• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    The aspects of the technology implement an authentication protocol that allows the trusted provider to vouch for a requesting entity when that entity requests verification by an authentication entity (Figure 1). This is accomplished without the need to share confidential information or other personal information of the requesting entity directly with the authentication entity (Figure 1). Instead, the trusted provider may use specific information about a requesting entity, such as contact information that forms an identity record (404), and may generate a hash of the record (408) . The hash is sent to an authentication entity (410), which returns a secure token to the trusted provider (508). The secure token and identity record information is used to create a verification URL (414), which is shared with the requesting entity (416). The verification URL, when clicked, refers to the authentication entity (Figure 1), which validates the requesting entity (512, 514). The invention allows instantaneous identification of the requesting entity without the parties having to perform advanced cryptographic operations (516).
    公开号:FR3072802A1
    申请号:FR1857843
    申请日:2018-08-31
    公开日:2019-04-26
    发明作者:Stefano Schiavoni;Simon Morris;Phillips Benton;Tom Pritchard
    申请人:Google LLC;
    IPC主号:
    专利说明:

    Confidentiality identity verification
    E-commerce and other activities on the internet often involve one party verifying the identity of another party. Verification can be done in different ways. In one example, an Internet certification authority or a certification authority can issue a digital certificate that contains credential information to assist a person or business for online transactions. However, this type of approach may need different parties to perform advanced cryptographic operations. This may also require the storage of sensitive information going beyond what is normally required for daily work, or otherwise it involves additional overhead of resources or management which is inefficient or time consuming. Thus, this type of approach may not be feasible for certain parties, whether they are individuals, small businesses or other entities.
    The identity verification techniques described in the present invention are simple to implement while preserving the privacy of a party (a requesting entity) who wishes to identify with another party (an authentication entity). The general approach is based on the following factors. First, an intermediary (a trusted supplier) can already identify the requesting entity (such as a person or a business), for example, according to a preexisting relationship. Second, the trusted provider cannot share readable data about the requesting entity with the authentication entity. These may be contractual or legal agreements that prevent such sharing of information. And third, the trusted supplier should do as little work as possible to assist with the verification process. This may include keeping a spreadsheet or calculating basic calculations, but it does not include calculating digital signatures or storing very sensitive information about business.
    The aspects of technology described below allow the trusted provider to use their specific information about a requesting entity to allow instant identification or authentication of that requesting entity with a particular authentication entity. The trusted provider may be a B2B service provider such as a bank or a telecommunications company. Trusted provider's specific information about a person, merchant, specific trade, or other requesting entity may include their address, contact point, and other identifying information that depends normal transactions with this business. This information is hashed in a specific way to share it with a given authentication entity. The authentication entity generates a secure token based on hashed information that the trusted provider uses to create a verification link. The requesting entity is then able to use the verification link, which provides instant identification of the requesting entity by the authentication entity.
    According to aspects of the technology, a method includes processing, by one or more processor devices, a clear text message using a hash function to generate a hash value of the clear text message. The plain text message includes contact information about a requesting entity. The method also includes sending, by a communication unit, the generated hash value to a second device external to an authentication entity, and reception, by the communication unit, of a secure token from the second external device of the authentication entity in response to the sending of the generated hash value. The method further includes the creation, by one or more processing devices and in response to the reception of the secure token from the second external device of the authentication entity, of a verification indication based on the secure token and plain text message. The method also includes the sending, by the communication unit, of the verification indication to the first external device of the requesting entity.
    In one example, the process is performed in response to receipt of the clear text message from a first external device of a requesting entity, the clear text message comprising the contact information of the requesting entity. In another example, the clear text message includes contact information which includes a physical address of a business or a person associated with the requesting entity. In a further example, the clear text message includes a javascript object notification (JSON) identifying contact information.
    In another example, the method further includes adding a SALT element to the clear text message and processing the clear text message with the predefined SALT element using the hash function. Here, sending the verification indication to the first external device of the requesting entity includes sending a verification URL incorporating the secure token and the message information in clear text to the first external device.
    According to other aspects of the technology, a device is provided and includes a communication unit and one or more processors. One or more processors are configured for retrieving from memory a clear text message containing information from a requesting entity, processing the clear text message using a hash function to generating a hash value of the clear text message and creating a verification indication based on the clear text message and a secure token received from a second external device of an authentication entity. The plain text message includes contact information about the requesting entity. The communication unit is further configured to send the verification indication to a first external device of the requesting entity in response to the reception of the secure token from the second external device of the authentication entity.
