[go: up one dir, main page]

WO2023239760A1 - Computer-implemented user identity verification method - Google Patents

Computer-implemented user identity verification method Download PDF

Info

Publication number
WO2023239760A1
WO2023239760A1 PCT/US2023/024655 US2023024655W WO2023239760A1 WO 2023239760 A1 WO2023239760 A1 WO 2023239760A1 US 2023024655 W US2023024655 W US 2023024655W WO 2023239760 A1 WO2023239760 A1 WO 2023239760A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
computing device
identity verification
electronic computing
verifying
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2023/024655
Other languages
French (fr)
Inventor
Marc Duthoit
Eric Eva-Candela
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of WO2023239760A1 publication Critical patent/WO2023239760A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/16Human faces, e.g. facial parts, sketches or expressions
    • G06V40/172Classification, e.g. identification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks

Definitions

  • the present invention relates generally to methods of identity verification and protection, and, more particularly, relates to a computer implemented user identity verification method.
  • An online action may include entering a secure web portal, taking an examination, voting, opening an account or, indeed, any action where data privacy and security is vital.
  • companies are forced to use a selection of outdated systems and methods. For instance, some sites request a credit card number to check age and address, but many consumers are understandably hesitant or unwilling to provide this.
  • Video-conferencmg technologies may also be used, whereby the company records a video conference.
  • this is very time consuming especially if the user does not have ready access to video-conferencing capabilities and is unreliable to the extent it relies on staff to check against photo ID and is, therefore, exposed to the possibility of human error.
  • most business to business and business to consumer transactions now take place online, there is no reliable way to ensure that identity fraud is not being perpetrated.
  • the present invention is designed to be able to track the identity of a timed online event, such as a student taking an online examination. Specifically, the present invention syncs the geolocation of the phone to the physical IP address of the computer and sends randomly timed requests for the user to identify themselves throughout the exam.
  • the invention provides a computer-implemented user identity verification method that overcomes the hereinafore- mentioned disadvantages of the heretofore-known devices and methods of this general type and that provides an identity verification process that enables effective and efficient onboarding for an individual user having their identify verified by generating an anonymous digital hashed data file (sometimes referred to as an “IdNFT”) that is capable of being shared and utilized to verify a user’s identity in instances after initial onboarding.
  • IdNFT anonymous digital hashed data file
  • the computer-implemented user identity verification method described herein provides complete self-sovereignty for the user, in that all user-identifiable data and identification of the user are only stored on the user’s electronic device, and no user-identifiable data or identification are stored anywhere else externally to the user’s electronic device.
  • the present invention enables storage of an anonymous hash and on a separate secure server the present invention enables storage of the user’s unidentifiable biometric data.
  • no identifiable data for the user is stored anywhere other than on their own electronic computing device, and due to the single pathway of communication from the device to the IdNFT system (i.e., and not from the IdNFT system to the user’s device), the user can be assured of complete security of their personal data. For instance, if local data laws require the user has the “right to be forgotten”, this is covered by the user simply deleting the IdNFT software application from their device, as this equates to the full deletion of all identifiable data.
  • Other objects of the invention including providing the user complete self-sovereignty that the IdNFT supplies to the end-user, keeping a user’s personal identification data and biometrics private and secure and only visible to them, whilst offering a permission-based system which allows them to verify their identity to an organization as a simple “Yes” or “No”, or if the user’s desires, to share all or part of their identifying data to those organizations that they choose.
  • an object includes enabling multiple and numerous parties to remotely verify an IdNFT, which further validates and therefore increases the persons authenticity and reliability scoring.
  • the increased security due to the single direction of communication used in the creation and all use of the IdNFT, whereby the users smartphone can communicate with the IdNFT servers and blockchain, but the Servers and Blockchain have no direct or indirect link back to the smartphone.
  • the invention further provides increased security due to no identifiable user data or biometrics being stored anywhere externally, with everything remaining securely encrypted on the user’s smartphone.
  • a user’s single IdNFT can be used as robust ID verification method by any number of organizations and the ability for online organizations (e.g., a social media company) to use the IdNFT system to ensure that they are only allowing verified human beings as users of their system, whilst still fully retaining the user’s anonymity.
  • Another object of the invention is to provide the ability for an IdNFT to be created without the use of traditional governmental identification (ID) (e.g., a passport), wherein the user’s identity then validated by trusted organizations, and therefore creating a true “distributed proof of existence”, which can be used in any setting to verify the user’s true identity at any time in the future.
  • ID governmental identification
  • Another object of the present invention is to provide an “IdMLA” (ID Multi-Level-Authorization) linked to the IdNFT, which allows (after the successful authentication of an Individuals identity) for organizations to withhold access to any secure computer system or online action, whilst someone with a higher level of authority reviews the individual’s right of entry or permission to complete the action.
  • Another object of the invention is to provide users the ability to verify their ID remotely using Al, which is then paused whilst further manual checks are completed.
  • a further object of the present invention is to provide users the ability to use a voice recording (voiceprint) linked to the IdNFT to verify an individual’s ID and for users to use an alias to digitally confirm their age and that they are a real person, without having to share any personal information including an email address.
  • voiceprint voice recording
  • a computer- implemented user identity verification method that includes providing a verifying user electronic computing device of a verifying user and a requestor electronic computing device of a requesting user, each with an electronic display, a memory, a camera, and an executable identity verification software application resident the memory thereon, capturing an initial real-time facial image of the verifying user from the camera of the user electronic computing device and storing the initial real-time facial image of the verifying user on the memory of the user electronic computer device, capturing a real-time image of a physical indicia of identification depicting a facial image of the verifying user and storing the image of the physical indicia of identification depicting the facial image on the memory of the user electronic computer device, and executing the identity verification software application on the user electronic computing device that executes software.
  • the softw are is then operable to compare the initial real-time facial image and the facial image on the physical indicia of identification to ascertain an initial positive identity verification, segregate an anonymous and unique data segment from the real-time image of the physical indicia of identification depicting the facial image of the verifying user utilizing a protocol and subjecting the anonymous and unique data segment to an unkeyed cryptographic hashing to generate an initial hashed data file, and communicate the initial hashed data file to a server communicatively coupled to the user electronic computing device over the network.
  • the process then includes receiving a user identify request on the user electronic computing device and then capturing a second real-time facial image of the verifying user from the camera of the user electronic computing device, storing the second real-time facial image of the verifying user on the memory of the user electronic computer device, and executing the identify verification software application on the user electronic computing device that then executes software for comparing the second real-time facial image and the facial image on the physical indicia of identification to ascertain a second positive identity verification, segregating, subject to ascertaining the second positive identity verification, an anonymous and unique data segment from the real-time image of the physical indicia of identification depicting the facial image of the verifying user utilizing the protocol and subjecting the anonymous data segment to the unkeyed cryptographic hashing to generate a second hashed data file, and comparing the initial and second hashed data files to ascertain a 100% match or a non- 100% match.
  • the process also includes communicating a user-unidentifiable notification over the network to the requestor electronic computing device of a 100% match or a non- 100% match (e.g., “yes, identify verified” or “no, identity not verified”) without sharing any of the verifying user’s personal information.
  • a user-unidentifiable notification over the network to the requestor electronic computing device of a 100% match or a non- 100% match (e.g., “yes, identify verified” or “no, identity not verified”) without sharing any of the verifying user’s personal information.
  • an embodiment of the present invention includes executing an identity verification software application on the requestor electronic computing device before receiving the user identity request on the user electronic computing device and before communicating the user-unidentifiable notification over the network to the requestor electronic computing device of a 100% match or a non- 100% match.
  • an embodiment of the present invention also includes executing the identity verification software application for encrypting the image of the physical indicia of identification.
  • an embodiment of the present invention also includes executing the identity verification software application for decrypting the image of the physical indicia of identification before comparing the second real-time facial image and the facial image on the physical indicia of identification and re-encrypting the image of the physical indicia of identification after comparing the second real-time facial image and the facial image on the physical indicia of identification.
  • an embodiment of the present invention also includes executing the identity verification software application for compiling the initial real-time facial image of the verifying user and the realtime image of the physical indicia of identification depicting the facial image of the verifying user into a single user identity data file and randomly segregating the anonymous and unique data segment from the single user identity data file to generate the initial hashed data file.
  • an embodiment of the present invention also includes storing the initial hashed data file on a generated data block forming part of an interconnected plurality of generated data blocks linked together and each of the plurality of generated data blocks having a cryptographic hash of a previously generated data block and a timestamp.
  • the process also includes storing the second hashed data file locally on the memory of the user electronic computer device and accessing, with the user electronic computer device, the initial hashed data file on the generated data block communicatively coupled to the user electronic computing device before comparing the first and second hashed data files.
  • an embodiment of the present invention also includes storing the initial hashed data file on a generated data block forming part of an interconnected plurality of generated data blocks linked together and each of the plurality of generated data blocks having a cryptographic hash of a previously generated data block and a timestamp.
  • an embodiment of the present invention also includes storing the second hashed data file locally on the memory of the user electronic computer device and accessing, with the user electronic computer device, the initial hashed data file on the server before comparing the first and second hashed data files.
  • an embodiment of the present invention also includes executing the identity verification software application for segregating a unique device identifier associated with the verify ing user electronic computing device utilized as part of the initial hashed data file and for segregating a unique device identifier associated with the verifying user electronic computing device utilized as part of the second hashed data file.
  • the unique device identifier is conjugated with the anonymous and unique data segment before being subjected to the unkeyed cryptographic hashing.
  • the protocol is stored on the memory of the verifying user electronic computing device.
  • an embodiment of the present invention also includes executing the identity verification softw are application for generating a reliability score dictated by a ranking algorithm utilizing a hierarchy of ranked plurality of physical indicia of identifications and the physical indicia of identification depicting the facial image of the verifying user.
  • the ranking algorithm utilizes the 100% match or the non-100% match to generate the reliability score.
  • an embodiment of the present invention also includes capturing an initial voice recording of the verifying user from a microphone of the user electronic computing device, compiling the initial voice recording into an initial voiceprint utilizing at least one of the tone, rhythm, and pitch of the initial voice recording, and storing the initial voiceprint recording on the memory of the user electronic computer device and receiving the user identity request on the user electronic computing device and then capturing a second voice recording of the verifying user from the microphone of the user electronic computing device, compiling the second voice recording into a second voiceprint utilizing at least one of the tone, rhythm, and pitch of the second voice recording, and executing the identity verification software application on the user electronic computing device that executes software for comparing the initial and second voiceprints to ascertain the second positive identity verification.
  • an embodiment of the present invention also includes prompting the verifying user on the user electronic computing device to speak a defined sentence programmed on the identity verification software application for both the initial and second voice recordings.
  • providing is defined herein in its broadest sense, e.g., bringing/coming into physical existence, making available, and/or supplying to someone or something, in whole or in multiple parts at once or over a period of time.
  • the terms “upper”, “lower”, “left,” “rear,” “right,” “front,” “vertical,” “horizontal,” and derivatives thereof relate to the invention as oriented in the figures and is not to be construed as limiting any feature to be a particular orientation, as said orientation may be changed based on the user’s perspective of the device.
  • the terms “about” or “approximately” apply to all numeric values, whether or not explicitly indicated. These terms generally refer to a range of numbers that one of skill in the art would consider equivalent to the recited values (i.e., having the same function or result). In many instances these terms may include numbers that are rounded to the nearest significant figure.
  • program software application, and the like as used herein, are defined as a sequence of instructions designed for execution on a computer system.
  • a “program,” “computer program,” or “software application” may include a subroutine, a function, a procedure, an object method, an object implementation, an executable application, an applet, a servlet, a source code, an object code, a shared library/dynamic load library and/or other sequence of instructions designed for execution on a computer system.
  • FIG. 1 is a block diagram of a computer-implemented user identity verification method, in accordance with one exemplaiy embodiment of the present invention
  • FIG. 2 is a block diagram of an exemplary computing device utilized in the computer-implemented user identity verification method depicted in FIG. 1;
  • FIG. 3 is schematic diagram depicting exemplary applications for the computer-implemented user identity verification method, in accordance with one embodiment of the present invention
  • FIG. 4 is a schematic diagram depicting several exemplaiy steps of the computer-implemented user identity verification method
  • FIGS. 5-10 are schematic diagrams depicting an exemplary computer-implemented user identity' verification method, in accordance with one exemplary embodiment of the present invention.
  • FIG. 11 is a process flow diagram depicting steps associated with the computer-implemented user identity verification method in FIG. 1, in accordance with one exemplary embodiment of the present invention
  • FIG. 12 is a process flow diagram depicting steps associated with the closed-network identity verification session, in accordance with one exemplary' embodiment of the present invention.
  • FIG. 13 is a block diagram and system depicting a computer-implemented user identity verification method in accordance with one embodiment of the present invention. DETAILED DESCRIPTION OF INVENTION
  • the invention described herein provides a computer-implemented user identity verification method and system that overcomes known disadvantages of those known devices and methods of this general type and that effectively and efficiently verifies a user’s identity in a technical manner and with unconventional hardware.
  • the invention is illustrated and described herein as embodied in a computer-implemented user identity verification method and system, it is, nevertheless, not intended to be limited to the details shown because various modifications and structural changes may be made therein without departing from the spirit of the invention. Additionally, well-known elements of exemplaiy embodiments of the invention will not be described in detail or will be omitted so as not to obscure the relevant details of the invention.
  • the present invention provides a novel and efficient computer-implemented user identity verification method 100 (hereinafter referred to simply as “the method 100” for brevity).
  • the method 100 provides an artificial intelligence (“Al”) and blockchain platform -based solution that enables any company of any size to formally identify a user’s and/or client’s identity before allowing them to complete any online or real-world action.
  • the method 100 is the first contactless ID verification service for any type of transaction that does not require the physical handling of documentation.
  • the method 100 uses a variety of biometrics which are then triangulated to produce a Digital Secured and Unforgeable ID (“DSUID”) for the user, so that the business can be totally assured they are dealing with the correct person, and that they are not becoming a victim of fraud through identity theft.
  • DSUID Digital Secured and Unforgeable ID
  • the method 100 can serve as a digital passport to the end-user to safely conduct future traditional and internet transactions.
  • the present invention embodies several advantageous features which beneficially protect user’s personally identifiable information and allow a third party to accurately and reliably verily a user’s identity.
  • the advantageous features include, without limitation, the following: using both algorithm and machine-learning Al to check the reliability of all the identification documentation that is provided by a user; using blockchain capabilities to ensure all data remains secure and unforgeable whilst offering complete traceability; using Al to give each identification document that is provided a reliability scoring including looking at its historical use; using Al to cut and split data between differing blockchain encrypted locations to ensure privacy and security at all times; and returning a simple “Yes” or “No” to confinn the client’s details to a company, thereby negating the need for the company to store their client’s personal data and increasing both the privacy and security for the client.
  • the foregoing features further increase the security of a user’s personal data to avoid fraud, identity theft, and other misleading information being supplied during a verification session, e g., a meeting, sign-up process or during subsequent logins and transactions etc.
  • a first Step 1102 of the method 100 comprises providing a user electronic computing device 102 of a verifying user 104 with an electronic display 210, a memory 206, a camera 200, and an executable identity verification software application resident the memory' thereon, wherein “executable” is defined herein as “able to be run by a computer.”
  • the user electronic computing device 102 may consist of a cell phone, smart phone, laptop, tablet, desktop computer, or other comparable electronic computing device.
  • the memory 206 is non-transitory wherein “non-transitory” is defined as a resident memory.
  • the executable identity verification software application may be made available for purchase or download from the Apple or Android store.
  • a next Step 1103 comprises providing a requestor electronic computing device 110 of a requesting user 112.
  • the requestor electronic computing device 110 may be a cell phone, smart phone, laptop, tablet, desktop computer, or other comparable electronic computing device.
  • the requesting user 112 may be any individual, corporate entity, or government agency that seeks to obtain accurate and reliable identity verification in transactions such as, without limitation, web-based courses and exams; private portals, gambling and gaming sites; adult sites; social media sites; web forums; shopping/auction sites; or any website requiring assurances of an individual’s identity.
  • the method 100 In addition to verifying identification online, the method 100 also facilitates identity verification during face-to-face encounters such as, without limitation, meetings with banking employees; doctors and medical appointments; schools and colleges; governmental agencies; solicitors; or any meeting requiring sufficient assurances of an individual’s identity.
  • any user can check another person’s identity in a much more robust manner than just inspecting a proffered picture ID, without really knowing if it is authentic or not. Due to the ease of use of using the method 100, users can obtain identity verification in a faster period of time without implicating the legalities surrounding the copying and storing of personal data since the requesting user 112 does not need to store the produced personal data on the requesting user’s 112 own servers, systems, etc.
  • a further Step 1104 comprises providing a first administrator server 106 and a second administrator server 108.
  • the method 100 includes the verifying user 104 and the requesting user 112 communicatively coupled together and/or to one or more server(s) 106, 108 over a network 118.
  • the computing devices 102, 110 which may be a cellphone or tablet, for example, are operable to execute programming instructions embodied in the executable identity verification software application that can be received from the administrative servers 106, 108 via a wide area network (WAN) 118.
  • WAN wide area network
  • the computing devices 102, 110 are operable to execute the programming instructions received from the administrative servers 106, 108 over the WAN 118.
  • the executable identity verification softw are application is a web-based software application, a desktop software application, or a mobile device softw are app.
  • the WAN is the Internet.
  • the Internet represents a worldwide collection of networks and gateways that use the TCP/IP suite of protocols to communicate with one another.
  • At the heart of the Internet is a backbone of high-speed data communication lines between major nodes or host computers, consisting of thousands of commercial, government, educational and other computer systems that route data and messages.
  • the network 118 also may be implemented as a number of different types of networks, such as for example, an Intranet, a local area network (LAN), or a cellular network.
  • FIG. 1 is intended as an example, and not as an architectural limitation for the present invention.
  • the network 118 includes connections 102a-n, which are the medium used to provide communication links between various devices and computers connected together within the network 118.
  • the connections 102a-n may be wired or wireless connections, but said connections are preferably wireless.
  • a few exemplary wired connections are cable, phone line, and fiber optic.
  • Exemplary wireless connections include radio frequency (RF) and infrared radiation (IR) transmission.
  • RF radio frequency
  • IR infrared radiation
  • Many other wired and wireless connections arc known in the art and can be used with tire present invention.
  • the computing devices 102, 110 may include a camera 200, a user input interface 202, a network interface 204, a memory 206, a processing device 208, a computer display 210, and an audio input/output 212.
  • the camera 200 may include a camera lens 201 and may be operable to capture still images, as well as, video.
  • the camera 200 is preferably a digital camera so that the images may be stored in the memory 206 and processed by the processing device 208 on a user’s cellular phone and/or remotely at the administrator servers 106, 108.
  • the camera 200 may be communicatively coupled to a microphone for capturing audio, as well as, simultaneous visual video images.
  • the user input interface 202 functions to provide the user a method of providing input to the personal computing devices.
  • the user input interface 202 may also facilitate interaction between the user’s computing devices and/or the servers 106, 108.
  • the user input interface may be a keypad providing a variety of user input operations.
  • the keypad may include alphanumeric keys for allowing entry of alphanumeric information (e.g., telephone numbers, contact information, content for display, text, etc.).
  • the user input interface 202 may include special function keys (e.g., a camera shutter button, volume control buttons, back buttons, home button, etc.), navigation and select keys, a pointing device, and the like. Keys, buttons, and/or keypads may be implemented as a touchscreen associated with the computer display 210.
  • the touchscreen may also provide output or feedback to the user, such as haptic feedback or orientation adjustments of the keypad according to sensor signals received by motion detectors, such as an accelerometer, located within the devices.
  • the network interface 204 may include one or more network interface cards (NIC) or a network controller.
  • the network interface 204 may include a personal area network (PAN) interface.
  • the PAN interface may provide the capability for the user’s computing devices to network using a short-range communication protocol, for example, a Bluetooth communication protocol.
  • the PAN interface may permit one personal computing device to connect wirelessly to another personal computing device via a peer-to-peer connection.
  • the network interface 204 may also include a local area network (LAN) interface.
  • the LAN interface may be, for example, an interface to a wireless LAN, such as a Wi-Fi netw ork.
  • the range of the LAN interface may generally exceed the range available via the PAN interface.
  • a connection between two electronic devices via the LAN interface may involve communication through a network router or other intermediary device.
  • the network interface 204 may include the capability to connect to a wide area network (WAN) via a WAN interface.
