Identity Management Service Using A Block Chain Providing Identity Transactions Between Devices
Abstract
Logic on a first remote device causes the capture of personal data identifying a user from an identification card. The logic generates a hash value from the personal data using a hashing algorithm and signs the hash value with a digital signature created using a private key paired with a public key. The logic transmits, over a network, the signed hash value and the public key from the remote device to a distributed public database for storage. The logic receives, over the network, a transaction number from the distributed public database. The logic then transmits the transaction number and the personal data to a second remote device. Logic on the second remote device verifies that the hash value in the signed hash value is the same as a generated hash value and verifies that the signed hash value was signed with the private key.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method of certification, comprising operations of:
receiving, on a first device, a first transaction number and biometric data of a user transmitted from a second device, wherein the first transaction number was received from a distributed public database in response to a transmission, from the second device, of a signed hash value, wherein the signed hash value was created by signing a hash value with a first private key on the second device, and wherein the hash value was generated by hashing the biometric data with a hashing algorithm on the second device; using by the first device the first transaction number to retrieve the signed hash value from the distributed public database; hashing by the first device the biometric data using the hashing algorithm to create a generated hash value; and verifying by the first device that the retrieved signed hash value was signed with the first private key using a first public key that is paired with the first private key and the generated hash value, wherein a certification record is created for the verification.
2 . The method of claim 1 , further comprising:
receiving on the first device the first public key associated with the first private key from the second device.
3 . The method of claim 1 , further comprising:
wherein the first transaction number was received from the distributed public database in response to a transmission, from the second device, of the signed hash value and the first public key associated with the first private key.
4 . The method of claim 1 , further comprising:
verifying by the first device that the hash value in the retrieved signed hash value from the distributed public database is the same as the generated hash value based on the generated hash value, the retrieved signed hash value, and the first public key.
5 . The method of claim 1 , wherein the receiving a first transaction number and biometric data comprises:
receiving, on the first device, the first transaction number and the biometric data that is encrypted by the second device using a second public key of the first device associated with a second private key on the first device; decrypting by the first device the encrypted first transaction number and biometric data using the second private key.
6 . The method of claim 5 , wherein the second hashing algorithm is identical to the hashing algorithm used to hash the biometric data.
7 . The method of claim 5 , wherein the certification record includes a timestamp.
8 . The method of claim 1 , wherein the receiving a first transaction number and biometric data comprises:
receiving, on the first device, the first transaction number, the biometric data, and a real-time token from the second device, wherein the hash value was generated on the second device by hashing the biometric data and the real-time token, wherein the signed hash value was created on the second device by signing the hash value of the biometric data and the real-time token with the first private key of the second device; wherein the generated hash value is created on the first device by hashing the biometric data and the real-time token using the hashing algorithm.
9 . The method of claim 1 , further comprising:
generating by the first device the certification record including the first transaction number and the biometric data; generating by the first device a second hash value by hashing the certification record; signing by the first device the second hash value with a second private key on the first device; sending by the first device the signed second hash value to the distributed public database; and receiving by the first device a second transaction number from the distributed public database.
10 . The method of claim 9 , further comprising:
sending by the first device the second transaction number and the certification record to the second device.
11 . The method of claim 1 , wherein the distributed public database is a block chain that receives data for storage from a plurality of entities, the data received for storage is configured to be processed to generate a transaction record that is dependent on previous data stored to the block chain, wherein transaction record being dependent on previous data stored to the block chain ensures that data stored to the block chain is not modifiable, as later data stored to the block chain continues to be dependent on previous data stored to the block chain.
12 . A non-transitory computer-readable medium storing a computer program for implementing a method, the computer-readable medium comprising:
program instructions for receiving, on a first device, a first transaction number and biometric data of a user transmitted from a second device, wherein the first transaction number was received from a distributed public database in response to a transmission, from the second device, of a signed hash value, wherein the signed hash value was created by signing a hash value with a first private key on the second device, and wherein the hash value was generated by hashing the biometric data with a hashing algorithm on the second device; program instructions for using by the first device the first transaction number to retrieve the signed hash value from the distributed public database; program instructions for hashing by the first device the biometric data using the hashing algorithm to create a generated hash value; and program instructions for verifying by the first device that the retrieved signed hash value was signed with the first private key using a first public key that is paired with the first private key and the generated hash value, wherein a certification record is created for the verification.
