US2021334808A1PendingUtilityA1

Identity management service using a blockchain providing certifying transactions between devices

70
Assignee: PING IDENTITY CORPPriority: May 5, 2015Filed: Dec 15, 2020Published: Oct 28, 2021
Est. expiryMay 5, 2035(~8.8 yrs left)· nominal 20-yr term from priority
Inventors:Armin Ebrahimi
H04L 63/0861G06F 21/33G06F 21/32H04L 9/3231H04L 9/50G06K 19/06028H04L 9/302H04W 12/04H04L 9/3252H04W 12/06G06Q 20/02H04L 9/3247H04L 9/3066G06Q 20/3825G06Q 20/3276G06F 21/645G06Q 20/4014G06Q 20/3827G06F 21/31G06Q 20/065H04L 9/30G06F 21/64H04L 9/3268G06K 19/06037H04L 9/3239H04W 12/77H04L 9/14G06Q 2220/00H04L 9/0637H04L 9/3249H04L 9/0643G06F 21/34H04L 9/3236H04L 2209/38
70
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Logic on a first remote device receives a first transaction number and personal data transmitted from a second remote device. The first transaction number was received from a distributed public database in response to a transmission, from the second remote device, of a signed hash value and a first public key associated with a first private key on the second remote device. The signed hash value was created by signing a hash value with the first private key and the hash value was generated by hashing the personal data with a hashing algorithm on the second remote device. The logic uses the first transaction number to retrieve the signed hash value and the first public key from the distributed public database. The logic hashes the personal data using the hashing algorithm to create a generated hash value and verifies the signed hash value against the generated hash value.

Claims

exact text as granted — not AI-modified
1 .- 8 . (canceled) 
     
     
         9 . A non-transitory processor-readable medium storing code representing instructions to be executed by a processor, the instructions comprising code to cause the processor to:
 receive, at a user device, data associated with a credential of a user;   generate a first hash value by hashing the data using a hashing method;   send, to a distributed database, the first hash value such that the first hash value is stored in the distributed database as associated with a transaction identifier;   receive, from the distributed database, the transaction identifier;   encrypt the data and the transaction identifier to produce an encrypted package; and   send, to a certifier device, the encrypted package such that the certifier device (1) decrypts the encrypted package to obtain the data and the transaction identifier, (2) obtains the first hash value from the distributed database using the transaction identifier, (3) generates a second hash value by hashing the data using the hashing method, and (4) certifies the credential of the user based on comparing the first hash value with the second hash value.   
     
     
         10 . The non-transitory processor-readable medium of  claim 9 , wherein the credential of the user is at least one of a driver's license, a passport, an employee badge, a military identification, a political identification, a student identifier, a library card or a social club card. 
     
     
         11 . The non-transitory processor-readable medium of  claim 9 , further comprising code to cause the processor to:
 digitally sign the first hash value to define a signed first hash value, the code to cause the processor to send the first hash value includes code to cause the processor to send the first hash value as the signed first hash value.   
     
     
         12 . The non-transitory processor-readable medium of  claim 9 , further comprising code to cause the processor to:
 digitally sign the first hash value to define a signed first hash value, the code to cause the processor to send the first hash value includes code to cause the processor to send the first hash value as the signed first hash value,   the code to cause the processor to send the encrypted package includes code to cause the processor to send the encrypted package such that the certifier device verifies the signed first hash value using a public key associated with the user device.   
     
     
         13 . The non-transitory processor-readable medium of  claim 9 , wherein the code to cause the processor to encrypt the data and the transaction identifier includes code to cause the processor to encrypt the data and the transaction identifier using a public key associated with the certifier device such that the certifier device decrypts the encrypted package using a private key associated with the public key. 
     
     
         14 . The non-transitory processor-readable medium of  claim 9 , further comprising code to cause the processor to:
 generate a barcode based on the encrypted package, the code to cause the processor to send the encrypted package includes code to cause the processor to send the encrypted package to the certifier device using the barcode.   
     
     
         15 . The non-transitory processor-readable medium of  claim 9 , further comprising code to cause the processor to:
 receive, from the certifier device, a certification record based on the certifier device certifying the credential of the user.   
     
