WO2019158991A1 - Method and architecture for creating a trusted digital identity which is self-adaptive over time by using blockchain architectures and is used for carrying out digital transactions - Google Patents

Method and architecture for creating a trusted digital identity which is self-adaptive over time by using blockchain architectures and is used for carrying out digital transactions Download PDF

Info

Publication number
WO2019158991A1
WO2019158991A1 PCT/IB2019/000044 IB2019000044W WO2019158991A1 WO 2019158991 A1 WO2019158991 A1 WO 2019158991A1 IB 2019000044 W IB2019000044 W IB 2019000044W WO 2019158991 A1 WO2019158991 A1 WO 2019158991A1
Authority
WO
WIPO (PCT)
Prior art keywords
identity
subject
taid
adaptive
univocal
Prior art date
Application number
PCT/IB2019/000044
Other languages
French (fr)
Inventor
Alberto Guidotti
Luigi MERONI
Alex BADAN
Francesco MARAGNO
Original Assignee
Euronovate S.A.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Euronovate S.A. filed Critical Euronovate S.A.
Publication of WO2019158991A1 publication Critical patent/WO2019158991A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • G06Q20/06Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
    • G06Q20/065Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/22Payment schemes or models
    • G06Q20/223Payment schemes or models based on the use of peer-to-peer networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3827Use of message hashing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/383Anonymous user system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4012Verifying personal identification numbers [PIN]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q2220/00Business processing using cryptography

