WO2019158991A1 - Method and architecture for creating a trusted digital identity which is self-adaptive over time by using blockchain architectures and is used for carrying out digital transactions - Google Patents
Method and architecture for creating a trusted digital identity which is self-adaptive over time by using blockchain architectures and is used for carrying out digital transactions Download PDFInfo
- Publication number
- WO2019158991A1 WO2019158991A1 PCT/IB2019/000044 IB2019000044W WO2019158991A1 WO 2019158991 A1 WO2019158991 A1 WO 2019158991A1 IB 2019000044 W IB2019000044 W IB 2019000044W WO 2019158991 A1 WO2019158991 A1 WO 2019158991A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- identity
- subject
- taid
- adaptive
- univocal
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
- G06Q20/06—Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
- G06Q20/065—Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/02—Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/22—Payment schemes or models
- G06Q20/223—Payment schemes or models based on the use of peer-to-peer networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/36—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3827—Use of message hashing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/383—Anonymous user system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4012—Verifying personal identification numbers [PIN]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
- G06Q20/40145—Biometric identity checks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q2220/00—Business processing using cryptography
Definitions
- PSD2 Payment service directive 2
- EU European Directive 2015/2366/(EU) on payment services in the internal market.
- Blockchain network it is meant a continuously growing list of records (blocks) which are mutually linked and secured by using cryptography. Each block of the chain contains a hash pointer as connector to the preceding block, a timestamp of the transaction.
- a blockchain is essentially an open, distributed register that can record the transactions between two parties in an effective, verifiable and permanent manner. For this use, this database employs a peer-to-peer network that connects to a protocol for validating the new blocks. Once recorded, the data in a block cannot be retroactively altered without modifying all the blocks subsequent thereto, which would require the consent by the majority of the network.
- One of the most well-known blockchain applications relates to the electronic coin "bitcoin", which has made it the first digital currency for solving the problem of the double expense, i.e. of the use of the same coin more than once, without using a central server or an authority.
- One of the objects of the invention is therefore to provide a method and an architecture that overcome these drawbacks of the prior art by providing a solution to the problem of how to have a validated, verifiable digital identity for digital transactions and to attribute the various identity evolutions and updates to a single adaptive identity, thus making the identity more safe and inaccessible on one part, and open to controls by the responsible authorities on the other part.
- Another object is to provide a process, and the data managed thereby, certified by an entity that is responsible also for generating the first identity. Such identity will then be capable of evolving at any time, of being registered within the network and of allowing to trace back the chain of evolutions undergone by the identity itself.
- Another object is to guarantee the privacy of the identity of the participants to the transactions, while ensuring access by controlling authorities.
- Another object of the invention is to provide a method and an architecture that can be implemented into an existing network and meet the criteria of security and accessibility by authorized authorities, as set forth in current regulations.
- the method according to the invention provides for carrying out transactions, preferably in a blockchain network of known type.
- the method according to the invention comprises an initial step of identification of a subject by an entity.
- Said entity can be for example a state agency, a government office or a private subject having recognition and, possibly, certification functions in respect of transactions in any fields, for example in the financial field, in the field of material assets (movables and immovables) and intangible assets (trademarks, patents and related rights).
- identification takes place by means of a univocal, adaptive identifying code (TAID) generated and/or certified by said entity.
- TID adaptive identifying code
- Such identity can be evolved by the subject who owns it.
- subsequent transactions effected by the same subject are associated to identities that, while being always different, can be attributed to evolutionary stages of the same identity.
- the method and the architecture according to the invention allow to create a secure "Trusted", adaptive identity.
- the univocal, adaptive identifying code comprises a digital code incorporating univocal data associated to what the subject owns, what the subject is and what the subject knows.
- the uni vocal data associated to what the subject owns include univocal information on at least one object owned by the subject.
- Said object may consist, for example, of a smart-card, a mobile phone, a flash drive, a bank card.
- the univocal data associated to what the subject is include univocal information on at least one physical characteristic of the subject.
