Patent Grant
12143816
The present disclosure relates to generation, management, and use of digital credentials with individual identity attributes validated by various trusted entities.
Traditional methods for presenting identification lead to unnecessary disclosure of extraneous information not requested (or desired) by recipients, posing a significant challenge to privacy and security. Conventional identification documents (such as a person's driver's license or passport), which can reveal a large set of personal information that should remain confidential, are issued by, and accepted from, a limited number of authorities and are not tailored to particular situations.
Various embodiments of the disclosure relate to a method implemented via a mobile device. The mobile device may run a mobile application comprising, or having access to, an identity wallet. The identity wallet may comprise one or more digital credentials. The digital credentials may be stored at the mobile device and/or at a remote system such as, for example, a credential management system or other wallet provider system. The method may comprise receiving a first signal corresponding with an identity request. The first signal may be received by the mobile device from a receiver device. The receiver device may be associated with, or may be a part of, an entity or entities (healthcare or financial organizations, governmental bodies, smart devices, etc.) requesting or requiring demonstration or proof of one or more identity attributes. The receiver device may be a smart device or may request and/or accept digital credentials for a smart device. The method may comprise determining that the identity request of the first signal comprises a request to prove an identity attribute. That the identity request of the first signal comprises the request to prove the identity attribute may be determined at the mobile device, such as by the mobile application, or the mobile application may transmit the first signal (or a version thereof) to a remote system or other computing device, and the result of the determination may be transmitted back to the mobile device following the determination by the remote system or the other computing device. The method may comprise identifying a digital credential, in the identity wallet, corresponding to the identity attribute. The identified digital credential may attest to the identity attribute. The digital credential may include or identify the identity attribute or other identity data (or a pointer thereto). The digital credential may, alternatively or additionally, include or identify a digital key (or pointer thereto) associated with an ID issuer or other trusted entity, and/or information on a distributed ledger enabling, for example, verification of the digital credential using blockchain technology. The digital key and/or distributed ledger may indicate or demonstrate that the trusted entity has validated certain identity data of the user. The digital credential (e.g., in an accessible identity wallet) that would serve to prove the requested identity attribute may be identified by the mobile device (e.g., by the mobile application, which runs on the mobile device, accessing the identity wallet or records associated therewith). The method may comprise displaying a graphical user interface (GUI) via one or more user interfaces (e.g., via a display screen) of the mobile computing device. The GUI may be displayed by the mobile application. The GUI may comprise a list with one or more selectable identity attributes and/or one or more digital credentials corresponding with and validating one or more identity attributes. The list may, for each identity attribute and/or digital credential, provide an identification of the corresponding validating entity. The list may include the one or more digital credentials of the trusted entity that attests to or validates the identity attribute. The digital credential and/or identity attribute may be selectable via one or more user interfaces (e.g., via touchscreen or other input mechanism) of the mobile device. The method may comprise receiving a second signal generated by the mobile device, such as by an operating system or other component of the mobile device that, for example, is capable of sensing inputs into one or more user interfaces of the mobile device. The second signal may be received by the mobile application. The second signal may indicate selection of the digital credential and/or identity attribute in the list, such as selection by a user via a touchscreen display used to visually present the GUI with the list. The method may comprise generating a third signal. The third signal may be for provisioning to the receiver device. The third signal may be generated by the mobile device (e.g., by the mobile application running on the mobile device). The third signal may comprise the digital credential (or pointer thereto). The third signal may additionally or alternatively identify the trusted entity corresponding with the digital credential.
In one or more embodiments, the digital credential may be a first digital credential and the trusted entity may be a first trusted entity. The list may identify a second digital credential. The second digital credential may be in the identity wallet. The second digital credential may attest to the same identity attribute attested to by the first digital credential. The second digital credential may have been validated by a second trusted entity distinct from the first trusted entity.
In one or more embodiments, the GUI may be configured to allow a user to select from among multiple digital certificates of multiple trusted entities for proving multiple identity attributes to the receiver device.
In one or more embodiments, the identity attribute may be an extrapolation from identity data elements of a user. The extrapolation may be a deduction or induction from identity data elements. Identity data elements may be data received from one or more sources, and extrapolations may be information about the user that is not itself received (e.g., from a single source) but may be ascertained from received data (e.g., by combining data from one source with other ascertainable facts or by combining data from two or more sources).
In one or more embodiments, the extrapolation may be a determination as to whether the user has reached a minimum age. The determination may be based on a birthdate of the user, which may be an identity data element received from one or more sources. The digital credential may attest to the user having reached the minimum age.
In one or more embodiments, example extrapolations include whether a user is at least 18, 21, 35, or 65, or is between a certain age range such as between 18 and 25 (based on, e.g., the user's birthdate and the current date), whether a user is authorized to operate a vehicle or machinery (based on, e.g., a license and a determination that the license is unexpired based on the current date or is otherwise valid), whether a user is a property owner (based on, e.g., a title or deed and a determination that the title or deed has been properly recorded or executed or is otherwise deemed valid), and so forth. In certain implementations, an extrapolation may yield a binary response (true/false, yes/no, up/down, valid/invalid, on/off, etc.), a range of values (e.g., between 13 and 19 and therefore a teenager), a category (e.g., membership in a club or other organization, being in good standing, or belonging to a class such as being a senior citizen or being a veteran), a number, or any continuous or discrete values.
In one or more embodiments, the method may comprise displaying an image of the user. Alternatively or additionally, the method may comprise displaying an icon indicating the extrapolation (e.g., that the user is at least the minimum age). Alternatively or additionally, the method may comprise displaying an identification of the first trusted entity. The image, icon, and/or identification of the first trusted entity may be displayed by the mobile application on a display screen of the mobile device.
In one or more embodiments, the first signal may be a code displayed on a display device. The code may be displayed by the receiver device on a display screen of the receiver device. Receiving the first signal may comprise the mobile application using an imager, such as a camera or other light sensor, of the mobile device to scan or otherwise detect the displayed code.
In one or more embodiments, the code may be a QR code, a barcode, and/or a set of one or more symbols. The QR code and/or barcode may be displayed by the receiver device. Determining that the QR code and/or barcode comprises the request for the identity attribute may comprise the mobile application deciphering or otherwise analyzing the QR code and/or barcode.
In one or more embodiments, the first signal may be a wireless communication. The wireless communication may be transmitted by the receiver device. The wireless communication may be transmitted directly to the mobile device, such as by device-to-device communication that does not require a network such as the Internet. The wireless communication may be a near-field communication (NFC). The NFC communication may involve, for example, the receiver device and the mobile device. The wireless communication may alternatively or additionally be via another communication protocol such as Bluetooth, Wi-Fi, wireless broadband, etc.
In one or more embodiments, the third signal may comprise a code that includes, points to, or otherwise represents the first credential. The method may comprise displaying the code. The code may be displayed via the one or more user interfaces of the mobile device, such as a display screen of the mobile device.
In one or more embodiments, the third signal may comprise a message with the first digital credential. The method may comprise wirelessly transmitting the message. The message may be transmitted to the receiver device. The message may be transmitted by the mobile device. Wirelessly transmitting the message may comprise directly transmitting the message to the receiver device from the mobile device. The message may be directly transmitted via NFC. Alternatively or additionally, the message may be transmitted via a network, such as the Internet.
Various embodiments of the disclosure relate to a method implemented via a mobile device running a mobile application that has access to an identity wallet which includes digital credentials. The method may comprise receiving a signal corresponding with an identity request. The signal may be received by the mobile device. The signal may be received from a receiver device. The method may comprise displaying a graphical user interface (GUI). The GUI may be displayed by the mobile application. The GUI may be displayed via one or more user interfaces of the mobile computing device, such as a display screen. The GUI may comprise selectable identity attributes. The GUI may comprise, for each identity attribute, an identification of a corresponding validating entity. The method may comprise receiving one or more selections of one or more of the identity attributes. The one or more selections may be received by the mobile application. The one or more selections may be received, for example, from the display screen of the mobile device and/or via an operating system of the mobile device. The method may comprise provisioning one or more digital credentials attesting to the selected identity attributes. The one or more digital credentials may be provisioned by the mobile application. The one or more digital credentials may be provisioned to the receiver device.
In one or more embodiments, the identity attributes may be selectable by, for example, attribute category (e.g., health related, physical attributes, travel, employment, family, etc.), ID set (associated with, e.g., a driver's license, passport, insurance card, or other identification), ID issuer (deemed to be an entity trusted to validate identity attributes in generation of digital credentials), etc.
In one or more embodiments, provisioning the one or more digital credentials may comprise displaying one or more codes. The one or more codes may be displayed via the one or more user interfaces of the mobile device, such as via a display screen of the mobile device. The one or more codes may be displayed for the receiver device. The one or more codes may comprise the one or more digital credentials attesting to the selected identity attributes.
In one or more embodiments, provisioning the one or more digital credentials to the receiver device may comprise transmitting the one or more digital credentials attesting to the selected identity attributes. The one or more digital credentials may be transmitted wirelessly, such as by NFC, Bluetooth, Wi-Fi, wireless broadband, etc. The one or more digital credentials may be transmitted to the receiver device by the mobile device, and/or by a remote system or device involved in validation, issuance, and/or management of digital credentials.
Various embodiments of the disclosure relate to a mobile device running a mobile application. The mobile application may have access to an identity wallet comprising multiple digital credentials. The digital credentials may be validated by multiple ID issuers deemed to be trusted entities. The mobile device may comprise a wireless communications interface. The mobile device may comprise an imager configured to detect ambient light to capture images. The mobile device may comprise one or more user interfaces. The user interfaces may comprise a display device such as a touchscreen display. The one or more user interfaces may be configured for visually presenting graphical elements and for receiving user inputs. The mobile device may comprise a processor and a memory having stored thereon instructions which, when executed by the processor, cause the processor to perform specific functions. The mobile device may be configured to receive a first signal corresponding with an identity request of a receiver device. The first signal may be received via the wireless communications interface and/or via the imager. The mobile device may be configured to determine that the identity request of the first signal comprises a request for proof of validation of one or more identity attributes. The request may require validation by any trusted entity, by a type of trusted entity (e.g., a governmental body or healthcare provider), by a specific trusted entity (e.g., a specific government agency or medical provider). Such requirement related to which trusted entity or trusted entities is or are acceptable or sought-after may be identified in the request. That the identity request comprises a request for, for example, validation of one or more identity attributes (generally, or as validated by a certain trusted entity or type of trusted entity) may be determined via the mobile application. The mobile device may be configured to identify multiple digital credentials in the identity wallet that attest to the identity attributes. The identified digital credentials may have been validated by multiple trusted entities, which may be of different types (e.g., healthcare institution, governmental body, etc.). The digital credentials may identified via the mobile application. The mobile device may be configured to display a graphical user interface (GUI) comprising the digital credentials and/or comprising the identity attributes validated by the identified digital credentials. The GUI may additionally or alternatively comprise an identification of trusted entities corresponding to the digital credentials. The GUI may be displayed via the one or more user interfaces of the mobile device. The digital credentials and/or the identity attributes validated by or otherwise corresponding to the digital credentials may be selectable via the one or more user interfaces. The mobile device may be configured to receive an indication that one or more of the digital credentials presented by the GUI has been selected using the one or more user interfaces. The indication may be received via the mobile application. The indication may be received as a signal from the one or more user interfaces of the mobile device and/or the operating system of the mobile device. The mobile device may be configured to provision the selected digital credentials attesting to the requested identity attributes. The digital credentials may be provisioned to the receiver device. The digital credentials may be provisioned via at least one of the wireless communications interface and the one or more user interfaces (e.g., by being transmitted wirelessly and/or by being displayed as part of a QR or other code on a display screen).
In one or more embodiments, receiving the first signal may comprise detecting a code displayed on a display screen of the receiver device. The code may be detected using the imager of the mobile device. The code may identify the one or more requested identity attributes.
In one or more embodiments, provisioning the selected digital credentials may comprise displaying one or more of the requested identity attributes. Alternatively or additionally, provisioning the selected digital credentials may comprise displaying one or more machine-readable codes. The machine-readable codes may be displayed using a display screen of the mobile device. The machine-readable codes may be configured such that, when scanned and deciphered by the receiver device, the codes reveal one or more of the requested identity attributes and/or digital credentials. The codes may be or comprise, for example, QR codes.