    In one example, the clear text message includes the contact information of the requesting entity. In another example, the clear text message includes contact information including a physical address of a business or a person associated with the requesting entity. In a further example, the clear text message includes a javascript object notification (JSON) identifying contact information.
    In another example, one or more processors are further configured to add a SALT element to the clear text message and to process the clear text message with the predefined SALT element using the hash function. . Here, the device can send the verification indication to the first external device of the requesting entity by sending a verification URL which incorporates the secure token and the message information in clear text to the first external device.
    According to additional aspects of the technology, the invention relates to a method. The method includes, in response to receiving a hash value from a computing device from a trusted provider, storing the hash value in memory. The hash value is clear text information associated with a requesting entity. The plain text information includes contact information about the requesting entity. The method also includes the generation, by one or more processor devices, of a secure token associated with a storage location for the hash value. In response to receiving a verification message from a first device external to the requesting entity, the method includes processing, by one or more processor devices, the verification message using a hash function to generate a hash value, retrieving the hash value stored in memory, comparing a generated hash value with the hash value retrieved from memory and comparing the secure token generated with the token information in the verification message, in order to verify an identity of the requesting entity.
    In one example, generating the secure token associated with the storage location includes generating a chain of random tokens and registering an association between the chain of random tokens and the storage location. In another example, a length of the random token chain is at least 16 bits. In a further example, the method further includes storing the secure token in a database and associating the secure token with the stored hash value. In yet another example, the method further includes one or more processor devices pre-populating a registration template with account details of the requesting entity. Here, account details can be received via an identification request string parameter associated with the requesting entity.
    And according to other aspects of the technology, a device that is provided includes a communication unit and one or more processors configured to perform the selected operations. In particular, in response to receiving a hash value from a computing device from a trusted provider, one or more processors are configured to store the hash value in memory. The hash value is clear text information associated with a requesting entity. The plain text information includes contact information about the requesting entity. One or more processors are also configured for the generation of a secure token associated with a storage location for the hash value. In response to the receipt of a verification message from a first device external to the requesting entity, one or more processors are configured for processing the verification message using a hash function to generate a hash value, recovering the hash value stored in memory, comparing a generated hash value with the hash value retrieved from memory and comparing the generated secure token with the information of the token in the verification message, in order to verify an identity of the requesting entity.
    In one example, the secure token associated with the storage location is created by generating a chain of random tokens and recording an association between the chain of random tokens and the storage location. In this case, a length of the random token chain can be at least 16 bits. In another example, one or more processors are further configured to store the secure token in a database and to associate the secure token with the stored hash value. In a further example, one or more processors are also configured for pre-filling a registration template with account details of the requesting entity. In this situation, account details can be received via an identification request string parameter associated with the requesting entity.
    A set of figures accompanying this description illustrate various characteristics and different aspects of the technology. In these figures, the same reference numbers refer to the same elements. A brief discussion of each figure is provided below.
    FIG. 1 shows an example of a method according to the aspects of the invention.
    FIG. 2A an example of arrangement of the trusted supplier according to the aspects of the invention.
    Figure 2B is an example of an authentication entity arrangement according to aspects of the invention.
    FIG. 3 shows an example of a network according to the aspects of the invention.
    FIG. 4 shows an example of a request method according to the aspects of the invention.
    FIG. 5 shows an example of a verification method according to the aspects of the invention.
    The following description is based on embodiments of the claims and should not be construed as a restriction on the claims with respect to alternative embodiments which are not explicitly described in the present invention.
    The authentication protocol discussed in the present invention includes an interaction between a requesting entity, a trusted provider and an authentication entity. The requesting entity depends on the trusted supplier to effectively vouch for the requesting entity with the authentication entity, but without directly sharing confidential information or other personal information of the authentication entity with the authentication entity. requesting entity. This approach does not require any entity to perform advanced cryptographic operations or to store sensitive information going beyond what is normally required for daily work. The general overheads of resources or management are thus kept to a minimum, for example via a spreadsheet or a simplified database. This can be attractive in the eyes of individuals, small businesses and other requesting entities, as well as trusted suppliers who are linked to the entities issuing the authorization.
    An example of the authentication protocol is illustrated in FIG. 1. Here, as explained in more detail below, a flow of the process is presented going from a requesting entity to a trusted supplier to an authentication entity and then back to the trusted provider and the requesting entity. At a high level, the protocol allows the trusted provider to generate verification codes - preferably verification URLs - without sharing the confidential data of the requesting entity with the authentication entity. For example, the protocol involves the trusted provider to implement certain tasks and interact with the authentication entity and thus be able to deliver the verification URL directly to the requesting entity. When someone at the requesting entity receives the URL and clicks on it, there is an automatic verification with the authentication entity. The authentication entity thus becomes aware of the existence of the requesting entity at the time when the requesting entity activates the link, not before.