- the physical characteristic may include univocal biometric data relating to the subject, such as, for example, voice, fingerprint, face image, biometric signature, iris, heartbeat, ear shape and/or other biometric elements of the individual himself/herself.
- the uni vocal data associated to what the subject knows preferably include a code or a password.
- the architecture according to the invention is also applicable to the carrying out of transactions by means of a network of mutually connected, encrypted records, preferably of the blockchain type.
- the architecture comprises an entity which is capable of generating and/or certifying a univocal, adaptive identifying code (TAID).
- TID univocal, adaptive identifying code
- the subject participating in the transaction is identified by the entity through said univocal, adaptive identifying code, whereby a plurality of subsequent transactions effected by the same subject are associated, by said entity, to always different adaptive identities created by the subject and connected to the first certified identity.
- the combination of the environment defined by the blockchain network and the identification mechanism based on univocal, adaptive identifying codes (TAIDs) allows the user to securely store contracts and transactions.
- said combination allows data access within the limits determined by the nature of the data themselves, safeguarding privacy and the "non- excessive” o "limited to what is necessary” principle and the principle of absolute legal protection.
- the method according to the invention provides for the digital combination of what I am, what I know and what I own. This combination meets the requirements set forth in the PSD2 directive.
- the identity of the user is validated through a set of cross-checks of official documents (for example, the passport ID number) and biometric data.
- Biometric data are preferably obtained through an online application.
- the method according to the invention provides for generating a univocal identifying code ID, obtained by processing information associated to "what I am, what I know, what I own” and allocating this ID to a subject (individual), thus generating a univocal, adaptive identifying code (TAID).
- a univocal identifying code ID obtained by processing information associated to "what I am, what I know, what I own” and allocating this ID to a subject (individual), thus generating a univocal, adaptive identifying code (TAID).
- the identifying code TAID is updated upon each digital transaction associated to the TAID and includes all the identity updates that have taken place in the history of the identified subject.
- the identifying code generated by the method according to the present invention holds the status updates within an internal or private blockchain, preferably separated from the public blockchain in which transactions take place. Each transaction on the public blockchain contains substantially the obfuscated status of the current ID code.
- the problem associated to the use of TAID codes in a public blockchain is related to issues of privacy and anonymity.
- the invention therefore aims at providing a secure communication protocol for effecting a new transaction with a TAID code.
- a TAID code is public and, like a conventional electronic wallet, is associated to a pair of private and public keys that may vary over time. Therefore, in order to start a transaction between two subjects A and B, these conditions must be met:
- TAIDA and KA are public and therefore B can verify the identity of A;
- the subject A can verify the identity of B, as B has made with A.
- B In the second part of the message, B generates a nonce N, for example a pseudo- casual number that guarantees that only A and B can identify it, by using the function /TAIDA).
- N for example a pseudo- casual number that guarantees that only A and B can identify it, by using the function /TAIDA).
- the transaction is effected as it took place between two standard wallets, but instead of signing the transaction by using the scriptPublicKey (the hash of the public key of the electronic wallet), the transaction is double signed by using HASH(g(TAID A ,N)) and HASH(g(TAID B ,N)), where g is a signature function, shared between A and B.
- scriptPublicKey the hash of the public key of the electronic wallet
- This step allows to write in the blockchain not the TAID of the recipient, but a value comprehensible only to A and B. It is to be noted that this NONCE can be interpreted as an advanced form of OTP (One Time Password).
- the protocol according to the invention therefore guarantees: Anonymity: the TAIDs are never written in the blockchain, what is written corresponds to K 1 (g(TAID,N)) and only the subjects involved in the transaction know N.
- the TAID is considered as an identity associated to an electronic wallet, it can be accepted by the major cryptocurrencies.
- the invention finds special application in networks of the blockchain type.
- the transactions can essentially be of any kind compatible with the network and with the entities concerned.
- Such transactions are mainly, though not exclusively, financial transactions, or transactions involving transfer of ownership of movable or immovable, real or intangible assets.
- the invention can be applied in all those environments in which it is necessary to meet transaction demands, issue digital and "smart" contracts without or with any physical products being involved.