Various embodiments of the disclosure relate to a method implemented via a mobile device running a mobile application, such as an identity wallet application comprising or having access to one or more digital credentials. The method may comprise receiving a first signal corresponding with an identity request. The first signal may be received by the mobile device from a receiver device. The method may comprise determining that the identity request of the first signal comprises a request to prove an identity attribute. That the identity request comprises a request to prove the identity attribute may be determined by the mobile device, such as by or via the mobile application. The method may comprise identifying one or more digital credentials in the identity wallet that attest to the identity attribute. The digital credentials may be identified by or via the mobile application. Each digital credential may have been validated by a different ID issuer deemed to be a trusted entity that attests to or otherwise validates identity attributes. The method may comprise displaying a graphical user interface (GUI). The GUI may be displayed by the mobile application. The GUI may be displayed via one or more user interfaces of the mobile computing device. The GUI may comprise a list with one or more selectable digital credentials and/or identity attributes. The list may, for each digital credential or identity attribute, include an identification of the corresponding validating entity. The list may include the one or more digital credentials that attest to the identity attribute. The digital credentials and/or identity attributes may be selectable via one or more user interfaces of the mobile device. The method may comprise receiving a second signal generated by the mobile device. The second signal may indicate which of the digital credentials and/or identity attributes in the list have been selected. The second signal may be received by the mobile application via, for example, a touchscreen or other input device of, and/or an operating system running on, the mobile device. The method may comprise generating one or more signals comprising the selected digital credentials. The one or more signals may identify the trusted entity for each digital credential. The signals may be generated by the mobile device. The signals may be generated for the receiver device.
In one or more embodiments, the signals may be provisioned to the receiver device. The signals may be provisioned via a wireless transmission, such as a direct wireless communication between the mobile device and the receiver device. The direct wireless communication may be or may comprise one or more of NFC, Bluetooth, Wi-Fi, wireless broadband, etc.
In one or more embodiments, the signals may be provisioned visually. The signals may be provisioned by being displayed via one or more user interfaces, such as a display screen, of the mobile device. The signals may be provisioned by displaying a code, such as a QR code. Provisioning may comprise displaying coded or uncoded versions of one or more of, for example, the digital credential, the corresponding trusted entity, the identity attribute, an image of a user, an extrapolation of data elements, etc.
Various embodiments of the disclosure relate to an approach involving a method, a system, a device, and/or a non-transitory computer readable medium with instructions executable by a processor to cause a system or a computing device, such as a user computing device, to perform specific functions. The approach may involve displaying or causing a display on a user computing device. The display may comprise a plurality of identity attributes pertaining to a user of the user device. Each identity attribute may be validated by an ID issuer, such as a governmental authority or another trusted entity, such as a financial institution, with an incentive to maintain trust and/or prevent fraud. The approach may involve enabling selection by the user of one or more identity attributes among the plurality of identity attributes. The approach may involve provisioning of selected identity attributes to a receiver device. Provisioning may comprise generation of a transmission containing the one or more identity attributes selected by the user of the user device. The transmission may be sent to the receiver device via, for example, NFC or other wireless communication protocol. Alternatively or additionally, the identity attributes may be provisioned to the receiver device via a display of the identity attributes (e.g., in the form of a code such as a QR code) on a display screen of the user device.
Various embodiments of the disclosure relate to an approach involving a method, a system, a device, and/or a non-transitory computer readable medium with instructions executable by a processor to cause a system or a computing device, such as a receiver device, to perform specific functions. The approach may involve enabling selection by a requesting entity such as a smart device or a service provider, via the receiver device, of one or more identity attributes to be requested. The approach may involve displaying by, or causing a display on, a receiver device. The display may comprise a request for one or more identity attributes. The request may be in the form of, for example, a QR code. The approach may additionally or alternatively involve generating a transmission (e.g., by the receiver device) comprising the request for selected identity attributes. The transmission may be sent to the user device directly (e.g., via NFC or otherwise) or via a network (e.g., the Internet). The displayed request may be scanned using a user device of a user and deciphered via the user device to identify the identity attributes being requested. The receiver device may subsequently accept a transmission from the user device. The transmission may contain one or more of the requested identity attributes. Alternatively or additionally, the receiver device may scan or otherwise detect the identity attributes being displayed (e.g., as a code such as a QR code) by the user device (e.g., on a display screen of the user device). The receiver device may compare the received identity attributes to the requested identity attributes to confirm that the requested identity attributes have been provided. The identity attributes may be accompanied by a digital key (or a pointer to where or how the key may be accessed) or identification of a distributed ledger for authentication of the ID issuer and/or for confirmation that the ID issuer validated the identity attribute. The receiver device may then validate the received identity attributes (such as confirming the validity of cryptographic keys to verify that the corresponding trusted entity validated the identity attributes). For example, the receiver device may generate a transmission to a server to obtain information related to the identity attributes and/or validation thereof. The receiver device may then receive a transmission (which may validate the received identity attributes) from the server. The transmission may comprise validating information related to the requested identity attributes received by the receiver device.
Various embodiments relate to a method implemented by a receiver device. The method may comprise detecting a user device. The user device may be detected to be nearby or sufficiently close (e.g., within a threshold distance of the receiver device). The user device may be detected using a wireless communicator (comprising, e.g., a transceiver) of the receiver device. The method may comprise identifying one or more identity attributes to be proved by the user device. The identity attributes may be identified based on the user device. The method may comprise provisioning to the user device a request for proof of identified identity attributes. The method may comprise accepting, using the wireless communicator, a digital credential from the user device. The digital may identify and/or otherwise correspond to an ID issuer. The ID issuer may be claimed to have provided validation of the identity attributes. The method may comprise verifying that the ID issuer validated the identified identity attributes. The method may comprise, in response to verification, granting, the user device access to at least one of a functionality and information.
In one or more embodiments, the receiver device may display a graphical user interface. The graphical user interface may be configured to allow a service provider to select identity attributes to be requested from the user device. The graphical user interface may, alternatively or additionally, be configured to allow a user of the user device to select identity attributes to be provisioned via the user device.
In one or more embodiments, the receiver device may generate a display identifying requested identity attributes. Alternatively or additionally, the receiver device may generate a code (such as a QR code) to be displayed. The code may identify the identity attributes. Alternatively or additionally, the code may identify acceptable ID issuers. The displayed identity attributes or codes therefor may be scanned by the user device and deciphered or otherwise analyzed by the user device.
In one or more implementations, the receiver device may compare the identity attributes corresponding to the received digital credential to the requested identity attributes to confirm that the requested identity attributes have been provided.
In one or more embodiments, the identity attributes may be accompanied by a digital key (or a pointer to where or how the key may be accessed) or identification of a distributed ledger for authentication of the ID issuer and/or for confirmation that the ID issuer validated the identity attribute.
In one or more embodiments, the receiver device may validate the received identity attributes by, for example, confirming the validity of cryptographic keys to verify that the corresponding ID issuer validated the identity attributes.
In one or more embodiments, the receiver device may grant the user device access to a facility by, for example disarming a security system or component thereof. Alternatively or additionally, the receiver device may enable a functionality such as engine start for a vehicle.
Various embodiments of the disclosure relate to an approach involving a method, a system, a device, and/or a non-transitory computer readable medium with instructions executable by a processor to cause a system or a computing device, such as a credential management system, to perform specific functions. The approach may involve receiving a first set of identity data at a first server from a second server, wherein the second server belongs to an ID issuer. The approach may involve associating the received first set of identity data with a digital key pertaining to a user associated with the same key. The approach may involve storing the received first set of identity data and associated digital key at the first server. The approach may involve receiving a transmission at the first server from a first device. The transmission may comprise a second set of identity data associated with the digital key, and a request for verification of the second set of identity data. The approach may involve the first server verifying that the received second set of identity data matches the first set of identity data. The verification may comprise comparing, at the first server, the second set of identity data to the first set of identity data. The verification may comprise determining whether the second set of identity data is associated with the same digital key as the first set of identity data. The verification may comprise determining whether the identity data in the first set sufficiently matches the identity data in the second set. A determination that the first and second sets match may be deemed a verification of the second set of identity data. The approach may involve sending a second transmission from the first server to the first device comprising a message indicating that the second set of identity data is verified.
Various embodiments of the disclosure relate to an approach involving a method, a system, a device, and/or a non-transitory computer readable medium with instructions executable by a processor to cause a system or a computing device, such as an ID issuer system, to perform specific functions. The approach may involve receiving, at a first server, a request from a second server for digitization of identity data pertaining to a user. The first server may be associated with an identity management system. The approach may involve digitizing, via the first server, identity data pertaining to the user to obtain a digital credential. The first server may send a transmission to the second server comprising the digitized credential pertaining to the user. The digital credential may comprise one or more identity attributes or other identity data and a digital key or other cryptographic identifier.
Various embodiments of the disclosure relate to a method implemented via a mobile device running a mobile application having access to an identity wallet with digital credentials. The method may comprise presenting a first graphical user interface (GUI) via one or more user interfaces of the mobile computing device. The first GUI may comprise selectable identity attributes. The first GUI may comprise, for each identity attribute, an identification of a corresponding validating entity. The method may comprise detecting one or more selections of one or more of the identity attributes. The method may comprise identifying in the identity wallet digital credentials proving validation of the selected identity attributes by one or more trusted entities. The method may comprise presenting a second GUI via the one or more user interfaces. The second GUI may comprise selectable digital credentials identified in the identity wallet. The method may comprise detecting one or more selections of one or more of the digital credentials. The method may comprise provisioning, to the receiver device, the one or more selected digital credentials.
In one or more embodiments, the second GUI may comprise a first digital credential corresponding to validation of an identity attribute by a first trusted entity, and a second digital credential corresponding to validation of the same identity attribute by a second trusted entity.
In one or more embodiments, the method may comprise generating a QR with the digital credentials selected via the second GUI. Provisioning the one or more credentials to the receiver device may comprise displaying the QR code for scanning by the receiver device.
Various embodiments of the disclosure relate to a method implemented via a mobile device running a mobile application having access to an identity wallet with one or more digital credentials. The method may comprise biometrically authenticating, using one or more biometric sensors of the mobile device, a user of the mobile device. The method may comprise receiving a signal from a receiver device. The method may comprise determining that the signal includes a request for validation of an identity attribute. The method may comprise identifying one or more digital credentials available in the identity wallet that demonstrate the identity attribute as having been validated by one or more trusted entities. The method may comprise displaying, on a touchscreen of the mobile device, a graphical user interface (GUI) presenting the one or more digital credentials identified as being available in the identity wallet. The GUI may present, for each digital credential, a corresponding trusted entity. The method may comprise detecting selection of one or more of the digital credentials in the GUI via the touchscreen. The method may comprise provisioning the one or more selected digital credentials to the receiver device.
In one or more embodiments, the signal may comprise a visually-perceptible code displayed on a display screen of the receiver device.
In one or more embodiments, receiving the signal may comprise scanning the code, using an imager of the mobile device, as presented on the display screen of the receiver device.
In one or more embodiments, the code may be a QR code.
In one or more embodiments, determining that the signal includes the request may comprise deciphering the visually-perceptible code.
In one or more embodiments, the signal may comprise a wireless transmission from the receiver device.
In one or more embodiments, receiving the signal may comprise detecting, using a wireless communicator of the mobile device, the wireless transmission from the receiver device.
In one or more embodiments, the signal may be emitted by the receiver device via near-field communication (NFC).
In one or more embodiments, provisioning the one or more selected digital credentials may comprise displaying, on a touchscreen, information on validation of the identity attribute.
In one or more embodiments, the displayed information may comprise an image of the user corresponding with the user of the mobile device.
In one or more embodiments, the displayed information may comprise an indication that the identity attribute has been validated by one or more trusted entities and an identification of the one or more trusted entities.
In one or more embodiments, the information may comprise a visually-perceptible code.
In one or more embodiments, the identity attribute may be or may comprise an extrapolation based on identity data validated by one or more trusted entities.
In one or more embodiments, the receiver device may be part of a smart vehicle. The identity attribute may be registration of the smart vehicle to the user.
In one or more embodiments, an engine start function of the smart vehicle may be disabled when the first signal is emitted by the receiver device. The receiver device may be further configured to verify the provisioned digital credential and enable the engine start function of the smart vehicle upon verification of the digital credential.
In one or more embodiments, provisioning the one or more selected digital credentials comprises wirelessly transmitting, using a wireless communicator, the one or more selected digital credentials.