  • the WAN interface may permit a connection to, for example, a cellular mobile communications network.
  • the WAN interface may include communications circuitry, such as an antenna coupled to a radio circuit having a transceiver for transmitting and receiving radio signals via the antenna.
  • the radio circuit may be configured to operate in a mobile communications network, including but not limited to global systems for mobile communications (GSM), code division multiple access (CDMA), wideband CDMA (WCDMA), and the like.
  • GSM global systems for mobile communications
  • CDMA code division multiple access
  • WCDMA wideband CDMA
  • the computing devices 102, 110 of the users 104, 112 may also include a near field communication (NFC) interface.
  • the NFC interface may allow for extremely close-range communication at relatively low data rates (e.g., 424 kb/s).
  • the NFC interface may take place via magnetic field induction, allowing the NFC interface to communicate with other NFC interfaces located on other mobile computing devices or to retrieve information from tags having radio frequency identification (RFID) circuitry.
  • RFID radio frequency identification
  • the NFC interface may enable initiation and/or facilitation of data transfer from and to the personal computing devices with an extremely close range (e.g., 4 centimeters).
  • a memory 206 associated with the user’s computing devices may be, for example, one or more buffer, a flash memory, or non-volatile memory, such as random-access memory (RAM).
  • the computing devices 102, 110 may also include non-volatile storage.
  • the non-volatile storage may represent any suitable storage medium, such as a hard disk drive or non-volatile memory, such as flash memory .
  • the processing device 208 can be, for example, a central processing unit (CPU), a microcontroller, or a microprocessing device, including a “general purpose” microprocessing device or a special purpose microprocessing device.
  • the processing device 208 executes code stored in memory 206 to cany 7 out operation/instructions of the mobile computing devices 102, 110.
  • the processing device 208 may provide the processing capability to execute an operating system, run various applications, and provide processing for one or more of the techniques described herein.
  • the first administrative server 106 is located in a geographically remote and independent location with respect to the second administrative server 108 to further protect user data in the event that one of the servers 106, 108 are destroyed, damaged, hacked, or otherwise compromised.
  • the user electronic computing device 102 and the requestor electronic computing device 110 are located in geographically remote and independent locations with respect to the first administrator server 106 and the second administrator server 108 to further aid in protecting user data.
  • die method 100 of verifying a user’s identity facilitates the completion of various tasks and activities including, without limitation, signing and/or notarizing documents, logging in to a website, shopping online, taking an exam, voting, etc.
  • the applicability of the method 100 spans across a wide variety of industries, spheres, and areas of busmess and everyday life, in general.
  • FIGS. 6a-b depict the Steps undertaken to execute the method 100 from the perspective of the requesting user 112, e.g., a business, corporate entity, government agency, individual, etc.
  • FIGS. 7a-10 depicts the Steps undertaken to execute the method 100 from the perspective of the verifying user 104.
  • the verifying user 104 is granted permission to log into a website upon the successful completion of the method 100 such that the verifying user 104 achieves a data and identity match.
  • the data and identity match achieved by the verifying user 104 grants the verifying user 104 permission to vote in an election.
  • the verifying user 104 is a student whose data and identity match permits the student to take an exam.
  • the verifying user’s 104 use of the method 100 allows the verifying user 104 to achieve a data and identity match to verify' the user’s identity and achieve any number of tasks and activities.
  • the Steps comprising the method 100 are outlined in FIGS. 5a-b and FIG. 11, though the specific order of the Steps as depicted in the figures and as outlined herein may vary in alternate embodiments and one or more Steps may be combined or consolidated to achieve the same result in fewer Steps.
  • the method 100 comprises receiving, at the first administrator server 106 that is communicatively coupled to the user electronic computing device 102 over the network 118, biometric user data of the verifying user 104 from the user electronic computing device 102, personalized user data from the user electronic computing device 102, and unique phone data from the user electronic computing device 102.
  • the biometric user data of the verifying user 104 comprises the facial scan or image of the verifying user 104, which is captured by engaging the camera 200 of the user electronic computing device 102 and scanning the same over the face of the verifying user 104.
  • the biometric user data including the digital facial image depicting the verifying user 104 is taken from a physical indicia of identification 114 depicting a facial image depicting the verifying user 104, the physical indicia of identification including at least one of a government issued license and a government issued passport, i.e., including either or both the government issued license or the government issued passport.
  • the biometric user data of the verifying user 104 may extend to any body measurement or calculation relating to the same such as, by way of example and without limitation, any of the following: fingerprints, DNA, palm prints, iris recognition, hand geometry , retina, body odor, palm veins, ear form, keyboard strokes, gait analysis, voice, body geometry, etc.
  • the verifying user 104 will be prompted and required to scan a recent official photo ID, which is then checked for forgeries against an international database covering over 180 countries.
  • the verifying user 104 will then be prompted or required to take a facial image or video by engaging the camera 200, which facial image or video is then compared against the scanned recent official photo ID for an identity match.
  • the unique phone data includes, without limitation, the International Mobile Equipment Identity (“1ME1”) number that is uniquely associated with the user electronic computing device 102 and the geolocation of the user electronic computing device 102.
  • the IMEI is a unique 15 -digit number that identifies a specific mobile device.
  • This Step may comprise only receiving, at the first administrator server 106 that is communicatively coupled to the user electronic computing device 102 over a network, biometric user data of the verifying user 104 from the user electronic computing device 102, particularly where neither the verifying user 104 nor the requesting user 112 have opted in for data above and beyond that of the biometric user data of the verifying user 104.
  • a digital geolocation associated with metadata from the facial image of the verifying user 104 taken by the camera of the electronic computing device 102, a physical card image depicting a facial image of the verifying user, and a digital phone verification from the electronic computing device 102 is sent or communicated by the first server 106.
  • the nature and extent of the personalized user data from the user electronic computing device 102 may vaiy depending on the preference of the verifying user 104, i.e., which personal data and information the verifying user 104 wishes to input, or on the preference of a requesting user 112 who communicates an electronic identity verification requests, i.e., the corporate entity, government agency, or individual seeking verification of the identity of the verifying user 104.
  • the personalized user data may include, without limitation, a user’s email address, home address, signature, cell phone number, passport, driver’s license, pm code, voice recording, social security number, other biometric data, or other state- or government-issued ID.
  • the personalized user data may be selectively modified or adjusted to account for differing levels of security identification that are available.
  • the personalized user data may be divided up into several categories, each of which reflects progressively more personal or sensitive data of the verifying user 104.
  • there are three categories of personalized user data which may be referred to herein as DSUId level 1, DSUId level 2 and DSUId level 3.
  • DSUId level 1 collects sufficient information, i.e., biometric user data and/or personalized user data, to securely identify the individual.
  • DSUId level 2 collects more stringent information, i.e., biometric user data and/or personalized user data, that further identifies the individual.
  • DSUId Level 1 i.e., the minimum required, may include, without limitation, the following: email address confinnation; cell phone number confirmation; scanning a photo ID; taking a facial image or video; geolocation (automatically collected); phone information such as IME (automatically collected); setting a Pin Code (to speed up future use); agreement to terms and conditions tick box/electronic signature.
  • DSUId Level 2 generally includes all of the information listed under DSUId Level 1 as well as at least one of the following: social media accounts; home address; fingerprint scan (to speed up future transactions); and/or voice recording (to speed up future transactions).
  • DSUId Level 3 generally includes all of the information listed under DSUId Level 1 and DSUId 2 as well as at least one of the following: social security number; uploading additional Photo ID; uploading additional documentation.
  • the requesting user 112 can also request the verifying user 104 supply their signature or any other information they require. If the verifying user 104 ever wants to update their DSUId for any reason, one or more steps may be repeated to ensure the user’s identity'.
  • a DSUId can only be improved once set up, but not altered. This therefore makes the DSUId completely secure in identifying the verifying user 104, both in the first instance and then again for future transactions.
  • the only data communicated to the first administrator server 106 is biometric user data of the verify ing user 104 from the user electronic computing device 102, i.e., no additional personalized user data is required or communicated to the first administrator server 106 in order to accurately and reliably verity' the identity of a verify ing user 104.
  • a next Step 1106 comprises compiling the biometric user data, the personalized user data, and the unique phone data into a single user identity data file, encrypting the single user identity data file and generating a data decryption key, and segregating the single user identity data file into a plurality of encrypted segregated user identity data files each independently stored on the first administrator server 106 and the second administrator server 108.
  • encryption is defined as the process of encoding information by converting the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decipher a ciphertext back to plaintext and access the original information.
  • the encryption used to encrypt the single user identity data file is Secure Hash Algorithm 2 (SHA-2), a set of cryptographic hash functions built using the Merkle-Damgard construction, from a one-way compression function itself built using the Davies-Meyer structure from a specialized block cipher.
  • SHA-2 Secure Hash Algorithm 2
  • the specific form or type of encryption may vary but the function and purpose remain the same, i.e., to protect and secure the single user identity data file such that only authorized users who have possession, custody, or control over the data decryption key can access and view the single user identity data file in a coherent and readily understandable format.
  • the single user identity data file is encrypted, it is then segregated in its encrypted form into a plurality of encrypted segregated user identity data files each independently stored on the first administrator server 106 and the second administrator server 108.
  • the single user identity data file is unable to be read in its original plaintext format to ascertain the biometric user data, the unique phone data, and the personalized user data unless and until the single user identity data file is aggregated back together to form the composite single user identity data file and decrypted using the data decryption key.
  • the single user identity data file is cloaked with additional layers of data protection and security operably configured and designed to prevent unauthorized access to the single user identity data file.
  • each of the foregoing measures independently functions to ensure the integrity, security, and protection of the single user identity data file and, when all of the measures are utilized or applied contemporaneously, the overall integrity, security, and protection of the single user identity data file is further solidified.
  • the method 100 further comprises communicating the data decryption key to the user electronic computing device 102 for storage on the memory 206 thereon.
  • the verifying user 104 or another authorized user of the user electronic computing device 102, can decrypt the encrypted single user identity data file. Even if the user electronic computing device 102 falls into the hands of an unauthorized user, however, the unauthorized user is unable to obtain the decry pted version of the single user identity data file due to additional data security and protection measures in place (and described below).
  • the data decryption key identifies where to source the plurality of encrypted segregated user identity data files from, while in other embodiments, the data decryption key is sent along with another identifier, e.g., the verifying user’s f04 phone information, account information, etc.
  • a next Step 1108 entails communicating an electronic identity verification request to the user electronic computing device 102, wherein the electronic identity verification request is generated by the requesting user 112 to verify the identity of the verifying user f04.
  • the electronic identity verification request will be generated by the requesting user 112 by logging into the administrator’s system, web-based platform, and/or software application that is communicatively coupled to the first administrator server 106, wherein a closed-network identity verification session 1200 is formed when the electronic identity verification request is generated by the requesting user 112.
  • the electronic identity verification request will be generated without the requesting user 112 having to log into any system, i.e., the electronic identity verification request will simply include a hyperlink for the verification user to log into the administrator server and preset requirements for verification and the contact for the requesting user 112.
  • the process flow diagram in FIG. 12 best depicts the Steps comprising the closed-network identity verification session 1200.
  • the electronic identity verification request forms a closed-network identity verification session 1200, wherein closed-network is defined as a network that is not open or readily accessible to the public, that includes the Step 1202 of executing the identity verification software application on the user electronic computing device 102.
  • the customer may receive an automated email containing a token and button/link to confirm their identity. If they have used the identity verification softw are application before, the identity verification software application will automatically open.
  • the email points them to download the executable identity verification software application from tire Apple or Android store and may prompt the customer to enter a short numeric code that was sent to the customer’s email or cell phone. This also confirms to the executable identity verification softw are application that the user’s email address and/or cell phone number is valid.
  • the closed-network identity verification session 1200 further includes the Step 1203 of communicatively coupling the user electronic computing device 102, the first administrator server 106, and the second administrator server 108 over the network 118, and a next Step 1204 of communicating, from the user electronic computing device 102, at least one of secondary biometric user data of the verifying user 104, secondary personalized user data, and secondary unique phone data from the user electronic computing device 102 to at least one of the first administrator server 106 and the second administrator server 108.
  • the verification session may include communicating, from the user electronic computing device 102, one or more of the secondary biometric user data of the verifying user 104, secondary personalized user data, and/or secondary unique phone data from the user electronic computing device 102 to at least one of the first administrator server 106 and the second administrator server 108.
  • the secondary biometric user data of the verifying user 104, secondary personalized user data, and/or secondary unique phone data from the user electronic computing device 102 is generated in response to the electronic identity verification request and is intended to facilitate the identity verification of the verifying user 104.
  • the closed-network identity verification session further comprises communicatively coupling the user electronic computing device 102, the first administrator server 106, the second administrator server 108, and the requestor electronic computing device 110 together on the network 118.
  • the closed-network identity verification session 1200 further includes the Step 1205 of communicating the data decryption key from the user electronic computing device to at least one of the first administrator server 106 and the second administrator server 108, and a further Step 1206 of aggregating the plurality of encrypted segregated user identity data files stored on the first administrator server 106 and the second administrator server 108 to generate and decrypt, utilizing the data decryption key, the single user identity data file.
  • the method 100 may further comprise a third administrator server 116, wherein the data decryption key is backed-up on the third administrator server 116 as opposed to on the user electronic computing device. This feature beneficially provides for greater administrative oversight and added protection over the data decryption key, particularly where the user electronic computing device is susceptible to being destroyed, damaged, hacked, or otherwise compromised.
  • the verification session 1200 includes a Step 1207 of autonomously verifying an identity of the verifying user 104 by comparing the at least one of the secondary biometric user data of the verifying user 104, the secondary personalized user data, and the secondary unique phone data from the user electronic computing device 102 to at least one of the biometric user data of the verifying user 104 from the user electronic computing device 102, the personalized user data from the user electronic computing device 102, and the unique phone data from the user electronic computing device 102 to ascertain a data and identity match, and a final Step 1208 of communicating an indication of the data and identity match to the requestor electronic computing device 110.
  • autonomously may include, for example and without limitation, using programmed computer algorithms on the servers 106, 108.
  • An algorithm is defined as a set of unambiguous instructions that a mechanical computer can execute.
  • the indication of the data and identity match to the requestor electronic computing device 110 is discrete and does not include any user-identifying information that would be personal to further protect the privacy of the verifying user 104 and its data
  • the biometric user data of the verifying user 104 received from the user electronic computing device 102 includes a digital facial image depicting the verifying user 104 taken by the camera 200 of the user electronic computing device 102 and the closed-network identity verification session 1200 further comprises taking a picture of the verifying user 104 from the camera 200 of the user electronic computing device 102, the picture of the verifying user 104 from the camera of the user electronic computer device 102 forming part of the secondary' biometric user data of the verifying user 104 and communicating the at least one of a secondary biometric user data of the verifying user 104 to the at least one of the first administrator server 106 and the second administrator server 108; and autonomously verifying an identity of the verifying user 104 by comparing the picture of the verifying user 104 from the camera of the user electronic computer device 102 forming part of the secondary biometric user data of the verifying user 104 to the digital facial image depicting the verifying user 104 taken by the camera 200 of the user electronic computing device 102
  • the digital facial image is generally extracted or derived from a physical form of identification, e.g., passport, driver’s license, or other government issued form of identification.
  • This comparison of the picture of the verifying user 104 from the camera 200 of the user electronic computer device 102 forming part of the secondary biometric user data of the verifying user 104 to the digital facial image depicting the verifying user 104 taken by the camera 200 of the user electronic computing device 102 forming part of the biometric user data ensures that, even in the event that an unauthorized party obtains physical possession, custody, or control of the user electronic computing device 102, the unauthorized party is unable to decrypt the encrypted single user identity data file unless and until they achieve a biometric identity match. Due to the inherently unique nature and qualify of the biometric user data and the secondary biometric user data, only the verifying user 104 can succeed in achieving a biometric identity match. In this way, the personal data and information of the verifying user 104 is kept reliably secure and all identify matches are authentic and accurate such that a requesting user need not question the legitimacy or reliability of an identity match.
  • the method 100 further comprises the Step of communicating the electronic identity verification request to the user electronic computing device 102 using a Short Message Service (“SMS”) text or another comparable electronic notification capability, e.g., e-mail, push notifications, etc.
  • SMS Short Message Service
  • Communication of the electronic identity verification request to the user electronic computing device 102 serves to timely notify the verifying user 104 of an outstanding electronic identity verification request and to prompt the verifying user 104 to initiate the next Steps required to achieve an identity match, as detailed above.
  • the method 100 further comprises storing the at least one of the secondary biometric user data of the verifying user 104, the secondary personalized user data, the secondary unique phone data from the user electronic computing device 102, the at least one of the biometric user data of the verifying user 104 from the user electronic computing device 102, the personalized user data from the user electronic computing device 102, and the unique phone data from the user electronic computing device 102 used in the closed- network identity verification session 1200 on at least one of the first administrator server 106 and the second administrator server 108 on a data block forming part of an interconnected plurality of data blocks linked together and each also having a cryptographic hash of a previously generated block and a timestamp, also generally referred to as a blockchain among those skilled in the art.
  • a blockchain is a growing list of records, called blocks, that are linked together using cryptography.
  • Each block contains a cryptographic hash of the previous block, a timestamp, and transaction data (generally represented as a Merkle tree).
  • the timestamp proves that the transaction data existed when the block was published in order to get into its hash.
  • Blocks contain the hash of the previous block, forming a chain, with each additional block reinforcing the one before it. Therefore, blockchains are resistant to modification of their data because once recorded, the data in any given block cannot be altered retroactively without altering all subsequent blocks.
  • this feature of the method 100 provides added security and protection over the data of the verifying user 104, e.g., the secondary biometric user data of the verifying user 104, the secondary personalized user data, the secondary unique phone data from the user electronic computing device 102, the biometric user data of the verifying user 104 from the user electronic computing device 102, the personalized user data from the user electronic computing device 102, die unique phone data from the user electronic computing device 102, etc., such that the data of the verifying user 104 is resistant to unauthorized attempts to access or decrypt the data such as, for example and without limitation, by hackers.
  • the data of the verifying user 104 is resistant to unauthorized attempts to access or decrypt the data such as, for example and without limitation, by hackers.
  • the method 100 also comprises segregating the single user identity data file into the plurality of enciypted segregated user identity data files each of randomly generated data sizes. Segregating the plurality of enciy pted segregated user identity data files into randomly generated data sizes makes it more difficult for unauthorized third parties to gamer a cognizable or fruitful portion of the complete single user identity data file even if they obtain one of the plurality' of encrypted segregated user identity data files.
  • the method 100 further comprises the Step of communicating, from the requestor electronic computing device 110 communicatively coupled to the user electronic computing device 102, the electronic identity verification request to the user electronic computing device 102.
  • This feature beneficially conserves time for the requesting user 112 as the electronic identity verification request is communicated directly from the requestor electronic computing device 110 to user electronic computing device 102.
  • the electronic identity verification request may be communicated from the servers 106, 108 to enable greater administrative oversight or control.
  • the method 100 may be utilized in connection with verifying the authenticity and ownership of a specific asset rather than a specific user, wherein the asset may be either tangible or intangible, e.g., vehicle, house, stocks, etc.
  • the current owner registers the serial number that is uniquely associated with the asset and, after supplying electronically certificated proof of ownership, the asset is issued its own unique Digital Secured Unforgeable Serial Number (“DSUsn”).
  • DSUsn Digital Secured Unforgeable Serial Number
  • the DSUsn may then be linked directly to the owner’s DSUid, supplying proof of ownership and traceability of the asset.
  • the method 100 further comprises receiving, at the first administrator server 106 that is communicatively coupled to the user electronic computing device 102 over a network, asset data of the verifying user 104 from the user electronic computing device 102; compiling the asset data into a single asset identity data file, associating the single asset identity data file with the verifying user 104, encrypting the single asset identity data file and generating a data decryption key, and segregating the single asset identity data file into a plurality of encrypted segregated asset identity data files each independently stored on the first administrator server 106 and the second administrator server 108; and communicating the data decryption key to the user electronic computing device 102 for storage on the memory 206 thereon.