    In particular, as illustrated in Figure 1, the requesting entity initially provides certain information ("entity information") to the trusted provider. This can be achieved through normal business flow with this trusted supplier. For example, a person or a business can open an account with a banking institution or a service set up with a telecommunications provider. The entity information would be, for example, a name and address or other contact information about the requesting entity. Entity information is stored by the trusted provider as identity information under an identity record.
    For example, the details of the requesting entity ("entity information") stored by the trusted provider can be designated as an identity of the requesting entity. The identity can typically include the name of a contact point (for example, the business owner) and a physical address of a street associated with the business or other requesting entity. Identity information can be stored by the trusted provider, for example, as part of a spreadsheet or record in a customer relationship management (CRM) database. Identity information can be arranged as a clear text message ("identity record") in the JavaScript object notation (JSON) format.
    At some point, the requesting entity may request the trusted provider to vouch for this entity with an authentication entity. This can be done, for example, so that the requesting entity can access the services offered by the authentication entity. The trusted provider creates and shares a secure hash (message hash) of the details of the requesting entity (identity registration) with the authentication entity.
    In particular, the message hash is sent to the authentication entity by the trusted provider. The authentication entity generates a secure token which is returned to the trusted provider and serves as a message acknowledgment for the message hash provided. The message hash and the secure token are stored by the authentication entity for later verification of the requesting entity concerned.
    Once the trusted provider receives the acknowledgment, the secure token is used to create a verification link. For example, a verification URL is created at the trusted provider for the requesting entity to register directly with the authentication entity. The URL is created on the basis of both the secure token received from the authentication entity and the identity record stored by the trusted provider.
    The verification URL is then sent to the requesting entity. As illustrated in Figure 1, when the requesting entity wishes to register or otherwise register with the authentication entity, the verification URL is clicked or otherwise activated. This allows the opening of a connection to the website of the authentication entity. At this level, the authentication entity detects whether the data it receives from the requesting entity hashes the same value supplied by the trusted supplier and stored in memory by the authentication entity. Assuming that the information is correct, the requesting entity is instantly validated with the authentication entity.
    FIG. 2A shows an example configuration of a trusted provider 200 which can be used with the authentication protocol described in the present invention. As illustrated, the configuration 200 includes a processing module 202 having one or more computer processors such as a central processing unit 204 and / or graphics processors 206, as well as a memory module 208 configured to store instructions 210 and data 212. A database 214 may or may not be separate from the memory module 208. Processors may or may not operate in parallel, and may include ASICs, controllers and other types of hardware circuit. The processors are configured to receive information from a user through the user interface module 216 and to present information to the user on a display device of the display module 218 having a display interface.
    The user interface module 216 can receive commands from a user via user inputs and convert them into a presentation to a given processor. User inputs can include one or more of a touch screen, keyboard, mouse, stylus, microphone, or other types of input devices. The display module 218 may include a circuit suitable for controlling the display device to present graphical information and other information to the user. By way of example, the graphical information can be generated by the graphical processor (s) 206, while the CPU 204 directs the general operation of the configuration of a trusted provider 200.
    The memory module 208 can be implemented in the form of one or more from a medium or media readable by computer, one or more volatile memory unit (s) or one or more unit (s) non-volatile memory. The memory module 208 can include, for example, a flash memory and / or an NVRAM and can be realized by a hard disk or a memory card. Alternatively, the memory module 208 can also include a DVD, CD-ROM, and read-only memories capable of writing. In one embodiment, a computer program product is concretely materialized in an information medium. The computer program product contains instructions, such as instructions 210 which, when executed by one or more processors, perform one or more methods such as those described in the present invention. The information medium is a medium readable by a computer or by a machine, such as the memory module 208. Although FIG. 2A shows functionally the processor (s), the memory module, and d Other elements of the device 200 as being inside the same global block, such components may or may not be stored in the same physical box. For example, some or all of the instructions and data can be stored on an information medium which is a removable storage medium (for example, an optical drive or a USB drive) and others are stored in a reading computer chip alone. Alternatively, the database 214 can store identity records in a configuration physically separate from the rest of the provision of the trusted provider 200.