Various embodiments of the disclosure relate to a method implemented via a mobile device running a mobile application having access to an identity wallet with one or more digital credentials. The method may comprise biometrically authenticating, using one or more biometric sensors of the mobile device, a user of the mobile device. The method may comprise scanning, using an imager, a QR code displayed on a display device of a receiver device. The method may comprise determining that the QR code includes a request for validation of an identity attribute. The method may comprise identifying one or more digital credentials available in the identity wallet that demonstrate the identity attribute as having been validated by one or more trusted entities. The method may comprise displaying, on a touchscreen of the mobile device, a graphical user interface (GUI) presenting the one or more digital credentials identified as being available in the identity wallet and, for each digital credential, a corresponding trusted entity. The method may comprise detecting selection of one or more of the digital credentials in the GUI via the touchscreen. The method may comprise displaying, on the touchscreen, a QR code comprising the one or more selected digital credentials for scanning by the receiver device.
Various embodiments of the disclosure relate to a method implemented by a receiver device. The method may comprise detecting a user device within a threshold distance of the receiver device. The user device may be detected using a wireless communicator of the receiver device. The method may comprise identifying one or more identity attributes to be proved by the user device. The method may comprise provisioning a request for proof of identified identity attributes. The request may be provisioned to the user device. The method may comprise accepting a digital credential from the user device. The he digital credential may correspond to a trusted entity. The method may comprise verifying that the trusted entity validated the identified identity attributes. The method may comprise, in response to verification, granting access to an area, a functionality, and/or a source of information.
In one or more implementations, the receiver device is associated with a smart device. The access granted by the receiver device may be access to a subset of functionalities of the smart device.
In one or more implementations, the receiver device may limit functionality of the smart device based on a restriction corresponding to the digital credential. The restriction may be identified by the digital credential. The restriction's association with the digital credential may be determined based known records or records available from another device.
In one or more implementations, the user device may be a first user device and the digital credential may be a first digital credential. The method may comprise accepting a second digital credential. The second digital credential may be accepted from the second user device.
In one or more implementations, the receiver device may require the second digital credential from the second user device before granting access. The requirement for the second digital credential may be based on a restriction identified by or corresponding to the first digital credential.
In one or more implementations, the trusted entity may be, or may represent, an owner of the receiver device. The identity attribute may be authorization to access the area, functionality, or source of information.
In one or more implementations, the receiver device may be associated with a smart vehicle of the trusted entity. The functionality may be engine start.
In one or more implementations, the receiver device may be associated with a home of the trusted entity. The access may be entry into the home.
In one or more implementations, the receiver device may be a smart appliance of the trusted entity. The access may be use of the smart appliance.
In one or more implementations, the receiver device may be a computing device through which an account of the trusted entity is being accessed. The access may be access to the account.
In one or more implementations, the method may comprise receiving a request to access the area, functionality, or source of information. The request may be received from the user device. The request may be received before provisioning the request for proof.
In one or more implementations, the method may comprise receiving from the user device, before provisioning the request for proof, a request to use the receiver device. The request may be received from the user device. The request may be received before provisioning the request for proof.
In one or more implementations, verifying that the trusted entity validated the identified identity attributes may comprise transmitting a request for validation to a device associated with the trusted entity and/or to a credential management system.
In one or more implementations, provisioning the request for proof of identified identity attributes may comprise visually presenting a code. The code may be scannable via the user device. The code may be used to determine the identified identity attributes. the code may be presented via a display screen of the receiver device. The code may be a QR code that is decipherable via the user device.
In one or more implementations, provisioning the request for proof of identified identity attributes may comprise transmitting the request. The request may be transmitted to the user device via the wireless communicator.
In one or more implementations, accepting the digital credential from the user device may comprise scanning a code displayed by the user device on a display screen of the user device.
In one or more implementations, accepting the digital credential from the user device may comprise using the wireless communicator to receive a transmission of the digital credential from the user device.
Various embodiments may relate to a receiver device. The receiver device may comprise a wireless communications interface. The receiver device may comprise one or more user interfaces configured for visually presenting graphical elements and for receiving user inputs. The receiver device may comprise an application layer configured to control access to a functionality of the receiver device. The receiver device may comprise a processor and a memory having stored thereon instructions which, when executed by the processor, cause the processor to perform specific functions. The receiver device may be configured to detect a user device within a threshold distance of the receiver device. The user device may be detected using the wireless communicator. The receiver device may be configured to identify an access and/or functionality to be granted to the user device. The receiver device may be configured to determine one or more identity attributes to be proved by the user device for granting the access or functionality. The receiver device may be configured to provision a request for proof of the determined one or more identity attributes. The request for proof may be provisioned to the user device. The request for proof may be provisioned via the wireless communications interface and/or via the one or more user interfaces. The receiver device may be configured to accept one or more digital credentials. The digital credentials may be accepted from the user device. The digital credentials may be accepted via the wireless communications interface and/or the one or more user interfaces. The one or more digital credentials may correspond to a trusted entity. The receiver device may be configured to verify that the trusted entity validated the determined one or more identity attributes. The receiver device may be configured to grant the access or functionality. The access of functionality may be granted in response to the verification. The access or functionality may be granted via the application layer.
These and other features, together with the organization and manner of operation thereof, will become apparent from the following detailed description and the accompanying drawings.
Various embodiments described herein relate to systems and methods for generating, issuing, managing, and provision of digital credentials validated identity attributes. A user's identity may be an accumulation of a user's physical features, associations, relationships, characteristics, and life experiences, and may include identity data elements representing, for example, birthdate, birthplace, height, eye color, name of spouse, travel history, hobbies, residence, employment, business and personal dealings, etc. An identity attribute, as used herein, may include one or more identity data elements (e.g., name, address, birthdate, familial relationships, employment history, health conditions, travel, accounts, etc.) and/or one or more extrapolations based on one or more identity data elements (e.g., an indication that a user is at least a minimum age based on the user's birthdate and the current date, an indication that a user did travel to a country for which a travel warning was in effect based on the user's travel history and travel warnings from government agencies, etc.). Identity attributes may be validated by an ID issuer in generating a digital credential. Digital credentials may include the identity attribute (or a pointer thereto), an associated digital key (or a pointer thereto), and/or an identification of a distributed ledger demonstrating that the identity attribute has been validated by a particular entity. For example, a digital key may associate the identity attribute with the ID issuer certifying the identity attribute, and generating a digital credential may include association of the digital key with the identity attribute. The validation of identity data may be represented in a distributed ledger which may be referenced when authenticating a digital credential or an associated ID issuer.
Advantageously, digital credentials discussed herein provide users with greater control over what aspects of their identities are revealed. The disclosed approach allows users to provision selected identity data as validated by selected ID issuers, helping prevent unnecessary or unwanted disclosure of information. Digital credentials can be configured to contain individual identity attributes, rather than all the information found on a conventional identification document such as a driver's license. For example, a requesting entity may request that a person prove his or her address or that he or she is at least a certain age, and conventionally the person may present a driver's license that reveals more personal information than required or even desired (such as birthdate, height and weight, etc.). In example embodiments of the disclosed approach, a user may present one or more digital credentials to present only the user's address, or only confirmation that the user is at least the minimum age, as validated by one or more than one trusted entity (not necessarily the agency that would issue the driver's license) without revealing the extraneous information.
The disclosed approach also allows users to acquire digital credentials (which can be used to prove identity attributes) from a greater variety and number of entities. For example, a user can use a digital credential with address validated by, for example, a utility company or a financial institution instead of a government agency. Because the recipient of the digital credential may not necessarily require validation of an identity attribute by a specific entity, the user has more options for how to prove identity attributes. Moreover, a user can more easily provide corroboration for an identity attribute by presenting multiple digital credentials to prove an identity attribute as validated by two trusted entities.
In addition to validation being provided by governmental bodies, private entities (e.g., financial institutions or utility companies), or other organizations, validation may be provided by one or more individuals. Owners or managers of assets or properties can validate that one or more individuals have been granted authorization (which may be deemed an identity attribute) to access or use the assets or properties, potentially with identified restrictions (e.g., time limits, limited functionalities, presence of additional entities as may be determined through presentation of additional credentials from user devices of the additional entities, etc.). For example, an owner may grant authorization to use a smart device or enter a secure facility, such as an owner of a smart vehicle, smart appliance, or smart home allowing use of the vehicle or appliance or allowing entry into the home by identified persons, or a manager of a hotel allowing entry into a hotel room upon presentation of digital credentials to a smart lock device. In various examples, the digital credential can be used to demonstrate, for example, not only currently-valid authorization to use a device or enter a facility, but can be used to impose restrictions on such use or entry. Example restrictions include limitations on functionality of a device, limitations on which rooms can be entered, time limits, requirements that one or more other persons also grant authorization, and/or requirements that one or more other persons be present so as to supervise the use or entry.
Additionally, a user may prove identity attributes without unnecessarily sharing biometric data with, or presenting biometric data to, additional devices. For example, instead of presenting biometric data to a smart device to prove identity (and thereby gain access or enable functionality), a user may provide biometric data to his or her own user device, and the user device may authenticate the user and provision digital credentials to prove a digital attribute without sharing or revealing biometric data. By storing the user's biometric data on fewer devices and storage media, it becomes less likely that the data will be compromised or misused (e.g., due to a data breach). Further, users are able to gain access (e.g., via portals accessed using a specialized device, via websites accessed on the Internet, via security systems for physical or virtual domains, etc.) without having to remember, secure, and present various credentials (e.g., personal identification numbers or usernames, passwords, or other login credentials). The disclosure thus provides a more targeted and versatile approach that enhances digital privacy and security.
Referring to
Each system and device in system 100 may include one or more processors, memories, network interfaces, and user interfaces. The memory may store programming logic that, when executed by the processor, controls the operation of the corresponding computing device. The memory may also store data in databases. The network interfaces allow the computing devices to communicate wirelessly or otherwise by sending and receiving transmissions. The various components of devices in system 100 may be implemented via hardware (e.g., circuitry), software (e.g., executable code), or any combination thereof. Each system and device in system 100 may moreover include a security client which may provide fraud prevention measures and security protections (such as generation of security tokens, authentication of devices, verification of biometric or other security data, etc.).
The systems and devices in system 100 may also include application programming interface (API) gateways to allow the systems and devices to engage with each other via various APIs, such as APIs that facilitate authentication, data retrieval, etc. Generally, an API is a software-to-software interface that allows a first computing system of a first entity to utilize a defined set of resources of a second (external) computing system of a second (third-party) entity to, for example, access certain data and/or perform various functions. In such an arrangement, the information and functionality available to the first computing system is defined, limited, or otherwise restricted by the second computing system. To utilize an API of the second computing system, the first computing system may make an API call to the second computing system. The API call may be accompanied by a security or access token or other data to authenticate the first computing system and/or a particular user. The API call may also be accompanied by certain data/inputs to facilitate the utilization or implementation of the resources of the second computing system, such as data identifying users (e.g., name, identification number, biometric data), accounts, dates, functionalities, tasks, etc. In system 100, a system or device may provide various functionality to other systems and devices through APIs by accepting API calls via an API gateway. The API calls may be generated via an API engine of a system or device to, for example, make a request from another system or device.
The credential management system 110 may include an onboarding unit 112 for registering and/or establishing, for example, ID issuers (via, e.g., ID issuer systems 130) or other entities validating identity attributes, users (via, e.g., user devices 150), and requesting entities such as smart devices or service providers (via, e.g., receiver devices 170). In certain implementations, in the case of an ID issuer, for example, onboarding unit 112 may onboard an ID issuer (e.g., a public or private entity, such as an organization or individual) via a network provider (a steward) to become an entity that can validate identity attributes in the generation of credentials. In some implementations, the ID issuer may generate a unique digital ID that serves to identify a relationship between the ID issuer, network operator, and the credential management system. The network operator may use the digital ID and execute NYM commands to register the ID issuer.
A credential generator 114 may generate credentials which could be made usable or otherwise accessible via an identity wallet (e.g., ID wallet 166 and ID wallet 192, which in certain implementations may include duplicates of digital credentials in as backups). In various implementations, generation of digital credentials may comprise generation of cryptographic keys and/or unique identifiers for ID issuers, users, identity attributes, identity data elements, validation status, etc. Generation of a digital credential for an identity attribute may comprise validating an identity attribute with an ID issuer. Ledger manager 116 may record validation of identity attributes and/or digital credentials in various forms in a distributed ledger. The distributed ledger may be accessed to, for example, verify that a particular identity attribute for a particular user has been validated by a particular ID issuer as of a particular date and time. Blockchain technology may be used in combination with other security measures. Data on users, ID issuers, requesting entities such as service providers or smart devices, digital credentials, etc., may be stored and made accessible at ID/user database 118.
