Patent Issued for Digital credentials for employee badging (USPTO 11627000): Workday Inc.

2023 MAY 01 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- Workday Inc. (Pleasanton, California, United States) has been issued patent number 11627000, according to news reporting originating out of Alexandria, Virginia, by NewsRx editors.

The patent’s inventors are Hamel, Bjorn (Dublin, CA, US), Mangino, Scott (Oakland, CA, US), Ruggiero, Jonathan David (Danville, CA, US).

This patent was filed on March 26, 2019 and was published online on April 11, 2023.

From the background information supplied by the inventors, news correspondents obtained the following quote: “A database system distributes cryptographic digital credentials to a user to allow the user to prove qualifications (e.g., a degree, employment experience, health insurance coverage, etc.). Credentials can be assigned to a user by a trusted third party client of the database system (e.g., a university, an insurer). Digital credentials can be used to authenticate building entry for an employee, however, using credentials for authentication requires a system designed to use the credentials securely.”

Supplementing the background information on this patent, NewsRx reporters also obtained the inventors’ summary information for this patent: “The invention can be implemented in numerous ways, including as a process; an apparatus; a system; a composition of matter; a computer program product embodied on a computer readable storage medium; and/or a processor, such as a processor configured to execute instructions stored on and/or provided by a memory coupled to the processor. In this specification, these implementations, or any other form that the invention may take, may be referred to as techniques. In general, the order of the steps of disclosed processes may be altered within the scope of the invention. Unless stated otherwise, a component such as a processor or a memory described as being configured to perform a task may be implemented as a general component that is temporarily configured to perform the task at a given time or a specific component that is manufactured to perform the task. As used herein, the term ‘processor’ refers to one or more devices, circuits, and/or processing cores configured to process data, such as computer program instructions.

“A detailed description of one or more embodiments of the invention is provided below along with accompanying figures that illustrate the principles of the invention. The invention is described in connection with such embodiments, but the invention is not limited to any embodiment. The scope of the invention is limited only by the claims and the invention encompasses numerous alternatives, modifications and equivalents. Numerous specific details are set forth in the following description in order to provide a thorough understanding of the invention. These details are provided for the purpose of example and the invention may be practiced according to the claims without some or all of these specific details. For the purpose of clarity, technical material that is known in the technical fields related to the invention has not been described in detail so that the invention is not unnecessarily obscured.

“The system for digital credentialing is designed to empower individual users to own their verifiable professional identity and to be able to enable this identity to be useable in scenarios where a verified identity allows access by providing proof of identity. An application might use the system to prove the identity or verify a user’s access ability to something. The application queries the system regarding a proof of identity and the user provides the proof using a credential to the system that is ultimately passed to the application to prove identity of the user. The system allows an application developer to pick attributes that an application challenges for and the sources that will satisfy any given challenge. The proof of identity is embodied in a digital credential that is able to be secured using a combination of cryptography and a distributed ledger (e.g., a decentralized ledger, a permissioned ledger, a public ledger, etc.) to assure legitimacy of the proof of identity.

“A system for digital credentialing receives the digital credential from a credential issuing system. The system for digital credentialing stores user information for the user. The system for digital credentialing further determines a set of credentials available to the user based on the user information as well as stores a record of previously issued credentials. The credentials comprise categories satisfied by the user information at differing levels of specificity (e.g., greater than an amount, in a range of amounts, less than an amount, etc.). For example, in the case where the user comprises an employee earning $95,000 per year, the system for digital credentialing could determine credentials available to the user indicating that the user earns more than $60,000 per year, that the user earns more than $80,000 per year, that the user earns in the range of $90,000-$100,000 per year, etc. When the user interacts with the system for digital credentialing using a credential requesting app or application, the system determines the set of credentials available to the user and provides the list of credentials to the credential requesting app or application. The user can then provide (e.g., from a storage on a user device) one or more available credentials to the credential requesting app or application.

“In various embodiments, a credential comprises data that is validated or verified to be authentic-for example, data verifying academic diplomas, academic degrees, certifications, security clearances, identification documents, badges, passwords, user names, keys, powers of attorney, human resource data, personal information, or any other relevant information,”

The claims supplied by the inventors are:

“1. A system for credential authentication, comprising: an interface configured to: receive a create indication to create a badge credential representing an employee badge; and receive a claim indication from an authentication device to claim the badge credential; and a hardware processor configured to: provide the badge credential to the authentication device in response to the claim indication, wherein the badge credential comprises a first signature and a second signature, wherein the first signature is from the issuer of the credential and the second signature is from a user of the authentication device; receive a proof response from the authentication device comprising the badge credential and a lock identifier, wherein the lock identifier is associated with a lock; determine whether the proof response is valid using a distributed ledger, wherein determining whether the proof response is valid comprises determining the badge credential matches credential information registered in the distributed ledger; in response to determining that the proof response is valid, determine whether the lock identifier is valid, wherein determining whether the lock identifier is valid comprises verifying the user has permission to unlock the lock; and in response to determining that the lock identifier is valid, provide an unlock token for unlocking the lock to the authentication device, wherein the unlock token is associated with the lock identifier and valid for unlocking the lock.