    The data 212 can be retrieved, stored or modified by the processors in accordance with instructions 210. For example, although the claimed object is not limited to any particular data structure, the data can be stored in registers of computer devices , in a relational database in the form of a table having a plurality of different fields and records, XML documents or in flat files. The data 212 can also be formatted in any format readable by a computer device.
    Instructions 210 can be any set of instructions to be executed directly (such as machine code) or indirectly (such as scripts) by the processor (s). For example, the instructions may be stored as a computer device code on the medium readable by a computer device. In this regard, the terms "instructions" and "programs" can be used interchangeably here. The instructions can be stored in object code format for direct processing by the processor (s), or in any other language of computing device, including scripts or collections of independent source code modules which are interpreted on request or compiled in advance. The functions, procedures, and routines of the instructions are explained in more detail below.
    As also shown in Figure 2A, the configuration of a trusted provider 200 includes a communication module 220 for communication with other devices and systems, including requesting entities and one or more entities delivering the 'authorization. The communication module 220 includes a wireless transceiver; Alternatively, the module can include a transceiver with cable, or both. The configuration of a trusted provider 200 can communicate with other devices remotely via the communication module 220 using various protocols and different configurations, including a short-range communication protocol such as near field, Bluetooth ™, Low Energy Bluetooth ™ (LE), or other ad-hoc networks, the Internet, intranets, virtual private networks, wide area networks, local area networks, private networks using trademark communication protocols of one or more companies, Ethernet, WiFi and HTTP, and combinations of the above. In addition, the configuration of a trusted supplier 200 as illustrated includes a power module 222.
    In one example, the trusted provider applies a secure hash function to hash the identity information of the requesting entity. As mentioned above, identity registration can be in JavaScript object notation (JSON) format. For example, the trusted provider can "tie" the identity registration JSON, for example, with UTF-8 encoding. It can then optionally code it in base 64. This data can then be supplied to the hash function, for example, a SHA-256 hash function. The result of the hash process is a message hash. The message hash is a specific representation of the data, but is not the data itself. For added security of the trusted provider against hashing reengineering, random data ("knows") can be added to the identity registration JSON before the hashing process is executed. For example only, the know can include one or more bytes of random data. The trusted provider can then share the message hash with the authentication entity via a HTTP POST request or other transmission.
    An example of authentication entity configuration 250 is illustrated in Figure 2B. This configuration is similar to the configuration of a trusted provider 200. For example, the configuration 250 includes a processing module 252 having one or more computer processors such as a central processing unit 254 and / or graphics processors 256, and a memory module 258 configured to store instructions 260 and data 262. A database 264 may or may not be separate from the memory module 208. This database is arranged to store hashes of messages. received and the secure tokens created by the authentication entity.
    Processors may or may not operate in parallel and may include ASICs, controllers and other types of hardware circuits. The processors are configured to receive information from a user through the user interface module 266 and to present information to the user on a display device of the display module 268 having a display interface. The processors, the memory module, the user interface module and the display module operate in the same manner as that described above for the configuration of a trusted supplier 200. And in a similar manner to the database 214, the database 264 can store hashes of messages and secure tokens in a configuration physically separate from the rest of the authentication entity configuration 250.
    As also shown in Figure 2B, the authentication entity configuration 250 includes a communication module 270 for communication with other devices and systems, including requesting entities and one or more trusted providers . The communication module 270 can have a configuration equivalent to that described for the communication module 220. In addition, the authentication entity configuration 250 as shown includes a power module 272.
    Upon receiving the message hash, the authentication entity does various things. First, it can validate that the trusted provider is itself authorized to vouch for the requesting entity. If the validation fails, the process must stop and the requesting entity must use a more formal and direct verification process with the requesting entity. Assuming that the validation of the trusted provider is successful, the authentication entity creates the secure token in order to serve as a receiver of the message hash. The secure token should be unrelated to the message hash received. For example, the secure token can be a random nonce (for example, 16 bytes or more). The authentication entity stores the message hash and the secure token in the database 264 and returns a copy of the secure token to the trusted provider. Thus, it can be seen that the trusted provider does not provide a clear text version of the identity registration JSON to the authentication entity and the authentication entity cannot reverse engineer the identity information of the requesting entity.
    At this level, once the trusted provider has the secure token, the trusted provider can effectively share the identity record and the secure token with the requesting entity. This can be done, for example, by the trusted provider by generating a verification URL for the requesting entity based on the identity record and the secure token received. In one example, the verification URL incorporates the tied version of identity registration and the secure token, with a pointer to the website of the authentication entity. The trusted provider can store the secure token received in the database 214, for example in connection or separately with the associated identity record. Otherwise, the trusted provider may not store the secure token received after the verification URL has been generated.