ID issuer systems 130 may be associated with trusted entities such as governmental bodies, financial institutions, utility companies, individuals, or other entities which are highly incentivized to inspire trust, prevent theft or other fraud, and/or maintain verified user data useful for authentication, security, and preservation of the entity's relationships with users. ID issuer system 130 may include a validation unit 132 that accepts requests (from, e.g., credential management system 110 and/or user devices 150) to validate (attest, endorse, or certify) identity attributes for particular users. In various embodiments, such as implementations in which a trusted entity is an individual, an identity attribute may indicate, for example, existence of a certain association (e.g., a business relationship) and/or a certain authorization to, for example, operate a device (such as the individual's vehicle or home appliance), enter a facility (such as the individual's home or office), access an account or database of the individual (such as accessing a person's financial or social media account or other information source through a portal), etc. The validation unit 132 may authenticate a request (by, e.g., verifying the sender and the data in the request) and validate the identity attribute. A schema manager 134 may generate and maintain a schema identifying which identity attributes will be validated by the ID issuer system 130 and/or which ID attributes may be included in a digital credential. Data on users, identity attributes, digital credentials, schema, etc., may be stored and made accessible at ID/user database 136. The ID issuer system 130 may, additionally or alternatively, include components depicted as part of other systems or devices in
User devices 150 may include one or more user interfaces 152. Input/output (I/O) components may allow a user to provide inputs (e.g., a touchscreen, stylus, force sensor for sensing pressure on a display screen, etc.) and provide perceptible outputs (e.g., displays and light sources for visually-perceptible elements, a speaker for audible elements, and haptics for perceptible signaling via touch). Biometric sensors 156 may include a fingerprint reader, a heart monitor that detects cardiovascular signals, an iris scanner, a face scanner, and so forth. Ambient sensors 158 detect surrounding conditions, such as ambient sights and sounds, and may include cameras, imagers, or other light detectors, and microphones or other sound detectors.
User devices 150 may include wireless interfaces 160 for wireless communications via one or more communications protocols. For example, wireless interfaces 160 may enable near-field communication (NFC) between two devices located close to each other (e.g., within four centimeters of each other). Wireless interfaces 160 may include other protocols such as Bluetooth, Wi-Fi, and/or wireless broadband. One or more user devices 150 may include one or more location sensors 162 to enable the user device 150 to determine its location and/or orientation relative to, for example, other physical objects or relative to geographic locations. Example location sensors 136 include global positioning system (GPS) devices and other navigation and geolocation devices, digital compasses, gyroscopes and other orientation sensors, as well as proximity sensors or other sensors that allow the user device 150 to detect the presence and relative distance of nearby objects and devices. The user devices 150 may include various applications, such as ID management application 164 that provides access to an ID wallet 166 with credentials that are locally stored and/or stored remotely (at, e.g., ID wallet 192 of ID management system 190). In various embodiments, the digital credentials in ID wallet 166 and ID wallet 192 may be populated, updated, and otherwise managed via, for example, credential management system 110, ID issuer system 130, user devices 150, and/or ID management system 190. The user devices 150 may also include one or more applications 168, which may be applications that provide access to or control over other devices, access to accounts or portals, or to various functionality and features. Example client applications include internet browsers, applications accompanying smart devices such as security systems, appliances, vehicles, etc., mobile banking applications, etc.
Receiver devices 170 may be devices associated with any entity, such as a computing device (e.g., a smart device), an individual, a merchant, a governmental body, a financial institution, etc., requesting proof of an identity attribute or otherwise requesting a digital credential. Example entities include portals (e.g., accounts or databases), governmental bodies, healthcare providers, financial institutions, merchants, social networking service providers, and/or smart devices (such as, e.g., smart vehicles, Internet of Things (IoT) devices, and security systems or gateways such as smart locks on doors or buildings). Receiver devices 170 (which may comprise and/or be part of smart devices) may include a credential query client 172 configured to generate a request for a digital credential or for a validated identity attribute. In various embodiments, the request may be provisioned to user devices 150 by, for example, direct transmission to the user devices 150 (via, e.g., NFC or other communication protocols), transmission to user devices 150 via a network such as the Internet, and/or visual presentation, such as a code (e.g., a QR code) or description displayed on a display screen of receiver devices 170 for scanning by the user device 150.
Receiver devices 170 may include wireless interfaces 180 for communications via one or more communications protocols, such as NFC, Bluetooth, Wi-Fi, wireless broadband, etc. Receiver devices 170 may include an application layer 182 through which users may deliver commands to, for example, smart devices capable of performing various functionality in response to the commands. The receiver devices 170 may also include smart components 184, such as the hardware and software used for smart device functions, such as, for example, operation of motors, engines, locking and unlocking mechanisms, audiovisual input/output devices, etc. Receiver devices 170 may be smart devices or a component thereof, or may be a separate device through which access or functionality may be authorized/de-authorized or enabled/disabled.
Once a digital credential is received by receiver device 170 (e.g., received by ID management application 176 from a user device 150 or ID management system 190), a credential verifier 174 may verify the digital credential. Credential verifier 174 may, for example, communicate with credential management system 110, ID issuer system 130, and/or ID management system 190 (e.g., by making one or more API calls, which may be accompanied by the digital credential to be verified) to confirm that the digital credential is authentic. Additionally or alternatively, in various embodiments the credential verifier 174 may confirm the authenticity of the digital credential by, for example, accessing a blockchain-based distributed ledger and determining whether the distributed ledger includes, references, or otherwise corroborates the digital credential and/or the identity attribute.
In various embodiments, requests may be input, generated, and/or transmitted via an ID management application 176 running on the receiver device 170. The credential query client 172 and/or the credential verifier 174 may also be components of ID management application 176., ID/user database 178 may be maintained locally by ID management application 176 and/or may be maintained remotely and accessed via ID management application 176.
To add a new digital credential to ID wallet 166 and/or ID wallet 192, a user may request the new digital credential, or may be offered the new digital credential. The user device 150 may receive a request for a new digital credential from a user. The request may be received as, for example, an input entered into a graphical user interface (GUI) of ID management application 164 via an I/O component 154 of user device 150. The request for the new digital credential may identify a corresponding identity attribute or set of identity attributes, such as the set of identity attributes found on a driver's license. The request may be submitted to ID issuer system 130 (of, e.g., the Department of Motor Vehicles), credential management system 110, and/or ID management system 190. In some implementations, ID issuer 130 may, directly or indirectly via credential management system 110 and/or ID management system 190, offer the user a new digital credential for one or more particular identity attributes. The offer may be, for example, displayed and accepted or rejected via ID management application 164. Once the new digital credential has been requested or the offer for the new digital credential accepted, the new digital credential can be provided by ID issuer system 130 and/or credential management system 110 and added to ID wallet 166 and/or ID wallet 192.
Once ID management application 164 has been launched, the user device 150 may display a prompt (via, e.g., a first GUI displayed on a display screen) for biometric authentication of the user, and the user may be biometrically authenticated via biometric sensors 156 (step 205). Digital credentials available in ID wallet 166 and/or ID wallet 192, and/or the identity attributes corresponding to the available digital credentials, may be displayed (e.g., as part of a second GUI) or otherwise presented by ID management application 164 (via user interfaces 152) for selection (step 210). One or more digital credentials and/or identity attributes may then be selected via user interfaces 152. If the digital credentials are not available in ID wallet 166, the ID management application 164 may transmit a request (e.g., via wireless interfaces 160) to ID management system 190 (step 215), which may then authenticate the request and retrieve the requested digital credentials from ID wallet 192 (step 220). The ID management system 190 may then transmit the retrieved digital credentials to the user device 150 (step 225). In certain embodiments, the digital credentials may, alternatively or additionally, be retrieved (by user device 150 and/or ID management system 190) from credential management system 110.
The digital credential may then be provisioned via, for example, wireless communication and/or visually-perceptible display. For example, ID management application 164 may generate a QR code (step 230) and display the QR code on a display device of the user device 150 (step 235). The receiver device 170 may then scan the provided QR code (step 250) and verify the digital credential by transmitting a verification request (step 255) to credential management system 110, ID issuer system 130, and/or ID management system 190. Once the digital credential(s) have been verified (steps 260, 265, and/or 270), the user device 150 and the receiver device 170 may proceed with the transaction. Digital credentials may be verified via credential verifier 174. Verification of digital credentials may comprise, in various embodiments: authenticating cryptographic keys and/or unique identifiers; confirming associations between users, identity data, and/or ID issuers; referencing a distributed ledger; and/or corroborating the identity data by referencing another available data resource (e.g., online databases, financial data, records of prior dealings, etc.).
In various potential embodiments the QR (or other) code generated by the ID management application 164 may contain identity attributes or other identity data associated with the user, such that a receiver device 170 may access the identity data upon scanning of the QR code. Additionally or alternatively, the QR code generated by the ID management application 164 may include service endpoints relating to the selected identity data and/or attributes, such that a receiver device 170 may access the service endpoints upon scanning the QR code. A service endpoint may be, for example, a uniform resource locator (URL) associated with a particular digital credential that points to a particular ID issuer system 130 or records related to the validation of the identity attributes corresponding to the digital credentials. The service endpoints provided to the receiver device 170 by the user device 150, via the generated QR code, may cause the receiver device 170 to communicate with, for example, the credential management system 110, the ID issuer system 130, and/or the ID management system 190 to gain access to the requested identity data or to information on the validation thereof.
In various embodiments, the information included in a QR code generated by, for example, the user device 150 may be available indefinitely after being scanned by the receiver device 170. In certain embodiments, the information included in the QR code may expire a predetermined period of time after the receiver device 170 scans the QR code. Expiration may be implemented, for example, via a cryptographic key that is only valid for a certain time, through denial of access, by recording an expiration in a distributed ledger, or otherwise. In potential embodiments in which the QR code contains identity data, the expiration may be presented using a countdown timer (counting down from, e.g., 30 seconds or five minutes) displayed along with the identity data on the receiver device 170. Where the QR code contains service endpoints associated with identity data, the service endpoints may become inaccessible after a period of time after the QR code has been scanned by the receiver device 170.
In various embodiments, the receiver device 170 may initiate a transaction with a user device 150 (rather than the user device 150 initiating the transaction with the receiver device 170). The receiver device 170 may generate, for example, a QR code (via, e.g., credential query client 172) that identifies one or more requested identity attributes, and display the QR code on a display screen. Via ID management application 164, the QR code can be scanned by user device 150 using an ambient sensor 158 (e.g., a camera or other light detector) of the user device 150. The ID management application 164 may then biometrically authenticate the user via one or more biometric sensors 156. The ID management application 164 may decipher the QR code to identify the requested identity attribute(s). The ID management application 164 may determine whether any digital credentials accessible via ID wallet 166 and/or ID wallet 192 are suited to proving the identity attribute(s). The ID management application 164 may display or otherwise identify (via one or more I/O components 154) the requested identity data, and/or may display or otherwise identify suitable digital credentials available in ID wallet 166 and/or ID wallet 192. The user may then select desired digital credentials and/or confirm that the digital credentials may be provisioned to the receiver device 170.
The ID management application 164 may retrieve selected digital credentials from ID wallet 166 and/or ID wallet 192, and one or more QR codes (with, e.g., identity data or pointers thereto) generated and displayed for scanning and verification (via, e.g., credential verifier 174) by the receiver device 170 (at least in certain implementations in which provisioning involves display of codes). Referring to
Referring to
GUI 400 may also include (at region 415) a listing of the identity attributes which have been validated by digital certificates in the user's ID wallets. In some embodiments, multiple attributes, with any one attribute validated by one trusted entity or more than one trusted entity, may be presented. In some embodiments, the identity attribute requested an extrapolation that requires a true or false (e.g., yes or no) response to a question, such as: “Is the user at least 21?” or “Is the user under 18?” (based on, e.g., the user's birthdate and the current date); “Is the user licensed to operate [a commercial vehicle] [a forklift] [a motorcycle] [a certain machine]?” (based on, e.g., a valid license and a determination that the license is unexpired or otherwise valid); “Is the user a property owner?” (based on, e.g., a title or deed and a determination that it has been properly recorded or executed or is otherwise deemed valid); etc. Other sample questions include whether the user is a member of a certain club, is a resident of a particular apartment building, is related to or associated with someone with a particular status, and so forth.
