Patent Issued for Authenticating a mobile id via hash values (USPTO 11290886): Deutsche Telekom AG

2022 APR 15 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- According to news reporting originating from Alexandria, Virginia, by NewsRx journalists, a patent by the inventors Breuer, Joerg (Kreuztal, DE), Stengel, Christian (Rosbach, DE), Toensing, Friedrich (Hoechst, DE), filed on December 15, 2020, was published online on March 29, 2022.

The assignee for this patent, patent number 11290886, is Deutsche Telekom AG (Bonn, Germany).

Reporters obtained the following quote from the background information supplied by the inventors: “The number of available online services, such as streaming, online shopping, social media, e-mail, online banking, etc. and the number of service providers providing these services is huge. In contrast, the number of devices with which access to these services is realized is not infrequently only a smartphone of a user. In order to participate in the systems, electronic identities (eIDs) in a mobile version as mobile IDs are required on this smartphone in order to gain access to online services. These electronic identities are a prerequisite for participation in digital service worlds since a user can use such a mobile ID to authenticate and identify themselves to any external entity, such as a website or an app.

“However, conventional identification solutions that are established as safe have crucial disadvantages. Either they require a very complex implementation, such as the so-called Extended Access Control (EAC) as stated in a technical guideline of the Federal Office for Security in the Information Technology (BSI) with the designation BSI-TR03110, or they fail because of the necessity of keeping personal data secret at the high hurdles of the GDPR (short for General Data Protection Regulation: GDPR (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND COUNCIL dated Apr. 27, 2016, on protecting natural persons during the processing of personal data, on the free movement of data and on repealing Directive 95/46/EG). Thus, an identification certificate always includes personal data, such as the name or address of the user, which can be viewed by all entities that have access to that certificate.

“A method for generating a certificate is disclosed, for example, in document DE 10 2015 207 064 A1, wherein the certificate is derived from a further certificate from a public key infrastructure for documents.

“Document DE 10 2015 209 073 B4 describes an improved method for reading attributes from an ID token. A corresponding ID token and a computer system are also provided.

“Document DE 10 2015 214 340 A1 describes a method for checking the validity of a certificate generated by an ID token of a user for a security token of the same user. Furthermore, the certificate for a security token of a user may be generated by an ID token of the same user.

“The technical guideline BSI TR-03110 “Advanced Security Mechanisms for Machine Readable Travel Documents and eIDAS Token” specifies in its first part in version 2.20 dated Feb. 26, 2015, the security mechanisms for machine-readable travel documents and eIDAS tokens. The specification forms in particular the basis for the security mechanisms of the German identification card and the residence permit, as well as European passports and driver licenses. In the second part in version 2.21 dated Dec. 21, 2016, protocols for electronic identification, authentication and trust services (eIDAS) are specified.”

In addition to obtaining background information on this patent, NewsRx editors also obtained the inventors’ summary information for this patent: “In an exemplary embodiment, the present invention provides a method for authenticating a mobile identity (ID) provided on an end device of a user. The method includes: providing, by the end device, personal information about an identity of the user as a plurality of attributes; anonymizing, by the end device, the personal information, wherein anonymizing the personal information comprises: calculating first one-way values via a one-way function via a selection of respective attributes, uniquely identifying the user, from the plurality of attributes; forming, by the end device, a unique serial number; forming, by the end device, a mobile ID certificate having the unique serial number and at least one anonymized information field in which the first one-way values are stored; transmitting, by the end device, the mobile ID certificate from the end device of the user to a first entity; establishing a secure communication channel between the end device and the first entity and/or authenticating, by the first entity, communication data from the end device based on the transmitted mobile ID certificate; requesting, by the end device, permission of the user via an output unit of the end device to transmit personal information to the first entity; receiving, by the end device, permission from the user via an input unit of the end device; transmitting, by the end device, personal information in non-anonymized form to the first entity; and identifying, by the first entity, the user via second one-way values subsequently calculated using the one-way function and compared to the first one-way values.”