- TAIDs The allocation and creation of TAIDs is effected by collecting personal and biometric data through a process certified by an entity that validates the input data.
- Personal data can be: name, surname, date of birth, residence and identity documents and others.
- Biometric data can be: signature, face scan, voice sampling, signature, iris, ear shape and any other biometric element.
- GUID Global Unique Identifier
- Subsequent modifications of the TAlDs can be carried out at the same authority or with an autonomous mechanism and registered in the network.
- the string of bits is modified when the characteristics of the two groups of personal and biometric data are modified and/or upon autonomous invocation of a new GUID. It is not necessary to change the data of the single groups at the same time.
- Unlocking of TAID identities can occur according to four distinct individual modalities or a combination thereof by using what one is (biometric features), what one knows, what one owns or the history of past identities or combination of past identities.
- Example 1
- the authority responsible for recording the transaction in this case the government patent office UB, verifies the contents of the contact in order to certify the authenticity of the transfer of ownership and publishes the name of the new owner in the public patent register.
- the revenue authority TA checks, during an asset verification, the transaction effected between U 1 and U2 and acquires the amount paid by U2 for the transfer of the patent.
- the method according to the invention allows that:
- the authority UB responsible for validating the contract validates the contract and enters the transfer of ownership onto the public registers;
- the revenue authority TA access the reserved information within the limits of the role carried out by said authority (amount paid and fees paid).
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Finance (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Method for identifying subjects effecting transactions in a computer network, preferably of mutually connected, encrypted records, comprising an initial step of step of digital identification of the subject, which is verified by means of a process certified by an entity. Said identification step produces a univocal adaptive identifying code (TAID) which is generated and/or certified by said entity and is kept in a corresponding electronic wallet. The unlocking and use of the TAID take place on the basis of a combination of factors/information owned by the subject, among which the evolutionary elements of the identity history. The subsequent transactions effected by the same subject are associated to his/her adaptive identities, which are always different over time and are concatenated to the first identity by using a blockchain mechanism.
Description
Method and architecture for creating a trusted digital identity which is self-adaptive over time by using blockchain architectures and is used for carrying out digital transactions
DESCRIPTION
Method and architecture for creating a trusted digital identity which is self-adaptive over time by using blockchain architectures and is used for carrying out digital transactions.
In the following description, by the acronym PSD2 (Payment service directive 2) it is meant European Directive 2015/2366/(EU) on payment services in the internal market.
By the term "Blockchain network" it is meant a continuously growing list of records (blocks) which are mutually linked and secured by using cryptography. Each block of the chain contains a hash pointer as connector to the preceding block, a timestamp of the transaction. A blockchain is essentially an open, distributed register that can record the transactions between two parties in an effective, verifiable and permanent manner. For this use, this database employs a peer-to-peer network that connects to a protocol for validating the new blocks. Once recorded, the data in a block cannot be retroactively altered without modifying all the blocks subsequent thereto, which would require the consent by the majority of the network.
One of the most well-known blockchain applications relates to the electronic coin "bitcoin", which has made it the first digital currency for solving the problem of the double expense, i.e. of the use of the same coin more than once, without using a central server or an authority.
One of the problems encountered in using networks, particularly blockchain networks, for effecting transactions, for example buying a good or an electronic currency, derives from the lack of certified identity of the participant subjects, which makes the transactions anonymous. Therefore, nowadays the data relating to the identity of the subjects of the transactions are not visible to the subjects of the transactions themselves nor to the sites handling the transactions (for example, platforms for exchanging virtual coins), nor to certain authorities, such as revenue authorities, judicial authorities or controlling authorities in general. Other problems currently existing in digital networks are: proliferation of digital identities referred to the same subject, which identities increase the vulnerability of the single individual identity, the theft or violation of the digital identity.
One of the objects of the invention is therefore to provide a method and an architecture that overcome these drawbacks of the prior art by providing a solution to the
problem of how to have a validated, verifiable digital identity for digital transactions and to attribute the various identity evolutions and updates to a single adaptive identity, thus making the identity more safe and inaccessible on one part, and open to controls by the responsible authorities on the other part.