     
         16 . The non-transitory processor-readable medium of  claim 9 , further comprising code to cause the processor to:
 receive, from the certifier device, a certification record based on the certifier device certifying the credential of the user;   define an acknowledgement record based on the certification record; and   send the acknowledgement record to the distributed database such that the acknowledgement record is stored in the distributed database.   
     
     
         17 . A method, comprising:
 receiving, at a user device, data of a user;   generating a first hash value by hashing the data using a hashing method;   digitally signing the first hash value to produce a signed first hash value;   storing the signed first hash value in a distributed database;   receiving, from the distributed database, a transaction identifier associated with the signed first hash value stored in the distributed database; and   sending, to a certifier device, the data and the transaction identifier such that the certifier device (1) obtains the signed first hash value from the distributed database using the transaction identifier, (2) generates a second hash value by hashing the data using the hashing method, and (3) certifies the data of the user based on verifying a digital signature of the signed first hash value and comparing the first hash value with the second hash value.   
     
     
         18 . The method of  claim 17 , wherein the digitally signing includes digitally signing the first hash value using a private key associated with the user device to produce the signed first hash value, the certifier device verifying the digital signature using a public key associated with the private key. 
     
     
         19 . The method of  claim 17 , further comprising:
 receiving a certification record from the certifier device;   defining an acknowledgement record based on the certification record; and   storing the acknowledgement record in the distributed database.   
     
     
         20 . The method of  claim 17 , further comprising:
 encrypting, using a public key of the certifier device, the data and the transaction identifier prior to sending the data and the transaction identifier to the certifier device such that the certifier device decrypts the data and the transaction identifier using a private key associated with the public key.   
     
     
         21 . The method of  claim 17 , wherein the data is from a credential of the user, the credential is at least one of a driver's license, a passport, an employee badge, a military identification, a political identification, a student identifier, a library card or a social club card. 
     
     
         22 . The method of  claim 17 , further comprising:
 generating a barcode based on the data and the transaction identifier, the sending the data and the transaction identifier includes sending the data and the transaction identifier to the certifier device using the barcode.   
     
     
         23 . An apparatus, comprising:
 a memory; and   a processor operatively coupled to the memory, the processor configured to:
 receive, at a user device, data of a user; 
 generate a first hash value by hashing the data; 
 store the first hash value in a distributed database; 
 receive, from the distributed database, a first transaction identifier, the first transaction identifier associated with the first hash value stored in the distributed database; 
 send, to a certifier device, the data and the first transaction identifier such that the certifier device (1) obtains the first hash value from the distributed database using the first transaction identifier, (2) generates a second hash value by hashing the data, and (3) defines a certification record based on comparing the first hash value with the second hash value; 
 receive, from the certifier device, the certification record and a second transaction identifier, the second transaction identifier associated with a third hash value in the distributed database; 
 retrieve the third hash value from the distributed database using the second transaction identifier; 
 generate a fourth hash value by hashing the certification record; and 
 define an acknowledgement record associated with the certification record based on comparing the third hash value with the fourth hash value. 
   
     
     
         24 . The apparatus of  claim 23 , wherein the certification record and the second transaction identifier are digitally signed by the certifier device using a private key of the certifier device, the processor configured to define the acknowledgement record based on verifying a digital signature of the certification record and the second transaction identifier using a public key associated with the private key. 
     
     
         25 . The apparatus of  claim 23 , wherein the processor is configured to:
 encrypt, using a public key of the certifier device, the data and the first transaction identifier prior to sending the data and the first transaction identifier to the certifier device such that the certifier device decrypts the data and the first transaction identifier using a private key associated with the public key.   
     
     
         26 . The apparatus of  claim 23 , wherein the acknowledgement record includes the certification record and the second transaction identifier. 
     
     
         27 . The apparatus of  claim 23 , wherein the processor is configured to store the acknowledgement record in the distributed database. 
     
     
         28 . The apparatus of  claim 23 , wherein the data is from a credential of the user, the credential is at least one of a driver's license, a passport, an employee badge, a military identification, a political identification, a student identifier, a library card or a social club card.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.