  • a next Step comprises communicating an electronic identity verification request to the user electronic computing device 102, the electronic identity verification request forming a closed- network identity verification session 1200 that includes: executing the identity verification software application on the user electronic computing device 102; communicatively coupling the user electronic computing device 102, the first administrator server 106, and the second administrator server 108 over the network; communicating, from the user electronic computing device 102, at least one of secondary biometric user data of the verifying user 104, secondary personalized user data, and secondary unique phone data from the user electronic computing device 102 to at least one of the first administrator server 106 and the second administrator server 108; communicating the data decryption key from the user electronic computing device to at least one of the first administrator server 106 and the second administrator server 108; aggregating the plurality of encrypted segregated asset identity data files stored on the first administrator server 106 and the second administrator server 108 to generate and decrypt, utilizing the data decryption key, the single asset identity data file; autonomously verifying an identity of the verifying user 104 by comparing
  • the method 100 further comprises the closed-network identity verification session 1200 including, after the data and identity match, recompiling the single user identity data file, encrypting the single user identity data file and generating a secondary data decryption key, and segregating the single user identity data file into a plurality of secondary encrypted segregated user identity data files each independently stored on the first administrator server 106 and the second administrator server 108; and communicating the secondary data decryption key to the user electronic computing device 102 for storage on the memory 206 thereon.
  • each single user identity data file that is subsequently compiled or generated is protected in the same manner as the original single user identity data file.
  • the method 100 can supply the company with an API with predefined buttons/links to integrate to their signup process.
  • the method 100 may further comprise a witness feature for double certification as required by certain contracts. If the contract or document is too complicated or lengthy to be signed on a smartphone, the verifying user 104 can use a computer once the geolocation of the smartphone and the IP location of the computer are verified to ensure the two match.
  • the artificial intelligence capabilities of the method 100 conduct numerous automated checks to ensure documents are real and authentic, including correct signatures, positioning of all form details and specific information such as, without limitation, telephone numbers, first and last names, a scan of an ID document previously provided.
  • SA successful authentications
  • UA unsuccessful authentications
  • UA/SA QSA (Quarter successful authentication %).
  • the action could be locking the account, informing the company via email of possible fraudulent activity, and/or requesting the user telephone technical support.
  • This database enables the method 100 to anticipate fraudulent activity by looking historically at the data collected on unsuccessful authentications such as location of user, type of device used or type of document supplied etc.
  • the single user identity data file is then randomly split into two and then sealed using blockchain technology with full hashing (SHA-256).
  • the Al decides where to randomly split the data between the first portion referred to as the ‘A cut’ which is then securely stored on the first administrator server 106 and the second portion referred to as the ‘B cut’ stored on the second administrator server 108.
  • a random ‘cut C’ is stored in a third location which, in a preferred embodiment, is the user electronic computing device 102 of the verifying user 104, with this portion also being backed-up to a third administrator server.
  • ‘Cut C’ is always stored on the user electronic computing device 102, but a copy of this is also secured on the third administrator server which would only be collated back from the administrator server 106, 108 with ‘Cut A’ and ‘Cut B’ if (i) the verifying user 104 changes or loses the user electronic computing device 102, reinstalls the executable identity verification software application, and passes the new identity verification process; or (ii) a court of law order requests disclosure of the full details of a verifying user 104. If the verifying user 104 in the future wants to change part of their DSUId, another facial image or voice recording of the verifying user 104 must be provided to doublc-chcck and verify their identity.
  • the method 100 may be found particularly useful by any company requiring legally binding signatures on any contract, including, but not limited to any B2B contracts; banking; lawyers/solicitors; housing associations; utilities suppliers; insurance suppliers/agents; phone providers, internet providers; or any user dealing with contractual agreements.
  • FIG. 13 another block diagram and system 1300 of a computer-implemented user identity verification method, in accordance with one exemplary embodiment of the present invention, is depicted.
  • This method enables the collation of data from the blockchain and anonymous biometric data and user’s data (e.g., a user’s license to prove ownership), and beneficially and uniquely stores said data on the user’s phone and accessible through execution of a software application.
  • biometric data and user’s data e.g., a user’s license to prove ownership
  • the computer-implemented user identity verification method ay include the step of providing a user electronic computing device 1302 of a verifying user 1306 and a requestor electronic computing device 1304 of a requesting user 1308, wherein the devices 1302, 1304 are electronic computing devices (e.g., a cellphone) and, as discussed above and depicted in FIG. 2, each have an electronic display, a memory, a microphone, a camera, and an executable identity verification softw are application resident the memory thereon.
  • the devices 1302, 1304 are electronic computing devices (e.g., a cellphone) and, as discussed above and depicted in FIG. 2, each have an electronic display, a memory, a microphone, a camera, and an executable identity verification softw are application resident the memory thereon.
  • the process includes capturing an initial real-time facial image of the verifying user 1306 from the camera of the user electronic computing device 1302 and storing the image of the verifying user on the memory of the user electronic computer device 1302 in addition to capturing a real-time image of a physical indicia 1310 of identification depicting a facial image 1312 of the verifying user 1306.
  • This may be done before the software application is executed on the device 1302 or, preferably, after the software application executed so the captured images can be tested, using the software application, for liveness and bias mitigation to confirm the veracity of the images and so the captured images can be encrypted using, for example, AES-256.
  • the sensitive and personal information of the verifying user 1306, e.g., the image of the physical indicia of identification depicting the facial image and the real-time image of the verifying user 1306 captured by the camera of the device 1302, are stored on the memory of the user electronic computer device in an encrypted and protected stated.
  • the onboarding process of initially determining a verifying user’s identity may include executing the identity verification software application for encrypting the image of the verifying user and the image of the physical indicia of identification, wherein the encryptions may also be an AES-2 6 protocol.
  • the verifying user 1306 is given complete control of personal identifying information, unlike many known methods.
  • the process then includes executing the identity verification software application on the user electronic computing device 1302 that compares the initial real-time facial image of the verifying user 1306 and the facial image 1312 on the physical indicia of identification 1310 to ascertain an initial positive identity verification.
  • the physical indicia 1310 of identification e.g., driver’s license, passport, company identification card, etc.
  • the process is compared to database of known and authenticated identification forms to ascertain whether the indicia is a possible forgery or authentic.
  • This comparison may be preferably done on the device 1302 itself (to maintain privacy) or remotely at a server 1314 (e.g., an administrative server communicatively couplable with the device 1302 or a third- party' server 1320 (e.g., a government ID database) over a network 1316 using communication connections 1318a- n).
  • a server 1314 e.g., an administrative server communicatively couplable with the device 1302 or a third- party' server 1320 (e.g., a government ID database) over a network 1316 using communication connections 1318a- n).
  • the process may include the step of compiling the real-time facial image of the verifying user 1306 and/or the real-time image of the physical indicia 1310 of identification depicting the facial image of the verifying user and/or the unique device identifier (“UDID”) of the device 1302 into a single user identity data file after the positive identity verification has been ascertained by the software.
  • the UDID is conventionally a 40-digit sequence of letters and numbers that is uniquely associated with a mobile electronic computing device.
  • the process may also include segregating an anonymous and unique data segment of either or both the initial real-time facial image of the verifying user and/or the real-time image of the physical indicia of identification depicting the facial image of the verifying user and/or the UDID utilizing a protocol and subjecting the anonymous and unique data segment to an unkeyed cryptographic hashing to generate an initial hashed data file.
  • the protocol may include deciphering and abstracting the facial outline and/or certain facial features, e.g., nose, eye, or chin structures/profiles and using those same facial outline and/or certain facial features, e.g., nose, eye, or chin structures/profiles for subsequent identification.
  • the protocol will be programmed into the software and may be replicated each identification verification session.
  • the software will be programed (i.e., have a protocol) to use the same information/user data that is utilized in the initial identification verification so that a 100% match can be ascertained.
  • the anonymous data segment may be randomly segregated based on a programmed algorithm and the data segment is anonymous in that it is not able to identify verifying user 1306, whether by name, likeness, etc.
  • the process includes executing the identity verification software application for segregating the UDID associated with the verifying user electronic computing device 1302 utilized as part of the initial hashed data file and for segregating a UDID associated with the verifying user electronic computing device 1302 utilized as part of the second hashed data file.
  • the UDID is taken at least twice during the ID verification process, i.e., during onboarding and after receiving the user identity request on the user electronic computing device 1302.
  • the UDID is preferably conjugated with the anonymous and unique data segment before being subjected to the unkeyed cryptographic hashing.
  • the entire UDID is utilized and, in other embodiments, only a partial and/or a random segment of the UDID is utilized.
  • the protocol utilized to segregate the anonymous and unique data segment may be beneficially stored on the memory of the verifying user electronic computing device 1302 for security
  • One example of the aforementioned segregation and conjugation process may include extracting random portions of the physical indicia 1310 of identification, e.g., passport having the following information: passport number: 68619698698, first and last name: Mike Jackson, birthday: 05/13/1969, country: USA, city: Washington, wherein the protocol may segregate the “19” from the passport number, “ik” from the first name, “13” and “9” from the birthday, “S” from the country, and “h” and “o” from the city .
  • the anonymous and unique data segment may be 19ikl39Sho, wherein the anonymous and unique data segment may be case sensitive (as recognized by the software from the physical indicia 1310) and alphanumeric.
  • a number randomly generated by an algorithm using the protocol or the UD1D is then conjugated with the anonymous and unique data segment, e g., 19ikl39Sho2078912869, making a full reference. Therefore, the protocol can be seen describing which digit(s) in which the information is taken.
  • the full reference is then encrypted SHA-256, or subjected to the unkeyed cryptographic hashing, to generate the initial or second hashed data file either stored on the blockchain or stored locally.
  • the unkeyed cryptographic hashing is a hashing algorithm or function that takes an input of variable length and may produce a 256-bit long hash output.
  • the software application will be programed to cause the random segregating an anonymous data portion of the single user identity data file, hashing the anonymous data portion into a hashed data file, and attributing the hashed data file to the verifying user 1306.
  • the process may include communicating the hashed data file associated with the verifying user 1306 to the verifying user's account stored on the server 1314.
  • the process may also include storing the hashed data file on a generated data block forming part of an interconnected plurality of generated data blocks linked together and each of the plurality of generated data blocks having a cryptographic hash of a previously generated data block and a timestamp, i.e., a personal blockchain for the verifying user 1306.
  • the process may include communicating the initial hashed data file generated in the onboarding process to a server 1314 communicatively coupled to the user electronic computing device 1302 over the network 1316.
  • a secondary user i.e., a requesting user 1308, desires to confirm the identity ⁇ of a user 1306, the requesting user 1308 may' send, and the verifying user 1306 will receive (directly or indirectly), a user identity request on the user electronic computing device 1302 and will then be prompted to capture a second real-time facial image of the verifying user 1306 from the camera of the user electronic computing device 1302.
  • the identity' verification software application is required to be executed on the requestor electronic computing device 1304 before receiving the user identity request on the user electronic computing device 1302 and before communicating the user-unidentifiable notification over the network 1316 to the requestor electronic computing device 1304 of a 100% match or a non- 100% match (as discussed below).
  • the second real-time facial image of the verifying user 1306 may also be stored on the memory of the user electronic computer device 1302 and the identity verification software application on the user electronic computing device 1302 will execute software for comparing the second real-time facial image and the facial image on the physical indicia of identification to ascertain a second positive identity verification.
  • an anonymous and unique data segment will be segregated from one or both of the initial realtime facial image of the verifying user 1306 and/or the real-time image of the physical indicia of identification 1312 depicting the facial image 1312 of the verifying user 1306 (depending on the set protocol), wherein the anonymous and unique data segment will be subjected to the same unkeyed cryptographic hashing to generate a second hashed data file.
  • the process will include comparing the initial and second hashed data files to ascertain a 100% match or a non- 100% match and will communicate a user-unidentifiable notification over the network 1316 to the requestor electronic computing device 1304 (directly or indirectly) of the 100% match or the non-100% match.
  • the initial hashed data file may be stored in a private blockchain and the physical indicia of identification 1310 will be beneficially stored (and encrypted) only on the user’s electronic device 1302.
  • the software application will also be executed for decrypting the image of the physical indicia of identification 1310 before comparing the second real-time facial image and the facial image 1312 on the physical indicia of identification 1310 and re-encrypting the image of the physical indicia of identification 1310 after comparing the second real-time facial image and the facial image 1312 on the physical indicia of identification 1310.
  • a third-party server 1320 that may be communicatively coupled to the device 1302 or the server 1314.
  • the third-party server 1320 (also referred to as third party 1320) may be associated with a company, organization, or agency that can request identity verification from the verifying user 1306 using the verification data obtained during initial onboarding and subsequent user data. Specifically, the verifying user 1306 will complete the initial onboarding process that generates the initial hashed data file and then the third party 1320 may then request (from the server/admin 1314). If the verifying user 1306 has never completed the onboarding process, the user will be required to download the software on their device 1302 and follow the above-referenced process. In some instances, the third party 1320 will ascertain whether the verifying user 1306 is registered by looking through a database on the server 1314 storing an email address associated with the verifying user 1306.
  • the verifying user 1306 may receive a user identity request on the user electronic computing device 1302 and may then be asked to capture a second real-time facial image of the verifying user 1306 from the camera of the user electronic computing device 1302.
  • the image is preferably required to be taken directly by the camera and utilized by the software application as opposed to be uploaded from a file stored on the user’s phone (i.e., real-time).
  • the software application may be programmed to only allow photos to be uploaded and utilized by the software application if the photo of the user’s facial image was taken within the last hour or some other shortened time period.
  • the second real-time facial image of the verifying user 1306 is stored on the memory of the user electronic computer device 1302 and the identify verification software application on the user electronic computing device 1302 is executed to compare the second real-time facial image and the facial image 1312 on the physical indicia of identification 1310 to ascertain a second positive identity verification. Thereafter, another anonymous and unique data segment is segregated using the protocol (e.g., either or both of the second real-time facial image of the verifying user 1306 and/or the real-time image of the physical indicia of identification 1310 depicting the facial image 1312 of the verifying user 1306).
  • the protocol e.g., either or both of the second real-time facial image of the verifying user 1306 and/or the real-time image of the physical indicia of identification 1310 depicting the facial image 1312 of the verifying user 1306).
  • the data segment is then subjected to the same unkeyed cryptographic hashing process that the data segment in onboarding process was subjected to and generates a second hashed data file.
  • the initial and second hashed data files are then compared by the software to ascertain a 100% match or a non- 100% match.
  • the user- unidentifiable notification that is sent to the requesting user 1308 over the network 1316 is the non-user identifiable 100% match or a non- 100% match.
  • the second hashed data file may be locally stored on the memory of the user electronic computer device 1302 and accessing, with the user electronic computer device 1302, the initial hashed data file on the generated data block communicatively coupled to the user electronic computing device 1302 before comparing the first and second hashed data files.
  • the second hashed data file may also be stored locally on the memory of the user electronic computer device and accessing, with the user electronic computer device 1302, the initial hashed data file on the server 1314 before comparing the first and second hashed data files
  • third-party server 1322 also referred to as additional third party 1322
  • additional third party 1322 e g., a social media server that is capable of requesting and receiving tire hashed data file to verify the identity of a platform user (i.e., that is also a verifying user 1306).
  • This additional third party 1322 may also be a government body, organization, or company that itself creates or generates a hashed data file (based on the verifying user’s information) that is then allocated to the verifying user 1306 after installing and executing the software on the verifying user’s device 1302.
  • the verifying user After the hashed data file is associated with the verifying user 1306, the verifying user will then add biometric data to the user’s phone which is encrypted. The verifying user 1306 will then utilize the hashed data file for subsequent transactions to verify his or her identify .
  • the process may include a multi-level authorization protocol, whereby a verifying user 1306 will create the hashed data file, will utilize the hashed data file for attempting to verify the user’s identity, and, if the requesting user requires a higher level of authentication, will request additional information or outside confirmation to confirm the user’s identity. If the verifying user 1306 provides the additional information or outside confirmation is provided, the verifying user 1306 will be approved.
  • This additional level of verification will only be required if the sy stem is set up for different tiers or levels of authentication, whereby the hashed data file will be configured by the server/ admin to have different levels of authentication associated with it.
  • the system and process may be configured such that when the hashed data file is associated with a higher or increased authentication level or tier, subsequent verification for said higher tier will not be required.
  • the identity verification software application is executed and is operably configured to generate a reliability score dictated by a ranking algorithm utilizing a hierarchy of ranked plurality of physical indicia of identifications and the physical indicia of identification depicting the facial image of the verifying user.
  • the ranking algorithm may also utilize the 100% match or the non- 100% match to generate the reliability score.
  • the anonymous digital hashed data file idNFT
  • the system/software is configured to allocate the idNFT a reliability score based on, for example, the quality of the governmental ID or indicia 1310 utilized by the verifying user 1306.
  • Another example of a document that could affect the reliability score and ranking could be a passport with an older issuing date compared to a newer issuing date that may also utilize NFT technology.
  • the ranking of the IdNFT may be continuously or sporadically increased, for example, based on every 100% match utilizing the software, the number of different organizations successfully utilizing the IdNFT to validate the indicia 1310 of the user 1306, the reliability of any additional biometrics and ID documents added by the verifying user 1306, and/or the identity of the user 1306 is virtually countersigned by a person of good standing and/or trusted organization.
  • the process may be configured such that the physical indicia of identification is confirmed as being authentic by the organization issuing the identification for the verifying user 1306 after the hashed data file is created in the onboarding process. More specifically, once the hashed data file is created, the system and software may communicate the entire or fragmented data file depicting the physical indicia of identification 1310 to the third party 1322 organization that will conduct their own authentication process by comparing the physical indicia of identification 1310 to its database. If it matches, a push notification will be sent to the verifying user 1306 confirming the same and if it is a failed comparison, it may be reported to the administrator 1314 and/or the verifying user 1306 for additional proof of identity verification.
  • a voice ID of the verifying user 1306 is created to enhance the authenticity of the verifying user’s identity. More specifically, the onboarding process may include capturing an initial voice recording of the verifying user 1306 from a microphone of the user electronic computing device 1302 and then compiling the initial voice recording into an initial voiceprint utilizing at least one of the tone, rhy thm, and pitch of the initial voice recording, and storing the initial voiceprint recording on the memory of the user electronic computer device 1302.
  • a second voice recording of the verifying user 1306 is captured from the microphone of the user electronic computing device 1302 and is then compiled (using the same protocol as the initial voice recording) into a second voiceprint utilizing at least one of the tone, rhythm, and pitch of the second voice recording.
  • the process may also include prompting the verifying user 1306 on the user electronic computing device 1302 to speak a defined sentence (or other programmed words) programmed on the identity verification software application for both the initial and second voice recordings.
  • utilizing the camera or microphone of the device 1302 provides the user with the ability to verify their identity quickly and robustly using the traditional “selfie” liveness image, or by repeating the spoken sentence.
  • the IdNFT system then analyses the user’s voice's unique characteristics, and detects whether the voice matches that previously recorded. If solely utilizing the user’s voice in lieu of capturing the user’s image, a much smaller data file is used during the comparison process than using a liveness image, therefore speeding up the overall time of the process. For users who through choice or religious beliefs wear a facial covering such as a burqa are able to onboard using their government ID in the privacy of their own home, and then verify their ID in public by using the voice option. Voice ID can also be used as a backup if for any reason, the user’s camera is broken on their device 1302. For the requesting user 1308, additional security levels can be created, if required, by requesting the user 1306 provide both a live image and a voiceprint.
  • the present invention enables parties to verify a user’s identity using an IdNFT, wherein after a verifying user 1306 has finished onboarding, or the initial verification process, the system and subsequent verification process supplies the parties requesting the identification verification a simple “yes” or “no”. For the verifying user 1306 this provides the user 1306 the ability to authenticate the user without sharing private data or biometrics. As such, identify verification has become completely anonymous with the party the user 1306 is dealing with, whilst robustly confirming the user 1306 is tire correct person.
  • the system and process the party the ability to confirm a user’s true identity without having the systems in place to securely store private identification documents of the user 1306, remove the requirement and need to have suitably trained staff to review the validity of photo ID, ensuring the IDs are not forgeries or fake, and that all the actions associated with the IdNFT are stored for perpetuity in the IdNFT private blockchain.
  • the company or organization requesting identity verification from the user 1306 may also request, but the user is not required to provide, copies of user’s documents utilized by the aforementioned process and/or other biometrics confirming the user’s identity. If the user 1306 agrees, then this requested information may be provided to the requesting user 1308.
  • the GPS location of the user’s device 1302 may be ascertained when the user 1306 captures the image(s) and the GPS location may also be provided to the requesting user 1308 if consented to by the user 1306, thereby giving the user 1306 self-sovereignty for the personal information and data provided by the user 1306.
  • all ID documents and biometric data that may be capable of revealing the user’s 1306 identity are securely stored on the user’s 1306 own device 1302 and in no other location unless consented to by the user 1306.
  • the only data stored externally is an anonymous hash on the IdNFT blockchain, and anonymous biometric data stored on the secure IdNFT server 1314.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Bioethics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Databases & Information Systems (AREA)
  • Human Computer Interaction (AREA)
  • Multimedia (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Biomedical Technology (AREA)
  • Oral & Maxillofacial Surgery (AREA)
  • Medical Informatics (AREA)
  • Collating Specific Patterns (AREA)

