EP4237957A1 - Système, procédé et produit programme informatique d'authentification d'utilisateurs finaux de service numérique - Google Patents

Système, procédé et produit programme informatique d'authentification d'utilisateurs finaux de service numérique

Info

Publication number
EP4237957A1
EP4237957A1 EP21795017.9A EP21795017A EP4237957A1 EP 4237957 A1 EP4237957 A1 EP 4237957A1 EP 21795017 A EP21795017 A EP 21795017A EP 4237957 A1 EP4237957 A1 EP 4237957A1
Authority
EP
European Patent Office
Prior art keywords
data
user
digital service
service providers
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP21795017.9A
Other languages
German (de)
English (en)
Inventor
Ron ATZMON
Sergey MARKIN
Benjamin NEEMAN
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Au10tix Ltd
Original Assignee
Au10tix Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Au10tix Ltd filed Critical Au10tix Ltd
Publication of EP4237957A1 publication Critical patent/EP4237957A1/fr
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/12Fingerprints or palmprints
    • G06V40/1365Matching; Classification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/901Indexing; Data structures therefor; Storage structures
    • G06F16/9024Graphs; Linked lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V10/00Arrangements for image or video recognition or understanding
    • G06V10/94Hardware or software architectures specially adapted for image or video understanding
    • G06V10/95Hardware or software architectures specially adapted for image or video understanding structured as a network, e.g. client-server architectures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/16Human faces, e.g. facial parts, sketches or expressions
    • G06V40/172Classification, e.g. identification