Definitions

  • PSD2 Payment service directive 2
  • EU European Directive 2015/2366/(EU) on payment services in the internal market.
  • Blockchain network it is meant a continuously growing list of records (blocks) which are mutually linked and secured by using cryptography. Each block of the chain contains a hash pointer as connector to the preceding block, a timestamp of the transaction.
  • a blockchain is essentially an open, distributed register that can record the transactions between two parties in an effective, verifiable and permanent manner. For this use, this database employs a peer-to-peer network that connects to a protocol for validating the new blocks. Once recorded, the data in a block cannot be retroactively altered without modifying all the blocks subsequent thereto, which would require the consent by the majority of the network.
  • One of the most well-known blockchain applications relates to the electronic coin "bitcoin", which has made it the first digital currency for solving the problem of the double expense, i.e. of the use of the same coin more than once, without using a central server or an authority.
  • One of the objects of the invention is therefore to provide a method and an architecture that overcome these drawbacks of the prior art by providing a solution to the problem of how to have a validated, verifiable digital identity for digital transactions and to attribute the various identity evolutions and updates to a single adaptive identity, thus making the identity more safe and inaccessible on one part, and open to controls by the responsible authorities on the other part.
  • Another object is to provide a process, and the data managed thereby, certified by an entity that is responsible also for generating the first identity. Such identity will then be capable of evolving at any time, of being registered within the network and of allowing to trace back the chain of evolutions undergone by the identity itself.
  • Another object is to guarantee the privacy of the identity of the participants to the transactions, while ensuring access by controlling authorities.
  • Another object of the invention is to provide a method and an architecture that can be implemented into an existing network and meet the criteria of security and accessibility by authorized authorities, as set forth in current regulations.
  • the method according to the invention provides for carrying out transactions, preferably in a blockchain network of known type.
  • the method according to the invention comprises an initial step of identification of a subject by an entity.
  • Said entity can be for example a state agency, a government office or a private subject having recognition and, possibly, certification functions in respect of transactions in any fields, for example in the financial field, in the field of material assets (movables and immovables) and intangible assets (trademarks, patents and related rights).
  • identification takes place by means of a univocal, adaptive identifying code (TAID) generated and/or certified by said entity.
  • TID adaptive identifying code
  • Such identity can be evolved by the subject who owns it.
  • subsequent transactions effected by the same subject are associated to identities that, while being always different, can be attributed to evolutionary stages of the same identity.
  • the method and the architecture according to the invention allow to create a secure "Trusted", adaptive identity.
  • the univocal, adaptive identifying code comprises a digital code incorporating univocal data associated to what the subject owns, what the subject is and what the subject knows.
  • the uni vocal data associated to what the subject owns include univocal information on at least one object owned by the subject.
  • Said object may consist, for example, of a smart-card, a mobile phone, a flash drive, a bank card.
  • the univocal data associated to what the subject is include univocal information on at least one physical characteristic of the subject.
  • the physical characteristic may include univocal biometric data relating to the subject, such as, for example, voice, fingerprint, face image, biometric signature, iris, heartbeat, ear shape and/or other biometric elements of the individual himself/herself.
  • the uni vocal data associated to what the subject knows preferably include a code or a password.
  • the architecture according to the invention is also applicable to the carrying out of transactions by means of a network of mutually connected, encrypted records, preferably of the blockchain type.
  • the architecture comprises an entity which is capable of generating and/or certifying a univocal, adaptive identifying code (TAID).
  • TID univocal, adaptive identifying code
  • the subject participating in the transaction is identified by the entity through said univocal, adaptive identifying code, whereby a plurality of subsequent transactions effected by the same subject are associated, by said entity, to always different adaptive identities created by the subject and connected to the first certified identity.
  • the combination of the environment defined by the blockchain network and the identification mechanism based on univocal, adaptive identifying codes (TAIDs) allows the user to securely store contracts and transactions.
  • said combination allows data access within the limits determined by the nature of the data themselves, safeguarding privacy and the "non- excessive” o "limited to what is necessary” principle and the principle of absolute legal protection.
  • the method according to the invention provides for the digital combination of what I am, what I know and what I own. This combination meets the requirements set forth in the PSD2 directive.
