US2020053078A1PendingUtilityA1

System and methods for sharing and trading user data and preferences between computer programs and other entities while preserving user privacy

56
Assignee: SENSORIANT INCPriority: Dec 8, 2016Filed: Jun 10, 2019Published: Feb 13, 2020
Est. expiryDec 8, 2036(~10.4 yrs left)· nominal 20-yr term from priority
Inventors:Shamim A. Naqvi
H04L 9/3236H04L 63/0861H04L 63/0407H04L 9/3231H04L 2209/38H04L 9/50Y04S40/20
56
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Systems and methods are provided which allow computer programs or other entities to share user data and information so that users may be authenticated and their preferences shared among entities in networked environments and machines. Cryptographic credentials are generated for these purposes. While the credentials can be shared to provide entities with user authentication and preference data, a salient feature of the sharing technology is that the user is always in control of, and integral to, the sharing protocol. Moreover, the sharing preserves the privacy of the user's data.

Claims

exact text as granted — not AI-modified
1 . A method of generating a cryptographic credential for authenticating a user, comprising:
 receiving, by a user interface of a computing device, user data from the user to be authenticated;   generating, by the computing device, a proving key (PK), a verifying key (VK) that is complementary to the PK, and an encrypted data object that represents the user data, the generating being performed by inputting service logic and the user data to a key generating engine (KGE) such that the PK, the VK and the encrypted data object are all a function of both the service logic and the user data;   generating, by the computing device, a cryptographic proof by inputting the PK and the encrypted data object to a proof generating engine (PGE) such that the user data represented by the cryptographic proof is verifiable by inputting the proof, the VK and encrypted data object to a proof verifying engine (PVE);   creating the cryptographic credential from (i) the cryptographic proof and the encrypted data object or (ii) the VK and the encrypted data object; and   transmitting the one of the VK and the cryptographic proof that is not included in the cryptographic credential from the computing device to a verifying entity over one or more communication networks such that a third party receiving the cryptographic credential from the computing device is able to verify the user data represented by the cryptographic proof by sending the cryptographic credential to the verifying entity.   
     
     
         2 . The method of  claim 1 , wherein creating the cryptographic credential includes generating the cryptographic credential on the computing device. 
     
     
         3 . The method of  claim 1 , wherein the user data includes biometric data of the user. 
     
     
         4 . The method of  claim 3 , wherein the biometric data is fingerprint data. 
     
     
         5 . A method of generating a cryptographic credential for authenticating a user, comprising:
 receiving, by a user interface of a computing device, user data from the user to be authenticated;   generating, by the computing device, a PK, a VK that is complementary to the PK, and an encrypted data object that represents the user data, the generating being performing by inputting service logic and the user data to a KGE such that the PK, the VK and the encrypted data object are all a function of both the service logic and the user data;   generating, by the computing device, a cryptographic proof by inputting the PK and the encrypted data object to a PGE such that the user data represented by the cryptographic proof is verifiable by inputting the proof, the VK and encrypted data object to a PVE;   transmitting the cryptographic proof, the encrypted data object and the VK to a service provider over one or more communication networks, the service provider generating a second PK, a second VK that is complementary to the second PK, a second encrypted data object that represents the encrypted user data object plus additional data, and a second cryptographic proof, the generating being performing by inputting second service logic and the encrypted user data object plus the additional data to a second KGE such that the second PK, the second VK and the second encrypted data object are all a function of both the second service logic and the encrypted user data object plus the additional data, the generating of the second cryptographic proof being performed by inputting the second PK and the second encrypted data object to a second PGE;   receiving, by the computing device over one or more communication networks, a cryptographic credential created by the service provider from (i) the second cryptographic proof and the second encrypted data object or (ii) the second VK and the second encrypted data object; and   providing the cryptographic credential to a third party that is able to verify the user data represented by the cryptographic proof by sending the cryptographic credential to a verifying entity that is in possession of the one of the second VK and the second cryptographic proof that is not included in the cryptographic credential.   
     
     
         6 . The method  claim 5 , further comprising:
 storing the cryptographic credential on a storage medium associated with the computing device so that it is retrievable by an electronic wallet application executable on the computing device;   responsive to a user request to provide the cryptographic credential to the third party, requesting receipt of another representation of the user data through the user interface of the computing device, the electronic wallet application only providing the cryptographic credential to the third party if the user data is determined to match the another representation of the user data.   
     
     
         7 . The method of  claim 5 , further comprising receiving the KGE and the PGE from the service provider. 
     
     
         8 . The method of  claim 7 , wherein the KGE and the PGE are included in an application executable on the computing device. 
     
     
         9 . The method of  claim 5 , wherein the service provider includes a blockchain system for storing the second PK, the second VK and the second encrypted data object. 
     
     
         10 . A method of generating a cryptographic credential for authenticating a user, comprising:
 receiving from a computing device over one or more communication networks a verifying key (VK) that is complementary to a proving key (PK), an encrypted data object that represents user data received by the computing device from the user and a cryptographic proof, the PV, VK and the encrypted data object having been generated on the computing device by inputting service logic and the user data to a key generating engine (KGE) such that the PK, the VK and the encrypted data object are all a function of both the service logic and the user data, the cryptographic proof having been generated by the computing device by inputting the PK and the encrypted data object to a proof generating engine (PGE) such that the user data represented by the cryptographic proof is verifiable by inputting the cryptographic proof, the VK and encrypted data object to a proof verification engine (PVE);   generating a second PK, a second VK that is complementary to the second PK, a second encrypted data object that represents the encrypted user data object plus additional data, and a second cryptographic proof, the generating of the second PK, the second VK and the second encrypted data object being performing by inputting second service logic and the encrypted user data object plus the additional data to a second KGE such that the second PK, the second VK and the second encrypted data object are all a function of both the second service logic and the encrypted user data object plus the additional data, the generating of the second cryptographic proof being performed by inputting the second PK and the second encrypted data object to a second PGE;   creating a cryptographic credential from (i) the second cryptographic proof and the second encrypted data object or (ii) the second VK and the second encrypted data object;   transmitting the cryptographic credential to the computing device over the one or more communication networks; and   transmitting the one of the second VK and the second cryptographic proof that is not included in the cryptographic credential to a verifying entity such that a third party receiving the cryptographic credential from the computing device is able to verify the user data represented by the cryptographic proof by sending the cryptographic credential to the verifying entity.   
     
     
         11 . The method of  claim 10 , wherein transmitting the cryptographic credential to the computing device and transmitting the one of the second VK and the second cryptographic proof that is not included in the cryptographic credential to the verifying entity are performed as an atomic operation. 
     
     
         12 . The method of  claim 10 , wherein the first and second KGEs are the same or different KGEs. 
     
     
         13 . The method of  claim 10 , wherein the first and second PGEs are the same or different PGEs. 
     
     
         14 . The method of  claim 10 , further comprising storing the second PK, the second VK and the second encrypted data object in a blockchain system. 
     
     
         15 .- 22 . (canceled)

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.