Definitions

  • h sottvpesr e//imgne-ddiiugmita.clo-imde/bnltoitcieksc/hain-blog/blockchain-based-authentication-of-devices-and-
  • the present invention relates generally to computer systems, and more particularly to digital services.
  • ''blockchain can be used as an authentication provider.
  • users register their identity on the blockchain.
  • This registered identity is a piece of information that contains hashes of several identity related attributes. For example their name, governance registration number, finger print or other biometric information.
  • After that such a user can go to a recognized party, which verify the hashes earlier registered on the blockchain and let the recognizing party “sponsor” that piece of information as the truth on the blockchain.
  • Other parties which trust the particular recognizing party can now trust the identity on the blockchain and use it as an authentication or identification mechanism.
  • This scenario includes a challenge as it still requires a trust between different parties (the sponsors and parties that recognize them as a trusted sponsor) which still isn ’t ideal. It is however a nice idea and a good start.”
  • Token-based authentication is a known security technique that "authenticates the users who attempt to log in to a server, a network, or some other secure system, using a security token provided by the server.
  • the service validates the security token and processes the user request" e.g. as described here: http://windowsbulletin.com/files/exe/horoquartz/token-server.
  • Liveness detection algorithms which facilitate biometric identification e.g. face or voice recognition by distinguishing live persons from photos, videos, masks or other non-live presentations, are known.
  • Certain embodiments seek to provide a network and associated data repository whose members include digital service providers and at least one authentication provider wherein data regarding ID documents and regarding behavior of bearers of the ID documents, who are now would-be end-users of a given digital service provider as well as having been, in the past, would-be or actual end-users of another digital service provider, are stored in memory thereby to generate a digital twin or entity for each enduser, and/or are shared between the members (e.g. are provided by the given provider to the other digital service provider, typically subject to a smart or automatically enforced contract governing such exchanges of data over the network.
  • Certain embodiments seek to provide a system, e.g. an All Inclusive Identity Management System (AIIMS) where people can own, use and protect their digital identity and/or presence.
  • AIIMS All Inclusive Identity Management System
  • the customer after the onboarding phase has typically registered his ID, and may then use his ID without physically presenting the ID.
  • Certain embodiments seek to provide a blockchain infrastructure which checks authenticity of a document, such as a passport or driving license, and/or its owner, without needing to repeatedly provide a physical/digital document e.g. to third party (e.g. authentication and/or onboarding) services, typically taking advantage of the fact that blockchain records or blocks are immutable e.g. once written, they cannot easily be deleted or modified.
  • third party e.g. authentication and/or onboarding
  • circuitry typically comprising at least one processor in communication with at least one memory, with instructions stored in such memory executed by the processor to provide functionalities which are described herein in detail. Any functionality described herein may be firmware-implemented or processor-implemented, as appropriate.
  • any reference herein to, or recitation of, an operation being performed is intended to include both an embodiment where the operation is performed in its entirety by a server A, and also to include any type of “outsourcing” or “cloud” embodiments in which the operation, or portions thereof, is or are performed by a remote processor P (or several such), which may be deployed off-shore or “on a cloud”, and an output of the operation is then communicated to, e.g. over a suitable computer network, and used by, server A.
  • the remote processor P may not, itself, perform all of the operations, and, instead, the remote processor P itself may receive output/s of portion/s of the operations from yet another processor/s P', may be deployed off-shore relative to P, or “on a cloud”, and so forth.
  • Embodiment 1 An system providing end-user authentication e.g. via a network e.g. for digital service providers, the system comprising: a data repository e.g. blockchain stored in computer memory, which typically includes plural records or blocks, and which is typically open or accessible to plural digital service providers each having end-users and each typically having end-user authentication functionality, thereby to allow the plural digital service providers to collaborate, e.g.
  • a data repository e.g. blockchain stored in computer memory, which typically includes plural records or blocks, and which is typically open or accessible to plural digital service providers each having end-users and each typically having end-user authentication functionality, thereby to allow the plural digital service providers to collaborate, e.g.
  • the blockchain is open or accessible only to digital service providers which are end-users of a software platform or web service which registers such providers and provides each such provider (and typically only these registered providers) with a secure data communication channel to the blockchain.
  • transaction data stored in each block includes all or any subset of the transaction’s end user’s name, her or his credit card number and expiration date, the identity of the digital service provider p, the end-user’s authentication history e.g. Has s/he been authenticated or declined in the past via the platform, when applying to use digital services provided by p or by digital service providers, registered with the platform, other than p.
  • Embodiment 2 The system according to any of the preceding embodiments wherein an online/mobile ID document image authentication and onboarding platform performs initial registration.
  • Embodiment 3 The system according to any of the preceding embodiments wherein the initial registration includes prompting an end user aka customer to upload an image of their ID card.
  • Embodiment 4 The system according to any of the preceding embodiments wherein the initial registration includes prompting an end user aka customer to allow or authorize collection and checks of their biometric information.
  • Embodiment 5 The system according to any of the preceding embodiments wherein the biometric information includes at least one of face, liveness, voice, fingerprint.
  • Embodiment 6 The system according to any of the preceding embodiments wherein the initial registration includes prompting an end user aka customer to upload images of POA (proof of address) documents.
  • POA proof of address
  • Embodiment 7 The system according to any of the preceding embodiments including functionality configured for background data drilling of customer information.
  • Embodiment 8 The system according to any of the preceding embodiments wherein the data drilling includes address verification vis a vis POA documents.
  • Embodiment 9 The system according to any of the preceding embodiments wherein the data drilling includes checking whether the customer appears on sanctions or PEPS (politically exposed persons (PEP) typically comprising current or former senior officials) lists known to the system.
  • PEPS politically exposed persons
  • Embodiment 10 The system according to any of the preceding embodiments wherein the data drilling includes EDD (Enhanced Due Diligence).
  • EDD Enhanced Due Diligence
  • Embodiment 11 The system according to any of the preceding embodiments wherein the Due Diligence includes a credit check.
  • Embodiment 12 The system according to any of the preceding embodiments wherein the Due Diligence includes address database validation.
  • Embodiment 13 The system according to any of the preceding embodiments wherein the Due Diligence includes income validation.
  • Embodiment 14 The system according to any of the preceding embodiments wherein the Due Diligence includes Due Diligence re employment history.
  • Embodiment 15 The system according to any of the preceding embodiments wherein the Due Diligence includes Due Diligence re education history.
  • Embodiment 16 The system according to any of the preceding embodiments and also comprising web client software which allows an end user to select a client via which the end user desires to authenticate e.g. if plural authentication providers are available.
  • Embodiment 17 The system according to any of the preceding embodiments and also comprising server software which authenticates or declines each end-user seeking authentication.
  • each authentication provider associated with the platform has its own server software.
  • Embodiment 18 The system according to any of the preceding embodiments wherein each end-user E, once presenting ID documents, a token certifying E's identity is computed accordingly, e.g. by a provider P from among the plural digital service providers, and is sent to the end-user E, e.g. by the provider, for storage in an electronic device e.g. Smartphone that E has, and subsequently, at least one subsequent transaction e.g. with a provider other than provider P, authenticates the user E responsive to user E's presentation of the token.
  • a token certifying E's identity is computed accordingly, e.g. by a provider P from among the plural digital service providers, and is sent to the end-user E, e.g. by the provider, for storage in an electronic device e.g. Smartphone that E has, and subsequently, at least one subsequent transaction e.g. with a provider other than provider P, authenticates the user E responsive to user E's presentation of the token.
  • Embodiment 19 The system according to any of the preceding embodiments wherein at least some digital service providers having end-user authentication functionality, use an authentication provider, and wherein at least two of the digital service providers use the same authentication provider.
  • Embodiment 20 A method of operation for digital service providers, the method comprising: providing data regarding an entity wherein the entity includes an ID document and a bearer thereof wherein the data includes data regarding the ID document and data regarding the bearer; and determining whether or not to authenticate the entity by applying logic to the data regarding the ID document and the data regarding the bearer.
  • Embodiment 21 A method according to any of the preceding embodiments wherein the data regarding the bearer includes pattern characteristics of the bearer's online activity.
  • Embodiment 22 A method according to any of the preceding embodiments wherein the data regarding a given bearer is associated in memory with data regarding an ID card presented by the bearer, thereby to generate a digital twin of the entity, in memory.
  • Embodiment 23 The system of any of the preceding embodiments wherein the plural digital service providers are interconnected by a private network to which access of non-member digital service providers is restricted, and wherein a contract is provided to automatically enforce rules governing exchange of data regarding authentication of digital service would-be end-users, between member digital service providers, and wherein the exchange of data allows a request for digital services provided by a would-be end-user E to service provider P at time T to benefit from data collected by at least one service provider P' in the network other than P, responsive to at least one request for digital services by would-be end user E to at least service provider P' at at least one time t preceding time T.
  • Embodiment 24 The system of any of the preceding embodiments wherein an authentication provider which serves plural digital service providers in the network is also part of (e.g. a node within) the network.
  • Embodiment 25 A method according to any of the preceding embodiments and wherein the data is stored in a data repository e.g. blockchain which includes plural records or blocks, and which is typically open or accessible to plural digital service providers each having end-users and each having end-user authentication functionality, thereby to allow the plural digital service providers to collaborate, relying on each others' previous end-user authentications, enhancing quality of and/or reducing cost of end-user authentication without placing any additional burden on the digital service providers' end users.
  • a data repository e.g. blockchain which includes plural records or blocks, and which is typically open or accessible to plural digital service providers each having end-users and each having end-user authentication functionality, thereby to allow the plural digital service providers to collaborate, relying on each others' previous end-user authentications, enhancing quality of and/or reducing cost of end-user authentication without placing any additional burden on the digital service providers' end users.
  • Embodiment 26 A method according to any of the preceding embodiments and wherein client side software allows an individual digital service provider to add an individual transaction between the digital service provider and an end user of the provider, as a new record or block, to the data repository e.g. blockchain, thereby to provide an end-user authentication network or consortium for digital service providers.