  • the identity of the user is validated through a set of cross-checks of official documents (for example, the passport ID number) and biometric data.
  • Biometric data are preferably obtained through an online application.
  • the method according to the invention provides for generating a univocal identifying code ID, obtained by processing information associated to "what I am, what I know, what I own” and allocating this ID to a subject (individual), thus generating a univocal, adaptive identifying code (TAID).
  • a univocal identifying code ID obtained by processing information associated to "what I am, what I know, what I own” and allocating this ID to a subject (individual), thus generating a univocal, adaptive identifying code (TAID).
  • the identifying code TAID is updated upon each digital transaction associated to the TAID and includes all the identity updates that have taken place in the history of the identified subject.
  • the identifying code generated by the method according to the present invention holds the status updates within an internal or private blockchain, preferably separated from the public blockchain in which transactions take place. Each transaction on the public blockchain contains substantially the obfuscated status of the current ID code.
  • the problem associated to the use of TAID codes in a public blockchain is related to issues of privacy and anonymity.
  • the invention therefore aims at providing a secure communication protocol for effecting a new transaction with a TAID code.
  • a TAID code is public and, like a conventional electronic wallet, is associated to a pair of private and public keys that may vary over time. Therefore, in order to start a transaction between two subjects A and B, these conditions must be met:
  • TAIDA and KA are public and therefore B can verify the identity of A;
  • the subject A can verify the identity of B, as B has made with A.
  • B In the second part of the message, B generates a nonce N, for example a pseudo- casual number that guarantees that only A and B can identify it, by using the function /TAIDA).
  • N for example a pseudo- casual number that guarantees that only A and B can identify it, by using the function /TAIDA).
  • the transaction is effected as it took place between two standard wallets, but instead of signing the transaction by using the scriptPublicKey (the hash of the public key of the electronic wallet), the transaction is double signed by using HASH(g(TAID A ,N)) and HASH(g(TAID B ,N)), where g is a signature function, shared between A and B.
  • scriptPublicKey the hash of the public key of the electronic wallet
  • This step allows to write in the blockchain not the TAID of the recipient, but a value comprehensible only to A and B. It is to be noted that this NONCE can be interpreted as an advanced form of OTP (One Time Password).
  • the protocol according to the invention therefore guarantees: Anonymity: the TAIDs are never written in the blockchain, what is written corresponds to K 1 (g(TAID,N)) and only the subjects involved in the transaction know N.
  • the TAID is considered as an identity associated to an electronic wallet, it can be accepted by the major cryptocurrencies.
  • the invention finds special application in networks of the blockchain type.
  • the transactions can essentially be of any kind compatible with the network and with the entities concerned.
  • Such transactions are mainly, though not exclusively, financial transactions, or transactions involving transfer of ownership of movable or immovable, real or intangible assets.
  • the invention can be applied in all those environments in which it is necessary to meet transaction demands, issue digital and "smart" contracts without or with any physical products being involved.
  • TAIDs The allocation and creation of TAIDs is effected by collecting personal and biometric data through a process certified by an entity that validates the input data.
  • Personal data can be: name, surname, date of birth, residence and identity documents and others.
  • Biometric data can be: signature, face scan, voice sampling, signature, iris, ear shape and any other biometric element.
  • GUID Global Unique Identifier
  • Subsequent modifications of the TAlDs can be carried out at the same authority or with an autonomous mechanism and registered in the network.
  • the string of bits is modified when the characteristics of the two groups of personal and biometric data are modified and/or upon autonomous invocation of a new GUID. It is not necessary to change the data of the single groups at the same time.
  • Unlocking of TAID identities can occur according to four distinct individual modalities or a combination thereof by using what one is (biometric features), what one knows, what one owns or the history of past identities or combination of past identities.
  • Example 1
  • the authority responsible for recording the transaction in this case the government patent office UB, verifies the contents of the contact in order to certify the authenticity of the transfer of ownership and publishes the name of the new owner in the public patent register.
  • the revenue authority TA checks, during an asset verification, the transaction effected between U 1 and U2 and acquires the amount paid by U2 for the transfer of the patent.
  • the method according to the invention allows that:
  • the authority UB responsible for validating the contract validates the contract and enters the transfer of ownership onto the public registers;
  • the revenue authority TA access the reserved information within the limits of the role carried out by said authority (amount paid and fees paid).

