PUBLICLY READABLE BLOCKCHAIN REGISTRY OF PERSONALLY IDENTIFIABLE INFORMATION BREACHES
First Claim
1. A computer-implemented method comprising:
- maintaining, by a first service provider, a blockchain registry comprising signed descriptors for a plurality of users of services provided by a plurality of service providers, the signed descriptors corresponding to personally identifiable information (PII) of the plurality of users that has been breached at services offered by the plurality of service providers;
determining the PII for a user of a first service provided by the first service provider has been breached;
writing a signed descriptor for the PII that has been breached to the blockchain registry; and
synchronizing a publically available blockchain registry with the blockchain registry, the synchronizing comprising communicating the signed descriptor for the PII that has been breached at the first service to the publicly available blockchain registry.
1 Assignment
0 Petitions
Accused Products
Abstract
A registry is utilized to identify personally identifiable information (PII) that has been breached. The registry is a distributed database shared by multiple organizations to track which PII has been breached in other organizations. A first service provider initially receives PII and corresponding signed descriptor from a user. The PII is used to verify an identity of the user and the signed descriptor describes the type of PII that is received. The first service provider queries the registry to determine if the signed descriptor of the user has been written to the registry by a second service provider, indicating that it has been breached at a service provided by the second service provider. If the first service provider uses the breached PII, the breached PII is invalidated by the first service provider.
138 Citations
20 Claims
-
1. A computer-implemented method comprising:
-
maintaining, by a first service provider, a blockchain registry comprising signed descriptors for a plurality of users of services provided by a plurality of service providers, the signed descriptors corresponding to personally identifiable information (PII) of the plurality of users that has been breached at services offered by the plurality of service providers; determining the PII for a user of a first service provided by the first service provider has been breached; writing a signed descriptor for the PII that has been breached to the blockchain registry; and synchronizing a publically available blockchain registry with the blockchain registry, the synchronizing comprising communicating the signed descriptor for the PII that has been breached at the first service to the publicly available blockchain registry. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. One or more computer storage media having computer-executable instructions embodied thereon that, when executed by a computer, causes the computer to perform operations, the operations comprising:
-
maintaining, by a first service provider, a blockchain registry comprising signed descriptors for a plurality of users of services provided by a plurality of service providers, the signed descriptors corresponding to personally identifiable information (PII) of the plurality of users that has been breached; receiving updates to the blockchain registry, the updates provided by the plurality of service providers to the publicly available blockchain registry, the publicly available blockchain registry comprising the signed descriptors for the plurality of users of the services provided by the plurality of service providers indicating PII that has been breached at services offered by the plurality of service providers; and querying the blockchain registry for a private key message, the private key message being written to the publicly available blockchain registry by a user of the plurality of users indicating that a private key of the user has been stolen. - View Dependent Claims (17, 18, 19)
-
-
20. A computerized system comprising:
-
a processor; and computer storage media storing computer-useable instructions that, when used by the processor, cause the processor to; maintaining, by a first service provider, a blockchain registry comprising signed descriptors for a plurality of users of services provided by a plurality of service providers, the signed descriptors corresponding to personally identifiable information (PII) of the plurality of users that has been breached at services offered by the plurality of service providers; determining the PII for a user of a first service provided by the first service provider has been breached; writing a signed descriptor for the PII that has been breached to the blockchain registry; and synchronizing the blockchain registry with the publically available blockchain registry, the synchronizing comprising communicating the signed descriptor for the PII that has been breached at the first service to a publicly available blockchain registry.
-
Specification