Another object is to provide a process, and the data managed thereby, certified by an entity that is responsible also for generating the first identity. Such identity will then be capable of evolving at any time, of being registered within the network and of allowing to trace back the chain of evolutions undergone by the identity itself.
Another object is to guarantee the privacy of the identity of the participants to the transactions, while ensuring access by controlling authorities.
Another object of the invention is to provide a method and an architecture that can be implemented into an existing network and meet the criteria of security and accessibility by authorized authorities, as set forth in current regulations.
These and other objects are achieved by the method and the architecture as claimed in the appended claims.
The method according to the invention provides for carrying out transactions, preferably in a blockchain network of known type.
The method according to the invention comprises an initial step of identification of a subject by an entity. Said entity can be for example a state agency, a government office or a private subject having recognition and, possibly, certification functions in respect of transactions in any fields, for example in the financial field, in the field of material assets (movables and immovables) and intangible assets (trademarks, patents and related rights).
Advantageously, according to the invention, identification takes place by means of a univocal, adaptive identifying code (TAID) generated and/or certified by said entity. Such identity can be evolved by the subject who owns it. In this way, subsequent transactions effected by the same subject (individual or legal entity) are associated to identities that, while being always different, can be attributed to evolutionary stages of the same identity.
As will become evident from the ensuing description, the method and the architecture according to the invention allow to create a secure "Trusted", adaptive identity.
According to a preferred embodiment of the invention, the univocal, adaptive identifying code (TAID) comprises a digital code incorporating univocal data associated to what the subject owns, what the subject is and what the subject knows.
According to the invention, the uni vocal data associated to what the subject owns include univocal information on at least one object owned by the subject. Said object may consist, for example, of a smart-card, a mobile phone, a flash drive, a bank card.
Still according to the invention, the univocal data associated to what the subject is include univocal information on at least one physical characteristic of the subject. The physical characteristic may include univocal biometric data relating to the subject, such as, for example, voice, fingerprint, face image, biometric signature, iris, heartbeat, ear shape and/or other biometric elements of the individual himself/herself.
Still according to the invention, the uni vocal data associated to what the subject knows preferably include a code or a password.
The architecture according to the invention is also applicable to the carrying out of transactions by means of a network of mutually connected, encrypted records, preferably of the blockchain type. The architecture comprises an entity which is capable of generating and/or certifying a univocal, adaptive identifying code (TAID). According to the invention, the subject participating in the transaction is identified by the entity through said univocal, adaptive identifying code, whereby a plurality of subsequent transactions effected by the same subject are associated, by said entity, to always different adaptive identities created by the subject and connected to the first certified identity.
Advantageously, the combination of the environment defined by the blockchain network and the identification mechanism based on univocal, adaptive identifying codes (TAIDs) allows the user to securely store contracts and transactions. In addition, from the viewpoint of the authority responsible for verifying the actual identity of the subject that has participated in the transaction, said combination allows data access within the limits determined by the nature of the data themselves, safeguarding privacy and the "non- excessive" o "limited to what is necessary" principle and the principle of absolute legal protection.
The method according to the invention provides for the digital combination of what I am, what I know and what I own. This combination meets the requirements set forth in the PSD2 directive.
The identity of the user is validated through a set of cross-checks of official documents (for example, the passport ID number) and biometric data. Biometric data are preferably obtained through an online application.
The method according to the invention provides for generating a univocal identifying code ID, obtained by processing information associated to "what I am, what I know, what I
own" and allocating this ID to a subject (individual), thus generating a univocal, adaptive identifying code (TAID).
The identifying code TAID is updated upon each digital transaction associated to the TAID and includes all the identity updates that have taken place in the history of the identified subject.
The identifying code generated by the method according to the present invention holds the status updates within an internal or private blockchain, preferably separated from the public blockchain in which transactions take place. Each transaction on the public blockchain contains substantially the obfuscated status of the current ID code.
The problem associated to the use of TAID codes in a public blockchain is related to issues of privacy and anonymity. In order to solve these problems, the invention therefore aims at providing a secure communication protocol for effecting a new transaction with a TAID code.