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

Method for identifying subjects effecting transactions in a computer network, preferably of mutually connected, encrypted records, comprising an initial step of step of digital identification of the subject, which is verified by means of a process certified by an entity. Said identification step produces a univocal adaptive identifying code (TAID) which is generated and/or certified by said entity and is kept in a corresponding electronic wallet. The unlocking and use of the TAID take place on the basis of a combination of factors/information owned by the subject, among which the evolutionary elements of the identity history. The subsequent transactions effected by the same subject are associated to his/her adaptive identities, which are always different over time and are concatenated to the first identity by using a blockchain mechanism.

Description

Method and architecture for creating a trusted digital identity which is self-adaptive over time by using blockchain architectures and is used for carrying out digital transactions
DESCRIPTION
Method and architecture for creating a trusted digital identity which is self-adaptive over time by using blockchain architectures and is used for carrying out digital transactions.
In the following description, by the acronym PSD2 (Payment service directive 2) it is meant European Directive 2015/2366/(EU) on payment services in the internal market.
By the term "Blockchain network" it is meant a continuously growing list of records (blocks) which are mutually linked and secured by using cryptography. Each block of the chain contains a hash pointer as connector to the preceding block, a timestamp of the transaction. A blockchain is essentially an open, distributed register that can record the transactions between two parties in an effective, verifiable and permanent manner. For this use, this database employs a peer-to-peer network that connects to a protocol for validating the new blocks. Once recorded, the data in a block cannot be retroactively altered without modifying all the blocks subsequent thereto, which would require the consent by the majority of the network.
One of the most well-known blockchain applications relates to the electronic coin "bitcoin", which has made it the first digital currency for solving the problem of the double expense, i.e. of the use of the same coin more than once, without using a central server or an authority.
One of the problems encountered in using networks, particularly blockchain networks, for effecting transactions, for example buying a good or an electronic currency, derives from the lack of certified identity of the participant subjects, which makes the transactions anonymous. Therefore, nowadays the data relating to the identity of the subjects of the transactions are not visible to the subjects of the transactions themselves nor to the sites handling the transactions (for example, platforms for exchanging virtual coins), nor to certain authorities, such as revenue authorities, judicial authorities or controlling authorities in general. Other problems currently existing in digital networks are: proliferation of digital identities referred to the same subject, which identities increase the vulnerability of the single individual identity, the theft or violation of the digital identity.
One of the objects of the invention is therefore to provide a method and an architecture that overcome these drawbacks of the prior art by providing a solution to the problem of how to have a validated, verifiable digital identity for digital transactions and to attribute the various identity evolutions and updates to a single adaptive identity, thus making the identity more safe and inaccessible on one part, and open to controls by the responsible authorities on the other part.
Another object is to provide a process, and the data managed thereby, certified by an entity that is responsible also for generating the first identity. Such identity will then be capable of evolving at any time, of being registered within the network and of allowing to trace back the chain of evolutions undergone by the identity itself.
Another object is to guarantee the privacy of the identity of the participants to the transactions, while ensuring access by controlling authorities.
Another object of the invention is to provide a method and an architecture that can be implemented into an existing network and meet the criteria of security and accessibility by authorized authorities, as set forth in current regulations.
These and other objects are achieved by the method and the architecture as claimed in the appended claims.
The method according to the invention provides for carrying out transactions, preferably in a blockchain network of known type.
The method according to the invention comprises an initial step of identification of a subject by an entity. Said entity can be for example a state agency, a government office or a private subject having recognition and, possibly, certification functions in respect of transactions in any fields, for example in the financial field, in the field of material assets (movables and immovables) and intangible assets (trademarks, patents and related rights).
Advantageously, according to the invention, identification takes place by means of a univocal, adaptive identifying code (TAID) generated and/or certified by said entity. Such identity can be evolved by the subject who owns it. In this way, subsequent transactions effected by the same subject (individual or legal entity) are associated to identities that, while being always different, can be attributed to evolutionary stages of the same identity.
As will become evident from the ensuing description, the method and the architecture according to the invention allow to create a secure "Trusted", adaptive identity.
According to a preferred embodiment of the invention, the univocal, adaptive identifying code (TAID) comprises a digital code incorporating univocal data associated to what the subject owns, what the subject is and what the subject knows. According to the invention, the uni vocal data associated to what the subject owns include univocal information on at least one object owned by the subject. Said object may consist, for example, of a smart-card, a mobile phone, a flash drive, a bank card.
Still according to the invention, the univocal data associated to what the subject is include univocal information on at least one physical characteristic of the subject. The physical characteristic may include univocal biometric data relating to the subject, such as, for example, voice, fingerprint, face image, biometric signature, iris, heartbeat, ear shape and/or other biometric elements of the individual himself/herself.
Still according to the invention, the uni vocal data associated to what the subject knows preferably include a code or a password.
The architecture according to the invention is also applicable to the carrying out of transactions by means of a network of mutually connected, encrypted records, preferably of the blockchain type. The architecture comprises an entity which is capable of generating and/or certifying a univocal, adaptive identifying code (TAID). According to the invention, the subject participating in the transaction is identified by the entity through said univocal, adaptive identifying code, whereby a plurality of subsequent transactions effected by the same subject are associated, by said entity, to always different adaptive identities created by the subject and connected to the first certified identity.