In some embodiments, a digital credential or extrapolation may be conditional, such as “User is authorized to enter premises if [wearing safety goggles or other safety gear like a helmet, suitable footwear, etc.],” which can be determined via, for example, a receiver device 170 scanning the user, or “User is authorized to proceed if user [performs a certain action or passes a test, such as speaking a phrase (for confirmation of knowledge of the phrase, for voice recognition, and/or for speech analysis to evaluate, e.g., a mental state, health condition, sobriety, etc.), removing jewelry, leaving behind all metallic items, etc.]. In certain embodiments, a digital credential or extrapolation may be conditional on an action or presence of another user, such as being accompanied by a parent or adult. In such cases, the presence or action of another user may be determined by a first user device 150 of a first user (and/or a receiver device 170) communicating with or detecting a second user device 150 of a second user (e.g., via NFC), or the first user device 150 photographing or otherwise scanning (using, e.g., ambient sensors 158) the first user's surroundings to determine that the second user is present and/or performing a certain action. In such cases, the first user device 150 may alternatively or additionally, like a receiver device 170, request a digital credential from the second user device 150 to confirm a certain requirement or relationship, such as the second user being a parent or otherwise related to the first user, or the second user being at least a minimum age. In various implementations, the presence or action of other users may, additionally or alternatively, be confirmed via one or more receiver devices 170.
In some examples, the receiver device 170 may be a vehicle or other smart device which is configured to require a digital credential from a user before allowing the user to start the vehicle or otherwise use or engage with the smart device. The vehicle as receiver device 170 may request a digital credential confirming, for example, that the user owns the vehicle is or a family member of or otherwise related to an owner and/or that the user is licensed to drive. In certain implementations, the digital credential may indicate that the user is conditionally authorized to drive the vehicle or use a smart device in certain circumstances. For example, the user may be required to demonstrate fitness to drive (e.g., by breathing into a breathalyzer to demonstrate that the user's blood alcohol content is below a maximum level) if, for example, a digital credential indicates that the user has been ordered by a judge or is otherwise required to demonstrate fitness to drive before the vehicle can be started. Similarly, if the license is a learner's permit, the smart vehicle may request a suitable digital credential from another user device 150 to, for example, demonstrate that an adult who is licensed is accompanying the driver. In some implementations, the requirement for digital credentials may be engaged (e.g., remotely) if a vehicle or other smart device is reported (or otherwise believed) to be lost or stolen.
In various embodiments, the receiver device 170 may be (or may be associated with) a smart lock device or mechanism that is configured to require a digital credential (to prove, e.g., identity and authorization from an owner or agent thereof) from a user before allowing the user to enter an area (e.g., a home, office building, warehouse, hotel room, etc.). In certain embodiments, the receiver device 170 is a computing device through which a user accesses a portal (e.g., mobile device used to access an application or website). For example, while accessing an application or website on a receiver device 170 that is a laptop or desktop computer, a user may present a digital credential via a user device 150 that is a smartphone. Similarly, while accessing an application or website on a receiver device 170 that is a smartphone, a user may present a digital credential via a user device 150 that is a wearable device such as a smart watch or smart clothing.
In some embodiments, a digital credential may be “intra-device,” may be “cross-application,” or may otherwise involve one device, such that the receiver device and the user device are the same device. For example, a first application (e.g., client application 168) running on a user device 150 may require proof of a digital attribute or request a digital credential from the user. A second application (e.g., ID management application 164) running on the user device 150 may provide a suitable digital credential. In various embodiments, the second application may present the digital credential to the first application (e.g., directly or via an operating system of the device), or to another system or device, such as a remote server via a network. In various implementations, the first application may be informed of the digital credential actively or passively, directly or indirectly. For example, the first application may await an indication from the other system or device, or an intermediary system or device, that the digital credential has been received and/or validated. Additionally or alternatively, the first application may itself confirm receipt of the digital credential by the other system or device by, for example, transmitting a request for confirmation (to the other system or device, or to an intermediary system or device) of a suitable digital credential and receiving confirmation (from the other system or device, or from the intermediary system or device) in response to the request.
Such ID attributes may themselves be validated by a trusted entity (e.g., an entity such as the DMV may provide the response such as “yes” or “no” to a specific question such as “is the user licensed to operate a motorcycle?”), or the identity attribute may be an extrapolation based on a validated identity attribute in combination with other known data. For example, the ID management application 164 may extrapolate, based on the user's birthdate in combination today's date, that the user is at least a minimum age. In certain embodiments, a separate, “secondary” digital credential may be generated (via, e.g., credential management system 110, ID management system 190, and/or ID management application 164) for an extrapolation which is not per se validated by a trusted entity but may be deduced or induced from validated or otherwise ascertainable data. The secondary digital credential may be based on a validated identity attribute of a “primary” digital credential.
At 420, GUI 400 indicates (as represented by the checkmark) that an identity attribute is confirmed and/or a condition is satisfied (e.g., the user is 21 years old or older, as indicated by the “21+”). Additionally, ID management application 164 may present, in various embodiments, a credential provisioning region 425 which provides selections to provision the digital credentials to the receiver device 170 via, for example, generation and display of a QR code (“Generate Code”) or via a wireless transmission (“Transmit Credential”) via NFC or otherwise.
The user interface 500 in
Items displayed by user interface 500 may comprise one or more categories of trusted entities (e.g., financial institutions 510 and governmental institutions 515), particular trusted entities in each category (e.g., Financial Institution 1 520 and Department of State 525), attribute sets (e.g., passport 530 and medical ID card 535), identity attributes (e.g., member number, birthdate, blood type, allergies, and health conditions at, e.g., 540 and 545), etc. Certain items (e.g., account information and allergies) may include a list of one or more sub-items that are not currently being displayed (i.e., the list of sub-items is “collapsed”), which is indicated by icon 575, which is a circle with a plus sign (“+”) indicating there are (or may be) additional sub-items not currently shown. Items with a list of one or more sub-items that are currently being displayed (i.e., the list of sub-items is “expanded”) are indicated by icon 580, which is a circle with a minus sign (“−”) indicating that sub-items are displayed but could be hidden from view. Selecting or otherwise activating icon 575 (e.g., by touching) may display (“expand”) the list of corresponding sub-items, while selecting or otherwise activating icon 580 may hide (“collapse”) the list of corresponding sub-items being displayed. In various potential embodiments, activation (e.g., by touching) of virtual buttons (e.g., 585 and 590) corresponding with items that include one or more sub-items may cause all sub-items to be simultaneously selected or deselected. Using virtual buttons 585 and 590, for example, a user may select the identity attributes to be shared with a receiver device 170. A generate code selector 595 (and/or other provisioning selectors) may be used to generate and display one or more QR codes with one or more digital credentials corresponding to the selected identity attributes (or provision in another selectable manner).
In
In
In
In
In
In various potential embodiments, the provided QR code could instead be a barcode or other form of machine-readable label. In some potential embodiments, user interface 1000 may be automatically displayed based on user device 150's proximity to a receiver device 170 (determined, e.g., by ID management application using location sensors and/or wireless interfaces such as by receiving an NFC transmission between a receiver device 170 and user device 150). In such versions, the user interface 1000 may display a prompt asking whether the user authorizes or accepts a transmission from a nearby receiver device 170.
In
In
In various potential embodiments, user interface 1200 may provide setting options pertaining to a user or user device 150 authentication security settings 1220. For example, ID management application 164 may be enabled to implement, for authentication purposes, facial recognition, fingerprint scan, touch inputs, a personal identification number (which may be entered into a text entry field underneath “set PIN”), and/or secondary types of authentication (such as challenge questions, email or text transmission of temporary codes, etc.). Payment settings 1225 may include an option for the ID management application 164 to automatically decide an appropriate payment method based on, for example, prior activity involving the user device 150. For example, the appropriate payment method may be determined from a list of user-provided payment methods, such as a linked credit and/or debit card, based on use of the payment method in the past with the same receiver device 170 or in similar circumstances.
In certain implementations, touching and holding (e.g., leaving a finger on a touchscreen for 1, 2, or 3 seconds without swiping) a digital credential presents (e.g., as a pop-up display on the present page or by navigation to another page) additional details on the digital credential or provides additional functionality such as hiding or deleting the digital credential. In some implementations, selecting and dragging (e.g., swiping) allow for rearrangement of the digital credentials so as to adjust, for example, an order in which they are displayed or to group digital credentials into, for example, a bin or folder. If there are additional digital credentials for the selected ID issuer that do not fit on the display screen, the user may select “View More Digital Credentials From Entity 1” to view the other digital credentials.
At the bottom portion of user interface 1300, a set of digital credentials corresponding to an identity attribute (in
In some implementations, the receiver device 170 may detect (e.g., through secure wireless communication with the user device 150) which digital credentials that are available to the user device 150 (e.g., in ID wallet 166 and/or ID wallet 192) would be acceptable (or are otherwise relevant) for granting the user certain access or functionality. In user interface 1500, digital credentials 7.1 and 7.2 are from Entity 7, such as the owner of the smart device. Digital Credential 7.1 (which is indicated as being expired as a result of, e.g., an expiration date and/or a frequency restriction that limits the number of times the digital credential can be used) authorizes unrestricted use of the smart device, while Digital Credential 7.2 authorizes use of the smart device under certain restrictions. Example restrictions include limitations on which functions of the smart device are available (e.g., limited functionality as indicated by “Function Set 2” in user interface 1500, such as parental-type controls, corresponding with a subset of all functionalities of the smart device), time restrictions (e.g., only for an afternoon, morning, weekend, or month), presence of another user (e.g., upon detection of a user device of one or more specific other persons or receipt of one or more digital credentials from the user devices of the other persons, such as a parent or someone with certain position, rank, or status), limitations on where the smart device can be physically moved to (e.g., keeping the device in the house or not driving beyond a certain geographic area), frequency limitations (e.g., a maximum number of times the digital credential may be used to gain certain access) and/or limitations on which areas within a facility can be entered (e.g., entering an office building but not certain rooms or offices in the building).
Digital Credentials 9.1 and 10.1, from Entities 9 and 10, respectively, may be used to indicate another suitable certification or authorization that may be warranted, such as by a co-owner, governmental agency, certifying body, supervisor, parent, etc. For example, digital credentials may be used by a user to show that another entity has certified that a user has training or is licensed to operate a smart device, such as being licensed by the DMV to operate a vehicle, or being certified by a training organization to use scuba gear, etc. Alternatively or additionally, one or more additional digital credentials can be requested if a restriction requires, for example, that a device be used or a facility be entered only under the supervision of one or more specific persons. In various embodiments, an entity (e.g., an owner of a device) may only allow access or use for a limited time, allowing, for example, the owner to limit or revoke authorization as desired. Selected digital credentials may be provisioned by user device 150 following selection of a “provision credential(s)” icon at the bottom of user interface 1500. In some embodiments, the “provision credentials” icon is not activated unless an acceptable combination of digital credentials has been selected by a user.
In various embodiments, the digital credentials identified in user interface 1500 may be digital credentials of more than one user (e.g., detected from two nearby user devices 150). Digital credentials of multiple users may be requested or required if, for example, the presence or authorization of another user (e.g., an adult) is required to enable functionality (e.g., if a user is a minor without a license or valid credit card for a purchase to be made via the receiver device 170). In certain embodiments, the digital credential is from another device that detects a certain condition or status and certifies that the condition is satisfied or status is satisfactory. For example, a digital credential may be based on a nearby sobriety or other health detection device that accepts physiological signals from the user for use in validating the user is in a condition suited to using the smart device. In some embodiments, the other device (e.g., physiological signal detecting device) may require a digital credential from the user device 150 to demonstrate an identity attribute before the physiological signals are detected. The digital credential may, in some implementations, be provided to receiver device 170 by the user device 150 along with a status or an indication as to whether a condition has been met as confirmed via the other device.