  • client side software allows an individual digital service provider to add an individual transaction between the digital service provider and an end user of the provider, as a new record or block, to the data repository e.g. blockchain, thereby to provide an end-user authentication network or consortium for digital service providers.
  • Embodiment 27 The system of any of the preceding embodiments wherein the digital service providers are configured for providing data regarding an entity wherein the entity includes an ID document and a bearer thereof wherein the data includes data regarding the ID document and data regarding the bearer; and determining whether or not to authenticate the entity by applying logic to the data regarding the ID document and the data regarding the bearer.
  • Embodiment 28 The system according to any of the preceding embodiments wherein the data drilling includes social media checks.
  • Embodiment 29 A computer program product, comprising a non-transitory tangible computer readable medium having computer readable program code embodied therein, the computer readable program code adapted to be executed to implement a method of operation for digital service providers, the method comprising providing data regarding an entity wherein the entity includes an ID document and a bearer thereof wherein the data includes data regarding the ID document and data regarding the bearer; and determining whether or not to authenticate the entity by applying logic to the data regarding the ID document and the data regarding the bearer.
  • a computer program comprising computer program code means for performing any of the methods shown and described herein when the program is run on at least one computer; and a computer program product, comprising a typically non-transitory computer-usable or -readable medium e.g. non-transitory computer -usable or -readable storage medium, typically tangible, having a computer readable program code embodied therein, the computer readable program code adapted to be executed to implement any or all of the methods shown and described herein.
  • the operations in accordance with the teachings herein may be performed by at least one computer specially constructed for the desired purposes or general purpose computer specially configured for the desired purpose by at least one computer program stored in a typically non-transitory computer readable storage medium.
  • the term "non-transitory” is used herein to exclude transitory, propagating signals or waves, but to otherwise include any volatile or non-volatile computer memory technology suitable to the application.
  • processor/s, display and input means may be used to process, display e.g. on a computer screen or other computer output device, store, and accept information such as information used by or generated by any of the methods and apparatus shown and described herein; the above processor/s, display and input means including computer programs, in accordance with all or any subset of the embodiments of the present invention.
  • any or all functionalities of the invention shown and described herein, such as but not limited to operations within flowcharts, may be performed by any one or more of: at least one conventional personal computer processor, workstation or other programmable device or computer or electronic computing device or processor, either general-purpose or specifically constructed, used for processing; a computer display screen and/or printer and/or speaker for displaying; machine -readable memory such as flash drives, optical disks, CDROMs, DVDs, BluRays, magnetic -optical discs or other discs; RAMs, ROMs, EPROMs, EEPROMs, magnetic or optical or other cards, for storing, and keyboard or mouse for accepting.
  • at least one conventional personal computer processor, workstation or other programmable device or computer or electronic computing device or processor either general-purpose or specifically constructed, used for processing
  • a computer display screen and/or printer and/or speaker for displaying
  • machine -readable memory such as flash drives, optical disks, CDROMs, DVDs, BluRays, magnetic -optical discs or other disc
  • Modules illustrated and described herein may include any one or combination or plurality of: a server, a data processor, a memory/computer storage, a communication interface (wireless (e.g. BLE) or wired (e.g. USB)), a computer program stored in memory/computer storage.
  • a server e.g. BLE
  • a communication interface wireless (e.g. BLE) or wired (e.g. USB)
  • a computer program stored in memory/computer storage.
  • processor is intended to include any type of computation or manipulation or transformation of data represented as physical, e.g. electronic, phenomena which may occur or reside e.g. within registers and/or memories of at least one computer or processor.
  • processor is intended to include a plurality of processing units which may be distributed or remote
  • server is intended to include plural typically interconnected modules running on plural respective servers, and so forth.
  • the above devices may communicate via any conventional wired or wireless digital communication means, e.g. via a wired or cellular telephone network, or a computer network such as the Internet.
  • the apparatus of the present invention may include, according to certain embodiments of the invention, machine readable memory containing or otherwise storing a program of instructions which, when executed by the machine, implements all or any subset of the apparatus, methods, features and functionalities of the invention shown and described herein.
  • the apparatus of the present invention may include, according to certain embodiments of the invention, a program as above which may be written in any conventional programming language, and optionally a machine for executing the program, such as but not limited to a general purpose computer which may optionally be configured or activated in accordance with the teachings of the present invention. Any of the teachings incorporated herein may, wherever suitable, operate on signals representative of physical objects or substances.
  • the term “computer” should be broadly construed to cover any kind of electronic device with data processing capabilities, including, by way of non-limiting example, personal computers, servers, embedded cores, computing system, communication devices, processors (e.g. digital signal processor (DSP), microcontrollers, field programmable gate array (FPGA), application specific integrated circuit (ASIC), etc.) and other electronic computing devices.
  • DSP digital signal processor
  • FPGA field programmable gate array
  • ASIC application specific integrated circuit
  • Any reference to a computer, controller or processor is intended to include one or more hardware devices e.g. chips, which may be co-located or remote from one another.
  • Any controller or processor may for example comprise at least one CPU, DSP, FPGA or ASIC, suitably configured in accordance with the logic and functionalities described herein.
  • processor/s or controller/s configured as per the described feature or logic or functionality, even if the processor/s or controller/s are not specifically illustrated for simplicity.
  • the controller or processor may be implemented in hardware, e.g., using one or more Application-Specific Integrated Circuits (ASICs) or Field-Programmable Gate Arrays (FPGAs), or may comprise a microprocessor that runs suitable software, or a combination of hardware and software elements.
  • ASICs Application-Specific Integrated Circuits
  • FPGAs Field-Programmable Gate Arrays
  • an element or feature may exist is intended to include (a) embodiments in which the element or feature exists; (b) embodiments in which the element or feature does not exist; and (c) embodiments in which the element or feature exist selectably e.g. a user may configure or select whether the element or feature does or does not exist.
  • Any suitable input device such as but not limited to a sensor, may be used to generate or otherwise provide information received by the apparatus and methods shown and described herein.
  • Any suitable output device or display may be used to display or output information generated by the apparatus and methods shown and described herein.
  • Any suitable processor/s may be employed to compute or generate information as described herein and/or to perform functionalities described herein and/or to implement any engine, interface or other system illustrated or described herein.
  • Any suitable computerized data storage e.g. computer memory, may be used to store information received by or generated by the systems shown and described herein.
  • Functionalities shown and described herein may be divided between a server computer and a plurality of client computers. These or any other computerized components shown and described herein may communicate between themselves via a suitable computer network.
  • the system shown and described herein may include user interface/s e.g. as described herein which may for example include all or any subset of: an interactive voice response interface, automated response tool, speech-to-text transcription system, automated digital or electronic interface having interactive visual components, web portal, visual interface loaded as web page/s or screen/s from server/s via communication network/s to a web browser or other application downloaded onto a user's device, automated speech-to-text conversion tool, including a front-end interface portion thereof and back-end logic interacting therewith.
  • user interface or “UI” as used herein includes also the underlying logic which controls the data presented to the user e.g. by the system display and receives and processes and/or provides to other modules herein, data entered by a user e.g. using her or his workstation/device.
  • arrows between modules may be implemented as APIs and any suitable technology may be used for interconnecting functional components or modules illustrated herein in a suitable sequence or order e.g. via a suitable API/Interface.
  • state of the art tools may be employed, such as but not limited to Apache Thrift and Avro which provide remote call support.
  • a standard communication protocol may be employed, such as but not limited to HTTP or MQTT, and may be combined with a standard data format, such as but not limited to JSON or XML.
  • Methods and systems included in the scope of the present invention may include any subset or all of the functional blocks shown in the specifically illustrated implementations by way of example, in any suitable order e.g. as shown.
  • Flows may include all or any subset of the illustrated operations, suitably ordered e.g. as shown.
  • Tables herein may include all or any subset of the fields and/or records and/or cells and/or rows and/or columns described.
  • Computational, functional or logical components described and illustrated herein can be implemented in various forms, for example, as hardware circuits such as but not limited to custom VLSI circuits or gate arrays or programmable hardware devices such as but not limited to FPGAs, or as software program code stored on at least one tangible or intangible computer readable medium and executable by at least one processor, or any suitable combination thereof.
  • a specific functional component may be formed by one particular sequence of software code, or by a plurality of such, which collectively act or behave or act as described herein with reference to the functional component in question.
  • the component may be distributed over several code sequences such as but not limited to objects, procedures, functions, routines and programs and may originate from several computer files which typically operate synergistically.
  • Each functionality or method herein may be implemented in software (e.g. for execution on suitable processing hardware such as a microprocessor or digital signal processor), firmware, hardware (using any conventional hardware technology such as Integrated Circuit technology), or any combination thereof.
  • modules or functionality described herein may comprise a suitably configured hardware component or circuitry.
  • modules or functionality described herein may be performed by a general purpose computer or more generally by a suitable microprocessor, configured in accordance with methods shown and described herein, or any suitable subset, in any suitable order, of the operations included in such methods, or in accordance with methods known in the art.
  • Any logical functionality described herein may be implemented as a real time application, if and as appropriate, and which may employ any suitable architectural option such as but not limited to FPGA, ASIC or DSP, or any suitable combination thereof.
  • Any hardware component mentioned herein may in fact include either one or more hardware devices e.g. chips, which may be co-located or remote from one another.
  • Any method described herein is intended to include within the scope of the embodiments of the present invention also any software or computer program performing all or any subset of the method’s operations, including a mobile application, platform or operating system e.g. as stored in a medium, as well as combining the computer program with a hardware device to perform all or any subset of the operations of the method.
  • Data can be stored on one or more tangible or intangible computer readable media stored at one or more different locations, different network nodes, or different storage devices at a single node or location.
