Invention for Verifying an Identity based on Multiple Distributed Data Sources using a Blockchain to safeguard the Identity

Invented by Sri Krishnamacharya, Quang Le, Stan TIGRETT, Russ AYRES, Equifax Inc

The market for verifying an identity based on multiple distributed data sources using a blockchain to safeguard the identity is rapidly growing as individuals and organizations recognize the need for secure and reliable identity verification solutions. With the increasing prevalence of online transactions and the rise of digital identities, the need for robust identity verification methods has become paramount. Traditional methods of identity verification, such as presenting physical identification documents, are often time-consuming, costly, and prone to fraud. Moreover, centralized databases that store personal information are vulnerable to data breaches and unauthorized access. These challenges have paved the way for the emergence of blockchain-based identity verification solutions. Blockchain technology, known for its decentralized and immutable nature, offers a promising solution to the identity verification problem. By leveraging multiple distributed data sources, such as government databases, financial institutions, and social media platforms, blockchain-based identity verification systems can create a comprehensive and reliable profile of an individual’s identity. One of the key advantages of using a blockchain for identity verification is the enhanced security it provides. The decentralized nature of blockchain ensures that no single entity has control over the data, reducing the risk of data breaches. Additionally, the immutability of blockchain records makes it extremely difficult for malicious actors to tamper with or forge identity information. The market for verifying an identity based on multiple distributed data sources using a blockchain is not limited to a specific industry. It has applications in various sectors, including finance, healthcare, e-commerce, and government services. Financial institutions can utilize blockchain-based identity verification to comply with Know Your Customer (KYC) regulations, reducing the risk of money laundering and fraud. Healthcare providers can securely access patient records from different sources to ensure accurate diagnoses and treatment plans. E-commerce platforms can enhance customer trust by verifying the identities of both buyers and sellers, reducing the risk of fraudulent transactions. Startups and established companies are actively exploring opportunities in this market. Numerous blockchain-based identity verification platforms have emerged, offering innovative solutions to address the challenges associated with traditional methods. These platforms leverage advanced algorithms and machine learning techniques to analyze data from multiple sources and create a unique digital identity for each individual. However, challenges remain in the widespread adoption of blockchain-based identity verification systems. Integration with existing systems and databases, regulatory compliance, and user privacy concerns are some of the key hurdles that need to be addressed. Additionally, educating users about the benefits and security features of blockchain-based identity verification is crucial to gain their trust and acceptance. In conclusion, the market for verifying an identity based on multiple distributed data sources using a blockchain is witnessing significant growth and innovation. The advantages of enhanced security, reliability, and efficiency offered by blockchain technology make it an attractive solution for identity verification. As more industries and individuals recognize the need for secure digital identities, the market for blockchain-based identity verification is expected to expand further, revolutionizing the way we establish and safeguard our identities in the digital age.

The Equifax Inc invention works as follows

An online ID can be verified using data from multiple sources of identity stored in a Blockchain. A request for a token is received by an entity in order to authenticate an online identity. By adding a block to a blockchain, the request can be saved in the blockchain representing the online identity for the entity. The data in the new block could indicate the request for the token. The token can then be generated using one or more blocks ordered in the blockchain. The token can then be sent to the entity. The online service can provide the token. The online service can confirm the online identity by receiving the token.

Background for Verifying an Identity based on Multiple Distributed Data Sources using a Blockchain to safeguard the Identity

An entity (e.g. an individual or business) can be identified online based on various characteristics, assets or devices that are associated with it. An online service can use the online identity to differentiate the entity from others prior to a transacting between the entity and online service.

Different identity sources or forms can be used as proof of online identity. An individual may have multiple forms of identification, such as a driver?s license number or social security number. Biometrics, such as a fingerprint. A server that runs an online service may request multiple identification sources from the computing device of a remote entity to verify the online identity before the server provides the remote entity with sensitive information, a service or product. Different online services may request different forms. “For example, the server that runs a site for a lender may ask for information like a social insurance number, name and credit history. A server that runs a site for a car rental provider, on the other hand, may ask for driver’s licence number, credit card number and home address.

Some identification sources have a long-lasting life. A social security number, or mailing address, may have been associated with an individual for many years. “Providing multiple long-lived sources of identification to online services could expose an entity at risk of identity fraud if electronic communications containing these sources of identification are intercepted and read by parties other than online services.

