“Cryptographically Transmitting And Storing Identity Tokens And/Or Activity Data Among Spatially Distributed Computing Devices” in Patent Application Approval Process (USPTO 20200366664)

2020 DEC 09 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- A patent application by the inventors Hayes, Howard (Glencoe, IL); Park, Jason D. (Chicago, IL); Parkinson, John S. (Burlington, VT), filed on August 5, 2020, was made available online on November 19, 2020, according to news reporting originating from Washington, D.C., by NewsRx correspondents.

This patent application is assigned to Allstate Insurance Company (Northbrook, Illinois, United States).

The following quote was obtained by the news editors from the background information supplied by the inventors: “Trusted third party devices are often used to authenticate a computing device or a user of the computing device. For example, the trusted third party device may be used to vouch for the identity of the user if the user provides the third party device with appropriate information (e.g., username/password, PIN code, government ID, etc.). Once the trusted third party device authenticates the computing device or user thereof, the user may be granted permission to perform one or more activities, such as interacting with other computing devices or users thereof. However, various technological problems may exist with using trusted third party devices to authenticate users. For example, the trusted third party device may fail or go offline, and the computing device might not be able to perform the requested activities until the third party device is back online. Third party devices also might not be able to properly secure the user’s identity. For example, if a bad actor is able to obtain the user’s username/password, PIN code, etc., the bad actor may be able to imitate the user and perform activities as the user.”

In addition to the background information obtained for this patent application, NewsRx journalists also obtained the inventors’ summary information for this patent application: “The following presents a simplified summary in order to provide a basic understanding of some aspects of the disclosure. The summary is not an extensive overview of the disclosure. It is neither intended to identify key or critical elements of the disclosure nor to delineate the scope of the disclosure. The following summary merely presents some concepts of the disclosure in a simplified form as a prelude to the description below.

“Aspects of the disclosure relate to a system and method comprising receiving, by a computing device, first identity data associated with a user. The computing device may generate, based on the first identity data associated with the user, a first identity token for the user. The computing device may transmit, to a plurality of other computing devices, the first identity token for the user. Based on a verification of the first identity token for the user by one or more of the plurality of other computing devices, the first identity token for the user may be stored in an identity chain. The first identity token for the user may indicate a prior identity token stored in the identity chain. The computing device may receive a request to perform an activity. In response to receiving the request to perform the activity, the computing device may request second identity data associated with the user. The computing device may receive the second identity data associated with the user. The computing device may generate, based on the second identity data associated with the user, a second identity token for the user. Based on a comparison of the second identity token to the first identity token, the user may be authenticated, and an activity token for the activity may be generated. The activity token for the activity may be stored in an activity chain, and the activity token may indicate a prior activity token stored in an activity chain.

“In some aspects, generating the first identity token for the user may comprise hashing the first identity data associated with the user to generate a character string. In some aspects, the computing device may encrypt the first identity token for the user, and transmitting the first identity token for the user may comprise transmitting the encrypted first identity token for the user. Verification of the first identity token for the user by one or more of the plurality of other computing devices may be based on a consensus algorithm. The first identity data associated with the user may comprise two or more of device activity data associated with the user, location data associated with the user, or biometric data of the user.

“In some aspects, the computing device may receive third identity data associated with the user. The computing device may generate, based on the third identity data associated with the user, a third identity token for the user. The computing device may transmit, to one or more of the plurality of other computing devices, the third identity token for the user. Based on a failure to verify the third identity token for the user by one or more of the plurality of other computing devices, the third identity token for the user may be discarded.

“In some aspects, the computing device may transmit, to one or more of the plurality of other computing devices, the activity token for the activity, and storing the activity token for the activity in the activity chain may be based on a verification of the activity token by one or more of the plurality of other computing devices. The computing device and the plurality of other computing devices may form a network of trusted computing devices in some examples.

“Other features and advantages of the disclosure will be apparent from the additional description provided herein.”