The claims supplied by the inventors are:

“1. A method for authenticating a mobile identity (ID) provided on an end device of a user, comprising: providing, by the end device, personal information about an identity of the user as a plurality of attributes; anonymizing, by the end device, the personal information, wherein anonymizing the personal information comprises: calculating first one-way values via a one-way function via a selection of respective attributes, uniquely identifying the user, from the plurality of attributes; forming, by the end device, a unique serial number; forming, by the end device, a mobile ID certificate having the unique serial number and at least one anonymized information field in which the first one-way values are stored; transmitting, by the end device, the mobile ID certificate from the end device of the user to a first entity; establishing a secure communication channel between the end device and the first entity and/or authenticating, by the first entity, communication data from the end device based on the transmitted mobile ID certificate; requesting, by the end device, permission of the user via an output unit of the end device to transmit personal information to the first entity; receiving, by the end device, permission from the user via an input unit of the end device; transmitting, by the end device, personal information in non-anonymized form to the first entity; and identifying, by the first entity, the user via second one-way values subsequently calculated using the one-way function and compared to the first one-way values; wherein in addition to the unique serial number and the at least one anonymized information field of the mobile ID certificate, a Uniform Resource Locator (URL) is stored, wherein the URL refers to a data account associated with the user on a second entity, wherein third one-way values were previously added to the at least one anonymized information field of the mobile ID certificate via an external data set stored there, and wherein fourth one-way values are formed by the first entity via the external data set stored under the URL and compared with the third one-way values of the mobile ID certificate.

“2. The method according to claim 1, wherein the first entity corresponds to an online service.

“3. The method according to claim 2, wherein the online service includes at least one of the following: e-mail, online shopping, social media, online banking, Internet of Things (IoT), car connectivity, or e-ticketing.

“4. The method according to claim 1, wherein the end device is at least one of the following: smartphone, smartwatch, notebook, laptop, tablet, navigation device, Global Positioning System (GPS) tracker, or Internet of Things (IoT) device.

“5. The method according to claim 1, wherein the one-way function is a hash function and the one-way values are hash values.

“6. The method according to claim 1, wherein at least some of the personal information is obtained from an identification document or from an identity provider or an identity service, wherein the obtained information includes information from at least one of the following: identification card, passport, driver license, health insurance card, corporate identification card, signature card, digital vehicle key, e-ticketing user medium, identity provider, or user account of an online system.

“7. The method according to claim 2, wherein at least some of the personal information is provided on the output unit of the end device based on information provided by the user via the input unit of the end device in response to predetermined questions of the online service, wherein the attributes include at least one of the following: telephone number, telephone number as a child, street name of the parents’ home, or mother’s maiden name.

“8. The method according to claim 1, wherein the personal information includes at least one of the following: complete name, birth name, birth date or birthday, physical private address, physical professional address, e-mail address.

“9. The method according to claim 1, wherein the one-way values are masked using a masking function, wherein a function data set specifying the masking function but not the data for masking is stored in the mobile ID certificate.

“10. The method according to claim 1, wherein the second entity corresponds to an external data server or database server.

“11. The method according to claim 1, wherein the communication exchange is encrypted using the mobile ID certificate.

“12. A system for authenticating a mobile identity (ID), comprising: an end device of a user, the end device comprising an output unit and an input unit; a first entity; and a second entity; wherein the end device is configured to: provide personal information about an identity of the user as a plurality of attributes; anonymize personal information, wherein anonymizing the personal information comprises: calculating first one-way values via a one-way function via a selection of respective attributes, uniquely identifying the user, from the plurality of attributes; form a unique serial number; form a mobile ID certificate having the unique serial number and at least one anonymized information field in which the first one-way values are stored; and transmit the mobile ID certificate from the end device of the user to the first entity; wherein the end device and the first entity are configured to establish a secure communication channel between the end device and the first entity, and/or the first entity is configured to authenticate communication data from the end device based on the transmitted mobile ID certificate; wherein the end device is further configured to: request permission of the user via the output unit of the end device to transmit personal information to the first entity; receive permission from the user via the input unit of the end device; and transmit personal information in non-anonymized form to the first entity; wherein the first entity is configured to identify the user via second one-way values subsequently calculated using the one-way function and compared to the first one-way values; wherein the end device is further configured to store a Uniform Resource Locator (URL) in the mobile ID certificate in addition to the serial number and the at least one anonymized information field, wherein the URL refers to a data account associated with the user on the second entity and third one-way values were previously added via an external data set stored there to the at least one anonymized information field of the mobile ID certificate; wherein the first entity is further configured to form fourth one-way values via the external data set stored under the URL and compare the fourth one-way values with the third one-way values of the mobile ID certificate.”

For more information, see this patent: Breuer, Joerg. Authenticating a mobile id via hash values. U.S. Patent Number 11290886, filed December 15, 2020, and published online on March 29, 2022. Patent URL: http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.htm&r=1&f=G&l=50&s1=11290886.PN.&OS=PN/11290886RS=PN/11290886

(Our reports deliver fact-based news of research and discoveries from around the world.)