“2. The system of claim 1, wherein the create indication to create a badge credential is associated with an email address.

“3. The system of claim 1, wherein the claim indication from the authentication device to claim the badge credential is associated with an email address.

“4. The system of claim 1, wherein the processor is further configured to verify the badge credential is associated with the authentication device.

“5. The system of claim 4, wherein verifying the badge credential is associated with the authentication device comprises comparing a badge credential email address with an authentication device email address.

“6. The system of claim 1, wherein the proof response is received in response to a token request provided to the authentication device by a lock system associated with the lock.

“7. The system of claim 6, wherein the token request is provided in response to an authentication device request to unlock the lock.

“8. The system of claim 1, wherein the authentication device and a lock system associated with the lock communicate using a wireless protocol.

“9. The system of claim 8, wherein the wireless protocol comprises Bluetooth, NFC, or Zigbee.

“10. The system of claim 1, wherein determining whether the proof response is valid comprises determining that the badge credential comprises the first signature and the second signature.

“11. The system of claim 10, wherein determining that the badge credential comprises the first signature and the second signature comprises querying the distributed ledger.

“12. The system of claim 1, wherein determining whether the proof response is valid comprises determining that the badge credential is not expired.

“13. The system of claim 1, wherein determining whether the proof response is valid comprises determining that the badge credential is not revoked by looking in the distributed ledger.

“14. The system of claim 1, wherein the authentication device provides the unlock token to a lock system associated with the lock.

“15. The system of claim 14, wherein the lock system associated with the lock unlocks the lock in response to receiving the unlock token.

“16. The system of claim 1, wherein the indication to create a badge credential is provided by a human resources system employee startup process.

“17. The system of claim 1, wherein the claim indication from an authentication device to claim the badge credential is provided in response to an indication to install a digital identity app.

“18. The system of claim 17, wherein the indication to install a digital identity app is received as part of a human resources system employee startup process.

“19. A method for credential authentication, comprising: receiving a create indication to create a badge credential representing an employee badge; receiving a claim indication from an authentication device to claim the badge credential; providing, using a processor, the badge credential to the authentication device in response to the claim indication, wherein the badge credential comprises a first signature and a second signature, wherein the first signature is from the issuer of the credential and the second signature is from a user of the authentication device; receiving a proof response from the authentication device comprising the badge credential and a lock identifier, wherein the lock identifier is associated with a lock; determining whether the proof response is valid using a distributed ledger, wherein determining whether the proof response is valid comprises determining the badge credential matches credential information registered in the distributed ledger; in response to determining that the proof response is valid, determine whether the lock identifier is valid, wherein determining whether the lock identifier is valid comprises verifying the user has permission to unlock the lock; and in response to determining that the lock identifier is valid, providing an unlock token for unlocking the lock to the authentication device, wherein the unlock token is associated with the lock identifier and valid for unlocking the lock.

“20. A computer program product for credential authentication, the computer program product being embodied in a non-transitory computer readable storage medium and comprising computer instructions for: receiving a create indication to create a badge credential representing an employee badge; receiving a claim indication from an authentication device to claim the badge credential; providing the badge credential to the authentication device in response to the claim indication, wherein the badge credential comprises a first signature and a second signature, wherein the first signature is from the issuer of the credential and the second signature is from a user of the authentication device; receiving a proof response from the authentication device comprising the badge credential and a lock identifier, wherein the lock identifier is associated with a lock; determining whether the proof response is valid using a distributed ledger, wherein determining whether the proof response is valid comprises determining the badge credential matches credential information registered in the distributed ledger; in response to determining that the proof response is valid, determining whether the lock identifier is valid, wherein determining whether the lock identifier is valid comprises verifying the user has permission to unlock the lock; and in response to determining that the lock identifier is valid, providing an unlock token for unlocking the lock to the authentication device, wherein the unlock token is associated with the lock identifier and valid for unlocking the lock.”

For the URL and additional information on this patent, see: Hamel, Bjorn. Digital credentials for employee badging. U.S. Patent Number 11627000, filed March 26, 2019, and published online on April 11, 2023. Patent URL (for desktop use only): https://ppubs.uspto.gov/pubwebapp/external.html?q=(11627000)&db=USPAT&type=ids

(Our reports deliver fact-based news of research and discoveries from around the world.)