Blockchain identity management system based on public identities ledger
First Claim
1. A system for managing identities of entities in a computer network, comprising:
- a plurality of computing devices in the computer network, each computing device being associated with at least one entity; and
an electronic append-only public identities ledger maintained simultaneously at more than one of the plurality of computing devices, the electronic append-only public identities ledger comprising a plurality of cryptographically-encapsulated identity objects that each uniquely identify a respective entity within the computer network, wherein each of the plurality of cryptographically-encapsulated identity objects further comprises;
one or more identification attributes that uniquely identify a first entity associated with the respective cryptographically-encapsulated identity object, the one or more identification attributes being self-enveloped via a public cryptographic key of the first entity; and
one or more validation attributes created by a second entity associated with a separate cryptographically-encapsulated identity object, wherein the one or more validation attributes are used to validate that the one or more identification attributes accurately identify the first entity,wherein, upon respective validation, each of the plurality of cryptographically-encapsulated identity objects are structured in a linked list and maintained simultaneously at at least a first computing device associated with the first entity and a second computing device associated with the second entity.
2 Assignments
0 Petitions
Accused Products
Abstract
The invention describes an identity management system (IDMS) based on the concept of peer-to-peer protocols and the public identities ledger. The system manages digital identities, which are digital objects that contain attributes used for the identification of persons and other entities in an IT system and for making identity claims. The identity objects are encoded and cryptographically encapsulated. Identity management protocols include the creation of identities, the validation of their binding to real-world entities, and their secure and reliable storage, protection, distribution, verification, updates, and use. The identities are included in a specially constructed global, distributed, append-only public identities ledger. They are forward- and backward-linked using the mechanism of digital signatures. The linking of objects and their chaining in the ledger is based on and reflect their mutual validation relationships. The identities of individual members are organized in the form of linked structures called the personal identities chains. Identities of groups of users that validated identities of other users in a group are organized in community identities chains. The ledger and its chains support accurate and reliable validation of identities by other members of the system and by application services providers without the assistance of third parties. The ledger designed in this invention may be either permissioned or unpermissioned. Permissioned ledgers have special entities, called BIX Security Policy Providers, which validate the binding of digital identities to real-world entities based on the rules of a given security policy. In unpermissioned ledgers, community members mutually validate their identities. The identity management system provides security, privacy, and anonymity for digital identities and satisfies the requirements for decentralized, anonymous identities management systems.
415 Citations
24 Claims
-
1. A system for managing identities of entities in a computer network, comprising:
-
a plurality of computing devices in the computer network, each computing device being associated with at least one entity; and an electronic append-only public identities ledger maintained simultaneously at more than one of the plurality of computing devices, the electronic append-only public identities ledger comprising a plurality of cryptographically-encapsulated identity objects that each uniquely identify a respective entity within the computer network, wherein each of the plurality of cryptographically-encapsulated identity objects further comprises; one or more identification attributes that uniquely identify a first entity associated with the respective cryptographically-encapsulated identity object, the one or more identification attributes being self-enveloped via a public cryptographic key of the first entity; and one or more validation attributes created by a second entity associated with a separate cryptographically-encapsulated identity object, wherein the one or more validation attributes are used to validate that the one or more identification attributes accurately identify the first entity, wherein, upon respective validation, each of the plurality of cryptographically-encapsulated identity objects are structured in a linked list and maintained simultaneously at at least a first computing device associated with the first entity and a second computing device associated with the second entity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A method for managing identities of entities associated with an electronic append-only public identities ledger maintained at a plurality of electronic computing devices in a computer network, comprising:
-
receiving at one or more of the electronic computing devices in the computer network a cryptographically-encapsulated identity object that uniquely identifies a particular entity within the computer network, wherein the cryptographically-encapsulated identity objects further comprises; one or more identification attributes that uniquely identify the respective entity associated with the cryptographically-encapsulated identity object, the one or more identification attributes being self-enveloped via a public cryptographic key of the respective entity; and one or more validation attributes created by a second entity associated with a separate cryptographically-encapsulated identity object; upon receipt of the cryptographically-encapsulated identity object at the one or more electronic computing devices in the computer network, validating the one or more identification attributes associated with the respective entity by means of the one or more validation attributes created by the second entity and associated with a separate cryptographically-encapsulated identity object; and
,upon validation of the one or more identification attributes associated with the respective entity, structuring the plurality of cryptographically-encapsulated identity objects in a linked list that is maintained simultaneously at at least a first computing device associated with the respective entity and a second computing device associated with the second entity.
-
-
24. A system for managing identities of entities in a computer network, comprising:
-
a plurality of computing devices in the computer network, each computing device being associated with at least one entity; and an electronic append-only public identities ledger maintained simultaneously at more than one of the plurality of computing devices, the electronic append-only public identities ledger comprising a plurality of cryptographically-encapsulated identity objects that each uniquely identify a respective entity within the computer network, wherein each of the plurality of cryptographically-encapsulated identity objects further comprises; one or more identification attributes that uniquely identify a first entity associated with the respective cryptographically-encapsulated identity object, each of the one or more identification attributes being self-enveloped via a public cryptographic key of the first entity, each of the one or more identification attributes further comprising; a header comprising a personal identification number of the first entity, a version number associated with a current version of the first object, a date and time the first object was created, and an assurance level associated with an appropriate level of validation of the first entity; one or more search attributes comprising self-encrypted versions of a name, email address, and mobile phone number associated with the first entity; one or more public attributes comprising the name, country, state, city, address, and date of birth associated with the first entity; an initial validator comprising information associated with one or more identification attributes of a second entity, the second entity being at least partially responsible for validating the first entity; and an initial validator signature comprising an electronic signature of the second entity after respective validation, one or more validation attributes created by the second entity, wherein the one or more validation attributes are used to validate that the one or more identification attributes accurately identify the first entity, each of the one or more validation attributes further comprising; a header, a blockchain validator, and a blockchain validator signature, each comprising information associated with identification attributes of the second entity, wherein, upon respective validation, each of the plurality of cryptographically-encapsulated identity objects are structured in a star-shaped linked list and maintained simultaneously at at least a first computing device associated with the first entity and a second computing device associated with the second entity.
-
Specification