A TAID code is public and, like a conventional electronic wallet, is associated to a pair of private and public keys that may vary over time. Therefore, in order to start a transaction between two subjects A and B, these conditions must be met:
- A sends B KA ^TAIDA)
TAIDA and KA are public and therefore B can verify the identity of A;
- B sends A [KB/TAIDB), KA (f(TAIDA))];
By using the first part of the message, the subject A can verify the identity of B, as B has made with A.
In the second part of the message, B generates a nonce N, for example a pseudo- casual number that guarantees that only A and B can identify it, by using the function /TAIDA).
The transaction is effected as it took place between two standard wallets, but instead of signing the transaction by using the scriptPublicKey (the hash of the public key of the electronic wallet), the transaction is double signed by using HASH(g(TAIDA,N)) and HASH(g(TAIDB,N)), where g is a signature function, shared between A and B.
This step allows to write in the blockchain not the TAID of the recipient, but a value comprehensible only to A and B. It is to be noted that this NONCE can be interpreted as an advanced form of OTP (One Time Password).
A e B update their own TAIDs by using a well-known function UPDATE(TAIDi) = TAIDi+i which must guarantee the uniqueness of each TAID.
The protocol according to the invention therefore guarantees:
Anonymity: the TAIDs are never written in the blockchain, what is written corresponds to K 1 (g(TAID,N)) and only the subjects involved in the transaction know N.
Privacy: each user who has participated in a transaction can display it, because he/she knows the nonce. As a result, these NONCEs are the bases for updating the TAID.
In addition, if the TAID is considered as an identity associated to an electronic wallet, it can be accepted by the major cryptocurrencies.
The invention finds special application in networks of the blockchain type. The transactions can essentially be of any kind compatible with the network and with the entities concerned. Such transactions are mainly, though not exclusively, financial transactions, or transactions involving transfer of ownership of movable or immovable, real or intangible assets.
The invention can be applied in all those environments in which it is necessary to meet transaction demands, issue digital and "smart" contracts without or with any physical products being involved.
The process of creation and evolution, i.e. of first issuance and subsequent modification, respectively, of a TAID code will be described below.
The allocation and creation of TAIDs is effected by collecting personal and biometric data through a process certified by an entity that validates the input data. Personal data can be: name, surname, date of birth, residence and identity documents and others. Biometric data can be: signature, face scan, voice sampling, signature, iris, ear shape and any other biometric element.
According to the invention, the following are generated:
- a Global Unique Identifier GUID (Global Unique Identifier) of 128 bits, consisting of a pseudo-causal number used in software programming, in order to distinguish various objects;
- a hash function of 128 bits, which summarizes the personal information;
- a hash function of 128 bits, which summarizes the biometric information (what I am).
- a hash function of 128 bits which collects the information about what I know (passwords, codes, information).
These three groups of information are then joined, generating a string of 128 + 128 + 128 + 128 = 512 bits, in the order [GUID | personal data | biometric data | password].
With 512 bits there are 2512 possibilities corresponding to 10152. It is hypothesized: a population of 30 billion individuals over the next 100 years, an average life span of 75 years
and a change of identity per year for each individual. This allows to have around 10135 different identities per individual.
Subsequent modifications of the TAlDs can be carried out at the same authority or with an autonomous mechanism and registered in the network.
The string of bits is modified when the characteristics of the two groups of personal and biometric data are modified and/or upon autonomous invocation of a new GUID. It is not necessary to change the data of the single groups at the same time.
In a variant of the method, it is also possible to hypothesize the creation of the first identity autonomously, that is, without interacting with the authority that will guard the identities, with a remote onboarding mechanism.
Unlocking of TAID identities can occur according to four distinct individual modalities or a combination thereof by using what one is (biometric features), what one knows, what one owns or the history of past identities or combination of past identities. Example 1
User Ul assigns patent PI to user U2.
The authority responsible for recording the transaction, in this case the government patent office UB, verifies the contents of the contact in order to certify the authenticity of the transfer of ownership and publishes the name of the new owner in the public patent register.