  • Suitable computer data storage or information retention apparatus may include apparatus which is primary, secondary, tertiary or off-line; which is of any type or level or amount or category of volatility, differentiation, mutability, accessibility, addressability, capacity, performance and energy use; and which is based on any suitable technologies such as semiconductor, magnetic, optical, paper and others.
  • references to “organizations” may be replaced by “digital service providers”, and vice versa, since all of these variations are within the scope of the embodiments herein.
  • Digital services are intended to include a wide variety of services such as, say, refunds, cancelling payments, updating payment methods, purchasing or other transactions, licensing, seeking a loan, games, car registration, subscribing to a newsletter, transferring money, streaming music, etc.
  • digital services are delivered via the Internet or electronic network (e.g. smart phone app), and are fully or partly automated; no human intervention may be required with the end-user, and the back- office may be fully automated.
  • a system is now described which yields or grows a community of digital service providers, such as, say, Google, Paypal, and the like, which cooperates e.g. as described herein to yield more efficient authentication of end-users, as knowledge regarding known clients or end-users (e.g. whether certain end-users have been authenticated in prior transactions) and/or known digital service providers evolves with time.
  • a single authentication provider serves plural or all members of the community.
  • At least one authentication provider is used, often a single authentication provider, which is used by plural digital services and even for plural digital service providers, even if the data is decentralized.
  • the data can be updated.
  • the authentication provider may be based on blockchain technology, yet is not decentralized.
  • the authentication provider may serve as a central facility controlling identities and/or may support an end user’s request for a new identity and/or to have her /his old identity marked as stolen or lost e.g. in the blockchain.
  • the knowledge may be stored as a blockchain.
  • a log is maintained to record each time that a given organization accesses the knowledge e.g. blockchain.
  • Each block in the blockchain may include documentation of a given request by a given end-user to be authenticated to use a given digital service. And/or, each block in the blockchain may include documentation of what is known about the authenticity of a given end-user.
  • the authentication provider may check, e.g. using neural nets, the end-user’s online activity for patterns, since each end-user’s behavior or online activity is typically characterized by certain features e.g. his activity may occur mostly on certain days, or times of day, or may use certain currencies, or may involve points of sale in a specific geographic region.
  • the authentication provider may compare the end-user seeking to be authenticated as Joe George to stored data regarding the behavior of Joe George.
  • the authentication provider’s logic may be configured to decline to authenticate the end-user as Joe George, if the end-user seeking to be thus authenticated differs in his behavior from what is known about Joe George (typically based on system-defined (e.g.
  • thresholds which may, if exceeded, indicate differences which are pronounced enough or large enough to suggest (e.g. at a certain level of confidence) that Joe George is not really Joe George, or is not really a person at all).
  • the end-user seeking to be thus authenticated may be found to be operating on a different day, and/or at a different time of day, and/or using a different currency, than Joe George is known from the system to normally do.
  • Joe George may be found to lack any patterns of behavior at all (his activity is found to lack any lasting or habitual characteristics e.g. no fixed currency or location or times of activity or language preference etc.), suggesting that Joe George is not a real person at all.
  • the authentication provider’s logic may be configured to successfully authenticate the end-user as Joe George, if the behavior of the end-user seeking to be thus authenticated conforms to what is known to the system about Joe George, for example, if the end-user seeking to be thus authenticated is now operating on the same day, and time of day, and using the same currency, that Joe George normally does.
  • blockchain herein is intended to include any sequence or chain of blocks, wherein each n'th block, for all n, contains a cryptographic hash of a previous block e.g. of block n-1 (such that the data in any given block b, once added to the blockchain, cannot be altered retroactively without altering all blocks B > b), and/or a timestamp, and/or transaction data which may be represented as a Merkle tree.
  • the blockchain is typically an open, distributed ledger that can record transactions between plural e.g. two parties.
  • the blockchain is typically managed by a peer-to-peer network including plural peers, all of which adhere to a protocol for inter-node communication and/or for validating new blocks.
  • the method of operation of the system may include two stages: Onboarding, and/or Transactions.
  • End-users may onboard onto a service, typically via a digital service providing organization e.g. PayPal.
  • Onboarding may include all or any subset of: a. Initial registration where an end user (e.g. of a digital service provider) aka customer is prompted to
  • a suitable online/mobile ID document image authentication and onboarding platform such as but not limited to BOS (Back Office Service) or platforms by, say, Onfido or civic.com.
  • the platform may use neural nets to check the end-user’s activity (since each end-user’s behavior is typically characterized by certain features e.g. his online activity (or certain types of online activity) may occur mostly on certain days, or times of day, or may use certain currencies, or may involve points of sale in a specific geographic region.
  • b.Background data drilling of the customer information e.g.
  • Public API such as, say: https://www.lifewire.com/search-engines-that-top-the-web-3482269 https://www.interpol.int/en/How-we-work/Notices/View-Red-Notices
  • PEPS politically exposed persons.
  • PEPS typically comprise current or former senior officials lists known to the system
  • Social media checks e.g. whether a given end-user was linked to criminal behavior).
  • Address verification e.g. from POA documents); for example to check whether a given end-user, Joe, indeed lives at the address that appears on a document that Joe has presented.
  • POA Proof of Address
  • the end-user's or customer's name and current residential address appear on the POA document which is typically dated, and may, for example, be a utilities e.g. water or gas bill, an Internet bill, or a Bank Account Statement.
  • EDD Enhanced Due Diligence
  • the due diligence may include all or any subset of: credit check and/or enhanced address database validation and/or income validation and/or due diligence re employment history and/or due diligence re education history.
  • onboarding includes providing each end-user who onboards a given digital service, with a token.
  • Cloud IAM is a Cloud Identity and Access Management service, by IBM, which is used to manage user logins. Each user who logs into cloud IAM may receive a token which can then be used to prove the user's identity, thus securely authenticating users for any platform services enabled to use IBM Cloud IAM for access control. This enables control of users' access to resources consistently across the IBM Cloud.
  • an application programming interface key (API key) comprising unique code is passed to an API to identify the calling application or user.
  • API keys may be used as a secret token for authentication.
  • a user API key may be used to generate a token. Each user treats her or his user API key as a secret not to be shared.
  • a private certificate is generated for the onboarding end-user, e.g. on her or his mobile device.
  • the token is always signed with a certificate.
  • the token may be provided by the server or by the client (e.g. depending on the business scenario).
  • An end-user or customer aka end customer, typically initializes transaction with a digital services provider (e.g. PayPal or Google or Amazon or Uber or AirB&B or Payoneer) aka "service provider”.
  • a digital services provider e.g. PayPal or Google or Amazon or Uber or AirB&B or Payoneer
  • a customer passes the onboarding token s/he received during onboarding to the system of the present invention via the digital services provider, aka SP.
  • the system of the present invention then extracts the customer's existing customer record from the blockchain.
  • the customer is prompted or directed to undergo a biometric check, thereby to generate biometric results which are compared to biometric data in the customer's existing record as extracted.
  • a result typically with or without data (service level dependent), may be passed back to the provider.
  • a transaction may then take place.
  • Transaction details such as date, time, amount, unique identifier of transaction and/or of end user within at least one organization, may be added to the blockchain record.
  • Data in the customer record may be subdivided e.g. into:
  • Type 1 data PII obtained directly from the customer and/or his ID. It is appreciated that personally identifiable information (PII) may include name, social security number, date and place of birth, mother's maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information, or even an IP address.
  • Type 2 data or secondary information which is mined e.g. by the system of the present invention, typically from public records and/or social media.
  • Type 1 may only be available to the specific digital services provider or SP, whereas Type 2 could be shared with other digital services providers or SP's e.g. to provide a retroactive view on end users.
  • the system of the present invention may include all or any subset of: a. Client side - e.g. Mobile SDK (Android and iOS). Typically, private information is saved only at this user side.
  • the client is typically the digital service provider’s or organization’s end-user.
  • the client or end-user interacts with a digital service of a digital service provider (SP) such as, say, Paypal.
  • SP digital service provider
  • Functionality provided by the backend of a service provider may include aulOtix BOS functionality.
  • Web client Again here the client is typically the digital service provider’s or organization’s end-user.
  • Server Side all or any subset of:
  • Authentication provider e.g. BOS available from AU10TIX
  • a service provider may be frontend for the customer.
  • Blockchain infrastructure e.g. Azure Blockchain as a MS Service
  • the server side may be involved in all or any subset of operations 1, 4, 5, 6, 7 herein.
  • Azure Blockchain Workbench allows blockchain applications to be generated that represent multi-party workflows defined by configuration and smart contract code, e.g. by performing the following activities:
  • the flow performed after onboarding, or the operations performed in stage 2 or transaction phase may include all or any subset of the following operations, suitably ordered e.g. as follows: la. the system of the present invention forms a set e.g. pair of values for the client, including all or any subset of: a hash of the token, a hash of the client's personal data and, optionally, the token and/or a token generated by combining these hashes.
  • the token may be a combination of hashes of an onboarding token and a personal data token.
  • the set or pair of values formed in operation la is put or stored in a suitable digital environment e.g. an open and decentralized database such as a blockchain, which typically supports public-key cryptography, thereby to allow users to sign off for the transaction.
  • a smart contract (e.g. Ethereum Smart Contract) may be employed using known techniques for smart contracts in blockchain e.g. as described in the following tutorial: https://www.bitdegree.org/crypto/tutorials/what-is-a-smart-contract)
  • each such contract includes all or any subset of the following 3 objects:
  • the first object is digital signatures of each of the plural "signatories" to the smart contract, each of whom indicates whether they agree with the terms of the smart contract, using their respective digital signatures.
  • the second object is the contract's "subject”.
  • the third object is terms, described using a suitable programming language appropriate for the smart contract’s environment and including requirements expected from the participating parties e.g. signatories , and/or rules, rewards and/or punishments associated with the requirements. .
  • the client or end-user applies for service in the organization or digital service provider e.g. PayPal, Google, etc.
  • the organization e.g. PayPal or other digital service provider may be one of the signatories to the smart contract, and/or each PayPal end-user may sign a contract.
  • smart contract signatures may or may not be per organization.
  • the organization provides the client with an interface for entering personal data and choosing an API to an authentication provider via which the client would like to identify (e.g. via an AulOtix API).
  • Client or end-user is redirected to the (remote) authentication provider s/he has selected, e.g. to the AulOtix service API, for authentication (authorization).
  • the authentication provider e.g. AulOtix BOS performs authentication using its own authentication mechanism (such as but not limited to two-factor authentication and/or biometrics). Information from the blockchain may or may not be used by the authentication provider to perform this authentication.