In various embodiments, the receiver device 170 may indicate which identity attribute(s) are requested to grant access or enable functionality through direct transmission to the user device 150. In some implementations, the user device 150 may provision suitable digital credentials automatically. In certain implementations, the user device 150 may allow the user to select particular digital credentials to be provisioned, and/or confirm that digital credentials should be provisioned (via, e.g., a user interface analogous to user interface 1300 of
In various embodiments, user device 150 may provision, and/or receiver device 170 may receive, digital credentials without involvement of display screens. For example, a user device 150 may receive a request for a digital credential through wireless transmission and indicate receipt of a request through other, for example, haptics, sounds, lights, or other outputs. Additionally, the user device 150 may accept instructions to provision a digital credential to a receiver device 170 through gestures, voice command, movements that generate signals through smart clothing, or other inputs. Visual prompts and graphical user interfaces thus need not be implemented. In various embodiments, user device 150 and/or receiver device 170 may lack display screens. For example, a user device 150 used to provide digital credentials may be a dedicated digital credential provisioning device that may lack a screen, or that may not use a display screen for, for example, identification or selection of digital credentials or confirmation that one or more digital credentials are to be provisioned. Alternatively or additionally, a receiver device 170 used to accept digital credentials may be a dedicated digital credential validating device that may lack a screen, or that may not use a display screen for, for example, identification or selection of digital credentials or confirmation that one or more digital credentials are to be requested. In various embodiments, devices (e.g., user devices 150, receiver devices 170, and/or smart devices that provide certain access or functionality based on digital credentials received directly from user devices 150 or received via receiver devices 170) may interface through a network of devices (e.g., an IoT network) to identify, exchange, and/or validate digital credentials.
The user interfaces discussed herein and illustrated in the drawings are only intended as non-limiting examples, and fewer or more user interfaces, with fewer or more functionalities and selections, may be provided in various versions. The functionalities, selectors, information, etc. represented in the user interfaces depicted in the figures can be combined and/or rearranged in various ways (to, e.g., “mix and match” functionalities and/or selections), yielding additional, fewer, and/or different interfaces, each with additional, fewer, or different functionalities and selections.
The embodiments described herein have been described with reference to drawings. The drawings illustrate certain details of specific embodiments that provide the systems, methods and programs described herein. However, describing the embodiments with drawings should not be construed as imposing on the disclosure any limitations that may be present in the drawings.
It should be understood that no claim element herein is to be construed under the provisions of 35 U.S.C.§ 112(f), unless the element is expressly recited using the phrase “means for.”
Example computing systems and devices may include one or more processing units each with one or more processors, one or more memory units each with one or more memory devices, and one or more system buses that couple various components including memory units to processing units. Each memory device may include non-transient volatile storage media, non-volatile storage media, non-transitory storage media (e.g., one or more volatile and/or non-volatile memories), etc. In some embodiments, the non-volatile media may take the form of ROM, flash memory (e.g., flash memory such as NAND, 3D NAND, NOR, 3D NOR, etc.), EEPROM, MRAM, magnetic storage, hard discs, optical discs, etc. In other embodiments, the volatile storage media may take the form of RAM, TRAM, ZRAM, etc. Combinations of the above are also included within the scope of machine-readable media. In this regard, machine-executable instructions comprise, for example, instructions and data which cause a general purpose computer, special purpose computer, or special purpose processing machines to perform a certain function or group of functions. Each respective memory device may be operable to maintain or otherwise store information relating to the operations performed by one or more associated circuits, including processor instructions and related data (e.g., database components, object code components, script components, etc.), in accordance with the example embodiments described herein.
It should be noted that although the diagrams herein may show a specific order and composition of method steps, it is understood that the order of these steps may differ from what is depicted. For example, two or more steps may be performed concurrently or with partial concurrence. Also, some method steps that are performed as discrete steps may be combined, steps being performed as a combined step may be separated into discrete steps, the sequence of certain processes may be reversed or otherwise varied, and the nature or number of discrete processes may be altered or varied. The order or sequence of any element or apparatus may be varied or substituted according to alternative embodiments. Accordingly, all such modifications are intended to be included within the scope of the present disclosure as defined in the appended claims. Such variations will depend on the machine-readable media and hardware systems chosen and on designer choice. It is understood that all such variations are within the scope of the disclosure. Likewise, software and web implementations of the present disclosure may be accomplished with standard programming techniques with rule based logic and other logic to accomplish the various database searching steps, correlation steps, comparison steps and decision steps.
The foregoing description of embodiments has been presented for purposes of illustration and description. It is not intended to be exhaustive or to limit the disclosure to the precise form disclosed, and modifications and variations are possible in light of the above teachings or may be acquired from this disclosure. The embodiments were chosen and described in order to explain the principals of the disclosure and its practical application to enable one skilled in the art to utilize the various embodiments and with various modifications as are suited to the particular use contemplated. Other substitutions, modifications, changes and omissions may be made in the design, operating conditions and arrangement of the embodiments without departing from the scope of the present disclosure as expressed in the appended claims.
This application is a continuation of U.S. patent application Ser. No. 17/898,108 filed Aug. 29, 2022, which is a continuation of U.S. patent application Ser. No. 16/598,904 filed Oct. 10, 2019, each of which is incorporated herein by reference in its entirety.
| Number | Name | Date | Kind |
|---|---|---|---|
| 397198 | Meisselbacii et al. | Feb 1889 | A |
| 4169040 | Bea et al. | Sep 1979 | A |
| 4531023 | Levine | Jul 1985 | A |
| 5123047 | Rosenow | Jun 1992 | A |
| 5613012 | Hoffman et al. | Mar 1997 | A |
| 5764789 | Pare, Jr. et al. | Jun 1998 | A |
| 5781632 | Odom | Jul 1998 | A |
| 5802199 | Pare et al. | Sep 1998 | A |
| 5805719 | Pare et al. | Sep 1998 | A |
| 5870723 | Pare et al. | Feb 1999 | A |
| 5892905 | Brandt et al. | Apr 1999 | A |
| 5983005 | Monteiro et al. | Nov 1999 | A |
| 6154879 | Pare et al. | Nov 2000 | A |
| 6233617 | Rothwein et al. | May 2001 | B1 |
| 6275941 | Saito et al. | Aug 2001 | B1 |
| 6307956 | Black | Oct 2001 | B1 |
| 6366682 | Hoffman et al. | Apr 2002 | B1 |
| 6526125 | Lindsay et al. | Feb 2003 | B1 |
| 6701378 | Gilhuly et al. | Mar 2004 | B1 |
| 6836554 | Bolle et al. | Dec 2004 | B1 |
| 6980670 | Hoffman et al. | Dec 2005 | B1 |
| 6985887 | Sunstein et al. | Jan 2006 | B1 |
| 6990588 | Yasukura | Jan 2006 | B1 |
| 7082415 | Robinson et al. | Jul 2006 | B1 |
| 7162451 | Berger et al. | Jan 2007 | B2 |
| 7210164 | Jandrell | Apr 2007 | B1 |
| 7237717 | Rao et al. | Jul 2007 | B1 |
| 7290288 | Gregg | Oct 2007 | B2 |
| 7349557 | Tibor | Mar 2008 | B2 |
| 7367049 | Robinson et al. | Apr 2008 | B1 |
| 7370356 | Guo | May 2008 | B1 |
| 7427033 | Roskind | Sep 2008 | B1 |
| 7565545 | Doyle et al. | Jul 2009 | B2 |
| 7606401 | Hoffman et al. | Oct 2009 | B2 |
| 7631193 | Hoffman | Dec 2009 | B1 |
| 7769633 | Jokinen et al. | Aug 2010 | B2 |
| 7793334 | Lewis | Sep 2010 | B2 |
| 8200980 | Robinson et al. | Jun 2012 | B1 |
| 8214291 | Pelegero et al. | Jul 2012 | B2 |
| 8260806 | Steele et al. | Sep 2012 | B2 |
| 8364567 | Shnowske et al. | Jan 2013 | B2 |
| 8429068 | Fasoli et al. | Apr 2013 | B1 |
| 8429072 | Sheehan et al. | Apr 2013 | B1 |
| 8458465 | Stern et al. | Jun 2013 | B1 |
| 8577810 | Dalit et al. | Nov 2013 | B1 |
| 8646060 | Ben Ayed | Feb 2014 | B1 |
| 8713674 | Geide | Apr 2014 | B1 |
| 8781923 | Pitroda et al. | Jul 2014 | B2 |
| 8793305 | Fiatal | Jul 2014 | B2 |
| 8825757 | Lunt et al. | Sep 2014 | B2 |
| 8838988 | Bravo et al. | Sep 2014 | B2 |
| 8868036 | Nasserbakht et al. | Oct 2014 | B1 |
| 8902045 | Linn et al. | Dec 2014 | B1 |
| 8917826 | Bravo et al. | Dec 2014 | B2 |
| 8918854 | Giobbi | Dec 2014 | B1 |
| 8923838 | Bush et al. | Dec 2014 | B1 |
| 9002750 | Chu et al. | Apr 2015 | B1 |