    Once this generation is completed, the verification URL is sent to the requesting entity directly from the trusted supplier. This, in turn, allows the person or user at the requesting entity to click on the link or otherwise begin verification. When the verification URL is activated, the internet browser of the requesting entity is mistaken for the website of the authentication entity, where the user of the requesting entity can be automatically verified himself or his business by the authentication entity.
    In particular, the authentication entity validates the information received via the verification URL according to the message hash previously received by the authentication entity from the trusted provider. When the requesting entity clicks on the link of the verification URL, the authentication entity will validate the tied version of the identity information and the secure token. For the latter, the secure token stored by the authentication entity in the memory is compared with the secure token received to confirm a match. For identity information, the authentication entity system will perform a hash process and compare the result with the message hash that was previously received from the trusted provider.
    The authentication entity can pre-fill a registration screen with the details of the person or business. This registration is possible because the details are coded in clear text in an identification request string parameter associated with the details of the requesting entity, according to the message hash previously received from the trusted supplier.
    The authentication entity can also verify that the identity information matches something that the trusted provider has the right to provide. For example, there may be geographic restrictions or other restrictions on which the trusted supplier can perform certification.
    Once the verifications are carried out with satisfaction, the authentication entity determines that the verification URL is legitimate and has been generated by a trusted supplier which is authorized by the authentication entity. If so, the data of the requesting entity can be immediately verified. Thus, in this way, the system allows trusted providers to vouch for the identities of their users at an authentication entity, and to allow users to be instantly verified by the authentication entity without have to exchange sensitive information about themselves or their business.
    FIG. 3 shows an example of an arrangement in which the different requesting entity devices 300, for example, 300i, 3002, 3003 and 3004 can request content or other information from a trusted provider 320 and a authentication entity 340 via a communication system 310. Requesting entity devices 300 may include some or all of the components discussed above in the present invention depending on the configuration of a trusted provider 200 and the configuration 250. The requesting entity devices can include laptops (300i), tablets (3ΟΟ2), cell phones, or PDAs (3ΟΟ3) or desktop PCs ( 3ΟΟ4). However, other requesting entity devices can also be used by a requesting entity such as an individual, a small business or a company. Such requesting entity devices can send information to a trusted provider, receive verification URLs, and request verification of an authentication entity as illustrated in Figure 1.
    As shown, the trusted provider 320 can connect to the database 322 via a link 324. The trusted provider 320 and the database 322 correspond to the configuration of a trusted provider 200 as it was described above with respect to FIG. 2A. Similarly, the authentication entity can connect to the database 342 via a link 344. The authentication entity 340 and the database 342 correspond to the authentication entity configuration 250 as it has been described above as a function of FIG. 2B. While only a trusted provider 320 and only an authentication entity 340 are shown in Figure 3, any number of trusted providers and authorizing entities can be included.
    A scenario serving as an example of the operation of the trusted provider is illustrated in relation to the operation diagram 400 of FIG. 4. Here, in block 402, the method includes authentication information of the requesting entity, for example example a name and address or other contact information. This can be done based on the preexisting interaction of the trusted supplier with the requesting entity, for example by confirming a contact name and a postal address for which notices have been sent to the requesting entity. This information is stored as an identity record in block 404. This can be done in JSON format or in another format, depending on the configuration of the trusted provider's database. These operations can be carried out at a time when the requesting entity opens an account or otherwise engages the services of the trusted supplier.
    The trusted provider may receive a request from the requesting entity at block 406. This may include a request that the trusted provider vouch for the requesting entity with a particular authentication entity. Or, otherwise, the trusted supplier can act prospectively. Based on either a request or a potential action, the trusted provider generates a message hash from the identity record to block 408. To achieve this, approaches performed by the processors of the trusted provider are analyzed below. -above. The message hash is transmitted to the particular authentication entity at block 410. Then, in response to this, the trusted provider receives a secure token at block 412. The secure token, such as a nonce or a other information acts as an acknowledgment of receipt of the message hash by the authentication entity.
    Once the secure token is received, the processor (s) of the trusted provider create the verification URL using the secure token and the identity record stored in block 414. This information is then transmitted to the requesting entity at block 416. At this level, the trusted provider has completed its part of the verification process.