  • the authentication provider encrypts the client's token using the organization public key. For example, if the authentication provider is aulOtix BOS, the client or end user's token may be encrypted using the aulOtix public key.
  • the client token as encrypted is sent to the organization e.g. PayPal, Google, etc. typically via a smart contract (e.g. the contract described above) to record the fact that the token was transferred.
  • a smart contract e.g. the contract described above
  • the authentication provider, and/or the organization may be configured for creating a message with an encrypted token .
  • the message is received and decrypted e.g. by organization, according to a suitable protocol, typically using the token's private key (of organization); key vaults may be used, or any other scheme for managing storage of private keys.
  • Organization generates and sends message aka request e.g. with a token hash and/or a hash of personal data (typically provided by the client through the organization's interface e.g. the interface of PayPal, Google, etc.) that has been stored or shared between client and organization, and/or the token; each request aka message typically includes a token hash, personal data hash, and may also include the token itself.
  • a token hash and/or a hash of personal data typically provided by the client through the organization's interface e.g. the interface of PayPal, Google, etc.
  • the smart contract records the fact that reconciliation was successful, and sends the response (e.g. that the client or end-user has been successfully identified) to the organization e.g. PayPal, Google, etc.
  • the organization receives the response indicating successful identification of the client.
  • the organization e.g. PayPal, Google, etc. provides service to the client or end-user.
  • the digital service provider need not (necessarily) ask her or him "What are the 4 digits on the back of your card?” and other such processes, because the client already has the token (e.g. as received in operation 1).
  • PayPal is an organization which includes the following digital service providers: Donate with PayPal PayPal Credit PayPal Ventures
  • active(liveness) and/or passive tests may be administered during onboarding phase of the system herein and/or during transaction phase.
  • active tests, not (or not just) passive tests are used for data comparison.
  • data is encrypted and stored on a blockchain to facilitate subsequent derivation of timeline behavior anomalies; this functionality may for example be provided during, after, or before operations 5 and/or 11 described herein.
  • This functionality may use conventional anomaly detection techniques, and/or other data mining techniques.
  • Conventional anomaly detection includes e.g. densitybased techniques (k-nearest neighbor, local outlier factor, isolation forests, subspace-, correlation-based or tensor-based outlier detection for high-dimensional data, one-class support vector machines, replicator neural networks, autoencoders, variational autoencoders, long short-term memory neural networks, Bayesian Networks, Hidden Markov models (HMMs), cluster analysis-based outlier detection, deviations from association rules and frequent item sets, fuzzy logic-based outlier detection and ensemble techniques, which may use feature bagging, score normalization and/or different sources of diversity.
  • HMMs Hidden Markov models
  • cluster analysis-based outlier detection deviations from association rules and frequent item sets
  • fuzzy logic-based outlier detection and ensemble techniques which may use feature bagging, score normalization and/or different sources of diversity.
  • a result (end user x was/was not authenticated) of an operation performed by an authentication provider at time t may be stored in a block pertaining to end user x seeking to use digital service s 1 , and may be re-used when enduser x again seeks authentication at time T later than t, in order to use, again, digital service si or in order to use a digital service s2 which differs from si.
  • re-use of such a result is determined by logic which may take into account, for example, how much later is T than t, and/or the value (e.g. dollar amount) of the transaction, and so forth.
  • Any suitable logic may be provided to ensure privacy of would-be digital service end-users applying for digital services e.g. to obtain consent of such end-users, as part of their application to one of the digital service providers, that certain data regarding those end-users e.g. results of authentication checks about an end-user, but perhaps not (or less than all of) the input data regarding the end-user that was fed to the authentication check, may be shared between participating digital service providers.
  • the input data regarding the end-user may include end-user characteristics describing or quantifying the end-user's data network behavior such as but not limited to the currency s/he does or does not use (or is more or less likely to use), hours or days in which s/he is more or less likely to be active, biometric data presented in the past, and the end-user's geographic or information network (topological) location.
  • an end-user's characteristics are immutably associated, in memory, e.g. via blockchain, with data regarding at least one identity document presented by the end-user e.g.
  • an image of that identity document or data derived by an authentication service on behalf of a digital service provider such as the country and type (driving license, passport, etc.) and version and subversion of the identity document.
  • a digital entity which includes both a document and a person (hence may serve as a digital twin of the person bearing the document), an entity which is represented digitally by data regarding (e.g. derived from an image of) the document and data (historical e.g. regarding data network behavior) regarding the person.
  • logic determines whether or not to authenticate a certain entity (typically including an ID document and a bearer thereof who presents the ID document) typically by verifying authenticity of the ID document and also by verifying that the behavior exhibited by the bearer, and the behavior of whoever presented the same document in the past (where sameness may, say, be defined as an ID document sharing the same country, type of document and unique identifier or serial numbers and perhaps having the same photo) is consistent, using predetermined or learned definitions of consistency.
  • Data stored regarding the bearer may include biometric data provided in the past and may include an indication of whether the biometric data was provided remotely or was obtained under supervised conditions e.g.
  • Any suitable process may be used to gather data regarding the bearer who presents a given ID document, including but not limited to data gathered during sessions of the would-be applicant with member digital service providers who have served the would-be applicant in the past (e.g. have accepted payment from her or him) or have denied the would-be applicant services in the past.
  • Any suitable deep learning process may be used to analyze available data, including historical data, regarding ID documents and bearers thereof.
  • Any suitable logic may be provided to facilitate sharing, typically by consent, between owners (e.g. members or participating digital service providers), of data regarding their would-be end-users (e.g. results of authentication checks about a would- be end-user (applicant to use digital services provided by a given member) but perhaps not (or less than all of) the input data regarding the end-user that was fed to the authentication check).
  • Data shared between digital service providers who are members of the system or "consortium" described herein may provide (including sell) anonymized data regarding their would-be end-users (typically contingent on the end-users' having provided informed consent) to other members.
  • Members may be connected to a point system, such that each authorization of use of data regarding a would-be end-user of theirs, rewards these members with points that can be redeemed in accordance with suitable logic e.g. if digital service provider x authorized use of data about 10 past would-be end users of theirs, digital service provider x is entitled to receive data about 10 new would-be end users of theirs, from other digital service providers.
  • Each "transaction" stored in the blockchain may store data regarding an application of a would-be digital service end-user to the provider of that service, and may include data regarding the would-be user including his behavior, and data regarding the would-be user's ID document, all of which may be stored in a single block and all of which may be hashed together.
  • references to blockchain herein are actually intended to be merely by way of example, and to include alternatives and variations of blockchain, including any system allowing digital information to be recorded and distributed, but not edited, or any ledger which may be distributed, may be decentralized and may be public.
  • An example of a distributed database is MongoDB with replica-sets enabled, or Azure cosmosDB.
  • IPFS is an example of a distributed filesystem. Variations within the scope of the invention include a suitable typically centralized database that may use distributed ledger technology to store data e.g.
  • Any user of or entrant to the network may require permission from a trusted party and/or a defined logical combination of existing users to read and/or write and/or audit the data e.g. blockchain.
  • a single, or plural levels of access may be supported.
  • a private Blockchain may be used for data storage and a public Blockchain to monitor transactions, or vice versa.
  • Metadata of files may be stored on a blockchain (or variation of or alternative thereto), whereas the files themselves may be stored off-chain e.g. via DHT e.g. using a peer to-peer network. Any cryptographic algorithm may be used to digitally sign blockchain transactions, and these are packed into the blocks of the ledger.
  • the transactions in the Blockchain may or may not, after a given period of time, be grouped into time-stamped blocks each of which may be further encrypted and may be stored in a decentralized database. Any data transfer or transaction in the network may be required to undergo a consensus protocol such as but not limited to Proof of Work (PoW) or Proof of Stake (PoS) or Proof of Authority.
  • PoW Proof of Work
  • PoS Proof of Stake
  • the system includes logic, allowing each member digital service provider the option to agree to share data they have collected regarding would-be end users of their services, with other member digital service providers.
  • a member digital service provider is verified as an authentic user, that member is no longer required to re-establish their identity in the network, facilitating their own transactions (e.g.
  • Data regarding an end-user may be encoded as an address to send a blockchain transaction to, so that the data is then in the blockchain without using a payload field inside the transaction.
  • Data may or may not be stored on every node of the blockchain. Hashes of the data (which are smaller than the data itself, typically) and/or a portion (less than the entirety of) of the data may be stored on the blockchain, instead of the data itself.
  • Querying data from the blockchain may for example include downloading a transaction identified by its ID or hash.
  • the transaction ID may for example be stored in a dedicated column in a relational database.
  • the system may operate in a cloud. Any suitable known technologies may be used for running, maintaining, operating, upgrading and monitoring the blockchain networks in a cloud-based system.
  • Blockchain-as-a-service platforms are available from Microsoft (Azure) , IBM (blockchain platform), EDF and others.
  • the system may use a combined distributed/blockchain database model to yield a combined software stack, wherein the blockchain stack provides all or any subset of decentralized administration, immutability and enhanced assets, and the distributed database provides scalability and data processing speed.
  • Distributed storage may be used.
  • Centralized storage combined with blockchain hashes may be used e.g. by generating a platform which stores content on a server rented from a hosting company, and then, each time new data or a new document is added to the system, a transaction is recorded on the blockchain, and the data or document gets a unique hash.
  • P2P data sharing networks e.g.
  • IPFS Interplanetary File Storage System
  • Swarm and Arweave block weave
  • files may be stored on individual users’ servers and drives and may each be addressed by a unique hash associated therewith.
  • Permissioned or private blockchains may be designed in any suitable way and may define data storage to be free. The design may or may not allow the private blockchain creator to maintain full control; non-creator users may or may not have control.
  • the system may be designed to provide data and events infrastructure that runs across company firewalls associated with the various digital service provider users. External coordination web services may or may not be used.
  • the system may comprise a blockchain client that operates with existing operational systems such as but not limited to Prometheus and Helm. Kubernetes may be used to operate blockchains within Monax.
