NZ774635B2 - Methods and systems for identity creation, verification and management - Google Patents

Methods and systems for identity creation, verification and management Download PDF

Info

Publication number
NZ774635B2
NZ774635B2 NZ774635A NZ77463516A NZ774635B2 NZ 774635 B2 NZ774635 B2 NZ 774635B2 NZ 774635 A NZ774635 A NZ 774635A NZ 77463516 A NZ77463516 A NZ 77463516A NZ 774635 B2 NZ774635 B2 NZ 774635B2
Authority
NZ
New Zealand
Prior art keywords
identity
data
identifier
smart contract
distributed ledger
Prior art date
Application number
NZ774635A
Other versions
NZ774635A (en
Inventor
FAIDELLA David COSTA
Scott Ryan MANUEL
Marco Pierleoni
Robert Joseph Schukai
Jason A Thomas
Original Assignee
Financial & Risk Organisation Limited
Filing date
Publication date
Application filed by Financial & Risk Organisation Limited filed Critical Financial & Risk Organisation Limited
Priority claimed from US15/283,993 external-priority patent/US10248783B2/en
Publication of NZ774635A publication Critical patent/NZ774635A/en
Publication of NZ774635B2 publication Critical patent/NZ774635B2/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • G06F21/645Protecting data integrity, e.g. using checksums, certificates or signatures using a third party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Abstract

method of verifying an identity, the method comprising: generating, by an identity system, an identity token incorporating an identifier representing identity data of an identity generated for an individual by an identity provider, the incorporated identifier being stored in a data structure associated with program instructions of a smart contract of a distributed ledger system, the data structure and the program instructions of the smart contract being stored in on a ledger of the distributed ledger system; providing, by the identity system at an interface of the identity system to a user system of the individual, the generated identity token to the user system; receiving, by the identity system at an interface of the identity system to a restricted access system, data extracted from an identity token received by the restricted access system from the user system; determining, by invoking by the identity system execution of the program instructions of the smart contract by a processor of the distributed ledger system, wherein the program instructions of the smart contract comprise an identity verification function, whether at least a portion of the extracted data matches the identifier stored in the data structure of the smart contract on the ledger of the distributed ledger system; and outputting, by the identity system at the interface to the restricted access system, an indication of a validity of the identity generated by the identify provider based on the determination.

Claims (26)