Aspects of and examples for verifying identity using multiple distributed data sources with a blockchain are disclosed to safeguard identity. A processing device, for example, can receive a token request from an entity in order to authenticate an online identity of that entity with an online service. By adding a block to the blockchain, the processing device can add the request into a blockchain representing the online identity for the entity. A blockchain is a database that generates blocks based on a number of identity sources, which represent the personally identifiable information for an entity. The data that is added to the new block in the blockchain may indicate the token request. The device that processes the data can create the token using the blocks ordered in the blockchain. The processing device transmits the token to the entity and receives the token later from the online service. “The processing device can, upon receiving the token, confirm the online identity for the entity.

This example is not meant to define or limit the invention but rather to help with its understanding. After reading the complete description and figures (including the sections entitled: Brief Description of Figures, Detailed Descripton, and Claims), other aspects, benefits, and features will be apparent.

Certain aspects of the disclosure are related to verifying identity using multiple distributed data sources and a blockchain in order to protect identity. A system for identity services can use multiple identity sources, such as government-issued documentation or biometric measurements, to create a blockchain representing an entity’s online identity. A blockchain is a database that includes multiple data blocks linked in series. Each data block is resistant against change, and new data can be added to the Blockchain by adding new data blocks to the end. By linking blocks of encoded information derived from identity sources that are associated with an entity, the identity service system is able to generate a blockchain which represents an online identity. The identity can be stored in a Blockchain, allowing the Identity Service System to create tokens that are only valid for one use. Tokens can include a signal or packet of data, or code segments that represent information and can be sent between devices. Tokens allow for the verification of identities without requiring online services to access identity sources.

In certain aspects, identity sources may include one or more formats (e.g. text data, digital identity data, biometric information) that are associated with a particular entity, such as a consumer. Each identity source, or format of identity source, can be stored in a separate database that is communicated with (or included in the) identity service system. Text-based data can be used to create an online identity (e.g. a social insurance number (?SSN?) ), a name, an address or a driver’s license number). A text-based identity can be generated using text (e.g., a social security number (?SSN? Biometric data can also be used to generate an online identity. This can be based off a feature stored by the entity, such as a voice, fingerprints, iris or DNA. Identity service systems may store a real image or a template created from an original. The digital identity of the devices that are associated with an entity can be used to generate an online identity. Examples include a mobile device ID (e.g. MAC address), a device identifier for the internet of things, a phone or geolocation. The identity service system may encode and link identity sources in order to create a blockchain that represents the online identity. Data values in a Blockchain can be encoded using any suitable encoding method (e.g. data values can have their data hashed with a hash function).

An Identity Service System can add new blocks to the Blockchain in response to new identity sources or transactions (e.g. an authentication event where the identity service receives a demand for authentication of an Online Identity). Each ordered block may have a timestamp, and be resistant to modifications. The blockchain can represent the history of an entity’s online identity. A hash value based on the Blockchain can be generated in an identity transaction. “Adding a new block in an ordered order to the blockchain will modify the hash associated with it so that the value changes for every identity transaction.

In certain aspects, a token can be generated to verify the identity of an individual to an online service or another entity while preventing that online service from gaining access to any data which can be used to determine the source of identity associated with the individual. Before completing a car rental transaction, the server that runs a website of a car rental provider might request confirmation that an entity is in possession of a valid driver’s licence and has been associated with a card. The identity service system will verify if the entity holds a valid driver’s licence and is linked to a credit card. The identity system can create a token, which is a data packet with a hash based on a current blockchain address and a hash based on that server. The identity service can send the token to the computing device that is associated with the entity. The computing device sends the token to the web server. The server that is associated with the website may transmit the token, or a message informing the system of its receipt to the identity service with a request to verify the online identity of an entity.

In this example, if the hash value in the token matches that of the current blockchain hash value, the identity system will transmit the authentication and the confidence level to the server. In response to receiving the authentication, the identity service system may also add a block to the Blockchain. This can change the hash value and prevent token reuse. A token that allows an online service temporary access to specific identity sources can be created in alternative or additional aspects. “For example, the server that runs a website of a government program might request a particular identity source (e.g. a SSN), and the identity system could receive a request by the entity asking for temporary access to be granted to the server.