  • Cluster administration logic may be provided e.g. to ensure that the blockchain acts as a client which conforms to a given monitoring and alerting system, and/or that the blockchain's logs can be handled by a given log management system. Any suitable technology may be used to handle key management and node identity e.g. using Kubernetes secrets or using HSM solutions.
  • the blockchain network may be a cluster or extranet or closed system or may use a meta-blockchain protocol which moves authenticated data and/or events across plural blockchains, yielding a routing layer on top of plural extranets.
  • the system may connect to public blockchains e.g. via meta-blockchain protocols.
  • Each block may store transaction data e.g. date, time the block was added to the blockchain; data about who is participating in transactions e.g. a transaction in which a would-be end-user applies to a digital service provider and is or is not authenticated, or a transaction in which one digital service provider shares data about a given would-be enduser of that provider's services, with another digital service provider.
  • Participants' identifiers may comprise a digital signature or username.
  • Each block may store a unique code e.g. “hash” or other cryptographic code that is not stored by any other block.
  • Access to identifying information on end-users may be limited to the end-users' digital signature or username.
  • Each block has a position on the chain or “height.”
  • each block once added to the end of the chain, contains its own hash, as well as the hash of at least one block before it.
  • Any suitable tests may be used for computers that want to join and add blocks to the chain e.g. “consensus models” such as “proof of work.”
  • the system may or may not be fully peer-to-peer and may or may not involve a trusted third party.
  • System members may be required to run a program which includes a public key and a private key.
  • the public key may represent a location where transactions are deposited to and withdrawn from and may appear on the blockchain ledger as the user’s digital signature or confidential unique identifier.
  • the public key may be generated from, e.g. be a shortened version of, their private key. Complexity may be such as to render generation of a private key from a public key, which is practically impossible, yielding confidentiality of data.
  • data e.g. about certain end-users and/or their ID documents
  • data is generated, signed, and written into a blockchain, encoded and stored with a private key, to limit accessibility to that data e.g. only by certain entities such as certain blockchain members, perhaps subject to certain conditions.
  • Any code or logic may be built into the blockchain and used as a Smart Contract to facilitate, verify, or negotiate a contract, as per conditions that blockchain members agreed to. Typically, if and when those conditions are met, the code automatically carries out terms of the agreement (e.g. automatically provides certain particulars of an end-user of one member and digital service provider, to another member.
  • Each module or component or processor may be centralized in a single physical location or physical device or distributed over several physical locations or physical devices.
  • electromagnetic signals in accordance with the description herein. These may carry computer-readable instructions for performing any or all of the operations of any of the methods shown and described herein, in any suitable order including simultaneous performance of suitable groups of operations, as appropriate. Included in the scope of the present disclosure, inter alia, are machine -readable instructions for performing any or all of the operations of any of the methods shown and described herein, in any suitable order; program storage devices readable by machine, tangibly embodying a program of instructions executable by the machine to perform any or all of the operations of any of the methods shown and described herein, in any suitable order i.e.
  • a computer program product comprising a computer useable medium having computer readable program code, such as executable code, having embodied therein, and/or including computer readable program code for performing, any or all of the operations of any of the methods shown and described herein, in any suitable order; any technical effects brought about by any or all of the operations of any of the methods shown and described herein, when performed in any suitable order; any suitable apparatus or device or combination of such, programmed to perform, alone or in combination, any or all of the operations of any of the methods shown and described herein, in any suitable order; electronic devices each including at least one processor and/or cooperating input device and/or output device and operative to perform e.g.
  • Any computer-readable or machine -readable media described herein is intended to include non-transitory computer- or machine -readable media.
  • Any computations or other forms of analysis described herein may be performed by a suitable computerized method. Any operation or functionality described herein may be wholly or partially computer-implemented e.g. by one or more processors.
  • the invention shown and described herein may include (a) using a computerized method to identify a solution to any of the problems or for any of the objectives described herein, the solution optionally including at least one of a decision, an action, a product, a service or any other information described herein that impacts, in a positive manner, a problem or objectives described herein; and (b) outputting the solution.
  • the system may, if desired, be implemented as a web-based system employing software, computers, routers and telecommunications equipment, as appropriate. Any suitable deployment may be employed to provide functionalities e.g. software functionalities shown and described herein.
  • a server may store certain applications, for download to clients, which are executed at the client side, the server side serving only as a storehouse.
  • Any or all functionalities e.g. software functionalities shown and described herein may be deployed in a cloud environment.
  • Clients e.g. mobile communication devices such as smartphones, may be operatively associated with, but external to the cloud.
  • the scope of the present invention is not limited to structures and functions specifically described herein, and is also intended to include devices which have the capacity to yield a structure, or perform a function, described herein, such that even though users of the device may not use the capacity, they are, if they so desire, able to modify the device to obtain the structure or function.
  • any “if -then” logic described herein is intended to include embodiments in which a processor is programmed to repeatedly determine whether condition x, which is sometimes true and sometimes false, is currently true or false, and to perform y each time x is determined to be true, thereby to yield a processor which performs y at least once, typically on an “if and only if’ basis e.g. triggered only by determinations that x is true, and never by determinations that x is false.
  • Any determination of a state or condition described herein, and/or other data generated herein, may be harnessed for any suitable technical effect.
  • the determination may be transmitted or fed to any suitable hardware, firmware or software module, which is known or which is described herein to have capabilities to perform a technical operation responsive to the state or condition.
  • the technical operation may for example comprise changing the state or condition, or may more generally cause any outcome which is technically advantageous given the state or condition or data, and/or may prevent at least one outcome which is disadvantageous given the state or condition or data.
  • an alert may be provided to an appropriate human operator or to an appropriate external system.
  • a system embodiment is intended to include a corresponding process embodiment and vice versa.
  • each system embodiment is intended to include a server- centered “view” or client centered “view”, or “view” from any other node of the system, of the entire functionality of the system, computer-readable medium, apparatus, including only those functionalities performed at that server or client or node.
  • Features may also be combined with features known in the art and particularly although not limited to those described in the Background section or in publications mentioned therein.
  • features of the invention including operations, which are described for brevity in the context of a single embodiment or in a certain order, may be provided separately or in any suitable sub-combination, including with features known in the art (particularly although not limited to those described in the Background section or in publications mentioned therein) or in a different order, "e.g.” is used herein in the sense of a specific example which is not intended to be limiting.
  • Each method may comprise all or any subset of the operations illustrated or described, suitably ordered e.g. as illustrated or described herein.
  • Devices, apparatus or systems shown coupled in any of the drawings may in fact be integrated into a single platform in certain embodiments, or may be coupled via any appropriate wired or wireless coupling such as but not limited to optical fiber, Ethernet, Wireless LAN, HomePNA, power line communication, cell phone, Smart Phone (e.g. iPhone), Tablet, Laptop, PDA, Blackberry GPRS, Satellite including GPS, or other mobile delivery.
  • any appropriate wired or wireless coupling such as but not limited to optical fiber, Ethernet, Wireless LAN, HomePNA, power line communication, cell phone, Smart Phone (e.g. iPhone), Tablet, Laptop, PDA, Blackberry GPRS, Satellite including GPS, or other mobile delivery.
  • functionalities described or illustrated as systems and sub-units thereof can also be provided as methods and operations therewithin
  • functionalities described or illustrated as methods and operations therewithin can also be provided as systems and sub-units thereof.
  • the scale used to illustrate various elements in the drawings is merely exemplary and/or appropriate for clarity of presentation and is not intended to be limiting.
  • Any suitable communication may be employed between separate units herein e.g. wired data communication and/or in short-range radio communication with sensors such as cameras e.g. via WiFi, Bluetooth or Zigbee.
  • Any processing functionality illustrated (or described herein) may be executed by any device having a processor, such as but not limited to a mobile telephone, set-top- box, TV, remote desktop computer, game console, tablet, mobile e.g. laptop or other computer terminal, embedded remote unit, which may either be networked itself (may itself be a node in a conventional communication network e.g.) or may be conventionally tethered to a networked device (to a device which is a node in a conventional communication network or is tethered directly or indirectly/ultimately to such a node).
  • a processor such as but not limited to a mobile telephone, set-top- box, TV, remote desktop computer, game console, tablet, mobile e.g. laptop or other computer terminal, embedded remote unit, which may either be networked itself (may itself be a node in a conventional communication network e.g.) or may be conventionally tethered to a networked device (to a device which is a node
  • processor or controller or module or logic as used herein are intended to include hardware such as computer microprocessors or hardware processors, which typically have digital memory and processing capacity, such as those available from, say Intel and Advanced Micro Devices (AMD), any operation or functionality or computation or logic described herein may be implemented entirely or in any part on any suitable circuitry including any such computer microprocessor/s as well as in firmware or in hardware or any combination thereof.
  • AMD Intel and Advanced Micro Devices
  • any modules, blocks, operations or functionalities described herein which are, for brevity, described in the context of a single embodiment, may also be provided separately or in any suitable sub-combination, including with features known in the art.
  • Each element e.g. operation described herein may have all characteristics and attributes described or illustrated herein or according to other embodiments, may have any subset of the characteristics or attributes described herein.
  • apps referred to herein may include a cell app, mobile app, computer app or any other application software. Any application may be bundled with a computer and its system software, or published separately.
  • phone and similar used herein is not intended to be limiting and may be replaced or augmented by any device having a processor, such as but not limited to a mobile telephone, or also set-top-box, TV, remote desktop computer, game console, tablet, mobile e.g. laptop or other computer terminal, embedded remote unit, which may either be networked itself (may itself be a node in a conventional communication network e.g.) or may be conventionally tethered to a networked device (to a device which is a node in a conventional communication network or is tethered directly or indirectly /ultimately to such a node).
  • the computing device may even be disconnected from e.g., WiFi, Bluetooth etc. but may be tethered directly or ultimately to a networked device.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Multimedia (AREA)
  • Software Systems (AREA)
  • Human Computer Interaction (AREA)
  • Data Mining & Analysis (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Oral & Maxillofacial Surgery (AREA)
  • Health & Medical Sciences (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