13 . The computer-readable medium of claim 12 , wherein the first transaction number was received from the distributed public database in response to a transmission, from the second device, of the signed hash value and the first public key associated with the first private key.
14 . The computer-readable medium of claim 12 , further comprising:
program instructions for verifying by the first device that the hash value in the retrieved signed hash value from the distributed public database is the same as the generated hash value based on the generated hash value, the retrieved signed hash value, and the first public key.
15 . The computer-readable medium of claim 12 , wherein program instructions for receiving a first transaction number and biometric data comprises:
program instructions for receiving, on the first device, the first transaction number and the biometric data that is encrypted by the second device using a second public key of the first device associated with a second private key on the first device; decrypting by the first device the encrypted first transaction number and biometric data using the second private key.
16 . The computer-readable medium of claim 12 , wherein the receiving a first transaction number and biometric data comprises:
receiving, on the first device, the first transaction number, the biometric data, and a real-time token from the second device, wherein the hash value was generated on the second device by hashing the biometric data and the real-time token, wherein the signed hash value was created on the second device by signing the hash value of the biometric data and the real-time token with the first private key of the second device; wherein the generated hash value is created on the first device by hashing the biometric data and the real-time token using the hashing algorithm.
17 . The computer-readable medium of claim 12 , wherein the distributed public database is a block chain that receives data for storage from a plurality of entities, the data received for storage is configured to be processed to generate a transaction record that is dependent on previous data stored to the block chain, wherein transaction record being dependent on previous data stored to the block chain ensures that data stored to the block chain is not modifiable, as later data stored to the block chain continues to be dependent on previous data stored to the block chain.
18 . A computer system comprising:
a processor; and memory coupled to the processor and having stored therein instructions that, if executed by the computer system, cause the computer system to execute a method comprising:
receiving, on a first device, a first transaction number and biometric data of a user transmitted from a second device, wherein the first transaction number was received from a distributed public database in response to a transmission, from the second device, of a signed hash value, wherein the signed hash value was created by signing a hash value with a first private key on the second device, and wherein the hash value was generated by hashing the biometric data with a hashing algorithm on the second device;
using by the first device the first transaction number to retrieve the signed hash value from the distributed public database;
hashing by the first device the biometric data using the hashing algorithm to create a generated hash value; and
verifying by the first device that the retrieved signed hash value was signed with the first private key using a first public key that is paired with the first private key and the generated hash value,
wherein a certification record is created for the verification.
19 . The computer system of claim 18 , wherein the first transaction number in the method was received from the distributed public database in response to a transmission, from the second device, of the signed hash value and the first public key associated with the first private key
20 . The computer system of claim 18 , wherein the method further comprises:
verifying by the first device that the hash value in the retrieved signed hash value from the distributed public database is the same as the generated hash value based on the generated hash value, the retrieved signed hash value, and the first public key.
21 . The computer system of claim 18 , wherein the receiving a first transaction number and biometric data in the method comprises:
receiving, on the first device, the first transaction number and the biometric data that is encrypted by the second device using a second public key of the first device associated with a second private key on the first device; decrypting by the first device the encrypted first transaction number and biometric data using the second private key.
22 . The computer system of claim 18 , wherein the receiving a first transaction number and biometric data in the method comprises:
receiving, on the first device, the first transaction number, the biometric data, and a real-time token from the second device, wherein the hash value was generated on the second device by hashing the biometric data and the real-time token, wherein the signed hash value was created on the second device by signing the hash value of the biometric data and the real-time token with the first private key of the second device; wherein the generated hash value is created on the first device by hashing the biometric data and the real-time token using the hashing algorithm.
23 . The computer system of claim 18 , wherein in the method the distributed public database is a block chain that receives data for storage from a plurality of entities, the data received for storage is configured to be processed to generate a transaction record that is dependent on previous data stored to the block chain, wherein transaction record being dependent on previous data stored to the block chain ensures that data stored to the block chain is not modifiable, as later data stored to the block chain continues to be dependent on previous data stored to the block chain.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.