User U3 checks who the owner of the patent Pl is, but he/she cannot get to know the amount paid for the transfer of the patent Pl from the user Ul to the user U2.
The revenue authority TA checks, during an asset verification, the transaction effected between U 1 and U2 and acquires the amount paid by U2 for the transfer of the patent.
In this example, the method according to the invention allows that:
a) Third parties, for example U3, access public data of the contract concerning the transaction, i.e. the name of the owner U2 of the patent Pl ;
b) The counterparts Ul and U2 access private data of the contract (amount paid, terms and conditions, etc.);
c) The authority UB responsible for validating the contract validates the contract and enters the transfer of ownership onto the public registers;
d) The revenue authority TA access the reserved information within the limits of the role carried out by said authority (amount paid and fees paid).
Claims
1. Method for effecting transactions in a computer network of mutually connected, encrypted records, comprising an electronic system for creating an adaptive digital identity TAID, an entity certifying the validity of the process of creation and of the data input upon the first TAID registration, an electronic wallet allowing to keep the generated identity, a blockchain network in which said adaptive identity evolves over time on the basis of evolutions of the status of the person linked to such identity, a method for connecting the various adaptive identities over time to the initial identity, a method for securely unlocking the use of such identity in a digital transaction, a method for allowing controlling authorities to effect a verification in order to track the initial physical identity of the person linked to the TAID and check the effected transactions. Method wherein the TAID is registered and concatenated in order to be traced back, so that a plurality of subsequent transactions effected by the same subject are associated to always different adaptive identities. Method allowing obfuscation, privacy and inalterability of said digital identity. System comprising a blockchain. Method allowing to consolidate all the digital identities of an individual into a single identity concatenated to the others.
2. Method according to claim 1, wherein the uni vocal adaptive identifying code (TAID) comprises a digital code incorporating uni vocal data associated to what the subject owns, what the subject is and what the subject knows.
3. Method according to claim 1 or 2, wherein said univocal data associated to what the subject owns include uni vocal information on at least one object owned by the subject, wherein said object may include a smart-card, a mobile phone, a flash drive, a bank card, an identifying document.
4. Method according to claim 1 or 2 or 3, wherein said univocal data associated to what the subject is include univocal information on at least one physical characteristic of the subject, wherein said physical characteristic may include univocal biometric data relating to the subject.
5. Method according to claim 4, wherein said biometric data include a scanned image of a part of the body of the subject.
6. Method according to claim 4, wherein said biometric data refer to voice recording.
7. Method according to claim 4, wherein said biometric data refer to face detection.
8. Method according to claim 4, wherein said biometric data refer to the detection of signature biometric data.
9. Method according to any of the claims 1 to 8, wherein said uni vocal data associated to what the subject knows include a code or a password.
10. Method according to claim 1 or 2, wherein said network is a blockchain network.
11. Architecture for effecting transactions in a computer network of mutually connected, encrypted records, comprising an entity capable of generating or certifying a univocal adaptive identifying code (TAID) by which a subject participating in the transaction is identified, whereby a plurality of subsequent transactions effected by the same subject are associated, by said entity, to always different adaptive identities.
12. Architecture according to claim 11, wherein the univocal adaptive identifying code (TAID) include a digital code incorporating univocal data associated to what the subject owns, what the subject is and what the subject knows.