Système fournissant un réseau d'authentification d'utilisateur final pour des fournisseurs de services numériques, le système comprenant un référentiel de données, par exemple une chaîne de blocs stockée dans une mémoire d'ordinateur, qui comprend des enregistrements ou des blocs, et qui est généralement ouverte ou accessible à plusieurs fournisseurs de services numériques, chacun ayant généralement des utilisateurs finaux et ayant chacun généralement une fonctionnalité d'authentification d'utilisateur final, pour permettre aux multiples fournisseurs de services numériques de collaborer, généralement en se basant sur les authentifications d'utilisateur final précédentes d'autres utilisateurs, ce qui améliore généralement la qualité de l'authentification de l'utilisateur final sur les utilisateurs finaux des fournisseurs de services et/ou réduit le coût de ladite authentification; et/ou un logiciel côté client contenu dans un processeur matériel qui permet généralement à un fournisseur de services numériques individuels d'ajouter une transaction individuelle typiquement entre le fournisseur de services et un utilisateur final du fournisseur, par exemple sous la forme d'un nouvel enregistrement ou d'un nouveau bloc, au référentiel de données, par exemple une chaîne de blocs, pour fournir un réseau ou un consortium d'authentification d'utilisateur final, par exemple pour des fournisseurs de services.
EP21795017.9A 2020-10-29 2021-10-06 Système, procédé et produit programme informatique d'authentification d'utilisateurs finaux de service numérique Pending EP4237957A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US202063107285P 2020-10-29 2020-10-29
PCT/IL2021/051200 WO2022091076A1 (fr) 2020-10-29 2021-10-06 Système, procédé et produit programme informatique d'authentification d'utilisateurs finaux de service numérique