An Identity Service System can give control to sensitive information (e.g. personally identifiable information) by the entity associated with that sensitive information. The entity could, for example, reduce the number online services that process, store or display identity sources (e.g. a SSN or driver’s licence number) by sending tokens as a verification instead of an identity source. The identity service system may also link different sources of identification in order to create universal identities which capture identity sources from various countries. A U.S. Citizen born in India could have both a U.S. Passport and an Indian Birth Certificate linked together. To create a single identity online, identity sources linked to the Indian birth certificate can be linked together with identity sources connected to the U.S. Passport (e.g. credit in the U.S.).

The features described herein aren’t limited to a particular hardware configuration or architecture. Any suitable arrangement of components can be used to provide a computing device that provides a result in response to one or more inputs. Multipurpose microprocessor-based computers that can access stored software to program or configure the system are suitable computing devices. The teachings in this document can be implemented in any suitable programming language, scripting language, or combination of languages.

Referring to the illustrations, FIG. The example 1 shows a computing environment that can be used to verify an identity using multiple distributed data sources and a blockchain in order to protect the identity. The computing environment 100 may be a specialized environment for processing large quantities of data with a high number of computer cycles. The computing environment 100 can include computing devices (102 a-c), an identity service system (106), and one or more data stores attached to a network. 110. “The computing environment 100 may also include a network 104 that communicates the computing devices 102a-c to the identity service system.

The NAS 110 may include memory devices that store identity sources 116, which are provided to the Identity Service System 106 by some components of the computing system 100. Identity sources 116 may include information that is personally identifiable about a particular entity (e.g. an individual or business). The identity sources 116 may include text data, such as a SSN, phone number or address, biometric data, such as a face or voice composite, digital identity data, (e.g. a MAC of the computing device associated with the entity), and a combination.

The NAS 110 is also able to store a Blockchain 112 which represents the online identity of a particular entity. The blockchain 112 may include blocks 114 generated by the Identity Service System 106 using the identity sources. The blocks 114 may be generated as a response to requests made by the identity service system.

The NAS 110 can also store a wide variety of data types, organized in a number of ways from a range of sources. NAS 110, for example, may include secondary storage that is located in the identity service system 106 and directly accessible to processors there. NAS 110 can include secondary, tertiary or auxiliary storage such as servers, large hard drives and virtual memory. Storage devices can include portable and non-portable devices, optical devices, as well as various other mediums that are capable of storing or containing data. A non-transitory storage medium can be included in a machine-readable or computer-readable medium. Non-transitory media can include magnetic disks or tapes, optical storage mediums such as digital versatile disks or compact disks, flash memory or memory devices.

The identity system 106 can be a computer or another machine that processes data within the computing environment. The identity service system can include one of more processing devices which executes program code including an identity module 108, and stored on a nontransitory computer-readable media. The identity system 106 may also include a communication network port 130 to communicate with other components or networks within the computing environment 100. The identity service system can, in some cases, receive a request from the computing devices to verify an entity’s identity via the communications port 130. The identity module can update the Blockchain 112 in response to the request, and create a token with a hash value that is based on this blockchain 112. The identity module can send the token via the communications network 130 to the computing device (102a-c) for verification of the identity. The identity module 108 may also receive the token through the communications network 130 and compare the hash with the current value of the Blockchain 112, then confirm the entity’s identity if the hash matches the current value. In certain aspects, the confirmation may include an indication of an online identity that is associated with the entity and stored in the Blockchain 112. The confirmation can also include, in alternative or additional aspects, an indication that the entity’s online identity is linked to a particular identity source requested by online service. The confirmation can also include, in alternative or additional aspects, a specific identity source that was requested by the service.

In some aspects, an identity source 116 can be corrected by the identity service system. The identity service system can update the source 116 of identity with the correction, and update the Blockchain 112 by adding another block 114 which indicates an update for one or more identity sources.

The Identity Service System 106 can include one or more systems. The identity service system 106, for example, may include a database to access the NAS 110 or a communications grid. A grid-based identity system may use a communications grid to process large amounts of data.

The computing devices 102a-c may be associated with a service or entity and communicate with the Identity Service System 106. The computing device 102a, for example, may be a phone that is associated with an entity and can send identity source data to identity service system 106. The computing device may also transmit an alternative request to the system to generate a token to authenticate the online identity of the entity that is associated with the device. “The computing devices 102a-c can interact with the Identity Service System 106 through the data network 104.

In some aspects, computing devices 102a-c can include network computers or sensors, databases or other devices which may transmit data or provide it in another way to the identity service system 106. The computing devices 102a-c, for example, may include local network devices such as hubs, routers, switches or other computer networking equipment.

Click here to view the patent on Google Patents.