Abstract

A computer-implemented method of verifying a user's identity including capturing a user's real-time facial image and ID depicting the user's facial image, which are stored and encrypted on the user's electronic device and compared to one another to confirm the identity of the user. If confirmed, a unique data segment from the facial image or the ID will be segregated using a protocol that is subject to an unkeyed cryptographic hashing to generate an initial hashed data file. When a user needs their identity verified by another party, another facial image of the user is captured that is then compared to the stored ID to confirm the user's identity and will then again segregate another anonymous and unique data segment using the same protocol to generate another hashed data file that is compared to the initial hashed file to determine a 100% match or non-match communicated to a requesting user.

Description

COMPUTER-IMPLEMENTED USER IDENTITY VERIFICATION METHOD
FIELD OF THE INVENTION
The present invention relates generally to methods of identity verification and protection, and, more particularly, relates to a computer implemented user identity verification method.
BACKGROUND OF INVENTION
In order to verify the identity of a client or user online or when physically present, companies are currently forced to use multiple poor quality and often dated systems in an attempt to securely identify an individual. Companies requiring that documents or agreements be signed online have many existing options but none that allow companies to verify the identity of the individual signing the document in real time. Existing prior art currently relies on the security of the respondent’s email address alone, along with dated online Portable Document Format (“PDF”) signing services or a simple “tick box” to record agreement. Therefore, although they may receive an electronically signed document, the company has no real and concrete proof that it was the customer themselves who signed and agreed to it. Additional limitations of existing methods of electronic document signatures include the inability to prevent signed documents from being altered in the future. Due to the limitations with the prior art as stated above, some companies may then additionally request that documents be notarized by a third party. This further prolongs the process and constitutes an added inconvenience to the party signing the document.
For many companies, it is important that they know the true identity of a user before they allow them to take part in an online action. An online action may include entering a secure web portal, taking an examination, voting, opening an account or, indeed, any action where data privacy and security is vital. Again, companies are forced to use a selection of outdated systems and methods. For instance, some sites request a credit card number to check age and address, but many consumers are understandably hesitant or unwilling to provide this. Many financial institutions, including online stocks and bitcoin trading platforms, request that a recent photo ID be scanned and emailed to them before opening a new user account. This adds considerable time to the whole process but still offers no guarantees that the ID has not been copied or stolen. Video-conferencmg technologies may also be used, whereby the company records a video conference. However, this is very time consuming especially if the user does not have ready access to video-conferencing capabilities and is unreliable to the extent it relies on staff to check against photo ID and is, therefore, exposed to the possibility of human error. Although most business to business and business to consumer transactions now take place online, there is no reliable way to ensure that identity fraud is not being perpetrated. With the computer implemented user identity verification method claimed herein, however, a company can be assured 100% that they are dealing with the correct and intended individual. Also, the present invention is designed to be able to track the identity of a timed online event, such as a student taking an online examination. Specifically, the present invention syncs the geolocation of the phone to the physical IP address of the computer and sends randomly timed requests for the user to identify themselves throughout the exam.
For clients physically visiting a company or organization, there are very few, if any, modem and robust identification solutions available to securely verify a user’s identity . In accordance with existing prior art, a company generally has to maintain staff members that are sufficiently trained to look at the photo ID that is provided and compare it to the individual that appears before them, as well as to potentially charge a nominal amount to a credit card company to ensure they are the true owner of the card. One of the principal limitations with this method is that it still does not guarantee the individual’s identify, merely that the individual knows the user’s personal identification number.
Existing prior art is time consuming for both the company and the user, and fraught with danger if not completed by competent and well-trained staff. The present invention saves time whilst offering a much more robust and secure verification process because the claimed method may be used across different areas of a user’s life as well as to meet various identification and verification needs.
Therefore, a need exists to overcome the problems with the prior art as discussed above.
SUMMARY OF THE INVENTION
The invention provides a computer-implemented user identity verification method that overcomes the hereinafore- mentioned disadvantages of the heretofore-known devices and methods of this general type and that provides an identity verification process that enables effective and efficient onboarding for an individual user having their identify verified by generating an anonymous digital hashed data file (sometimes referred to as an “IdNFT”) that is capable of being shared and utilized to verify a user’s identity in instances after initial onboarding. This process is effectuated will importantly keeping user’s private data and biometrics are safely stored and kept private from an outside party unless consented to by the user. Importantly, the computer-implemented user identity verification method described herein provides complete self-sovereignty for the user, in that all user-identifiable data and identification of the user are only stored on the user’s electronic device, and no user-identifiable data or identification are stored anywhere else externally to the user’s electronic device. On a personal blockchain of the user, the present invention enables storage of an anonymous hash and on a separate secure server the present invention enables storage of the user’s unidentifiable biometric data. Therefore, no identifiable data for the user is stored anywhere other than on their own electronic computing device, and due to the single pathway of communication from the device to the IdNFT system (i.e., and not from the IdNFT system to the user’s device), the user can be assured of complete security of their personal data. For instance, if local data laws require the user has the “right to be forgotten”, this is covered by the user simply deleting the IdNFT software application from their device, as this equates to the full deletion of all identifiable data.
Other objects of the invention including providing the user complete self-sovereignty that the IdNFT supplies to the end-user, keeping a user’s personal identification data and biometrics private and secure and only visible to them, whilst offering a permission-based system which allows them to verify their identity to an organization as a simple “Yes” or “No”, or if the user’s desires, to share all or part of their identifying data to those organizations that they choose.
Further, an object includes enabling multiple and numerous parties to remotely verify an IdNFT, which further validates and therefore increases the persons authenticity and reliability scoring. The increased security due to the single direction of communication used in the creation and all use of the IdNFT, whereby the users smartphone can communicate with the IdNFT servers and blockchain, but the Servers and Blockchain have no direct or indirect link back to the smartphone. The invention further provides increased security due to no identifiable user data or biometrics being stored anywhere externally, with everything remaining securely encrypted on the user’s smartphone. As such, a user’s single IdNFT can be used as robust ID verification method by any number of organizations and the ability for online organizations (e.g., a social media company) to use the IdNFT system to ensure that they are only allowing verified human beings as users of their system, whilst still fully retaining the user’s anonymity. Another object of the invention is to provide the ability for an IdNFT to be created without the use of traditional governmental identification (ID) (e.g., a passport), wherein the user’s identity then validated by trusted organizations, and therefore creating a true “distributed proof of existence”, which can be used in any setting to verify the user’s true identity at any time in the future.
Another object of the present invention is to provide an “IdMLA” (ID Multi-Level-Authorization) linked to the IdNFT, which allows (after the successful authentication of an Individuals identity) for organizations to withhold access to any secure computer system or online action, whilst someone with a higher level of authority reviews the individual’s right of entry or permission to complete the action. Another object of the invention is to provide users the ability to verify their ID remotely using Al, which is then paused whilst further manual checks are completed. A further object of the present invention is to provide users the ability to use a voice recording (voiceprint) linked to the IdNFT to verify an individual’s ID and for users to use an alias to digitally confirm their age and that they are a real person, without having to share any personal information including an email address. With the foregoing and other objects in view, there is provided, in accordance with the invention, a computer- implemented user identity verification method that includes providing a verifying user electronic computing device of a verifying user and a requestor electronic computing device of a requesting user, each with an electronic display, a memory, a camera, and an executable identity verification software application resident the memory thereon, capturing an initial real-time facial image of the verifying user from the camera of the user electronic computing device and storing the initial real-time facial image of the verifying user on the memory of the user electronic computer device, capturing a real-time image of a physical indicia of identification depicting a facial image of the verifying user and storing the image of the physical indicia of identification depicting the facial image on the memory of the user electronic computer device, and executing the identity verification software application on the user electronic computing device that executes software. The softw are is then operable to compare the initial real-time facial image and the facial image on the physical indicia of identification to ascertain an initial positive identity verification, segregate an anonymous and unique data segment from the real-time image of the physical indicia of identification depicting the facial image of the verifying user utilizing a protocol and subjecting the anonymous and unique data segment to an unkeyed cryptographic hashing to generate an initial hashed data file, and communicate the initial hashed data file to a server communicatively coupled to the user electronic computing device over the network. The process then includes receiving a user identify request on the user electronic computing device and then capturing a second real-time facial image of the verifying user from the camera of the user electronic computing device, storing the second real-time facial image of the verifying user on the memory of the user electronic computer device, and executing the identify verification software application on the user electronic computing device that then executes software for comparing the second real-time facial image and the facial image on the physical indicia of identification to ascertain a second positive identity verification, segregating, subject to ascertaining the second positive identity verification, an anonymous and unique data segment from the real-time image of the physical indicia of identification depicting the facial image of the verifying user utilizing the protocol and subjecting the anonymous data segment to the unkeyed cryptographic hashing to generate a second hashed data file, and comparing the initial and second hashed data files to ascertain a 100% match or a non- 100% match. The process also includes communicating a user-unidentifiable notification over the network to the requestor electronic computing device of a 100% match or a non- 100% match (e.g., “yes, identify verified” or “no, identity not verified”) without sharing any of the verifying user’s personal information.
In accordance with another feature, an embodiment of the present invention includes executing an identity verification software application on the requestor electronic computing device before receiving the user identity request on the user electronic computing device and before communicating the user-unidentifiable notification over the network to the requestor electronic computing device of a 100% match or a non- 100% match. In accordance with yet another feature, an embodiment of the present invention also includes executing the identity verification software application for encrypting the image of the physical indicia of identification.
In accordance with a further feature, an embodiment of the present invention also includes executing the identity verification software application for decrypting the image of the physical indicia of identification before comparing the second real-time facial image and the facial image on the physical indicia of identification and re-encrypting the image of the physical indicia of identification after comparing the second real-time facial image and the facial image on the physical indicia of identification.
In accordance with yet another feature, an embodiment of the present invention also includes executing the identity verification software application for compiling the initial real-time facial image of the verifying user and the realtime image of the physical indicia of identification depicting the facial image of the verifying user into a single user identity data file and randomly segregating the anonymous and unique data segment from the single user identity data file to generate the initial hashed data file.
In accordance with an additional feature, an embodiment of the present invention also includes storing the initial hashed data file on a generated data block forming part of an interconnected plurality of generated data blocks linked together and each of the plurality of generated data blocks having a cryptographic hash of a previously generated data block and a timestamp. The process also includes storing the second hashed data file locally on the memory of the user electronic computer device and accessing, with the user electronic computer device, the initial hashed data file on the generated data block communicatively coupled to the user electronic computing device before comparing the first and second hashed data files.
In accordance with another feature, an embodiment of the present invention also includes storing the initial hashed data file on a generated data block forming part of an interconnected plurality of generated data blocks linked together and each of the plurality of generated data blocks having a cryptographic hash of a previously generated data block and a timestamp.
In accordance with yet another feature, an embodiment of the present invention also includes storing the second hashed data file locally on the memory of the user electronic computer device and accessing, with the user electronic computer device, the initial hashed data file on the server before comparing the first and second hashed data files.
In accordance with yet another feature, an embodiment of the present invention also includes executing the identity verification software application for segregating a unique device identifier associated with the verify ing user electronic computing device utilized as part of the initial hashed data file and for segregating a unique device identifier associated with the verifying user electronic computing device utilized as part of the second hashed data file. In some embodiments, the unique device identifier is conjugated with the anonymous and unique data segment before being subjected to the unkeyed cryptographic hashing. In further embodiments, the protocol is stored on the memory of the verifying user electronic computing device.
In accordance with an exemplary feature, an embodiment of the present invention also includes executing the identity verification softw are application for generating a reliability score dictated by a ranking algorithm utilizing a hierarchy of ranked plurality of physical indicia of identifications and the physical indicia of identification depicting the facial image of the verifying user.
In accordance with a further feature of the present invention, the ranking algorithm utilizes the 100% match or the non-100% match to generate the reliability score.
In accordance with yet another feature, an embodiment of the present invention also includes capturing an initial voice recording of the verifying user from a microphone of the user electronic computing device, compiling the initial voice recording into an initial voiceprint utilizing at least one of the tone, rhythm, and pitch of the initial voice recording, and storing the initial voiceprint recording on the memory of the user electronic computer device and receiving the user identity request on the user electronic computing device and then capturing a second voice recording of the verifying user from the microphone of the user electronic computing device, compiling the second voice recording into a second voiceprint utilizing at least one of the tone, rhythm, and pitch of the second voice recording, and executing the identity verification software application on the user electronic computing device that executes software for comparing the initial and second voiceprints to ascertain the second positive identity verification.
In accordance with an additional feature, an embodiment of the present invention also includes prompting the verifying user on the user electronic computing device to speak a defined sentence programmed on the identity verification software application for both the initial and second voice recordings.
Although the invention is illustrated and described herein as embodied in a computer-implemented user identity verification method and system, it is, nevertheless, not intended to be limited to the details shown because various modifications and structural changes may be made therein without departing from the spirit of the invention and within the scope and range of equivalents of the claims. Additionally, well-known elements of exemplary embodiments of the invention will not be described in detail or will be omitted so as not to obscure the relevant details of the invention. Other features that are considered as characteristic for the invention are set forth in the appended claims. As required, detailed embodiments of the present invention are disclosed herein; however, it is to be understood that the disclosed embodiments are merely exemplary of the invention, which can be embodied in various forms. Therefore, specific structural and functional details disclosed herein are not to be interpreted as limiting, but merely as a basis for the claims and as a representative basis for teaching one of ordinary skill in the art to variously employ the present invention in virtually any appropriately detailed structure. Further, the terms and phrases used herein are not intended to be limiting; but rather, to provide an understandable description of the invention. It is believed that the invention will be better understood from a consideration of the following description in conjunction with the drawing figures, in which like reference numerals are carried forward. The figures of the drawings are not drawn to scale.
Before the present invention is disclosed and described, it is to be understood that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting. The terms “a” or “an,” as used herein, are defined as one or more than one. The term “plurality,” as used herein, is defined as two or more than two. The term “another,” as used herein, is defined as at least a second or more. The terms “including” and/or “having,” as used herein, are defined as comprising (i.e., open language). The term “coupled,” as used herein, is defined as connected, although not necessarily directly, and not necessarily mechanically. The term “providing” is defined herein in its broadest sense, e.g., bringing/coming into physical existence, making available, and/or supplying to someone or something, in whole or in multiple parts at once or over a period of time. Also, for purposes of description herein, the terms “upper”, “lower”, “left,” “rear,” “right,” “front,” “vertical,” “horizontal,” and derivatives thereof relate to the invention as oriented in the figures and is not to be construed as limiting any feature to be a particular orientation, as said orientation may be changed based on the user’s perspective of the device. Furthermore, there is no intention to be bound by any expressed or implied theory presented in the preceding technical field, background, brief summary or the following detailed description.
As used herein, the terms “about” or “approximately” apply to all numeric values, whether or not explicitly indicated. These terms generally refer to a range of numbers that one of skill in the art would consider equivalent to the recited values (i.e., having the same function or result). In many instances these terms may include numbers that are rounded to the nearest significant figure. The terms “program,” “software application,” and the like as used herein, are defined as a sequence of instructions designed for execution on a computer system. A “program,” “computer program,” or “software application” may include a subroutine, a function, a procedure, an object method, an object implementation, an executable application, an applet, a servlet, a source code, an object code, a shared library/dynamic load library and/or other sequence of instructions designed for execution on a computer system. BRIEF DESCRIPTION OF THE DRAWINGS
The accompanying figures, where like reference numerals refer to identical or functionally similar elements throughout the separate views and which together with the detailed description below are incorporated in and form part of the specification, serve to further illustrate various embodiments and explain various principles and advantages all in accordance with the present invention.
The accompanying figures, where like reference numerals refer to identical or functionally similar elements throughout the separate views and which together with the detailed description below are incorporated in and form part of the specification, serve to further illustrate various embodiments and explain various principles and advantages all in accordance with the present invention.
FIG. 1 is a block diagram of a computer-implemented user identity verification method, in accordance with one exemplaiy embodiment of the present invention;
FIG. 2 is a block diagram of an exemplary computing device utilized in the computer-implemented user identity verification method depicted in FIG. 1;
FIG. 3 is schematic diagram depicting exemplary applications for the computer-implemented user identity verification method, in accordance with one embodiment of the present invention;
FIG. 4 is a schematic diagram depicting several exemplaiy steps of the computer-implemented user identity verification method;
FIGS. 5-10 are schematic diagrams depicting an exemplary computer-implemented user identity' verification method, in accordance with one exemplary embodiment of the present invention;
FIG. 11 is a process flow diagram depicting steps associated with the computer-implemented user identity verification method in FIG. 1, in accordance with one exemplary embodiment of the present invention;
FIG. 12 is a process flow diagram depicting steps associated with the closed-network identity verification session, in accordance with one exemplary' embodiment of the present invention; and
FIG. 13 is a block diagram and system depicting a computer-implemented user identity verification method in accordance with one embodiment of the present invention. DETAILED DESCRIPTION OF INVENTION