Advantageously, the combination of the environment defined by the blockchain network and the identification mechanism based on univocal, adaptive identifying codes (TAIDs) allows the user to securely store contracts and transactions. In addition, from the viewpoint of the authority responsible for verifying the actual identity of the subject that has participated in the transaction, said combination allows data access within the limits determined by the nature of the data themselves, safeguarding privacy and the "non- excessive" o "limited to what is necessary" principle and the principle of absolute legal protection.
The method according to the invention provides for the digital combination of what I am, what I know and what I own. This combination meets the requirements set forth in the PSD2 directive.
The identity of the user is validated through a set of cross-checks of official documents (for example, the passport ID number) and biometric data. Biometric data are preferably obtained through an online application.
The method according to the invention provides for generating a univocal identifying code ID, obtained by processing information associated to "what I am, what I know, what I own" and allocating this ID to a subject (individual), thus generating a univocal, adaptive identifying code (TAID).
The identifying code TAID is updated upon each digital transaction associated to the TAID and includes all the identity updates that have taken place in the history of the identified subject.
The identifying code generated by the method according to the present invention holds the status updates within an internal or private blockchain, preferably separated from the public blockchain in which transactions take place. Each transaction on the public blockchain contains substantially the obfuscated status of the current ID code.
The problem associated to the use of TAID codes in a public blockchain is related to issues of privacy and anonymity. In order to solve these problems, the invention therefore aims at providing a secure communication protocol for effecting a new transaction with a TAID code.
A TAID code is public and, like a conventional electronic wallet, is associated to a pair of private and public keys that may vary over time. Therefore, in order to start a transaction between two subjects A and B, these conditions must be met:
- A sends B KA ^TAIDA)
TAIDA and KA are public and therefore B can verify the identity of A;
- B sends A [KB/TAIDB), KA (f(TAIDA))];
By using the first part of the message, the subject A can verify the identity of B, as B has made with A.
In the second part of the message, B generates a nonce N, for example a pseudo- casual number that guarantees that only A and B can identify it, by using the function /TAIDA).
The transaction is effected as it took place between two standard wallets, but instead of signing the transaction by using the scriptPublicKey (the hash of the public key of the electronic wallet), the transaction is double signed by using HASH(g(TAIDA,N)) and HASH(g(TAIDB,N)), where g is a signature function, shared between A and B.
This step allows to write in the blockchain not the TAID of the recipient, but a value comprehensible only to A and B. It is to be noted that this NONCE can be interpreted as an advanced form of OTP (One Time Password).
A e B update their own TAIDs by using a well-known function UPDATE(TAIDi) = TAIDi+i which must guarantee the uniqueness of each TAID.
The protocol according to the invention therefore guarantees: Anonymity: the TAIDs are never written in the blockchain, what is written corresponds to K 1 (g(TAID,N)) and only the subjects involved in the transaction know N.
Privacy: each user who has participated in a transaction can display it, because he/she knows the nonce. As a result, these NONCEs are the bases for updating the TAID.
In addition, if the TAID is considered as an identity associated to an electronic wallet, it can be accepted by the major cryptocurrencies.
The invention finds special application in networks of the blockchain type. The transactions can essentially be of any kind compatible with the network and with the entities concerned. Such transactions are mainly, though not exclusively, financial transactions, or transactions involving transfer of ownership of movable or immovable, real or intangible assets.
The invention can be applied in all those environments in which it is necessary to meet transaction demands, issue digital and "smart" contracts without or with any physical products being involved.
The process of creation and evolution, i.e. of first issuance and subsequent modification, respectively, of a TAID code will be described below.
The allocation and creation of TAIDs is effected by collecting personal and biometric data through a process certified by an entity that validates the input data. Personal data can be: name, surname, date of birth, residence and identity documents and others. Biometric data can be: signature, face scan, voice sampling, signature, iris, ear shape and any other biometric element.
According to the invention, the following are generated:
- a Global Unique Identifier GUID (Global Unique Identifier) of 128 bits, consisting of a pseudo-causal number used in software programming, in order to distinguish various objects;
- a hash function of 128 bits, which summarizes the personal information;
- a hash function of 128 bits, which summarizes the biometric information (what I am).
- a hash function of 128 bits which collects the information about what I know (passwords, codes, information).
These three groups of information are then joined, generating a string of 128 + 128 + 128 + 128 = 512 bits, in the order [GUID | personal data | biometric data | password].
With 512 bits there are 2512 possibilities corresponding to 10152. It is hypothesized: a population of 30 billion individuals over the next 100 years, an average life span of 75 years and a change of identity per year for each individual. This allows to have around 10135 different identities per individual.
Subsequent modifications of the TAlDs can be carried out at the same authority or with an autonomous mechanism and registered in the network.
The string of bits is modified when the characteristics of the two groups of personal and biometric data are modified and/or upon autonomous invocation of a new GUID. It is not necessary to change the data of the single groups at the same time.
In a variant of the method, it is also possible to hypothesize the creation of the first identity autonomously, that is, without interacting with the authority that will guard the identities, with a remote onboarding mechanism.
Unlocking of TAID identities can occur according to four distinct individual modalities or a combination thereof by using what one is (biometric features), what one knows, what one owns or the history of past identities or combination of past identities. Example 1
User Ul assigns patent PI to user U2.
The authority responsible for recording the transaction, in this case the government patent office UB, verifies the contents of the contact in order to certify the authenticity of the transfer of ownership and publishes the name of the new owner in the public patent register.
User U3 checks who the owner of the patent Pl is, but he/she cannot get to know the amount paid for the transfer of the patent Pl from the user Ul to the user U2.
The revenue authority TA checks, during an asset verification, the transaction effected between U 1 and U2 and acquires the amount paid by U2 for the transfer of the patent.
In this example, the method according to the invention allows that:
a) Third parties, for example U3, access public data of the contract concerning the transaction, i.e. the name of the owner U2 of the patent Pl ;
b) The counterparts Ul and U2 access private data of the contract (amount paid, terms and conditions, etc.);
c) The authority UB responsible for validating the contract validates the contract and enters the transfer of ownership onto the public registers;
d) The revenue authority TA access the reserved information within the limits of the role carried out by said authority (amount paid and fees paid).