| 9009797 | Fox | Apr 2015 | B1 |
| 9032498 | Ben Ayed | May 2015 | B1 |
| 9064376 | Rubin | Jun 2015 | B1 |
| 9105032 | Altberg et al. | Aug 2015 | B2 |
| 9111085 | Darmour | Aug 2015 | B1 |
| 9119539 | Dotan et al. | Sep 2015 | B1 |
| 9148424 | Yang | Sep 2015 | B1 |
| 9195834 | Jakobsson | Nov 2015 | B1 |
| 9210177 | Hughes | Dec 2015 | B1 |
| 9300645 | Rao et al. | Mar 2016 | B1 |
| 9300661 | O'Malley et al. | Mar 2016 | B1 |
| 9330398 | Klein et al. | May 2016 | B2 |
| 9369433 | Paul et al. | Jun 2016 | B1 |
| 9449180 | O'Hare et al. | Sep 2016 | B2 |
| 9449319 | Agarwal et al. | Sep 2016 | B1 |
| 9454526 | Kapoor et al. | Sep 2016 | B1 |
| 9465368 | Mitter et al. | Oct 2016 | B1 |
| 9503451 | Kane-Parry et al. | Nov 2016 | B1 |
| 9509688 | Magi Shaashua et al. | Nov 2016 | B1 |
| 9516035 | Moritz et al. | Dec 2016 | B1 |
| 9577999 | Lindemann | Feb 2017 | B1 |
| 9635000 | Muftic | Apr 2017 | B1 |
| 9635011 | Wu et al. | Apr 2017 | B1 |
| 9639689 | Herskovic et al. | May 2017 | B1 |
| 9654469 | Yang | May 2017 | B1 |
| 9749140 | Oberhauser et al. | Aug 2017 | B2 |
| 9838384 | Kane-Parry et al. | Dec 2017 | B1 |
| 9870562 | Davis et al. | Jan 2018 | B2 |
| 9887983 | Lindemann et al. | Feb 2018 | B2 |
| 9906519 | Kotamraju | Feb 2018 | B1 |
| 9954867 | Johansson et al. | Apr 2018 | B1 |
| 10026082 | Davis | Jul 2018 | B2 |
| 10075334 | Kozura et al. | Sep 2018 | B1 |
| 10078743 | Baldi et al. | Sep 2018 | B1 |
| 10097356 | Zinder | Oct 2018 | B2 |
| 10102510 | Yau et al. | Oct 2018 | B2 |
| 10121143 | Madisetti et al. | Nov 2018 | B1 |
| 10163079 | Brock et al. | Dec 2018 | B1 |
| 10176310 | Baghdasaryan | Jan 2019 | B2 |
| 10686781 | Kaditz et al. | Jun 2020 | B1 |
| 10829088 | Jarvis et al. | Nov 2020 | B2 |
| 11316844 | Krishnaiah | Apr 2022 | B2 |
| 11403630 | Dua | Aug 2022 | B2 |
| 11432149 | Dhanoa | Aug 2022 | B1 |
| 11729616 | Dhanoa | Aug 2023 | B1 |
| 20010049785 | Kawan et al. | Dec 2001 | A1 |
| 20020007453 | Nemovicher | Jan 2002 | A1 |
| 20020025062 | Black | Feb 2002 | A1 |
| 20020026575 | Wheeler et al. | Feb 2002 | A1 |
| 20020035542 | Tumey et al. | Mar 2002 | A1 |
| 20020054587 | Baker et al. | May 2002 | A1 |
| 20020073213 | Mekata et al. | Jun 2002 | A1 |
| 20020112177 | Voltmer et al. | Aug 2002 | A1 |
| 20020178380 | Wolf et al. | Nov 2002 | A1 |
| 20020184103 | Shah et al. | Dec 2002 | A1 |
| 20030014372 | Wheeler et al. | Jan 2003 | A1 |
| 20030023695 | Kobata et al. | Jan 2003 | A1 |
| 20030023874 | Prokupets et al. | Jan 2003 | A1 |
| 20030026462 | Chung et al. | Feb 2003 | A1 |
| 20030028427 | Dutta et al. | Feb 2003 | A1 |
| 20030048173 | Shigematsu et al. | Mar 2003 | A1 |
| 20030056092 | Edgett et al. | Mar 2003 | A1 |
| 20030056096 | Albert et al. | Mar 2003 | A1 |
| 20030061503 | Katz et al. | Mar 2003 | A1 |
| 20030065626 | Allen | Apr 2003 | A1 |
| 20030065919 | Albert et al. | Apr 2003 | A1 |
| 20030097570 | Wheeler et al. | May 2003 | A1 |
| 20030097597 | Lewis | May 2003 | A1 |
| 20030101136 | Wheeler et al. | May 2003 | A1 |
| 20030103653 | Avni et al. | Jun 2003 | A1 |
| 20030105725 | Hoffman | Jun 2003 | A1 |
| 20030115142 | Brickell et al. | Jun 2003 | A1 |
| 20040019570 | Bolle et al. | Jan 2004 | A1 |
| 20040054911 | Chennakeshu et al. | Mar 2004 | A1 |
| 20040059924 | Soto et al. | Mar 2004 | A1 |
| 20040059952 | Newport et al. | Mar 2004 | A1 |
| 20040097217 | McClain | May 2004 | A1 |
| 20040133778 | Madani | Jul 2004 | A1 |
| 20040147265 | Kelley et al. | Jul 2004 | A1 |
| 20040177073 | Snyder et al. | Sep 2004 | A1 |
| 20040243832 | Wilf et al. | Dec 2004 | A1 |
| 20040243856 | Shatford | Dec 2004 | A1 |
| 20050010786 | Michener et al. | Jan 2005 | A1 |
| 20050075973 | Yousofi | Apr 2005 | A1 |
| 20050086531 | Kenrich | Apr 2005 | A1 |
| 20050114713 | Beckman et al. | May 2005 | A1 |
| 20050160052 | Schneider et al. | Jul 2005 | A1 |
| 20050180618 | Black | Aug 2005 | A1 |
| 20050216824 | Ferguson et al. | Sep 2005 | A1 |
| 20050228887 | Wang et al. | Oct 2005 | A1 |
| 20050234833 | Vanfleet et al. | Oct 2005 | A1 |
| 20050268345 | Harrison et al. | Dec 2005 | A1 |
| 20050289058 | Hoffman et al. | Dec 2005 | A1 |
| 20060004651 | Corr et al. | Jan 2006 | A1 |
| 20060005024 | Law | Jan 2006 | A1 |
| 20060010487 | Fierer et al. | Jan 2006 | A1 |
| 20060020793 | Rogers et al. | Jan 2006 | A1 |
| 20060029261 | Hoffman et al. | Feb 2006 | A1 |
| 20060074986 | Mallalieu et al. | Apr 2006 | A1 |
| 20060090073 | Steinberg et al. | Apr 2006 | A1 |
| 20060095780 | Hillis et al. | May 2006 | A1 |
| 20060123092 | Madams et al. | Jun 2006 | A1 |
| 20060143462 | Jacobs | Jun 2006 | A1 |
| 20060165060 | Dua | Jul 2006 | A1 |
| 20060194592 | Clough | Aug 2006 | A1 |
| 20060206709 | Labrou et al. | Sep 2006 | A1 |
| 20060282528 | Madams et al. | Dec 2006 | A1 |
| 20060294387 | McCracken et al. | Dec 2006 | A1 |
| 20070011261 | Madams et al. | Jan 2007 | A1 |
| 20070050840 | Grandcolas et al. | Mar 2007 | A1 |
| 20070061590 | Boye et al. | Mar 2007 | A1 |
| 20070118745 | Buer | May 2007 | A1 |
| 20070198432 | Pitroda | Aug 2007 | A1 |
| 20070198436 | Weiss | Aug 2007 | A1 |
| 20070245158 | Giobbi et al. | Oct 2007 | A1 |
| 20070253553 | Abdul Rahman et al. | Nov 2007 | A1 |
| 20070260544 | Wankmueller | Nov 2007 | A1 |
| 20070266439 | Kraft | Nov 2007 | A1 |
| 20070289011 | Heath et al. | Dec 2007 | A1 |
| 20070291995 | Rivera | Dec 2007 | A1 |
| 20080046988 | Baharis et al. | Feb 2008 | A1 |
| 20080120240 | Ginter et al. | May 2008 | A1 |
| 20080129447 | Choi et al. | Jun 2008 | A1 |
| 20080172341 | Crandell | Jul 2008 | A1 |
| 20080172382 | Prettejohn | Jul 2008 | A1 |
| 20080275748 | John | Nov 2008 | A1 |
| 20080319915 | Russell et al. | Dec 2008 | A1 |
| 20080320151 | McCanne et al. | Dec 2008 | A1 |
| 20090049301 | Hamid et al. | Feb 2009 | A1 |
| 20090055910 | Lee | Feb 2009 | A1 |
| 20090069050 | Jain et al. | Mar 2009 | A1 |
| 20090070691 | Jain | Mar 2009 | A1 |
| 20090106556 | Hamid | Apr 2009 | A1 |
| 20090119214 | Delolme et al. | May 2009 | A1 |
| 20090138405 | Blessing | May 2009 | A1 |
| 20090171850 | Yuval | Jul 2009 | A1 |
| 20090189736 | Hayashi | Jul 2009 | A1 |
| 20090260064 | McDowell et al. | Oct 2009 | A1 |
| 20090264070 | Lim | Oct 2009 | A1 |
| 20090292641 | Weiss | Nov 2009 | A1 |
| 20090294523 | Marano et al. | Dec 2009 | A1 |
| 20100036772 | Arceneaux | Feb 2010 | A1 |
| 20100049659 | Cassone | Feb 2010 | A1 |
| 20100070377 | Williams et al. | Mar 2010 | A1 |
| 20100115583 | Delia et al. | May 2010 | A1 |
| 20100180327 | Sheets et al. | Jul 2010 | A1 |
| 20100180328 | Moas et al. | Jul 2010 | A1 |
| 20100191652 | Eckert et al. | Jul 2010 | A1 |
| 20100229245 | Singhal | Sep 2010 | A1 |
| 20110006880 | Long et al. | Jan 2011 | A1 |
| 20110086616 | Brand et al. | Apr 2011 | A1 |
| 20110099112 | Mages et al. | Apr 2011 | A1 |
| 20110185181 | Lin | Jul 2011 | A1 |
| 20110207434 | Rozhkov | Aug 2011 | A1 |
| 20110219230 | Oberheide et al. | Sep 2011 | A1 |
| 20110221568 | Giobbi | Sep 2011 | A1 |
| 20110224509 | Fish et al. | Sep 2011 | A1 |
| 20110238517 | Ramalingam et al. | Sep 2011 | A1 |
| 20110246817 | Orsini et al. | Oct 2011 | A1 |
| 20110265149 | Ganesan | Oct 2011 | A1 |
| 20110270751 | Csinger et al. | Nov 2011 | A1 |
| 20110289092 | Kumar et al. | Nov 2011 | A1 |
| 20110302273 | Pfitzmann et al. | Dec 2011 | A1 |
| 20120011016 | Williams et al. | Jan 2012 | A1 |
| 20120066262 | Greenberg | Mar 2012 | A1 |
| 20120072353 | Boone et al. | Mar 2012 | A1 |
| 20120079581 | Patterson et al. | Mar 2012 | A1 |
| 20120110341 | Beigi | May 2012 | A1 |
| 20120124651 | Ganesan et al. | May 2012 | A1 |
| 20120131657 | Sunstein et al. | May 2012 | A1 |
| 20120240198 | Shannon | Sep 2012 | A1 |
| 20120272056 | Ganesan | Oct 2012 | A1 |
| 20130006862 | Graham | Jan 2013 | A1 |
| 20130007874 | Purvis | Jan 2013 | A1 |
| 20130013931 | O'Hare et al. | Jan 2013 | A1 |
| 20130036370 | Ananthakrishnan | Feb 2013 | A1 |
| 20130055346 | Singh et al. | Feb 2013 | A1 |
| 20130061091 | Moore et al. | Mar 2013 | A1 |
| 20130061333 | Davis et al. | Mar 2013 | A1 |
| 20130091172 | Kelesis | Apr 2013 | A1 |
| 20130124292 | Juthani | May 2013 | A1 |
| 20130130623 | Hozanne et al. | May 2013 | A1 |
| 20130179681 | Benson et al. | Jul 2013 | A1 |
| 20130185210 | Dodson et al. | Jul 2013 | A1 |
| 20130198834 | Kirsch | Aug 2013 | A1 |
| 20130212655 | Hoyos et al. | Aug 2013 | A1 |
| 20130223279 | Tinnakornsrisuphap et al. | Aug 2013 | A1 |
| 20130251216 | Smowton et al. | Sep 2013 | A1 |
| 20130268589 | Torgersrud et al. | Oct 2013 | A1 |
| 20130282637 | Costigan et al. | Oct 2013 | A1 |
| 20130282844 | Logan et al. | Oct 2013 | A1 |
| 20130318580 | Gudlavenkatasiva et al. | Nov 2013 | A1 |
| 20130332342 | Kasower | Dec 2013 | A1 |
| 20130333006 | Tapling et al. | Dec 2013 | A1 |
| 20140020089 | Perini | Jan 2014 | A1 |
| 20140033273 | Rathbun | Jan 2014 | A1 |
| 20140040989 | Davis et al. | Feb 2014 | A1 |
| 20140047560 | Meyer et al. | Feb 2014 | A1 |
| 20140074658 | Sanchez | Mar 2014 | A1 |
| 20140074696 | Glaser | Mar 2014 | A1 |
| 20140075525 | Ferlin | Mar 2014 | A1 |
| 20140088987 | Backhaus | Mar 2014 | A1 |
| 20140089121 | Kaminsky et al. | Mar 2014 | A1 |
| 20140108170 | Tamari et al. | Apr 2014 | A1 |
| 20140143831 | Fieweger | May 2014 | A1 |
| 20140149747 | Bowers | May 2014 | A1 |
| 20140162598 | Villa-Real | Jun 2014 | A1 |
| 20140165184 | Lange | Jun 2014 | A1 |
| 20140183269 | Glaser | Jul 2014 | A1 |
| 20140201538 | O'Hare et al. | Jul 2014 | A1 |
| 20140237578 | Cowles et al. | Aug 2014 | A1 |
| 20140244744 | Lyren | Aug 2014 | A1 |
| 20140250128 | Akin et al. | Sep 2014 | A1 |
| 20140279514 | Sharp | Sep 2014 | A1 |
| 20140282978 | Lerner et al. | Sep 2014 | A1 |
| 20140283113 | Hanna | Sep 2014 | A1 |
| 20140289790 | Wilson | Sep 2014 | A1 |
| 20140289833 | Briceno et al. | Sep 2014 | A1 |