While the specification concludes with claims defining the features of the invention that are regarded as novel, it is believed that the invention will be better understood from a consideration of the following description in conjunction with the drawing figures, in which like reference numerals are carried forward. It is to be understood that the disclosed embodiments are merely exemplary of the invention, which can be embodied in various forms.
The invention described herein provides a computer-implemented user identity verification method and system that overcomes known disadvantages of those known devices and methods of this general type and that effectively and efficiently verifies a user’s identity in a technical manner and with unconventional hardware. Although the invention is illustrated and described herein as embodied in a computer-implemented user identity verification method and system, it is, nevertheless, not intended to be limited to the details shown because various modifications and structural changes may be made therein without departing from the spirit of the invention. Additionally, well-known elements of exemplaiy embodiments of the invention will not be described in detail or will be omitted so as not to obscure the relevant details of the invention.
The attached figures are incorporated in and form part of the specification and sen e to further illustrate various embodiments and explain various principles and advantages all in accordance with the present invention. Moreover, it is believed that the invention will be better understood from a consideration of the following description in conjunction with the drawing figures, in which like reference numerals are carried forward.
The present invention provides a novel and efficient computer-implemented user identity verification method 100 (hereinafter referred to simply as “the method 100” for brevity). The method 100 provides an artificial intelligence (“Al”) and blockchain platform -based solution that enables any company of any size to formally identify a user’s and/or client’s identity before allowing them to complete any online or real-world action. The method 100 is the first contactless ID verification service for any type of transaction that does not require the physical handling of documentation. The method 100 uses a variety of biometrics which are then triangulated to produce a Digital Secured and Unforgeable ID (“DSUID”) for the user, so that the business can be totally assured they are dealing with the correct person, and that they are not becoming a victim of fraud through identity theft. See FIG. 1, for example, of some of the applications and benefits. Once a user has been issued a DSUId, it then enables them to prove their identity again quickly and securely in the future to either the company who originally requested it, or indeed any other business using the method 100. In this way, the method 100 can serve as a digital passport to the end-user to safely conduct future traditional and internet transactions. The present invention embodies several advantageous features which beneficially protect user’s personally identifiable information and allow a third party to accurately and reliably verily a user’s identity. The advantageous features include, without limitation, the following: using both algorithm and machine-learning Al to check the reliability of all the identification documentation that is provided by a user; using blockchain capabilities to ensure all data remains secure and unforgeable whilst offering complete traceability; using Al to give each identification document that is provided a reliability scoring including looking at its historical use; using Al to cut and split data between differing blockchain encrypted locations to ensure privacy and security at all times; and returning a simple “Yes” or “No” to confinn the client’s details to a company, thereby negating the need for the company to store their client’s personal data and increasing both the privacy and security for the client. The foregoing features further increase the security of a user’s personal data to avoid fraud, identity theft, and other misleading information being supplied during a verification session, e g., a meeting, sign-up process or during subsequent logins and transactions etc.
Referring now to FIG. 1 and FIG. 11, a first Step 1102 of the method 100 comprises providing a user electronic computing device 102 of a verifying user 104 with an electronic display 210, a memory 206, a camera 200, and an executable identity verification software application resident the memory' thereon, wherein “executable” is defined herein as “able to be run by a computer.” In preferred embodiments, the user electronic computing device 102 may consist of a cell phone, smart phone, laptop, tablet, desktop computer, or other comparable electronic computing device. The memory 206 is non-transitory wherein “non-transitory” is defined as a resident memory. The executable identity verification software application may be made available for purchase or download from the Apple or Android store.
A next Step 1103 comprises providing a requestor electronic computing device 110 of a requesting user 112. As with the user electronic computing device 102, the requestor electronic computing device 110 may be a cell phone, smart phone, laptop, tablet, desktop computer, or other comparable electronic computing device. The requesting user 112 may be any individual, corporate entity, or government agency that seeks to obtain accurate and reliable identity verification in transactions such as, without limitation, web-based courses and exams; private portals, gambling and gaming sites; adult sites; social media sites; web forums; shopping/auction sites; or any website requiring assurances of an individual’s identity. In addition to verifying identification online, the method 100 also facilitates identity verification during face-to-face encounters such as, without limitation, meetings with banking employees; doctors and medical appointments; schools and colleges; governmental agencies; solicitors; or any meeting requiring sufficient assurances of an individual’s identity. In utilizing the method 100, any user can check another person’s identity in a much more robust manner than just inspecting a proffered picture ID, without really knowing if it is authentic or not. Due to the ease of use of using the method 100, users can obtain identity verification in a faster period of time without implicating the legalities surrounding the copying and storing of personal data since the requesting user 112 does not need to store the produced personal data on the requesting user’s 112 own servers, systems, etc.
A further Step 1104 comprises providing a first administrator server 106 and a second administrator server 108. In the depicted example, the method 100 includes the verifying user 104 and the requesting user 112 communicatively coupled together and/or to one or more server(s) 106, 108 over a network 118. The computing devices 102, 110, which may be a cellphone or tablet, for example, are operable to execute programming instructions embodied in the executable identity verification software application that can be received from the administrative servers 106, 108 via a wide area network (WAN) 118. In other embodiments, the computing devices 102, 110 are operable to execute the programming instructions received from the administrative servers 106, 108 over the WAN 118. In yet other embodiments, the executable identity verification softw are application is a web-based software application, a desktop software application, or a mobile device softw are app. In one embodiment, the WAN is the Internet. The Internet represents a worldwide collection of networks and gateways that use the TCP/IP suite of protocols to communicate with one another. At the heart of the Internet is a backbone of high-speed data communication lines between major nodes or host computers, consisting of thousands of commercial, government, educational and other computer systems that route data and messages. Of course, the network 118 also may be implemented as a number of different types of networks, such as for example, an Intranet, a local area network (LAN), or a cellular network. FIG. 1 is intended as an example, and not as an architectural limitation for the present invention. As shown in FIG. 1, the network 118 includes connections 102a-n, which are the medium used to provide communication links between various devices and computers connected together within the network 118. The connections 102a-n may be wired or wireless connections, but said connections are preferably wireless.
A few exemplary wired connections are cable, phone line, and fiber optic. Exemplary wireless connections include radio frequency (RF) and infrared radiation (IR) transmission. Many other wired and wireless connections arc known in the art and can be used with tire present invention.
With reference now to FIG. 2, the computing devices 102, 110 are illustrated in a block diagram. The computing devices 102, 110 may include a camera 200, a user input interface 202, a network interface 204, a memory 206, a processing device 208, a computer display 210, and an audio input/output 212. The camera 200 may include a camera lens 201 and may be operable to capture still images, as well as, video. The camera 200 is preferably a digital camera so that the images may be stored in the memory 206 and processed by the processing device 208 on a user’s cellular phone and/or remotely at the administrator servers 106, 108. The camera 200 may be communicatively coupled to a microphone for capturing audio, as well as, simultaneous visual video images.
The user input interface 202 functions to provide the user a method of providing input to the personal computing devices. The user input interface 202 may also facilitate interaction between the user’s computing devices and/or the servers 106, 108. The user input interface may be a keypad providing a variety of user input operations. For example, the keypad may include alphanumeric keys for allowing entry of alphanumeric information (e.g., telephone numbers, contact information, content for display, text, etc.). The user input interface 202 may include special function keys (e.g., a camera shutter button, volume control buttons, back buttons, home button, etc.), navigation and select keys, a pointing device, and the like. Keys, buttons, and/or keypads may be implemented as a touchscreen associated with the computer display 210. The touchscreen may also provide output or feedback to the user, such as haptic feedback or orientation adjustments of the keypad according to sensor signals received by motion detectors, such as an accelerometer, located within the devices.
The network interface 204 may include one or more network interface cards (NIC) or a network controller. In some embodiments, the network interface 204 may include a personal area network (PAN) interface. The PAN interface may provide the capability for the user’s computing devices to network using a short-range communication protocol, for example, a Bluetooth communication protocol. The PAN interface may permit one personal computing device to connect wirelessly to another personal computing device via a peer-to-peer connection.
The network interface 204 may also include a local area network (LAN) interface. The LAN interface may be, for example, an interface to a wireless LAN, such as a Wi-Fi netw ork. The range of the LAN interface may generally exceed the range available via the PAN interface. Typically, a connection between two electronic devices via the LAN interface may involve communication through a network router or other intermediary device.
Additionally, the network interface 204 may include the capability to connect to a wide area network (WAN) via a WAN interface. The WAN interface may permit a connection to, for example, a cellular mobile communications network. The WAN interface may include communications circuitry, such as an antenna coupled to a radio circuit having a transceiver for transmitting and receiving radio signals via the antenna. The radio circuit may be configured to operate in a mobile communications network, including but not limited to global systems for mobile communications (GSM), code division multiple access (CDMA), wideband CDMA (WCDMA), and the like.
The computing devices 102, 110 of the users 104, 112 may also include a near field communication (NFC) interface. The NFC interface may allow for extremely close-range communication at relatively low data rates (e.g., 424 kb/s). The NFC interface may take place via magnetic field induction, allowing the NFC interface to communicate with other NFC interfaces located on other mobile computing devices or to retrieve information from tags having radio frequency identification (RFID) circuitry. The NFC interface may enable initiation and/or facilitation of data transfer from and to the personal computing devices with an extremely close range (e.g., 4 centimeters).
A memory 206 associated with the user’s computing devices may be, for example, one or more buffer, a flash memory, or non-volatile memory, such as random-access memory (RAM). The computing devices 102, 110 may also include non-volatile storage. The non-volatile storage may represent any suitable storage medium, such as a hard disk drive or non-volatile memory, such as flash memory . The processing device 208 can be, for example, a central processing unit (CPU), a microcontroller, or a microprocessing device, including a “general purpose” microprocessing device or a special purpose microprocessing device. The processing device 208 executes code stored in memory 206 to cany7 out operation/instructions of the mobile computing devices 102, 110. The processing device 208 may provide the processing capability to execute an operating system, run various applications, and provide processing for one or more of the techniques described herein.
In preferred embodiments, the first administrative server 106 is located in a geographically remote and independent location with respect to the second administrative server 108 to further protect user data in the event that one of the servers 106, 108 are destroyed, damaged, hacked, or otherwise compromised. In exemplary embodiments, the user electronic computing device 102 and the requestor electronic computing device 110 are located in geographically remote and independent locations with respect to the first administrator server 106 and the second administrator server 108 to further aid in protecting user data.
As best depicted in FIG. 3, die method 100 of verifying a user’s identity facilitates the completion of various tasks and activities including, without limitation, signing and/or notarizing documents, logging in to a website, shopping online, taking an exam, voting, etc. As such, the applicability of the method 100 spans across a wide variety of industries, spheres, and areas of busmess and everyday life, in general. FIGS. 6a-b depict the Steps undertaken to execute the method 100 from the perspective of the requesting user 112, e.g., a business, corporate entity, government agency, individual, etc. FIGS. 7a-10 depicts the Steps undertaken to execute the method 100 from the perspective of the verifying user 104. In FIGS. 7a-b, the verifying user 104 is granted permission to log into a website upon the successful completion of the method 100 such that the verifying user 104 achieves a data and identity match. In FIGS. 8a-b, the data and identity match achieved by the verifying user 104 grants the verifying user 104 permission to vote in an election. In FIGS. 9a-b, the verifying user 104 is a student whose data and identity match permits the student to take an exam. In FIG. 10, the verifying user’s 104 use of the method 100 allows the verifying user 104 to achieve a data and identity match to verify' the user’s identity and achieve any number of tasks and activities. The Steps comprising the method 100 are outlined in FIGS. 5a-b and FIG. 11, though the specific order of the Steps as depicted in the figures and as outlined herein may vary in alternate embodiments and one or more Steps may be combined or consolidated to achieve the same result in fewer Steps.
In accordance with a next Step 1105, the method 100 comprises receiving, at the first administrator server 106 that is communicatively coupled to the user electronic computing device 102 over the network 118, biometric user data of the verifying user 104 from the user electronic computing device 102, personalized user data from the user electronic computing device 102, and unique phone data from the user electronic computing device 102. In one embodiment, the biometric user data of the verifying user 104 comprises the facial scan or image of the verifying user 104, which is captured by engaging the camera 200 of the user electronic computing device 102 and scanning the same over the face of the verifying user 104. In a second embodiment, the biometric user data including the digital facial image depicting the verifying user 104 is taken from a physical indicia of identification 114 depicting a facial image depicting the verifying user 104, the physical indicia of identification including at least one of a government issued license and a government issued passport, i.e., including either or both the government issued license or the government issued passport. In alternate embodiments, the biometric user data of the verifying user 104 may extend to any body measurement or calculation relating to the same such as, by way of example and without limitation, any of the following: fingerprints, DNA, palm prints, iris recognition, hand geometry , retina, body odor, palm veins, ear form, keyboard strokes, gait analysis, voice, body geometry, etc. Typically, the verifying user 104 will be prompted and required to scan a recent official photo ID, which is then checked for forgeries against an international database covering over 180 countries. The verifying user 104 will then be prompted or required to take a facial image or video by engaging the camera 200, which facial image or video is then compared against the scanned recent official photo ID for an identity match. In an exemplary embodiment, the unique phone data includes, without limitation, the International Mobile Equipment Identity (“1ME1”) number that is uniquely associated with the user electronic computing device 102 and the geolocation of the user electronic computing device 102. Specifically, the IMEI is a unique 15 -digit number that identifies a specific mobile device. This Step may comprise only receiving, at the first administrator server 106 that is communicatively coupled to the user electronic computing device 102 over a network, biometric user data of the verifying user 104 from the user electronic computing device 102, particularly where neither the verifying user 104 nor the requesting user 112 have opted in for data above and beyond that of the biometric user data of the verifying user 104.
In a preferred embodiment of the present invention, a digital geolocation associated with metadata from the facial image of the verifying user 104 taken by the camera of the electronic computing device 102, a physical card image depicting a facial image of the verifying user, and a digital phone verification from the electronic computing device 102 is sent or communicated by the first server 106.
The nature and extent of the personalized user data from the user electronic computing device 102 may vaiy depending on the preference of the verifying user 104, i.e., which personal data and information the verifying user 104 wishes to input, or on the preference of a requesting user 112 who communicates an electronic identity verification requests, i.e., the corporate entity, government agency, or individual seeking verification of the identity of the verifying user 104. The personalized user data may include, without limitation, a user’s email address, home address, signature, cell phone number, passport, driver’s license, pm code, voice recording, social security number, other biometric data, or other state- or government-issued ID. The personalized user data may be selectively modified or adjusted to account for differing levels of security identification that are available. Specifically, the personalized user data may be divided up into several categories, each of which reflects progressively more personal or sensitive data of the verifying user 104. In an exemplary embodiment of the present invention, there are three categories of personalized user data which may be referred to herein as DSUId level 1, DSUId level 2 and DSUId level 3. DSUId level 1 collects sufficient information, i.e., biometric user data and/or personalized user data, to securely identify the individual. DSUId level 2 collects more stringent information, i.e., biometric user data and/or personalized user data, that further identifies the individual. DSUId Level 1, i.e., the minimum required, may include, without limitation, the following: email address confinnation; cell phone number confirmation; scanning a photo ID; taking a facial image or video; geolocation (automatically collected); phone information such as IME (automatically collected); setting a Pin Code (to speed up future use); agreement to terms and conditions tick box/electronic signature. DSUId Level 2 generally includes all of the information listed under DSUId Level 1 as well as at least one of the following: social media accounts; home address; fingerprint scan (to speed up future transactions); and/or voice recording (to speed up future transactions). DSUId Level 3 generally includes all of the information listed under DSUId Level 1 and DSUId 2 as well as at least one of the following: social security number; uploading additional Photo ID; uploading additional documentation. During the identification process, the requesting user 112 can also request the verifying user 104 supply their signature or any other information they require. If the verifying user 104 ever wants to update their DSUId for any reason, one or more steps may be repeated to ensure the user’s identity'. A DSUId can only be improved once set up, but not altered. This therefore makes the DSUId completely secure in identifying the verifying user 104, both in the first instance and then again for future transactions. In one embodiment, the only data communicated to the first administrator server 106 is biometric user data of the verify ing user 104 from the user electronic computing device 102, i.e., no additional personalized user data is required or communicated to the first administrator server 106 in order to accurately and reliably verity' the identity of a verify ing user 104. A next Step 1106 comprises compiling the biometric user data, the personalized user data, and the unique phone data into a single user identity data file, encrypting the single user identity data file and generating a data decryption key, and segregating the single user identity data file into a plurality of encrypted segregated user identity data files each independently stored on the first administrator server 106 and the second administrator server 108. As used herein, encryption is defined as the process of encoding information by converting the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decipher a ciphertext back to plaintext and access the original information. In a preferred embodiment, the encryption used to encrypt the single user identity data file is Secure Hash Algorithm 2 (SHA-2), a set of cryptographic hash functions built using the Merkle-Damgard construction, from a one-way compression function itself built using the Davies-Meyer structure from a specialized block cipher. In alternate embodiments, the specific form or type of encryption may vary but the function and purpose remain the same, i.e., to protect and secure the single user identity data file such that only authorized users who have possession, custody, or control over the data decryption key can access and view the single user identity data file in a coherent and readily understandable format. Once the single user identity data file is encrypted, it is then segregated in its encrypted form into a plurality of encrypted segregated user identity data files each independently stored on the first administrator server 106 and the second administrator server 108. While the single user identity data file is segregated into the plurality of encrypted segregated user identity data files each independently stored on the first and second administrator servers 106, 108, those of skill in the art will appreciate that additional segregation over additional servers may be utilized and still covered under said scope.