WHAT IS CLAIMED IS:
1. A method of verifying an identity, the method comprising: generating, by an identity system, an identity token incorporating an identifier representing identity data of an identity generated for an individual by an identity provider, the identity data being validated by the identity provider, the incorporated identifier being stored in a data structure associated with program instructions of a smart contract of a distributed ledger system, the data structure and the program instructions of the smart contract being stored in on a ledger of the distributed ledger system; providing, by the identity system at an interface of the identity system to a user system of the individual, the generated identity token to the user system; receiving, by the identity system at an interface of the identity system to a restricted access system, data extracted from an identity token received by the restricted access system from the user system; determining, by invoking by the identity system execution of the program instructions of the smart contract by a processor of the distributed ledger system, wherein the program instructions of the smart contract comprise an identity verification function, whether at least a portion of the extracted data matches the identifier stored in the data structure of the smart contract on the ledger of the distributed ledger system; and outputting, by the identity system at the interface to the restricted access system, an indication of a validity of the identity generated by the identity provider based on the determination.
2. The method of claim 1, wherein when the data structure containing the extracted identifier is stored on the blockchain, the indication includes that the identity is valid, and when the data structure containing the extracted identifier is not stored on the blockchain, the indication includes that the identity is invalid.
3. The method of claim 1, wherein the ledger of the distributed ledger system is a blockchain.
4. The method of claim 1, wherein the identifier representing the identity data includes a cryptographic hash of the identity data.
5. The method of claim 1, wherein the determining includes providing the identifier representing the identity data as an input to the identity verification function of the smart contract.
6. The method of claim 5, wherein the identity verification function returns the indication of the validity of the identity associated with the identity data.
7. The method of claim 1, wherein the determining determines that the identifier does not exist on the ledger, and the indication indicates that the identity associated with the identity data is invalid.
8. The method of claim 1, wherein the determining determines that the identifier does exist on the ledger, and the indication indicates that the identity associated with the identity data is valid.
9. The method of claim 1, wherein the indication indicates a current status of the identity.
10. The method of claim 9, wherein the current status includes at least one of: an indication of whether the identity has been revoked, or an indication of an expiration date of the identity.
11. The method of claim 1, wherein the identity data includes at least one of: a name of the individual, an identification number of the identity of the individual, or an address of the individual.
12. The method of claim 1, wherein the identity data includes at least one representation of a biometric trait of an individual.
13. The method of claim 12, wherein the representation of the biometric trait includes at least one of: a picture of the individual, a fingerprint of the individual, a facial pattern of the individual, an iris pattern of the individual, a retina pattern of the individual, a representation of a voice of the individual, or a deoxyribonucleic acid (DNA) pattern of the individual.
14. The method of claim 1, wherein the identity data is validated by an identity provider that provides the identity.
15. The method of claim 1, wherein the identity token includes, in addition to the identifier, at least one of: an identification of the identity provider, or a digital signature of the identity provider.
16. The method of claim 1, wherein the data extracted from the identity token further includes a digital signature of the identity provider, and the method further comprises verifying the digital signature using a public key of the identity provider.
17. The method of claim 1, further comprising receiving, by the identity system at a second interface from an identity provider system, the identity data.
18. The method of claim 1, further comprising storing, by the identity system, the identifier representing the identity data on the ledger.
19. At least one non-transitory, machine-readable storage medium having program instructions, which when executed by at least one processor causes a method of providing identity services to be performed, the method comprising: generating, by an identity system, an identity token incorporating an identifier representing identity data of an identity generated for an individual by an identity provider, the identity data being validated by the identity provider, the incorporated identifier being stored in a data structure associated with program instructions of a smart contract of a distributed ledger system, the data structure and the program instructions of the smart contract being stored on a ledger of the distributed ledger system; providing, by the identity system at an interface of the identity system to a user system of the individual, the generated identity token to the user system; receiving, by the identity system at an interface of the identity system to a restricted access system, data extracted from an identity token received by the restricted access system from the user system; determining, by invoking by the identity system execution of the program instructions of the smart contract by a processor of the distributed ledger system, wherein the program instructions of the smart contract comprise an identity verification function, whether at least a portion of the extracted data matches the identifier stored in the data structure of the smart contract on the ledger of the distributed ledger system; and outputting, by the identity system at the interface to the restricted access system, an indication of a validity of the identity generated by the identity provider based on the determination.
20. The non-transitory machine readable storage medium of claim 19, wherein the identifier representing the identity data includes a cryptographic hash of the identity data.
21. The non-transitory machine readable storage medium of claim 19, wherein the ledger of the distributed ledger system is a blockchain.
22. The non-transitory machine readable storage medium of claim 19, wherein when the data structure containing the extracted identifier is stored on the distributed ledger, the indication includes that the identity is valid, and when the data structure containing the extracted identifier is not stored on the distributed ledger, the indication includes that the identity is invalid.
23. A system, comprising: at least one processor; at least one non-transitory, machine-readable storage medium having program instructions, which when executed by the at least one processor cause a method of providing identity services to be performed, the method comprising: generating, by an identity system, an identity token incorporating an identifier representing identity data of an identity generated for an individual by an identity provider, the identity data being validated by the identity provider, the incorporated identifier being stored in a data structure associated with program instructions of a smart contract of a distributed ledger system, the data structure and the program instructions of the smart contract being stored on a ledger of the distributed ledger system; providing, by the identity system at an interface of the identity system to a user system of the individual, the generated identity token to the user system; receiving, by the identity system at an interface of the identity system to a restricted access system, data extracted from an identity token received by the restricted access system from the user system; determining, by invoking by the identity system execution of the program instructions of the smart contract by a processor of the distributed ledger system, wherein the program instructions of the smart contract comprise an identity verification function, whether at least a portion of the extracted data matches the identifier stored in the data structure of the smart contract on the ledger of the distributed ledger system; and outputting, by the identity system at the interface to the restricted access system, an indication of a validity of the identity generated by the identity provider based on the determination.
24. The system of claim 23, wherein the identifier representing the identity data includes a cryptographic hash of the identity data.
25. The system of claim 23, wherein the ledger of the distributed ledger system is a blockchain.
26. The system of claim 23, wherein when the data structure containing the extracted identifier is stored on the distributed ledger, the indication includes that the identity is valid, and when the data structure containing the extracted identifier is not stored on the distributed ledger, the indication includes that the identity is invalid.
NZ774635A 2016-10-03 Methods and systems for identity creation, verification and management NZ774635B2 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US201562270658P 2015-12-22 2015-12-22
NZ741673A NZ741673B2 (en) 2015-12-22 2016-10-03 Methods and systems for identity creation, verification and management
US15/283,993 US10248783B2 (en) 2015-12-22 2016-10-03 Methods and systems for identity creation, verification and management

Publications (2)

Publication Number Publication Date
NZ774635A NZ774635A (en) 2024-03-22
NZ774635B2 true NZ774635B2 (en) 2024-06-25

Family

ID=

Similar Documents

Publication Publication Date Title
RU2019140423A (en) METHODS AND SYSTEMS FOR CREATING ID CERTIFICATES, CHECKING AND MANAGING THEM
US10116657B2 (en) Systems and methods for providing block chain-based multifactor personal identity verification
EP2479699B1 (en) Biometric authentication system and control method
CN107948143B (en) Identity-based privacy protection integrity detection method and system in cloud storage
US10630488B2 (en) Method and apparatus for managing application identifier
US20160014120A1 (en) Method, server, client and system for verifying verification codes
MX2018005593A (en) Method and system for processing of a blockchain transaction in a transaction processing network.
US11496470B2 (en) Methods for randomized multi-factor authentication with biometrics and devices thereof
US10719593B2 (en) Biometric signature system and biometric certificate registration method
WO2019153461A1 (en) Identity information changing method and apparatus, terminal device, and storage medium
WO2017004860A1 (en) Biological information verification method, biological information verification system, and terminal
EP3118760B1 (en) Authentication information management system, authentication information management device, program, recording medium, and authentication information management method
JP2019208133A (en) Biometric authentication system and biometric authentication method
JP2010114725A (en) Evidence preservation apparatus, method of preserving evidence, and program
NZ774635B2 (en) Methods and systems for identity creation, verification and management
US11829459B2 (en) Apparatus and method for authenticating user based on multiple biometric information
JP7320101B2 (en) Computer system, server, terminal, program, and information processing method
US20220129538A1 (en) Password integrity scoring
EP3356982A1 (en) Platform and method for securing the verification of personal identity without physical presence
CN104320255A (en) Method for generating account authentication data, and account authentication method and apparatus
HK1219365A1 (en) Method and device for secured login, server and terminal
HK1181582B (en) Method and device for implementing service
OA18670A (en) Systems and methods for providing block chain-based multifactor personal identity verification