    FIG. 5 shows an example of the method 500 for the operation of the authentication entity. At block 502, the authentication entity receives a message hash from a trusted provider. Based on this, a secure token is generated by one or more processors of the authentication entity at block 504. As indicated above, the secure token can be a random nonce. Then, at block 506, the received message hash and the generated secure token are stored in memory, for example in the database 264 in Figure 2B (or the equivalent database 342 in Figure 3). The secure token is transmitted to the trusted provider in block 508. Then, when the requesting entity activates (for example, by clicking) the verification URL, the authentication entity receives this information from the entity requester in block 510. At this level, the processors of the authentication entity perform a verification operation in block 512. This operation includes comparing the information in the verification URL received with the hash of stored message, as well as confirmation that the information received from the secure token of the verification URL corresponds to the secure token stored in the database of the authentication entity. Block 514 analyzes whether the verification is successful. If so, at block 516, the requesting entity receives access authorization from the authentication entity. Depending on the type of authentication entity and the type of requesting entity, this may allow the requesting entity to perform certain operations or allow it to provide selected goods or services. If the verification process fails, the requesting entity is denied access to block 518.
    The logic and process flows presented in the figures and described in the present invention are not limited to a particular order or to a particular sequence, unless otherwise indicated.
    In addition, other steps may be provided or may be eliminated from the described flows and other components may be added or removed from the described systems thereof.
    Although the technology of this present invention has been described with reference to particular embodiments, it should be understood that these embodiments are purely illustrative of the principles and applications of the present technology. It is therefore understood that several modifications can be made to the representative embodiments and that other arrangements can be devised without departing either from the spirit or from the scope of the present technology as defined in the appended claims.
    权利要求:
    Claims (22)
    [1" id="c-fr-0001]
    1. Process comprising:
    the processing, by one or more processor devices, of a clear text message using a hash function to generate a hash value of the clear text message, wherein the clear text message includes information contact about a requesting entity;
    sending, by a communication unit, the generated hash value to a second external device of an authentication entity;
    the reception, by the communication unit, of a secure token from the second external device of the authentication entity in response to the sending of the generated hash value;
    in response to the reception of the secure token from the second external device of the authentication entity, the creation, by one or more processing devices, of a verification indication based on the secure token and the text message clear ; and sending, by the communication unit, the verification indication to the first external device of the requesting entity.
    [2" id="c-fr-0002]
    2. The method of claim 1, wherein the process is performed in response to receiving the clear text message from a first external device of a requesting entity, the clear text message comprising the contact information of the 'requesting entity.
    [3" id="c-fr-0003]
    The method of claim 1 or claim 2, wherein the clear text message includes contact information which includes a physical address of a business or a person associated with the requesting entity.
    [4" id="c-fr-0004]
    4. A method according to any preceding claim, wherein the clear text message comprises a javascript object notification (JSON) of identity of the contact information.
    [5" id="c-fr-0005]
    5. Method according to any preceding claim, in which:
    processing the clear text message further includes adding a SALT element to the clear text message and processing the clear text message with the predefined SALT element using the hash function; and sending the verification indication to the first external device of the requesting entity comprises sending a verification URL incorporating the secure token and the message information in clear text to the first external device.
    [6" id="c-fr-0006]
    6. Device comprising:
    a communication unit; and one or more processors configured for:
    retrieving from memory a clear text message containing information from a requesting entity;
    processing the clear text message using a hash function to generate a hash value of the clear text message; and creating a verification indication based on the clear text message and a secure token received from a second external device of an authentication entity;
    in which :
    the clear text message includes contact information about the requesting entity; and the communication unit is further configured to send the verification indication to a first external device of the requesting entity in response to the reception of the secure token from the second external device of the authentication entity.
    [7" id="c-fr-0007]
    7. Device according to claim 6, in which the clear text message comprises the contact information of the requesting entity.
    [8" id="c-fr-0008]
    8. Device according to claim 6 or claim 7, wherein the clear text message comprises contact information including a physical address of a business or a person associated with the requesting entity.
    [9" id="c-fr-0009]
    9. Device according to any one of claims 6 to 8, in which the clear text message comprises a javascript object notification (JSON) of identity of the contact information.
    [10" id="c-fr-0010]
    10. Device according to any one of claims 6 to 9, in which one or more processors are further configured for:
    adding a SALT element to the clear text message and processing the clear text message with the predefined SALT element using the hash function; and sending the verification indication to the first external device of the requesting entity by sending a verification URL incorporating the secure token and message information in clear text to the first external device.