Once segregated, the single user identity data file is unable to be read in its original plaintext format to ascertain the biometric user data, the unique phone data, and the personalized user data unless and until the single user identity data file is aggregated back together to form the composite single user identity data file and decrypted using the data decryption key. By encrypting the single user identity data file, segregating it into a plurality of encrypted segregated user identity data files, and independently storing the plurality of encrypted segregated user identity data files on both the first administrator server 106 and the second administrator server 108, the single user identity data file is cloaked with additional layers of data protection and security operably configured and designed to prevent unauthorized access to the single user identity data file. Said differently, each of the foregoing measures independently functions to ensure the integrity, security, and protection of the single user identity data file and, when all of the measures are utilized or applied contemporaneously, the overall integrity, security, and protection of the single user identity data file is further solidified.
In accordance with a further Step 1107, the method 100 further comprises communicating the data decryption key to the user electronic computing device 102 for storage on the memory 206 thereon. In storing the data decryption key on the memory 206 of the user electronic computing device 102, only the verifying user 104, or another authorized user of the user electronic computing device 102, can decrypt the encrypted single user identity data file. Even if the user electronic computing device 102 falls into the hands of an unauthorized user, however, the unauthorized user is unable to obtain the decry pted version of the single user identity data file due to additional data security and protection measures in place (and described below). In one embodiment, the data decryption key identifies where to source the plurality of encrypted segregated user identity data files from, while in other embodiments, the data decryption key is sent along with another identifier, e.g., the verifying user’s f04 phone information, account information, etc.
A next Step 1108 entails communicating an electronic identity verification request to the user electronic computing device 102, wherein the electronic identity verification request is generated by the requesting user 112 to verify the identity of the verifying user f04. In one embodiment, the electronic identity verification request will be generated by the requesting user 112 by logging into the administrator’s system, web-based platform, and/or software application that is communicatively coupled to the first administrator server 106, wherein a closed-network identity verification session 1200 is formed when the electronic identity verification request is generated by the requesting user 112. In other embodiments, the electronic identity verification request will be generated without the requesting user 112 having to log into any system, i.e., the electronic identity verification request will simply include a hyperlink for the verification user to log into the administrator server and preset requirements for verification and the contact for the requesting user 112.
The process flow diagram in FIG. 12 best depicts the Steps comprising the closed-network identity verification session 1200. The electronic identity verification request forms a closed-network identity verification session 1200, wherein closed-network is defined as a network that is not open or readily accessible to the public, that includes the Step 1202 of executing the identity verification software application on the user electronic computing device 102. In accordance with this Step, the customer may receive an automated email containing a token and button/link to confirm their identity. If they have used the identity verification softw are application before, the identity verification software application will automatically open. If the user is a new user, the email points them to download the executable identity verification software application from tire Apple or Android store and may prompt the customer to enter a short numeric code that was sent to the customer’s email or cell phone. This also confirms to the executable identity verification softw are application that the user’s email address and/or cell phone number is valid.
The closed-network identity verification session 1200 further includes the Step 1203 of communicatively coupling the user electronic computing device 102, the first administrator server 106, and the second administrator server 108 over the network 118, and a next Step 1204 of communicating, from the user electronic computing device 102, at least one of secondary biometric user data of the verifying user 104, secondary personalized user data, and secondary unique phone data from the user electronic computing device 102 to at least one of the first administrator server 106 and the second administrator server 108. Said differently, the verification session may include communicating, from the user electronic computing device 102, one or more of the secondary biometric user data of the verifying user 104, secondary personalized user data, and/or secondary unique phone data from the user electronic computing device 102 to at least one of the first administrator server 106 and the second administrator server 108. The secondary biometric user data of the verifying user 104, secondary personalized user data, and/or secondary unique phone data from the user electronic computing device 102 is generated in response to the electronic identity verification request and is intended to facilitate the identity verification of the verifying user 104. In a preferred embodiment of the present invention, the closed-network identity verification session further comprises communicatively coupling the user electronic computing device 102, the first administrator server 106, the second administrator server 108, and the requestor electronic computing device 110 together on the network 118.
The closed-network identity verification session 1200 further includes the Step 1205 of communicating the data decryption key from the user electronic computing device to at least one of the first administrator server 106 and the second administrator server 108, and a further Step 1206 of aggregating the plurality of encrypted segregated user identity data files stored on the first administrator server 106 and the second administrator server 108 to generate and decrypt, utilizing the data decryption key, the single user identity data file. In another embodiment, the method 100 may further comprise a third administrator server 116, wherein the data decryption key is backed-up on the third administrator server 116 as opposed to on the user electronic computing device. This feature beneficially provides for greater administrative oversight and added protection over the data decryption key, particularly where the user electronic computing device is susceptible to being destroyed, damaged, hacked, or otherwise compromised.
In accordance with the present invention, the verification session 1200 includes a Step 1207 of autonomously verifying an identity of the verifying user 104 by comparing the at least one of the secondary biometric user data of the verifying user 104, the secondary personalized user data, and the secondary unique phone data from the user electronic computing device 102 to at least one of the biometric user data of the verifying user 104 from the user electronic computing device 102, the personalized user data from the user electronic computing device 102, and the unique phone data from the user electronic computing device 102 to ascertain a data and identity match, and a final Step 1208 of communicating an indication of the data and identity match to the requestor electronic computing device 110. As used herein, autonomously may include, for example and without limitation, using programmed computer algorithms on the servers 106, 108. An algorithm is defined as a set of unambiguous instructions that a mechanical computer can execute. In an exemplary embodiment, the indication of the data and identity match to the requestor electronic computing device 110 is discrete and does not include any user-identifying information that would be personal to further protect the privacy of the verifying user 104 and its data
In accordance with one embodiment of the present invention, the biometric user data of the verifying user 104 received from the user electronic computing device 102 includes a digital facial image depicting the verifying user 104 taken by the camera 200 of the user electronic computing device 102 and the closed-network identity verification session 1200 further comprises taking a picture of the verifying user 104 from the camera 200 of the user electronic computing device 102, the picture of the verifying user 104 from the camera of the user electronic computer device 102 forming part of the secondary' biometric user data of the verifying user 104 and communicating the at least one of a secondary biometric user data of the verifying user 104 to the at least one of the first administrator server 106 and the second administrator server 108; and autonomously verifying an identity of the verifying user 104 by comparing the picture of the verifying user 104 from the camera of the user electronic computer device 102 forming part of the secondary biometric user data of the verifying user 104 to the digital facial image depicting the verifying user 104 taken by the camera 200 of the user electronic computing device 102 to ascertain the data and identity match. As with the biometric user data of the verifying user 104 and the personalized user data from the user electronic computing device 102, the digital facial image is generally extracted or derived from a physical form of identification, e.g., passport, driver’s license, or other government issued form of identification. This comparison of the picture of the verifying user 104 from the camera 200 of the user electronic computer device 102 forming part of the secondary biometric user data of the verifying user 104 to the digital facial image depicting the verifying user 104 taken by the camera 200 of the user electronic computing device 102 forming part of the biometric user data ensures that, even in the event that an unauthorized party obtains physical possession, custody, or control of the user electronic computing device 102, the unauthorized party is unable to decrypt the encrypted single user identity data file unless and until they achieve a biometric identity match. Due to the inherently unique nature and qualify of the biometric user data and the secondary biometric user data, only the verifying user 104 can succeed in achieving a biometric identity match. In this way, the personal data and information of the verifying user 104 is kept reliably secure and all identify matches are authentic and accurate such that a requesting user need not question the legitimacy or reliability of an identity match.
In one embodiment, the method 100 further comprises the Step of communicating the electronic identity verification request to the user electronic computing device 102 using a Short Message Service (“SMS”) text or another comparable electronic notification capability, e.g., e-mail, push notifications, etc. Communication of the electronic identity verification request to the user electronic computing device 102 serves to timely notify the verifying user 104 of an outstanding electronic identity verification request and to prompt the verifying user 104 to initiate the next Steps required to achieve an identity match, as detailed above.
In an exemplaiy embodiment of the present invention, the method 100 further comprises storing the at least one of the secondary biometric user data of the verifying user 104, the secondary personalized user data, the secondary unique phone data from the user electronic computing device 102, the at least one of the biometric user data of the verifying user 104 from the user electronic computing device 102, the personalized user data from the user electronic computing device 102, and the unique phone data from the user electronic computing device 102 used in the closed- network identity verification session 1200 on at least one of the first administrator server 106 and the second administrator server 108 on a data block forming part of an interconnected plurality of data blocks linked together and each also having a cryptographic hash of a previously generated block and a timestamp, also generally referred to as a blockchain among those skilled in the art. Specifically, a blockchain is a growing list of records, called blocks, that are linked together using cryptography. Each block contains a cryptographic hash of the previous block, a timestamp, and transaction data (generally represented as a Merkle tree). The timestamp proves that the transaction data existed when the block was published in order to get into its hash. Blocks contain the hash of the previous block, forming a chain, with each additional block reinforcing the one before it. Therefore, blockchains are resistant to modification of their data because once recorded, the data in any given block cannot be altered retroactively without altering all subsequent blocks. In view of the foregoing, this feature of the method 100 provides added security and protection over the data of the verifying user 104, e.g., the secondary biometric user data of the verifying user 104, the secondary personalized user data, the secondary unique phone data from the user electronic computing device 102, the biometric user data of the verifying user 104 from the user electronic computing device 102, the personalized user data from the user electronic computing device 102, die unique phone data from the user electronic computing device 102, etc., such that the data of the verifying user 104 is resistant to unauthorized attempts to access or decrypt the data such as, for example and without limitation, by hackers.
In an alternate embodiment, the method 100 also comprises segregating the single user identity data file into the plurality of enciypted segregated user identity data files each of randomly generated data sizes. Segregating the plurality of enciy pted segregated user identity data files into randomly generated data sizes makes it more difficult for unauthorized third parties to gamer a cognizable or fruitful portion of the complete single user identity data file even if they obtain one of the plurality' of encrypted segregated user identity data files.
In accordance with a further feature of one embodiment of the present invention, the method 100 further comprises the Step of communicating, from the requestor electronic computing device 110 communicatively coupled to the user electronic computing device 102, the electronic identity verification request to the user electronic computing device 102. This feature beneficially conserves time for the requesting user 112 as the electronic identity verification request is communicated directly from the requestor electronic computing device 110 to user electronic computing device 102. In alternate embodiments, the electronic identity verification request may be communicated from the servers 106, 108 to enable greater administrative oversight or control.
In an alternate embodiment of the present invention, the method 100 may be utilized in connection with verifying the authenticity and ownership of a specific asset rather than a specific user, wherein the asset may be either tangible or intangible, e.g., vehicle, house, stocks, etc. To protect and prove the authenticity of an asset, the current owner registers the serial number that is uniquely associated with the asset and, after supplying electronically certificated proof of ownership, the asset is issued its own unique Digital Secured Unforgeable Serial Number (“DSUsn”). The DSUsn may then be linked directly to the owner’s DSUid, supplying proof of ownership and traceability of the asset. In accordance with this embodiment, the method 100 further comprises receiving, at the first administrator server 106 that is communicatively coupled to the user electronic computing device 102 over a network, asset data of the verifying user 104 from the user electronic computing device 102; compiling the asset data into a single asset identity data file, associating the single asset identity data file with the verifying user 104, encrypting the single asset identity data file and generating a data decryption key, and segregating the single asset identity data file into a plurality of encrypted segregated asset identity data files each independently stored on the first administrator server 106 and the second administrator server 108; and communicating the data decryption key to the user electronic computing device 102 for storage on the memory 206 thereon. A next Step comprises communicating an electronic identity verification request to the user electronic computing device 102, the electronic identity verification request forming a closed- network identity verification session 1200 that includes: executing the identity verification software application on the user electronic computing device 102; communicatively coupling the user electronic computing device 102, the first administrator server 106, and the second administrator server 108 over the network; communicating, from the user electronic computing device 102, at least one of secondary biometric user data of the verifying user 104, secondary personalized user data, and secondary unique phone data from the user electronic computing device 102 to at least one of the first administrator server 106 and the second administrator server 108; communicating the data decryption key from the user electronic computing device to at least one of the first administrator server 106 and the second administrator server 108; aggregating the plurality of encrypted segregated asset identity data files stored on the first administrator server 106 and the second administrator server 108 to generate and decrypt, utilizing the data decryption key, the single asset identity data file; autonomously verifying an identity of the verifying user 104 by comparing the at least one of the secondary biometric user data of the verifying user 104, the secondary personalized user data, and the secondary unique phone data from the user electronic computing device 102 to at least one of the biometric user data of the verifying user 104 from the user electronic computing device 102, the personalized user data from the user electronic computing device 102, and the unique phone data from the user electronic computing device 102 to ascertain a data and identity atch; and communicating an indication of the asset data and user identity match to the requestor electronic computing device 110.
In an exemplary embodiment, the method 100 further comprises the closed-network identity verification session 1200 including, after the data and identity match, recompiling the single user identity data file, encrypting the single user identity data file and generating a secondary data decryption key, and segregating the single user identity data file into a plurality of secondary encrypted segregated user identity data files each independently stored on the first administrator server 106 and the second administrator server 108; and communicating the secondary data decryption key to the user electronic computing device 102 for storage on the memory 206 thereon. In accordance with blockchain capabilities, each single user identity data file that is subsequently compiled or generated is protected in the same manner as the original single user identity data file.
In the scope of a commercial transaction, when a company requires to confirm the identity of a customer, or when they require a document or agreement to be signed, they must communicate an electronic identity verification request to the user electronic computing device 102 by inputting their customer details including their customer's mobile phone number and email address, etc., or importing the customer details from their CRM package. For online/website usage, the method 100 can supply the company with an API with predefined buttons/links to integrate to their signup process.
To continue with each step of the method 100, the previous step must be completed correctly and accepted. If not, the verifying user 104 is invited to try again or request technical support. The method 100 may further comprise a witness feature for double certification as required by certain contracts. If the contract or document is too complicated or lengthy to be signed on a smartphone, the verifying user 104 can use a computer once the geolocation of the smartphone and the IP location of the computer are verified to ensure the two match.
The artificial intelligence capabilities of the method 100 conduct numerous automated checks to ensure documents are real and authentic, including correct signatures, positioning of all form details and specific information such as, without limitation, telephone numbers, first and last names, a scan of an ID document previously provided. To guard against unauthorized attempts to access a verifying user’s 104 data, the number of successful authentications (SA) completed versus unsuccessful authentications (UA) completed will impact the scoring by a maximum of 25%, which is formulated as follows. Since the first successful Identification, if UA > 1 then UA/SA = FSA (first successful authentication %). For the last 12 months, if UA > 1 then UA/SA = YSA (Year successful authentication %). For the last 3 months, if UA > 1 then UA/SA = QSA (Quarter successful authentication %). The calculation is the average impact on the DSUId score: 100 - (Sum ( OSA+YSA+QSA)/3) =NAF. IfNAF < 25%, DSUId is reduced by NAF%. If NAF > 25%, DSUId is reduced by 25%. All information about DSUId usage attempts is stored and analyzed, including all picture, fingerprint, and voice inputs. In the case of unsuccessful authentication, all the biometrics fraudulently used are recorded including the geolocation, date and time are recorded along with the phone IMEI and language of the phone, or OS, serial number and language for a PC using a phone simulator. With the strength of this database, the Al feature will compare any unsuccessful attempts with its history and take action if necessary.
The action could be locking the account, informing the company via email of possible fraudulent activity, and/or requesting the user telephone technical support. This database enables the method 100 to anticipate fraudulent activity by looking historically at the data collected on unsuccessful authentications such as location of user, type of device used or type of document supplied etc.
All the data collected on a user is combined and encrypted into one single DSUId, i.e., the single user identity data file. As best depicted in the flowchart diagram of FIG. 4, the single user identity data file is then randomly split into two and then sealed using blockchain technology with full hashing (SHA-256). The Al decides where to randomly split the data between the first portion referred to as the ‘A cut’ which is then securely stored on the first administrator server 106 and the second portion referred to as the ‘B cut’ stored on the second administrator server 108. In addition, a random ‘cut C’ is stored in a third location which, in a preferred embodiment, is the user electronic computing device 102 of the verifying user 104, with this portion also being backed-up to a third administrator server. ‘Cut C’ is always stored on the user electronic computing device 102, but a copy of this is also secured on the third administrator server which would only be collated back from the administrator server 106, 108 with ‘Cut A’ and ‘Cut B’ if (i) the verifying user 104 changes or loses the user electronic computing device 102, reinstalls the executable identity verification software application, and passes the new identity verification process; or (ii) a court of law order requests disclosure of the full details of a verifying user 104. If the verifying user 104 in the future wants to change part of their DSUId, another facial image or voice recording of the verifying user 104 must be provided to doublc-chcck and verify their identity. The method 100 may be found particularly useful by any company requiring legally binding signatures on any contract, including, but not limited to any B2B contracts; banking; lawyers/solicitors; housing associations; utilities suppliers; insurance suppliers/agents; phone providers, internet providers; or any user dealing with contractual agreements.
With reference to FIG. 13, another block diagram and system 1300 of a computer-implemented user identity verification method, in accordance with one exemplary embodiment of the present invention, is depicted. This method enables the collation of data from the blockchain and anonymous biometric data and user’s data (e.g., a user’s license to prove ownership), and beneficially and uniquely stores said data on the user’s phone and accessible through execution of a software application. More specifically, the computer-implemented user identity verification method ay include the step of providing a user electronic computing device 1302 of a verifying user 1306 and a requestor electronic computing device 1304 of a requesting user 1308, wherein the devices 1302, 1304 are electronic computing devices (e.g., a cellphone) and, as discussed above and depicted in FIG. 2, each have an electronic display, a memory, a microphone, a camera, and an executable identity verification softw are application resident the memory thereon.