13. Architecture according to claim 11 or 12, wherein said network is a blockchain network.
14. Unlocking of the TAID identity of claim 1 by using biometric characteristics.
15. Unlocking of the TAID identity of claim 1 by using characteristics of something I know.
16. Unlocking of the TAID identity of claim 1 by using characteristics of something I own.
17. Unlocking of the TAID identity of claim 1 by using the history and combination of past identities.
18. Unlocking of the TAID identity of claim 1 by using a combination of the characteristics listed in claims 14, 15, 16, 17.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CH0201/18 | 2018-02-19 | ||
CH00201/18A CH714666A2 (en) | 2018-02-19 | 2018-02-19 | Method and architecture for creating a self-adaptive verified digital identity over time with the use of blockchain architectures for the execution of digital transactions. |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2019158991A1 true WO2019158991A1 (en) | 2019-08-22 |
Family
ID=65818549
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IB2019/000044 WO2019158991A1 (en) | 2018-02-19 | 2019-02-14 | Method and architecture for creating a trusted digital identity which is self-adaptive over time by using blockchain architectures and is used for carrying out digital transactions |
Country Status (2)
Country | Link |
---|---|
CH (1) | CH714666A2 (en) |
WO (1) | WO2019158991A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110825814A (en) * | 2019-11-20 | 2020-02-21 | 陈学凡 | Method for creating citizen identity block chain based on national population basic information |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9635000B1 (en) * | 2016-05-25 | 2017-04-25 | Sead Muftic | Blockchain identity management system based on public identities ledger |
US20170243213A1 (en) * | 2016-02-22 | 2017-08-24 | Bank Of America Corporation | System to enable contactless access to a transaction terminal using a process data network |
-
2018
- 2018-02-19 CH CH00201/18A patent/CH714666A2/en not_active Application Discontinuation
-
2019
- 2019-02-14 WO PCT/IB2019/000044 patent/WO2019158991A1/en active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170243213A1 (en) * | 2016-02-22 | 2017-08-24 | Bank Of America Corporation | System to enable contactless access to a transaction terminal using a process data network |
US9635000B1 (en) * | 2016-05-25 | 2017-04-25 | Sead Muftic | Blockchain identity management system based on public identities ledger |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110825814A (en) * | 2019-11-20 | 2020-02-21 | 陈学凡 | Method for creating citizen identity block chain based on national population basic information |
Also Published As
Publication number | Publication date |
---|---|
CH714666A2 (en) | 2019-08-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11200340B2 (en) | Method and system for managing personal information within independent computer systems and digital networks | |
US10810290B2 (en) | Robust method and an apparatus for authenticating a client in non-face-to-face online interactions based on a combination of live biometrics, biographical data, blockchain transactions and signed digital certificates | |
EP3631664B1 (en) | Secure biometric authentication using electronic identity | |
RU2747947C2 (en) | Systems and methods of personal identification and verification | |
Lee et al. | Electronic voting service using block-chain | |
JP3220620U (en) | System to realize blockchain multi-factor personal identity authentication | |
CN111066283A (en) | System and method for communicating, storing and processing data provided by entities on a blockchain network | |
CN112789823B (en) | Block chain-based competitive election network system and competitive election method | |
JP6293716B2 (en) | Anonymous communication system and method for joining the communication system | |
KR20210040078A (en) | Systems and methods for safe storage services | |
JP2006246543A (en) | Cryptographic system and method with key escrow function | |
JPH10504150A (en) | A method for securely using digital signatures in commercial cryptosystems | |
CN112352238A (en) | Multiple signature security account control system | |
TW200427284A (en) | Personal authentication device and system and method thereof | |
CN112789642A (en) | Association of identities in a distributed database | |
Pathak et al. | Blockchain based e-voting system | |
CN106911722A (en) | A kind of intelligent cipher signature identity differentiates mutual authentication method and system | |
Ghafourian et al. | Combining blockchain and biometrics: A survey on technical aspects and a first legal analysis | |
WO2019158991A1 (en) | Method and architecture for creating a trusted digital identity which is self-adaptive over time by using blockchain architectures and is used for carrying out digital transactions | |
Noam et al. | Realizing privacy aspects in blockchain networks | |
Hariharasudan et al. | A Review on Blockchain Based Identity Management System | |
Blythe | Finland's Electronic Signature Act and E-Government Act: Facilitating Security in E-Commerce and Online Public Services | |
US11159578B1 (en) | Apparatus and method for managing digital identities and controlling their correlation to legal identities | |
US20240169349A1 (en) | Method for Attestation of a Hardware Wallet of a Blockchain | |
NL2026713B1 (en) | A Blockchain Privacy Protection System and Its Method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 19712267 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 19712267 Country of ref document: EP Kind code of ref document: A1 |