    [11" id="c-fr-0011]
    11. Process comprising:
    in response to receiving a hash value from a computing device from a trusted provider:
    storing the hash value in the memory, the hash value corresponding to clear text information associated with a requesting entity, the clear text information including contact information about the requesting entity, and the generation, by one or more processor devices, a secure token associated with a storage location for the hash value; and in response to the reception of a verification message from a first device external to the requesting entity:
    the processing, by one or more processor devices, of the verification message using a hash function to generate a hash value, the recovery of the hash value stored in the memory, the comparison of a generated hash value with the hash value retrieved from memory, and comparing the generated secure token with the token information in the verification message, to verify an identity of the requesting entity.
    [12" id="c-fr-0012]
    The method of claim 11, wherein generating the secure token associated with the storage location comprises generating a chain of random tokens and registering an association between the chain of random tokens and the location storage.
    [13" id="c-fr-0013]
    13. The method of claim 12, wherein a length of the chain of random tokens is at least 16 bits.
    [14" id="c-fr-0014]
    The method according to any of claims 11 to 13, further comprising storing the secure token in a database and associating the secure token with the stored hash value.
    [15" id="c-fr-0015]
    The method of any of claims 11 to 14, further comprising one or more processor devices pre-populating a registration template with details of the account of the requesting entity.
    [16" id="c-fr-0016]
    16. The method of claim 15, wherein the account details are received via an identification request string parameter associated with the requesting entity.
    [17" id="c-fr-0017]
    17. Device comprising:
    a communication unit; and one or more processors configured for:
    in response to receiving a hash value from a computing device from a trusted provider:
    storing the hash value in memory, the hash value corresponding to clear text information associated with a requesting entity, the clear text information including contact information about the requesting entity, and generating d 'a secure token associated with a storage location for the hash value; and in response to the reception of a verification message from a first device external to the requesting entity:
    processing the verification message using a hash function to generate a hash value, recovering the hash value stored in memory, comparing a generated hash value with the extracted hash value from memory, and comparing the secure token generated with the token information in the verification message, to verify an identity of the requesting entity.
    [18" id="c-fr-0018]
    18. Device according to claim 17, in which the secure token associated with the storage location is created by generating a chain of random tokens and recording an association between the chain of random tokens and the storage location.
    [19" id="c-fr-0019]
    19. The device of claim 18, wherein a length of the chain of random tokens is at least 16 bits.
    [20" id="c-fr-0020]
    20. Device according to any one of claims 17 to 19, in which one or more processors are further configured to store the secure token in a database and to associate the secure token with the stored hash value.
    [21" id="c-fr-0021]
    21. Device according to any one of claims 17 to 20, in which one or more processors are further configured to pre-fill a registration template with details of the account of the requesting entity.
    [22" id="c-fr-0022]
    22. The device of claim 21, wherein the account details are received via an identification request string parameter associated with the requesting entity.
    类似技术:
    公开号 | 公开日 | 专利标题
    FR3072802A1|2019-04-26|IDENTITY VERIFICATION PRESERVING CONFIDENTIALITY
    US10764254B2|2020-09-01|Systems and methods of secure data exchange
    US11050690B2|2021-06-29|Method for providing recording and verification service for data received and transmitted by messenger service, and server using method
    US8788819B2|2014-07-22|System and method for a cloud-based electronic communication vault
    US8868916B2|2014-10-21|Self-contained electronic signature
    US20200051146A1|2020-02-13|System and method for performing transactions similar to previous transactions
    US7814025B2|2010-10-12|Methods and apparatus for title protocol, authentication, and sharing
    US20200195436A1|2020-06-18|System and method, which using blockchain and mobile devices, provides the validated and authenticated identity of an individual to a valid and authenticated requestor
    US10862843B2|2020-12-08|Computerized system and method for modifying a message to apply security features to the message's content
    US20210326305A1|2021-10-21|Method and system for real-time collaboration and annotation-based action creation and management
    Sirisha et al.2019|Proposed solution for trackable donations using blockchain
    Sathiaseelan et al.2010|MLSF: A Framework for Multi-Level Secure Composite Web Services.