Beneficially, the process includes capturing an initial real-time facial image of the verifying user 1306 from the camera of the user electronic computing device 1302 and storing the image of the verifying user on the memory of the user electronic computer device 1302 in addition to capturing a real-time image of a physical indicia 1310 of identification depicting a facial image 1312 of the verifying user 1306. This may be done before the software application is executed on the device 1302 or, preferably, after the software application executed so the captured images can be tested, using the software application, for liveness and bias mitigation to confirm the veracity of the images and so the captured images can be encrypted using, for example, AES-256. Beneficially and unlike any known methods, the sensitive and personal information of the verifying user 1306, e.g., the image of the physical indicia of identification depicting the facial image and the real-time image of the verifying user 1306 captured by the camera of the device 1302, are stored on the memory of the user electronic computer device in an encrypted and protected stated. Said another way, the onboarding process of initially determining a verifying user’s identity may include executing the identity verification software application for encrypting the image of the verifying user and the image of the physical indicia of identification, wherein the encryptions may also be an AES-2 6 protocol. As such, the verifying user 1306 is given complete control of personal identifying information, unlike many known methods.
The process then includes executing the identity verification software application on the user electronic computing device 1302 that compares the initial real-time facial image of the verifying user 1306 and the facial image 1312 on the physical indicia of identification 1310 to ascertain an initial positive identity verification. In one embodiment, the physical indicia 1310 of identification, e.g., driver’s license, passport, company identification card, etc., is compared to database of known and authenticated identification forms to ascertain whether the indicia is a possible forgery or authentic. This comparison may be preferably done on the device 1302 itself (to maintain privacy) or remotely at a server 1314 (e.g., an administrative server communicatively couplable with the device 1302 or a third- party' server 1320 (e.g., a government ID database) over a network 1316 using communication connections 1318a- n).
Next, the process may include the step of compiling the real-time facial image of the verifying user 1306 and/or the real-time image of the physical indicia 1310 of identification depicting the facial image of the verifying user and/or the unique device identifier (“UDID”) of the device 1302 into a single user identity data file after the positive identity verification has been ascertained by the software. The UDID is conventionally a 40-digit sequence of letters and numbers that is uniquely associated with a mobile electronic computing device. The process may also include segregating an anonymous and unique data segment of either or both the initial real-time facial image of the verifying user and/or the real-time image of the physical indicia of identification depicting the facial image of the verifying user and/or the UDID utilizing a protocol and subjecting the anonymous and unique data segment to an unkeyed cryptographic hashing to generate an initial hashed data file. The protocol, for example, may include deciphering and abstracting the facial outline and/or certain facial features, e.g., nose, eye, or chin structures/profiles and using those same facial outline and/or certain facial features, e.g., nose, eye, or chin structures/profiles for subsequent identification. Said another way, the protocol will be programmed into the software and may be replicated each identification verification session. Said differently, in the subsequent or second identification verification, the software will be programed (i.e., have a protocol) to use the same information/user data that is utilized in the initial identification verification so that a 100% match can be ascertained. In another embodiment, the anonymous data segment may be randomly segregated based on a programmed algorithm and the data segment is anonymous in that it is not able to identify verifying user 1306, whether by name, likeness, etc.
In one embodiment, the process includes executing the identity verification software application for segregating the UDID associated with the verifying user electronic computing device 1302 utilized as part of the initial hashed data file and for segregating a UDID associated with the verifying user electronic computing device 1302 utilized as part of the second hashed data file. Said another way, the UDID is taken at least twice during the ID verification process, i.e., during onboarding and after receiving the user identity request on the user electronic computing device 1302. To reduce processing resources, the UDID is preferably conjugated with the anonymous and unique data segment before being subjected to the unkeyed cryptographic hashing. In some embodiments, the entire UDID is utilized and, in other embodiments, only a partial and/or a random segment of the UDID is utilized. The protocol utilized to segregate the anonymous and unique data segment may be beneficially stored on the memory of the verifying user electronic computing device 1302 for security
One example of the aforementioned segregation and conjugation process may include extracting random portions of the physical indicia 1310 of identification, e.g., passport having the following information: passport number: 68619698698, first and last name: Mike Jackson, birthday: 05/13/1969, country: USA, city: Washington, wherein the protocol may segregate the “19” from the passport number, “ik” from the first name, “13” and “9” from the birthday, “S” from the country, and “h” and “o” from the city . As such, the anonymous and unique data segment may be 19ikl39Sho, wherein the anonymous and unique data segment may be case sensitive (as recognized by the software from the physical indicia 1310) and alphanumeric. Next, a number randomly generated by an algorithm using the protocol or the UD1D is then conjugated with the anonymous and unique data segment, e g., 19ikl39Sho2078912869, making a full reference. Therefore, the protocol can be seen describing which digit(s) in which the information is taken. The full reference is then encrypted SHA-256, or subjected to the unkeyed cryptographic hashing, to generate the initial or second hashed data file either stored on the blockchain or stored locally.
The unkeyed cryptographic hashing is a hashing algorithm or function that takes an input of variable length and may produce a 256-bit long hash output. The software application will be programed to cause the random segregating an anonymous data portion of the single user identity data file, hashing the anonymous data portion into a hashed data file, and attributing the hashed data file to the verifying user 1306. To that end, the process may include communicating the hashed data file associated with the verifying user 1306 to the verifying user's account stored on the server 1314.
The process may also include storing the hashed data file on a generated data block forming part of an interconnected plurality of generated data blocks linked together and each of the plurality of generated data blocks having a cryptographic hash of a previously generated data block and a timestamp, i.e., a personal blockchain for the verifying user 1306. To that end, the process may include communicating the initial hashed data file generated in the onboarding process to a server 1314 communicatively coupled to the user electronic computing device 1302 over the network 1316.
Subsequently, after the onboarding process, when a secondary user, i.e., a requesting user 1308, desires to confirm the identity^ of a user 1306, the requesting user 1308 may' send, and the verifying user 1306 will receive (directly or indirectly), a user identity request on the user electronic computing device 1302 and will then be prompted to capture a second real-time facial image of the verifying user 1306 from the camera of the user electronic computing device 1302. In some embodiments, the identity' verification software application is required to be executed on the requestor electronic computing device 1304 before receiving the user identity request on the user electronic computing device 1302 and before communicating the user-unidentifiable notification over the network 1316 to the requestor electronic computing device 1304 of a 100% match or a non- 100% match (as discussed below).
The second real-time facial image of the verifying user 1306 may also be stored on the memory of the user electronic computer device 1302 and the identity verification software application on the user electronic computing device 1302 will execute software for comparing the second real-time facial image and the facial image on the physical indicia of identification to ascertain a second positive identity verification. Then, subject to ascertaining the second positive identity verification, an anonymous and unique data segment will be segregated from one or both of the initial realtime facial image of the verifying user 1306 and/or the real-time image of the physical indicia of identification 1312 depicting the facial image 1312 of the verifying user 1306 (depending on the set protocol), wherein the anonymous and unique data segment will be subjected to the same unkeyed cryptographic hashing to generate a second hashed data file.
Thereafter, the process will include comparing the initial and second hashed data files to ascertain a 100% match or a non- 100% match and will communicate a user-unidentifiable notification over the network 1316 to the requestor electronic computing device 1304 (directly or indirectly) of the 100% match or the non-100% match. Said another way, the initial hashed data file may be stored in a private blockchain and the physical indicia of identification 1310 will be beneficially stored (and encrypted) only on the user’s electronic device 1302. The software application will also be executed for decrypting the image of the physical indicia of identification 1310 before comparing the second real-time facial image and the facial image 1312 on the physical indicia of identification 1310 and re-encrypting the image of the physical indicia of identification 1310 after comparing the second real-time facial image and the facial image 1312 on the physical indicia of identification 1310.
Also depicted in FIG. 13 is a third-party server 1320 that may be communicatively coupled to the device 1302 or the server 1314. The third-party server 1320 (also referred to as third party 1320) may be associated with a company, organization, or agency that can request identity verification from the verifying user 1306 using the verification data obtained during initial onboarding and subsequent user data. Specifically, the verifying user 1306 will complete the initial onboarding process that generates the initial hashed data file and then the third party 1320 may then request (from the server/admin 1314). If the verifying user 1306 has never completed the onboarding process, the user will be required to download the software on their device 1302 and follow the above-referenced process. In some instances, the third party 1320 will ascertain whether the verifying user 1306 is registered by looking through a database on the server 1314 storing an email address associated with the verifying user 1306.
Specifically, the verifying user 1306 may receive a user identity request on the user electronic computing device 1302 and may then be asked to capture a second real-time facial image of the verifying user 1306 from the camera of the user electronic computing device 1302. Like the initial real-time facial image, the image is preferably required to be taken directly by the camera and utilized by the software application as opposed to be uploaded from a file stored on the user’s phone (i.e., real-time). In some limited embodiments, the software application may be programmed to only allow photos to be uploaded and utilized by the software application if the photo of the user’s facial image was taken within the last hour or some other shortened time period. The second real-time facial image of the verifying user 1306 is stored on the memory of the user electronic computer device 1302 and the identify verification software application on the user electronic computing device 1302 is executed to compare the second real-time facial image and the facial image 1312 on the physical indicia of identification 1310 to ascertain a second positive identity verification. Thereafter, another anonymous and unique data segment is segregated using the protocol (e.g., either or both of the second real-time facial image of the verifying user 1306 and/or the real-time image of the physical indicia of identification 1310 depicting the facial image 1312 of the verifying user 1306). The data segment is then subjected to the same unkeyed cryptographic hashing process that the data segment in onboarding process was subjected to and generates a second hashed data file. The initial and second hashed data files are then compared by the software to ascertain a 100% match or a non- 100% match. Beneficially, the user- unidentifiable notification that is sent to the requesting user 1308 over the network 1316 is the non-user identifiable 100% match or a non- 100% match. The second hashed data file may be locally stored on the memory of the user electronic computer device 1302 and accessing, with the user electronic computer device 1302, the initial hashed data file on the generated data block communicatively coupled to the user electronic computing device 1302 before comparing the first and second hashed data files. The second hashed data file may also be stored locally on the memory of the user electronic computer device and accessing, with the user electronic computer device 1302, the initial hashed data file on the server 1314 before comparing the first and second hashed data files.
As such, there is no need for the requesting user 1308 or verifying user 1306 to complete additional forms or paperwork, no need to scan or supply copies of any indicia of identification, and providing the ability to instantly confirm the verifying user’s 1306 true identity. This process also provides the benefit of less customer friction during onboarding, faster and more secure onboarding of new clients, less staff hours required for processing new customers, removing the requirement to have systems in place to securely store the users photo ID (if Id verification delivered as a ‘yes’ or ‘no’), no staff training required to spot forged or fake documents, instant confirmation of the individuals ID reliability score, and for the company to instantly receive copies of the verifying user’s 1306 ID documents and other biometrics (if the verifying user 1306 agrees to sharing them).
Still referring to FIG. 13, the process and system can also be seen utilizing another third-party server 1322 (also referred to as additional third party 1322), e g., a social media server that is capable of requesting and receiving tire hashed data file to verify the identity of a platform user (i.e., that is also a verifying user 1306). This additional third party 1322 may also be a government body, organization, or company that itself creates or generates a hashed data file (based on the verifying user’s information) that is then allocated to the verifying user 1306 after installing and executing the software on the verifying user’s device 1302. After the hashed data file is associated with the verifying user 1306, the verifying user will then add biometric data to the user’s phone which is encrypted. The verifying user 1306 will then utilize the hashed data file for subsequent transactions to verify his or her identify . In one embodiment of the invention, the process may include a multi-level authorization protocol, whereby a verifying user 1306 will create the hashed data file, will utilize the hashed data file for attempting to verify the user’s identity, and, if the requesting user requires a higher level of authentication, will request additional information or outside confirmation to confirm the user’s identity. If the verifying user 1306 provides the additional information or outside confirmation is provided, the verifying user 1306 will be approved. This additional level of verification will only be required if the sy stem is set up for different tiers or levels of authentication, whereby the hashed data file will be configured by the server/ admin to have different levels of authentication associated with it. The system and process may be configured such that when the hashed data file is associated with a higher or increased authentication level or tier, subsequent verification for said higher tier will not be required.
In an additional embodiment, the identity verification software application is executed and is operably configured to generate a reliability score dictated by a ranking algorithm utilizing a hierarchy of ranked plurality of physical indicia of identifications and the physical indicia of identification depicting the facial image of the verifying user. The ranking algorithm may also utilize the 100% match or the non- 100% match to generate the reliability score. Specifically, the anonymous digital hashed data file (idNFT) can be utilized as an ID verification, or “virtual passport” by any number of organizations. When the user 1306 creates the initial IdNFT, the system/software is configured to allocate the idNFT a reliability score based on, for example, the quality of the governmental ID or indicia 1310 utilized by the verifying user 1306. Another example of a document that could affect the reliability score and ranking could be a passport with an older issuing date compared to a newer issuing date that may also utilize NFT technology. The ranking of the IdNFT may be continuously or sporadically increased, for example, based on every 100% match utilizing the software, the number of different organizations successfully utilizing the IdNFT to validate the indicia 1310 of the user 1306, the reliability of any additional biometrics and ID documents added by the verifying user 1306, and/or the identity of the user 1306 is virtually countersigned by a person of good standing and/or trusted organization.
In a further embodiment, the process may be configured such that the physical indicia of identification is confirmed as being authentic by the organization issuing the identification for the verifying user 1306 after the hashed data file is created in the onboarding process. More specifically, once the hashed data file is created, the system and software may communicate the entire or fragmented data file depicting the physical indicia of identification 1310 to the third party 1322 organization that will conduct their own authentication process by comparing the physical indicia of identification 1310 to its database. If it matches, a push notification will be sent to the verifying user 1306 confirming the same and if it is a failed comparison, it may be reported to the administrator 1314 and/or the verifying user 1306 for additional proof of identity verification. In one embodiment of the present invention, a voice ID of the verifying user 1306 is created to enhance the authenticity of the verifying user’s identity. More specifically, the onboarding process may include capturing an initial voice recording of the verifying user 1306 from a microphone of the user electronic computing device 1302 and then compiling the initial voice recording into an initial voiceprint utilizing at least one of the tone, rhy thm, and pitch of the initial voice recording, and storing the initial voiceprint recording on the memory of the user electronic computer device 1302. Then, when receiving the user identity request on the user electronic computing device 1302, a second voice recording of the verifying user 1306 is captured from the microphone of the user electronic computing device 1302 and is then compiled (using the same protocol as the initial voice recording) into a second voiceprint utilizing at least one of the tone, rhythm, and pitch of the second voice recording. The process may also include prompting the verifying user 1306 on the user electronic computing device 1302 to speak a defined sentence (or other programmed words) programmed on the identity verification software application for both the initial and second voice recordings. As such, utilizing the camera or microphone of the device 1302 provides the user with the ability to verify their identity quickly and robustly using the traditional “selfie” liveness image, or by repeating the spoken sentence. The IdNFT system then analyses the user’s voice's unique characteristics, and detects whether the voice matches that previously recorded. If solely utilizing the user’s voice in lieu of capturing the user’s image, a much smaller data file is used during the comparison process than using a liveness image, therefore speeding up the overall time of the process. For users who through choice or religious beliefs wear a facial covering such as a burqa are able to onboard using their government ID in the privacy of their own home, and then verify their ID in public by using the voice option. Voice ID can also be used as a backup if for any reason, the user’s camera is broken on their device 1302. For the requesting user 1308, additional security levels can be created, if required, by requesting the user 1306 provide both a live image and a voiceprint.
Therefore, the present invention enables parties to verify a user’s identity using an IdNFT, wherein after a verifying user 1306 has finished onboarding, or the initial verification process, the system and subsequent verification process supplies the parties requesting the identification verification a simple “yes” or “no”. For the verifying user 1306 this provides the user 1306 the ability to authenticate the user without sharing private data or biometrics. As such, identify verification has become completely anonymous with the party the user 1306 is dealing with, whilst robustly confirming the user 1306 is tire correct person. For the requesting party 1308, the system and process the party the ability to confirm a user’s true identity without having the systems in place to securely store private identification documents of the user 1306, remove the requirement and need to have suitably trained staff to review the validity of photo ID, ensuring the IDs are not forgeries or fake, and that all the actions associated with the IdNFT are stored for perpetuity in the IdNFT private blockchain. In one embodiment, the company or organization requesting identity verification from the user 1306 may also request, but the user is not required to provide, copies of user’s documents utilized by the aforementioned process and/or other biometrics confirming the user’s identity. If the user 1306 agrees, then this requested information may be provided to the requesting user 1308. The GPS location of the user’s device 1302 may be ascertained when the user 1306 captures the image(s) and the GPS location may also be provided to the requesting user 1308 if consented to by the user 1306, thereby giving the user 1306 self-sovereignty for the personal information and data provided by the user 1306. Based on the structural and operational configuration of the present invention, all ID documents and biometric data that may be capable of revealing the user’s 1306 identity are securely stored on the user’s 1306 own device 1302 and in no other location unless consented to by the user 1306. Said another way, the only data stored externally is an anonymous hash on the IdNFT blockchain, and anonymous biometric data stored on the secure IdNFT server 1314. In both instances (blockchain hash and biometric data) everything external of the device 1302 is completely anonymous and by themselves cannot be linked back to any IdNFT and therefore to any individual. The only way that the anonymous blockchain hash and biometric data can be merged with the data on the user’s device 1302 to verify their ID is a call from the device 1302 itself. There is no way that a call can be made from the blockchain or server, and no route from the blockchain or server back to the device 1302. This equates to the anonymous data stored externally to be 100% secure, as even if the IdNFT blockchain or secure server 1314 was hacked, the unidentifiable hash and data could not be used for any purpose and could never be linked back to any individual.

