Methods and systems for a digital trust architecture

US 10,419,218 B2
Filed: 09/19/2017
Issued: 09/17/2019
Est. Priority Date: 09/20/2016
Status: Active Grant

First Claim

Patent Images

1. A system implementing a digital trust architecture, comprising:

one or more computer processors configured to;

receive, from a network, a first item of user identity information from a user computer,receive a second item of user identity information over the network from an in-person verification system,verify a user account based on the first item of user identity information and the second item of user identity information,provision the user account to a user associated with the user computer based on the verification and the first and second items of user identity information,generate a public and private key associated with the user,generate an email message to be sent to a recipient from the user,sign the email message using the private key,transmit the email message over the network to a recipient computer associated with the recipient,select sensitive data,grant permission to access the selected sensitive data,revoke access to the selected sensitive data,receive records from the user,attach the received records to the email message, andadd the e-mail message to the block chain; and

a hardware memory electronically coupled to the one or more computer processors and configured to store the first and second items of user identify information received by the one or more computer processors.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some aspects, methods and systems for a digital trust architecture are provided. In some aspects, the architecture includes a user account provisioning process. The provisioning process may make use of in person verifications of some personal information to ensure authenticity of the user information. Once the authenticity of user information is established, an account may be created. The user account may include a user email account, with integrated access to digital certificates linked to the user account. Account creation may also automatically publish the new user'"'"'s public key in a publicly accessible directory, enabling encrypted email information to be easily sent to the new user.

Citations

14 Claims

1. A system implementing a digital trust architecture, comprising:
- one or more computer processors configured to;
  
  receive, from a network, a first item of user identity information from a user computer,receive a second item of user identity information over the network from an in-person verification system,verify a user account based on the first item of user identity information and the second item of user identity information,provision the user account to a user associated with the user computer based on the verification and the first and second items of user identity information,generate a public and private key associated with the user,generate an email message to be sent to a recipient from the user,sign the email message using the private key,transmit the email message over the network to a recipient computer associated with the recipient,select sensitive data,grant permission to access the selected sensitive data,revoke access to the selected sensitive data,receive records from the user,attach the received records to the email message, andadd the e-mail message to the block chain; and
  
  a hardware memory electronically coupled to the one or more computer processors and configured to store the first and second items of user identify information received by the one or more computer processors.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the one or more computer processors are further configured to:
    - receive input identifying the recipient associated with the recipient computer and input indicating email body data,search a publicly accessible directory database for a public key associated with the recipient,encrypt the email body data using the public key associated with the recipient, andtransmit the encrypted email body data to the recipient.
  - 3. The system of claim 2, wherein the one or more computer processors are further configured to:
    - receive input indicating whether information indicating the transmission of the encrypted email body data is to be stored in the block chain, andstore the information in the block chain in response to the input.
  - 4. The system of claim 3, wherein the one or more computer processors are further configured to:
    - receive visibility input indicating whether the information stored in the block chain is publicly accessible, andset access privileges of the block chain in response to the visibility input.
  - 5. The system of claim 1, wherein the one or more computer processors are further configured to selectively publish the public key associated with the user to a publicly accessible directory database.
  - 6. The system of claim 1,wherein the one or more computer processors are further configured to:
    - generate a prompt to the in-person verification system for the second item of user identity information, andreceive the second item of user identity information in response to the generated prompt.
  - 7. The system of claim 1, wherein the one or more computer processors are further configured to generate a digital signature for the selected sensitive data, wherein revoking access to the selected sensitive data comprises invalidating the digital signature.

8. A method of implementing a digital trust architecture, comprising:
- receiving, from a network, a first item of user identity information from a user computer;
  
  receiving a second item of user identity information over the network from an in-person verification system;
  
  verifying a user account based on the first item of user identity information and the second item of user identity information;
  
  provisioning the user account to a user associated with the user computer based on the verification and the first and second items of user identity information;
  
  generating a public and private key associated with the user;
  
  generating an email message to be sent to a recipient from the user;
  
  signing the email message using the private key;
  
  transmitting the email over the network to a recipient computer associated with the recipient;
  
  selecting sensitive data;
  
  granting permission to access the selected sensitive data;
  
  revoking access to the selected sensitive data;
  
  receiving records from the user;
  
  attaching the received records to the email message; and
  
  adding the email message to the block chain.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, further comprising:
    - receiving input identifying the recipient associated with the recipient computer and input indicating email body data;
      
      searching a publicly accessible directory database for a public key associated with the recipient;
      
      encrypting the email body data using the public key associated with the recipient; and
      
      transmitting the encrypted email body data to the recipient.
  - 10. The method of claim 9, further comprising:
    - receiving input indicating whether information indicating the transmission of the encrypted email body data is to be stored in the block chain; and
      
      storing the information in the block chain in response to the input.
  - 11. The method of claim 10, further comprising:
    - receiving visibility input indicating whether the information stored in the block chain is publicly accessible; and
      
      setting access privileges of the block chain in response to the visibility input.
  - 12. The method of claim 8, further comprising selectively publishing the public key associated with the user to a publicly accessible directory database.
  - 13. The method of claim 8, further comprising:
    - generating a prompt to the in-person verification system for the second item of user identity information; and
      
      receiving the second item of user identity information in response to the generated prompt.
  - 14. The method of claim 8, further comprising generating a digital signature for the selected sensitive data, wherein revoking access to the selected sensitive data comprises invalidating the digital signature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
United States Postal Service (Government of the United States of America)
Original Assignee
United States Postal Service (Government of the United States of America)
Inventors
Bonnell, Clayton C
Primary Examiner(s)
Holder, Bradley W

Application Number

US15/709,266
Publication Number

US 20180083771A1
Time in Patent Office

728 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

H04L 63/0442   wherein the sending and rec...

H04L 63/123   received data contents, e.g...

H04L 9/006   involving public key infras...

H04L 9/0861   Generation of secret inform...

H04L 9/32   including means for verifyi...

H04L 9/3239   involving non-keyed hash fu...

H04L 9/3247   involving digital signatures

H04L 9/3268   using certificate validatio...

H04L 9/50   using hash chains, e.g. blo...

Methods and systems for a digital trust architecture

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for a digital trust architecture

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links