    Hardjono et al.2020|Privacy-preserving claims exchange networks for virtual asset service providers
    Sathiaseelan et al.2009|Multi-Level Secure Framework | for composite web services
    David2019|Managing iot data on hyperledger blockchain
    US11113692B1|2021-09-07|Secure verification of claims
    WO2020169128A2|2020-08-27|Storage management based on message feedback
    WO2020169129A2|2020-08-27|Blockchain-based message services for time-sensitive events
    Tsai et al.2020|STRISA: A New Regulation Architecture to Enforce Travel Rule
    Mori et al.2021|License Trading System for Video Contents Using Smart Contract on Blockchain
    Gerlach2016|Improving e-commerce fraud investigations in virtual, inter-institutional teams: Towards an approach based on Semantic Web technologies
    de Lope et al.2021|Boosting IoT data valorization through the adoption of DLT
    Hughes et al.2019|Beyond Bitcoin: What blockchain and distributed ledger technologies mean for
    EP3938990A1|2022-01-19|Combating false information with crowdsourcing
    Papadamou et al.0|IdeNtity verifiCatiOn with privacy-preservinG credeNtIals for anonymous access To Online services
    同族专利:
    公开号 | 公开日
    EP3596642A1|2020-01-22|
    GB201813959D0|2018-10-10|
    WO2019083517A1|2019-05-02|
    EP3596642B1|2021-03-10|
    US10764051B2|2020-09-01|
    US20190363885A1|2019-11-28|
    DE102018121306A1|2019-04-25|
    GB2567932A|2019-05-01|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    US7640578B2|2002-07-08|2009-12-29|Accellion Inc.|System and method for providing secure communication between computer systems|
    US8788836B1|2006-12-22|2014-07-22|Symantec Corporation|Method and apparatus for providing identity claim validation|
    US8347093B1|2010-07-19|2013-01-01|Google Inc.|Privacy preserving name verification|
    US9098678B2|2011-09-15|2015-08-04|Verizon Patent And Licensing Inc.|Streaming video authentication|
    US9847982B2|2011-10-31|2017-12-19|Nokia Technologies Oy|Method and apparatus for providing authentication using hashed personally identifiable information|
    US20150047003A1|2013-08-07|2015-02-12|Sal Khan|Verification authority and method therefor|
    US9971574B2|2014-10-31|2018-05-15|Oracle International Corporation|JSON stylesheet language transformation|
    US10114975B1|2017-01-13|2018-10-30|Marklogic Corporation|Apparatus and method for data redaction in a semi-structured document database|
    GB2561875A|2017-04-26|2018-10-31|Sita Advanced Travel Solutions Ltd|System and method for authenticating a non-transferrable access token|US9678773B1|2014-09-30|2017-06-13|Amazon Technologies, Inc.|Low latency computational capacity provisioning|
    US9413626B2|2014-12-05|2016-08-09|Amazon Technologies, Inc.|Automatic management of resource sizing|
    US11132213B1|2016-03-30|2021-09-28|Amazon Technologies, Inc.|Dependency-based process of pre-existing data sets at an on demand code execution environment|
    US11146569B1|2018-06-28|2021-10-12|Amazon Technologies, Inc.|Escalation-resistant secure network services using request-scoped authentication information|
    US11243953B2|2018-09-27|2022-02-08|Amazon Technologies, Inc.|Mapreduce implementation in an on-demand network code execution system and stream data processing system|
    US11099917B2|2018-09-27|2021-08-24|Amazon Technologies, Inc.|Efficient state maintenance for execution environments in an on-demand code execution system|
    US11010188B1|2019-02-05|2021-05-18|Amazon Technologies, Inc.|Simulated data object storage using on-demand computation of data objects|
    US11119809B1|2019-06-20|2021-09-14|Amazon Technologies, Inc.|Virtualization-based transaction handling in an on-demand network code execution system|
    US11190609B2|2019-06-28|2021-11-30|Amazon Technologies, Inc.|Connection pooling for scalable network services|
    US11159528B2|2019-06-28|2021-10-26|Amazon Technologies, Inc.|Authentication to network-services using hosted authentication information|
    US11119826B2|2019-11-27|2021-09-14|Amazon Technologies, Inc.|Serverless call distribution to implement spillover while avoiding cold starts|
    US11165586B1|2020-10-30|2021-11-02|Capital One Services, Llc|Call center web-based authentication using a contactless card|
    法律状态:
    2019-08-26| PLFP| Fee payment|Year of fee payment: 2 |
    2020-08-25| PLFP| Fee payment|Year of fee payment: 3 |
    2021-02-12| PLSC| Publication of the preliminary search report|Effective date: 20210212 |
    2022-01-21| RX| Complete rejection|Effective date: 20211217 |
    优先权:
    申请号 | 申请日 | 专利标题
    PCT/US2017/058185|WO2019083517A1|2017-10-25|2017-10-25|Privacy-preserving identity verification|
    USPCT/US17/58185|2017-10-25|
    [返回顶部]