Claims

1. Method for effecting transactions in a computer network of mutually connected, encrypted records, comprising an electronic system for creating an adaptive digital identity TAID, an entity certifying the validity of the process of creation and of the data input upon the first TAID registration, an electronic wallet allowing to keep the generated identity, a blockchain network in which said adaptive identity evolves over time on the basis of evolutions of the status of the person linked to such identity, a method for connecting the various adaptive identities over time to the initial identity, a method for securely unlocking the use of such identity in a digital transaction, a method for allowing controlling authorities to effect a verification in order to track the initial physical identity of the person linked to the TAID and check the effected transactions. Method wherein the TAID is registered and concatenated in order to be traced back, so that a plurality of subsequent transactions effected by the same subject are associated to always different adaptive identities. Method allowing obfuscation, privacy and inalterability of said digital identity. System comprising a blockchain. Method allowing to consolidate all the digital identities of an individual into a single identity concatenated to the others.
2. Method according to claim 1, wherein the uni vocal adaptive identifying code (TAID) comprises a digital code incorporating uni vocal data associated to what the subject owns, what the subject is and what the subject knows.
3. Method according to claim 1 or 2, wherein said univocal data associated to what the subject owns include uni vocal information on at least one object owned by the subject, wherein said object may include a smart-card, a mobile phone, a flash drive, a bank card, an identifying document.
4. Method according to claim 1 or 2 or 3, wherein said univocal data associated to what the subject is include univocal information on at least one physical characteristic of the subject, wherein said physical characteristic may include univocal biometric data relating to the subject.
5. Method according to claim 4, wherein said biometric data include a scanned image of a part of the body of the subject.
6. Method according to claim 4, wherein said biometric data refer to voice recording.
7. Method according to claim 4, wherein said biometric data refer to face detection.
8. Method according to claim 4, wherein said biometric data refer to the detection of signature biometric data.
9. Method according to any of the claims 1 to 8, wherein said uni vocal data associated to what the subject knows include a code or a password.
10. Method according to claim 1 or 2, wherein said network is a blockchain network.
11. Architecture for effecting transactions in a computer network of mutually connected, encrypted records, comprising an entity capable of generating or certifying a univocal adaptive identifying code (TAID) by which a subject participating in the transaction is identified, whereby a plurality of subsequent transactions effected by the same subject are associated, by said entity, to always different adaptive identities.
12. Architecture according to claim 11, wherein the univocal adaptive identifying code (TAID) include a digital code incorporating univocal data associated to what the subject owns, what the subject is and what the subject knows.
13. Architecture according to claim 11 or 12, wherein said network is a blockchain network.
14. Unlocking of the TAID identity of claim 1 by using biometric characteristics.
15. Unlocking of the TAID identity of claim 1 by using characteristics of something I know.
16. Unlocking of the TAID identity of claim 1 by using characteristics of something I own.
17. Unlocking of the TAID identity of claim 1 by using the history and combination of past identities.
18. Unlocking of the TAID identity of claim 1 by using a combination of the characteristics listed in claims 14, 15, 16, 17.
PCT/IB2019/000044 2018-02-19 2019-02-14 Method and architecture for creating a trusted digital identity which is self-adaptive over time by using blockchain architectures and is used for carrying out digital transactions WO2019158991A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CH0201/18 2018-02-19
CH00201/18A CH714666A2 (en) 2018-02-19 2018-02-19 Method and architecture for creating a self-adaptive verified digital identity over time with the use of blockchain architectures for the execution of digital transactions.

