification method, system and related device

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3292484B1 (en) * 2015-05-05 2021-07-07 Ping Identity Corporation Identity management service using a block chain
EP3424179B1 (en) * 2016-03-04 2022-02-16 Ping Identity Corporation Method and system for authenticated login using static or dynamic codes
CN108064440B (en) * 2017-05-25 2021-04-09 达闼机器人有限公司 FIDO authentication method, device and system based on block chain

Also Published As

Publication number Publication date
TR201808119A2 (en) 2018-07-23
WO2020076261A1 (en) 2020-04-16

Similar Documents

Publication Publication Date Title
US9870453B2 (en) Direct authentication system and method via trusted authenticators
US20200211002A1 (en) System and method for authorization token generation and transaction validation
US8407112B2 (en) Transaction authorisation system and method
EP2062210B1 (en) Transaction authorisation system & method
US8296562B2 (en) Out of band system and method for authentication
US11763304B1 (en) User and entity authentication through an information storage and communication system
US20110145899A1 (en) Single Action Authentication via Mobile Devices
KR20090051147A (en) Internet settlement system
KR20210039920A (en) Mobile communication terminal for personal authentification, personal authentification system and personal authentification method using the mobile communication terminal
US20140047233A1 (en) System and methods for automated transaction key generation and authentication
US10489565B2 (en) Compromise alert and reissuance
US12008568B1 (en) Systems and methods for an authorized identification system
WO2010050192A1 (en) Password reissuing method
WO2020076261A1 (en) A personal identification method comprising e-signature and blockchain layers
US20200045043A1 (en) Biometric One Touch System
KR20080011989A (en) System and method for processing electronic election(or vote), server for processing electronic election(or vote) and program recording medium
Agwanyanjaba Enhanced Mobile Banking Security: Implementing Transaction Authorization Mechanism Via USSD Push.
US20230362009A1 (en) User identification and authentication method and system
US11863980B1 (en) Authentication and authorization for access to soft and hard assets
CN117981274A (en) Remote identity interaction
KR20180120017A (en) Finacial system and method managing security medium thereof

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20201209

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN

18W Application withdrawn

Effective date: 20210527