Publications (1)

Publication Number Publication Date
EP4237957A1 true EP4237957A1 (fr) 2023-09-06

Family

ID=78302870

Family Applications (1)

Application Number Title Priority Date Filing Date
EP21795017.9A Pending EP4237957A1 (fr) 2020-10-29 2021-10-06 Système, procédé et produit programme informatique d'authentification d'utilisateurs finaux de service numérique

Country Status (2)

Country Link
EP (1) EP4237957A1 (fr)
WO (1) WO2022091076A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114612103B (zh) * 2022-05-10 2022-08-02 中国信息通信研究院 跨区块链交易的方法、装置、系统、介质及电子设备

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210126794A1 (en) * 2018-04-30 2021-04-29 Shyft Network Inc. Methods, apparatus and system for identification verification
US20200026834A1 (en) * 2018-07-23 2020-01-23 One Kosmos Inc. Blockchain identity safe and authentication system

Also Published As

Publication number Publication date
WO2022091076A1 (fr) 2022-05-05

Similar Documents

Publication Publication Date Title
US10484178B2 (en) Systems and methods for providing a universal decentralized solution for verification of users with cross-verification features
US11030621B2 (en) System to enable contactless access to a transaction terminal using a process data network
US10887098B2 (en) System for digital identity authentication and methods of use
US10902425B2 (en) System and method for biometric credit based on blockchain
US10404675B2 (en) Elastic authentication system
US10679215B2 (en) System for control of device identity and usage in a process data network
CN108701276B (zh) 用于管理数字身份的系统和方法
US20180343120A1 (en) Systems and methods for providing a universal decentralized solution for verification of users with cross-verification features
US20160162897A1 (en) System and method for user authentication using crypto-currency transactions as access tokens
US20170293898A1 (en) Static ctyptographic currency value
US11876801B2 (en) User ID codes for online verification
WO2019099486A1 (fr) Système d'authentification d'identité numérique et procédés d'utilisation
US20220405765A1 (en) Know your customer (kyc) and anti-money laundering (aml) verification in a multi-decentralized private blockchains network
Bergquist Blockchain technology and smart contracts: privacy-preserving tools
Kikitamara et al. Digital identity management on blockchain for open model energy system
WO2022020384A1 (fr) Techniques de stockage sécurisées utilisant des grands livres répartis en consortium
Garg Distributed ecosystem for identity management
WO2019209291A1 (fr) Systèmes et procédés pour la fourniture d'une solution décentralisée universelle destinée à la vérification d'utilisateurs possédant des caractéristiques de vérification croisée
WO2022091076A1 (fr) Système, procédé et produit programme informatique d'authentification d'utilisateurs finaux de service numérique
WO2019209286A1 (fr) Systèmes et procédés de fourniture d'une solution décentralisée universelle de vérification d'utilisateurs par des caractéristiques de vérification croisée
Banerjee An in-depth look at blockchain technology: Architecture and security concerns
US20160117787A1 (en) System and method for testator-mediated inheritor-driven inheritance planning
US12013924B1 (en) Non-repudiable proof of digital identity verification
US12107957B2 (en) Point-of-service digital identity verification device
US20240195629A1 (en) Verification platform for online digital identity

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20230530

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)