Claims

CLAIMS What is claimed is:
1. A computer-implemented user identity verification method comprising: providing a verifying user electronic computing device of a verifying user and a requestor electronic computing device of a requesting user, each with an electronic display, a memory, a camera, and an executable identity verification softw are application resident the memory thereon; capturing an initial real-time facial image of the verifying user from the camera of the user electronic computing device and storing the initial real-time facial image of the verifying user on the memory of the user electronic computer device: capturing a real-time image of a physical indicia of identification depicting a facial image of the verifying user and storing the image of the physical indicia of identification depicting the facial image on the memory' of the user electronic computer device; executing the identify verification software application on the user electronic computing device that executes software for: comparing the initial real-time facial image and the facial image on the physical indicia of identification to ascertain an initial positive identity verification; segregating an anonymous and unique data segment from the real-time image of the physical indicia of identification depicting the facial image of the verifying user utilizing a protocol and subjecting the anonymous and unique data segment to an unkeyed cryptographic hashing to generate an initial hashed data file; and communicating the initial hashed data file to a server communicatively coupled to the user electronic computing device over the network; receiving a user identity request on the user electronic computing device and then capturing a second realtime facial image of the verifying user from the camera of the user electronic computing device, storing the second real-time facial image of the verifying user on the memory of the user electronic computer device, and executing the identity verification softw are application on the user electronic computing device that executes software for: comparing the second real-time facial image and the facial image on the physical indicia of identification to ascertain a second positive identity verification; segregating, subject to ascertaining the second positive identity verification, an anonymous and unique data segment from the real-time image of the physical indicia of identification depicting the facial image of the verifying user utilizing the protocol and subjecting the anonymous data segment to the unkeyed cryptographic hashing to generate a second hashed data file; and comparing the initial and second hashed data files to ascertain a 100% match or a non- 100% match; and communicating a user-unidentifiable notification over the network to the requestor electronic computing device of a 100% match or a non-100% match.
2. The computer-implemented user identity verification method according to claim 1, further comprising: executing an identity verification software application on the requestor electronic computing device before receiving the user identity request on the user electronic computing device and before communicating the user- unidentifiable notification over the network to the requestor electronic computing device of a 100% match or a non- 100% match.
3. The computer-implemented user identity verification method according to claim 1, further comprising: executing the identity verification software application for encrypting the image of the physical indicia of identification.
4. The computer-implemented user identity verification method according to claim 3, further comprising: executing the identity verification software application for decry pting the image of the phy sical indicia of identification before comparing the second real-time facial image and the facial image on the physical indicia of identification and re-encrypting the image of the physical indicia of identification after comparing the second realtime facial image and the facial image on the physical indicia of identification.
5. The computer-implemented user identity verification method according to claim 1, further comprising: executing the identity verification software application for compiling the real-time image of the physical indicia of identification depicting the facial image of the verifying user into a single user identity data file and randomly segregating the anonymous and unique data segment from the single user identity data file to generate the initial hashed data file.
6. The computer-implemented user identity verification method according to claim 5, further comprising: storing the initial hashed data file on a generated data block forming part of an interconnected plurality of generated data blocks linked together and each of the plurality of generated data blocks having a cryptographic hash of a previously generated data block and a timestamp.
7. The computer-implemented user identity verification method according to claim 6, further comprising: storing the second hashed data file locally on the memory of the user electronic computer device and accessing, with the user electronic computer device, the initial hashed data file on the generated data block communicatively coupled to the user electronic computing device before comparing the first and second hashed data files.
8. The computer-implemented user identity verification method according to claim 1, further comprising: storing the initial hashed data file on a generated data block forming part of an interconnected plurality of generated data blocks linked together and each of the plurality of generated data blocks having a ciyptographic hash of a previously generated data block and a timestamp.
9. The computer-implemented user identity verification method according to claim 1, further comprising: storing the second hashed data file locally on the memory of the user electronic computer device and accessing, with the user electronic computer device, the initial hashed data file on the server before comparing the first and second hashed data files.
10. The computer-implemented user identity verification method according to claim 1, further comprising: executing the identity verification software application for segregating a unique device identifier associated with the verifying user electronic computing device utilized as part of the initial hashed data file and for segregating a unique device identifier associated with the verify ing user electronic computing device utilized as part of the second hashed data file.
11. The computer- implemented user identity verification method according to claim 10, wherein the unique device identifier is conjugated with the anonymous and unique data segment before being subjected to the unkeyed cryptographic hashing.
12. The computer-implemented user identity verification method according to claim 1, wherein the protocol is stored on the memory of the verifying user electronic computing device.
13. The computer-implemented user identity verification method according to claim 1, further comprising: executing the identity verification software application for generating a reliability score dictated by a ranking algorithm utilizing a hierarchy of ranked plurality of physical indicia of identifications and the physical indicia of identification depicting the facial image of the verify ing user.
14. The computer-implemented user identity verification method according to claim 13, wherein the ranking algorithm utilizes the 100% match or the non- 100% match to generate the reliability score.
15. The computer-implemented user identity verification method according to claim 1, further comprising: capturing an initial voice recording of the verifying user from a microphone of the user electronic computing device, compiling the initial voice recording into an initial voiceprint utilizing at least one of the tone, rhythm, and pitch of the initial voice recording, and storing the initial voiceprint recording on the memory of the user electronic computer device; and receiving the user identity request on the user electronic computing device and then capturing a second voice recording of the verifying user from the microphone of the user electronic computing device, compiling the second voice recording into a second voiceprint utilizing at least one of the tone, rhythm, and pitch of the second voice recording, and executing the identity verification software application on the user electronic computing device that executes software for comparing the initial and second voiceprints to ascertain the second positive identify verification.
16. The computer-implemented user identity verification method according to claim 15, further comprising: prompting the verifying user on the user electronic computing device to speak a defined sentence programmed on the identity verification software application for both the initial and second voice recordings.
PCT/US2023/024655 2022-06-08 2023-06-07 Computer-implemented user identity verification method Ceased WO2023239760A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US202263350198P 2022-06-08 2022-06-08
US63/350,198 2022-06-08

Publications (1)

Publication Number Publication Date
WO2023239760A1 true WO2023239760A1 (en) 2023-12-14

Family

ID=89118868

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2023/024655 Ceased WO2023239760A1 (en) 2022-06-08 2023-06-07 Computer-implemented user identity verification method

Country Status (1)

Country Link
WO (1) WO2023239760A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118606920A (en) * 2024-08-07 2024-09-06 支付宝(杭州)信息技术有限公司 Transaction processing method, device, storage medium and electronic device
CN118764279A (en) * 2024-07-19 2024-10-11 中国海洋大学 A proxy pairing method and system based on identity encryption

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030135740A1 (en) * 2000-09-11 2003-07-17 Eli Talmor Biometric-based system and method for enabling authentication of electronic messages sent over a network
US7039221B1 (en) * 1999-04-09 2006-05-02 Tumey David M Facial image verification utilizing smart-card with integrated video camera
US20150154390A1 (en) * 2003-03-07 2015-06-04 Completelyonline.Com, Inc. Systems and methods for online identity verification
US20160162729A1 (en) * 2013-09-18 2016-06-09 IDChecker, Inc. Identity verification using biometric data
US20160275518A1 (en) * 2015-03-19 2016-09-22 ecoATM, Inc. Device recycling systems with facial recognition
US20210279316A1 (en) * 2016-07-29 2021-09-09 Trusona, Inc. Anti-replay authentication systems and methods

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7039221B1 (en) * 1999-04-09 2006-05-02 Tumey David M Facial image verification utilizing smart-card with integrated video camera
US20030135740A1 (en) * 2000-09-11 2003-07-17 Eli Talmor Biometric-based system and method for enabling authentication of electronic messages sent over a network
US20150154390A1 (en) * 2003-03-07 2015-06-04 Completelyonline.Com, Inc. Systems and methods for online identity verification
US20160162729A1 (en) * 2013-09-18 2016-06-09 IDChecker, Inc. Identity verification using biometric data
US20160275518A1 (en) * 2015-03-19 2016-09-22 ecoATM, Inc. Device recycling systems with facial recognition
US20210279316A1 (en) * 2016-07-29 2021-09-09 Trusona, Inc. Anti-replay authentication systems and methods

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118764279A (en) * 2024-07-19 2024-10-11 中国海洋大学 A proxy pairing method and system based on identity encryption
CN118606920A (en) * 2024-08-07 2024-09-06 支付宝(杭州)信息技术有限公司 Transaction processing method, device, storage medium and electronic device

Similar Documents

Publication Publication Date Title
US11777726B2 (en) Methods and systems for recovering data using dynamic passwords
US11818265B2 (en) Methods and systems for creating and recovering accounts using dynamic passwords
US10931461B2 (en) Systems and methods for creating a digital ID record and methods of using thereof
US10652018B2 (en) Methods and apparatus for providing attestation of information using a centralized or distributed ledger
US12101317B2 (en) Computer-implemented user identity verification method
EP3631664B1 (en) Secure biometric authentication using electronic identity
US9189612B2 (en) Biometric verification with improved privacy and network performance in client-server networks
US11095646B2 (en) Method and system for data security within independent computer systems and digital networks
US12488354B2 (en) Vetting system and method using composite trust value of multiple confidence levels based on linked mobile identification credentials
CN110326251A (en) The system and method that the general dispersion solution of user is verified using cross validation feature are provided
US20120191977A1 (en) Secure transaction facilitator
US12463816B2 (en) Decentralized zero-trust identity verification-authentication system and method
WO1999012144A1 (en) Digital signature generating server and digital signature generating method
US20240427868A1 (en) Systems and methods for secure digital identity verification and access to disparate data sources
WO2023239760A1 (en) Computer-implemented user identity verification method
US20200204377A1 (en) Digital notarization station that uses a biometric identification service
CN116781355A (en) Digital identity management method and device, blockchain platform and electronic equipment
US20250226990A1 (en) Blockchain-based platform-independent personal profiles
Kavitha et al. A security hybrid mechanism using fuzzy with adaptive ElGamal approach in cloud

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23820386

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 23820386

Country of ref document: EP

Kind code of ref document: A1