| 20140289867 | Bukai | Sep 2014 | A1 |
| 20140306833 | Ricci | Oct 2014 | A1 |
| 20140309789 | Ricci | Oct 2014 | A1 |
| 20140310075 | Ricci | Oct 2014 | A1 |
| 20140310160 | Kumar et al. | Oct 2014 | A1 |
| 20140310174 | Heeter | Oct 2014 | A1 |
| 20140310786 | Harding | Oct 2014 | A1 |
| 20140333415 | Kursun et al. | Nov 2014 | A1 |
| 20140337243 | Dutt et al. | Nov 2014 | A1 |
| 20140337930 | Hoyos et al. | Nov 2014 | A1 |
| 20140357187 | Ehrensvã□rd | Dec 2014 | A1 |
| 20140357295 | Skomra et al. | Dec 2014 | A1 |
| 20140363058 | Emmett et al. | Dec 2014 | A1 |
| 20150033299 | Borovikov | Jan 2015 | A1 |
| 20150033305 | Shear et al. | Jan 2015 | A1 |
| 20150039315 | Gross | Feb 2015 | A1 |
| 20150058931 | Miu et al. | Feb 2015 | A1 |
| 20150059003 | Bouse | Feb 2015 | A1 |
| 20150073987 | Dutt | Mar 2015 | A1 |
| 20150106195 | Holman et al. | Apr 2015 | A1 |
| 20150106288 | Holman et al. | Apr 2015 | A1 |
| 20150106949 | Holman et al. | Apr 2015 | A1 |
| 20150131870 | Hudson et al. | May 2015 | A1 |
| 20150135300 | Ford | May 2015 | A1 |
| 20150172257 | Truitt et al. | Jun 2015 | A1 |
| 20150188891 | Grange et al. | Jul 2015 | A1 |
| 20150189505 | Marien | Jul 2015 | A1 |
| 20150203125 | Penilla et al. | Jul 2015 | A1 |
| 20150205944 | Turgeman | Jul 2015 | A1 |
| 20150205955 | Turgeman | Jul 2015 | A1 |
| 20150205957 | Turgeman et al. | Jul 2015 | A1 |
| 20150205958 | Turgeman et al. | Jul 2015 | A1 |
| 20150210287 | Penilla et al. | Jul 2015 | A1 |
| 20150213246 | Turgeman et al. | Jul 2015 | A1 |
| 20150213251 | Turgeman | Jul 2015 | A1 |
| 20150227938 | Smets et al. | Aug 2015 | A1 |
| 20150237026 | Kumar | Aug 2015 | A1 |
| 20150237045 | Blessing | Aug 2015 | A1 |
| 20150249663 | Svigals | Sep 2015 | A1 |
| 20150261948 | Marra et al. | Sep 2015 | A1 |
| 20150269946 | Jones | Sep 2015 | A1 |
| 20150271777 | Torgersrud et al. | Sep 2015 | A1 |
| 20150278820 | Meadows | Oct 2015 | A1 |
| 20150286813 | Jakobsson | Oct 2015 | A1 |
| 20150287018 | Iqbal et al. | Oct 2015 | A1 |
| 20150310188 | Ford et al. | Oct 2015 | A1 |
| 20150319158 | Kumnick | Nov 2015 | A1 |
| 20150326559 | Kuang et al. | Nov 2015 | A1 |
| 20150326565 | Kuang et al. | Nov 2015 | A1 |
| 20150332274 | Prodam et al. | Nov 2015 | A1 |
| 20150341370 | Khan | Nov 2015 | A1 |
| 20150347713 | Seeger | Dec 2015 | A1 |
| 20150347734 | Beigi | Dec 2015 | A1 |
| 20150348032 | Ioveva et al. | Dec 2015 | A1 |
| 20150356316 | Thompson et al. | Dec 2015 | A1 |
| 20150363986 | Hoyos et al. | Dec 2015 | A1 |
| 20150381602 | Grim et al. | Dec 2015 | A1 |
| 20150381603 | Jakobsson | Dec 2015 | A1 |
| 20150381633 | Grim et al. | Dec 2015 | A1 |
| 20150381664 | Bruno et al. | Dec 2015 | A1 |
| 20150382195 | Grim et al. | Dec 2015 | A1 |
| 20160006716 | Rothberg | Jan 2016 | A1 |
| 20160012446 | Parnell | Jan 2016 | A1 |
| 20160028715 | Sivashanmugam et al. | Jan 2016 | A1 |
| 20160036798 | Mulhearn et al. | Feb 2016 | A1 |
| 20160036805 | Lin | Feb 2016 | A1 |
| 20160048700 | Stransky-Heilkron | Feb 2016 | A1 |
| 20160050199 | Ganesan | Feb 2016 | A1 |
| 20160050318 | Lu et al. | Feb 2016 | A1 |
| 20160055322 | Thomas | Feb 2016 | A1 |
| 20160063235 | Tussy | Mar 2016 | A1 |
| 20160065592 | Svigals | Mar 2016 | A1 |
| 20160071390 | Sales et al. | Mar 2016 | A1 |
| 20160072800 | Soon-Shiong et al. | Mar 2016 | A1 |
| 20160072840 | Iyer et al. | Mar 2016 | A1 |
| 20160087952 | Tartz et al. | Mar 2016 | A1 |
| 20160094546 | Innes et al. | Mar 2016 | A1 |
| 20160109954 | Harris et al. | Apr 2016 | A1 |
| 20160110771 | Klein et al. | Apr 2016 | A1 |
| 20160127358 | Engelking | May 2016 | A1 |
| 20160134488 | Straub et al. | May 2016 | A1 |
| 20160140331 | Perez | May 2016 | A1 |
| 20160156664 | Nagaratnam et al. | Jun 2016 | A1 |
| 20160162900 | Dutt et al. | Jun 2016 | A1 |
| 20160164866 | Oberheide et al. | Jun 2016 | A1 |
| 20160164880 | Colesa et al. | Jun 2016 | A1 |
| 20160164958 | Sharan | Jun 2016 | A1 |
| 20160165036 | Leow | Jun 2016 | A1 |
| 20160171361 | Chatterton et al. | Jun 2016 | A1 |
| 20160182503 | Cheng et al. | Jun 2016 | A1 |
| 20160189147 | Vanczak | Jun 2016 | A1 |
| 20160191511 | Tijerina et al. | Jun 2016 | A1 |
| 20160191514 | Talmor et al. | Jun 2016 | A1 |
| 20160219024 | Verzun et al. | Jul 2016 | A1 |
| 20160224782 | Miyakawa | Aug 2016 | A1 |
| 20160226862 | Song | Aug 2016 | A1 |
| 20160232339 | Yang et al. | Aug 2016 | A1 |
| 20160253675 | Remillet | Sep 2016 | A1 |
| 20160269181 | Hon et al. | Sep 2016 | A1 |
| 20160277412 | Streuter et al. | Sep 2016 | A1 |
| 20160308858 | Nordstrom et al. | Oct 2016 | A1 |
| 20160314462 | Hong et al. | Oct 2016 | A1 |
| 20160335426 | Cherry et al. | Nov 2016 | A1 |
| 20160337334 | Murr | Nov 2016 | A1 |
| 20160342989 | Davis | Nov 2016 | A1 |
| 20160342994 | Davis | Nov 2016 | A1 |
| 20160357954 | Guionneau et al. | Dec 2016 | A1 |
| 20160371697 | Auvenshine et al. | Dec 2016 | A1 |
| 20160378417 | Kenjalkar | Dec 2016 | A1 |
| 20170012951 | Mennes et al. | Jan 2017 | A1 |
| 20170041296 | Ford et al. | Feb 2017 | A1 |
| 20170046560 | Tsur | Feb 2017 | A1 |
| 20170046698 | Haldenby et al. | Feb 2017 | A1 |
| 20170048218 | Lindemann | Feb 2017 | A1 |
| 20170048319 | Straub | Feb 2017 | A1 |
| 20170063550 | Brodie | Mar 2017 | A1 |
| 20170063840 | Krishnaiah | Mar 2017 | A1 |
| 20170076280 | Castinado et al. | Mar 2017 | A1 |
| 20170091757 | Lloyd et al. | Mar 2017 | A1 |
| 20170103194 | Wechsler | Apr 2017 | A1 |
| 20170103408 | Mazuera | Apr 2017 | A1 |
| 20170132630 | Castinado et al. | May 2017 | A1 |
| 20170132633 | Whitehouse | May 2017 | A1 |
| 20170132643 | Sagade et al. | May 2017 | A1 |
| 20170148009 | Perez Lafuente | May 2017 | A1 |
| 20170242961 | Shukla et al. | Aug 2017 | A1 |
| 20170243208 | Kurian et al. | Aug 2017 | A1 |
| 20170250972 | Ronda et al. | Aug 2017 | A1 |
| 20170293912 | Furche et al. | Oct 2017 | A1 |
| 20170318007 | Cleeve | Nov 2017 | A1 |
| 20170337545 | Li | Nov 2017 | A1 |
| 20170352012 | Hearn et al. | Dec 2017 | A1 |
| 20180025442 | Isaacson et al. | Jan 2018 | A1 |
| 20180060496 | Bulleit et al. | Mar 2018 | A1 |
| 20180068130 | Chan et al. | Mar 2018 | A1 |
| 20180075421 | Serrano et al. | Mar 2018 | A1 |
| 20180089256 | Wright, Sr. | Mar 2018 | A1 |
| 20180096349 | McDonald et al. | Apr 2018 | A1 |
| 20180114218 | Konik et al. | Apr 2018 | A1 |
| 20180130050 | Taylor et al. | May 2018 | A1 |
| 20180191740 | Decenzo et al. | Jul 2018 | A1 |
| 20180204191 | Wilson et al. | Jul 2018 | A1 |
| 20180227275 | Russinovich et al. | Aug 2018 | A1 |
| 20180308072 | Smith et al. | Oct 2018 | A1 |
| 20180315055 | Pickover et al. | Nov 2018 | A1 |
| 20180316507 | Smith et al. | Nov 2018 | A1 |
| 20180322588 | Linne | Nov 2018 | A1 |
| 20180343120 | Andrade | Nov 2018 | A1 |
| 20180343126 | Fallah | Nov 2018 | A1 |
| 20180349896 | Arora et al. | Dec 2018 | A1 |
| 20180349968 | O'Brien et al. | Dec 2018 | A1 |
| 20180367310 | Leong et al. | Dec 2018 | A1 |
| 20180373983 | Katz et al. | Dec 2018 | A1 |
| 20190012662 | Krellenstein et al. | Jan 2019 | A1 |
| 20190018984 | Setty et al. | Jan 2019 | A1 |
| 20190019144 | Gillen | Jan 2019 | A1 |
| 20190019180 | Coburn et al. | Jan 2019 | A1 |
| 20190020653 | Brown et al. | Jan 2019 | A1 |
| 20190020661 | Zhang | Jan 2019 | A1 |
| 20190026685 | Chappell et al. | Jan 2019 | A1 |
| 20190028276 | Pierce et al. | Jan 2019 | A1 |
| 20190034716 | Kamarol et al. | Jan 2019 | A1 |
| 20190035018 | Nolan et al. | Jan 2019 | A1 |
| 20190036887 | Miller | Jan 2019 | A1 |
| 20190043050 | Smith et al. | Feb 2019 | A1 |
| 20190319939 | Hamel | Oct 2019 | A1 |
| 20200014541 | Streit | Jan 2020 | A1 |
| 20200169415 | Schmidt | May 2020 | A1 |
| 20210027295 | Raquepaw et al. | Jan 2021 | A1 |
| Number | Date | Country |
|---|---|---|
| WO-2017190175 | Nov 2017 | WO |
| WO-2018126077 | Jul 2018 | WO |
| WO-2018165472 | Sep 2018 | WO |
| WO-2018172439 | Sep 2018 | WO |
| WO-2018204541 | Nov 2018 | WO |
| WO-2018223125 | Dec 2018 | WO |
| WO-2019009913 | Jan 2019 | WO |
| WO-2019009914 | Jan 2019 | WO |
| Entry |
|---|
| A White Paper from the Sovrin Foundation, “Sovrin: A Protocol and Token for Self-Sovereign Identity and Decentralized Trust”, Version 1.0 Jan. 2018. 42 pages. |
| Liu—The Organizational Structure in Collaboration Information Gathering, 2001, IEEE, pp. 263-268 (Year: 2001). |
| Restriction Requirement issued in U.S. Appl. No. 16/600,153 dated Feb. 23, 2022. |
| Shakshuki—A Multi-Agent System Architecture for Information Gathering, 2000, IEEE, pp. 732-736 (Year: 2000). |
| Stockel “Securing Data and Financial Transactions,” IEEE, pp. 397-401, (Year: 1995). |
| Zhi-Min et al “Analysis of State-Owned Commercial Banks On-Line Sites Frequent Transactions and Structure Equation Modeling Archive,” 2012 2nd International Conference on Computer Science and Network Technology, pp. 401-405 (Year: 2012). |
| Liu et al “A Survey of Payment Card Industry Data Security Standard,” IEEE Communications Surveys & Tutorials, vol. 12, No. 3, Third Quarter 2010, pp. 287-303 (Year: 2010). |
| Ranchi et al “Security, Privacy and Efficiency of Internet Banking Transactions,” IEEE, pp. 216-222 (Year: 2011). |
| Su et al“A Service Level Agreement for the Resource Transaction Risk based on Cloud Bank Model,” 2012 International Conference on Cloud Computing and Service Computing, IEEE Computer Society, pp. 198-203. |
| Zhang et al, “A Method of Predicting Users' Behaviors Based on Inter-transaction Association Rules,” 2009 Sixth Web Information Systems and Applications Conference, IEEE Computer Society, pp. 147-150. |
| Number | Date | Country | |
|---|---|---|---|
| 20230379708 A1 | Nov 2023 | US |
| Number | Date | Country | |
|---|---|---|---|
| Parent | 17898108 | Aug 2022 | US |
| Child | 18226566 | US | |
| Parent | 16598904 | Oct 2019 | US |
| Child | 17898108 | US |