The claims supplied by the inventors are:

“1. A method comprising: receiving, by the computing device, a request to perform an activity; receiving, by a computing device, identity data associated with a user; generating, by the computing device and based on the identity data associated with the user, an identity token for the user; verifying by the computing device, the identity token; generating, by the computing device, an activity token for the user; transmitting, by the computing device and to a plurality of other computing devices, the activity token for the user; determining, by the computing device, a number of computing devices, of the plurality of other computing devices that verified the activity token; based on a determination that the number of computing devices is above a threshold computing devices, storing, by the computing device, the activity token for the user in an activity chain, wherein the activity token for the user indicates a prior activity token stored in the activity chain; and transmitting, by the computing device and to the plurality of other computing devices, an indication of the storing the activity token.

“2. The method of claim 1, further comprising: determining previous activities performed by the user; and determining a level of activity for the user based on the previous activities.

“3. The method of claim 2, wherein the activity token is generated based on a determination that the activity meets the level of activity.

“4. The method of claim 1, wherein the activity token is generated by cryptographically combining previous activity data associated with the user.

“5. The method of claim 1, further comprising: encrypting the activity token.

“6. The method of claim 5, further comprising: transmitting, by the computing device and to the plurality of other computing devices, a corresponding public key.

“7. The method of claim 1, wherein the computing device and the plurality of other computing devices form a network of trusted computing devices.

“8. A computing device comprising: a processor; and memory storing computer-executable instructions that, when executed by the processor, cause the computing device to: receive a request to perform an activity; receive identity data associated with a user; generate, based on the identity data associated with the user, an identity token for the user; verify the identity token; generate an activity token for the user; transmit, to a plurality of other computing devices, the activity token for the user; determine a number of computing devices, of the plurality of other computing devices that verified the activity token; based on a determination that the number of computing devices is above a threshold computing devices, store the activity token for the user in an activity chain, wherein the activity token for the user indicates a prior activity token stored in the activity chain; and transmit, to the plurality of other computing devices, an indication of the storing the activity token.

“9. The computing device of claim 8, wherein the memory stores computer-executable instructions that, when executed by the processor, causes the computing device to determine previous activities performed by the user; and determine a level of activity for the user based on the previous activities.

“10. The computing device of claim 9, wherein the activity token is generated based on a determination that the activity meets the level of activity.

“11. The computing device of claim 8, wherein the activity token is generated by cryptographically combining previous activity data associated with the user.

“12. The computing device of claim 8, wherein the memory stores computer-executable instructions that, when executed by the processor, causes the computing device to: encrypt the activity token.

“13. The computing device of claim 12, wherein the memory stores computer-executable instructions that, when executed by the processor, causes the computing device to: transmit, to the plurality of other computing devices, a corresponding public key.

“14. The computing device of claim 8, wherein the computing device and the plurality of other computing devices form a network of trusted computing devices.

“15. The computing device of claim 9, wherein the computing device and the plurality of other computing devices form a network of trusted computing devices.

“16. A system comprising: a computing device; and a plurality of other computing devices, wherein the computing device is configured to: receive a request to perform an activity; receive identity data associated with a user; generate, based on the identity data associated with the user, an identity token for the user; verify the identity token; generate an activity token for the user; transmit, to the plurality of other computing devices, the activity token for the user; determine a number of computing devices, of the plurality of other computing devices that verified the activity token; based on a determination that the number of computing devices is above a threshold computing devices, store the activity token for the user in an activity chain, wherein the activity token for the user indicates a prior activity token stored in the activity chain; and transmit, to the plurality of other computing devices, an indication of the storing the activity token.

“17. The system of claim 16, wherein the computing device is configured to: determine previous activities performed by the user; and determine a level of activity for the user based on the previous activities, wherein the activity token is generated based on a determination that the activity meets the level of activity.

“18. The system of claim 16, wherein the activity token is generated by cryptographically combining previous activity data associated with the user.

“19. The system of claim 16, wherein the computing device is configured to: encrypt the activity token.

“20. The system of claim 16, wherein the computing device and the plurality of other computing devices form a network of trusted computing devices.”

URL and more information on this patent application, see: Hayes, Howard; Park, Jason D.; Parkinson, John S. Cryptographically Transmitting And Storing Identity Tokens And/Or Activity Data Among Spatially Distributed Computing Devices. Filed August 5, 2020 and posted November 19, 2020. Patent URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220200366664%22.PGNR.&OS=DN/20200366664&RS=DN/20200366664

(Our reports deliver fact-based news of research and discoveries from around the world.)