Publications (1)

Publication Number Publication Date
WO2019158991A1 true WO2019158991A1 (en) 2019-08-22

Family

ID=65818549

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2019/000044 WO2019158991A1 (en) 2018-02-19 2019-02-14 Method and architecture for creating a trusted digital identity which is self-adaptive over time by using blockchain architectures and is used for carrying out digital transactions

Country Status (2)

Country Link
CH (1) CH714666A2 (en)
WO (1) WO2019158991A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110825814A (en) * 2019-11-20 2020-02-21 陈学凡 Method for creating citizen identity block chain based on national population basic information

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9635000B1 (en) * 2016-05-25 2017-04-25 Sead Muftic Blockchain identity management system based on public identities ledger
US20170243213A1 (en) * 2016-02-22 2017-08-24 Bank Of America Corporation System to enable contactless access to a transaction terminal using a process data network

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170243213A1 (en) * 2016-02-22 2017-08-24 Bank Of America Corporation System to enable contactless access to a transaction terminal using a process data network
US9635000B1 (en) * 2016-05-25 2017-04-25 Sead Muftic Blockchain identity management system based on public identities ledger

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110825814A (en) * 2019-11-20 2020-02-21 陈学凡 Method for creating citizen identity block chain based on national population basic information

Also Published As

Publication number Publication date
CH714666A2 (en) 2019-08-30

Similar Documents

Publication Publication Date Title
US11200340B2 (en) Method and system for managing personal information within independent computer systems and digital networks
US10810290B2 (en) Robust method and an apparatus for authenticating a client in non-face-to-face online interactions based on a combination of live biometrics, biographical data, blockchain transactions and signed digital certificates
EP3631664B1 (en) Secure biometric authentication using electronic identity
RU2747947C2 (en) Systems and methods of personal identification and verification
Lee et al. Electronic voting service using block-chain
JP3220620U (en) System to realize blockchain multi-factor personal identity authentication
CN111066283A (en) System and method for communicating, storing and processing data provided by entities on a blockchain network
CN112789823B (en) Block chain-based competitive election network system and competitive election method
JP6293716B2 (en) Anonymous communication system and method for joining the communication system
KR20210040078A (en) Systems and methods for safe storage services
JP2006246543A (en) Cryptographic system and method with key escrow function
JPH10504150A (en) A method for securely using digital signatures in commercial cryptosystems
CN112352238A (en) Multiple signature security account control system
TW200427284A (en) Personal authentication device and system and method thereof
CN112789642A (en) Association of identities in a distributed database
Pathak et al. Blockchain based e-voting system
CN106911722A (en) A kind of intelligent cipher signature identity differentiates mutual authentication method and system
Ghafourian et al. Combining blockchain and biometrics: A survey on technical aspects and a first legal analysis
WO2019158991A1 (en) Method and architecture for creating a trusted digital identity which is self-adaptive over time by using blockchain architectures and is used for carrying out digital transactions
Noam et al. Realizing privacy aspects in blockchain networks
Hariharasudan et al. A Review on Blockchain Based Identity Management System
Blythe Finland's Electronic Signature Act and E-Government Act: Facilitating Security in E-Commerce and Online Public Services
US11159578B1 (en) Apparatus and method for managing digital identities and controlling their correlation to legal identities
US20240169349A1 (en) Method for Attestation of a Hardware Wallet of a Blockchain
NL2026713B1 (en) A Blockchain Privacy Protection System and Its Method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19712267

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19712267

Country of ref document: EP

Kind code of ref document: A1