Patent Issued for Distributed ledger system for identity data storage and access control (USPTO 11418348): United Services Automobile Association

2022 SEP 05 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- A patent by the inventors Shipley, Brian F. (San Antonio, TX, US), filed on October 29, 2020, was published online on August 16, 2022, according to news reporting originating from Alexandria, Virginia, by NewsRx correspondents.

Patent number 11418348 is assigned to United Services Automobile Association (San Antonio, Texas, United States).

The following quote was obtained by the news editors from the background information supplied by the inventors: “Organizations that operate online services expend a large amount of computing resources, engineering time, and/or other resources to verify the identity of individuals requesting access to the services. Authentication and/or authorization features operate to ensure that a user is who they claim to be, and that they are authorized to access information or request actions through the services. Traditional methods for authenticating a user may be unreliable given the strong incentive for malicious individuals to attempt unauthorized access, particularly in instances where the services being accessed are related to finance, such that unauthorized parties may gain access to steal funds and/or confidential information.”

In addition to the background information obtained for this patent, NewsRx journalists also obtained the inventors’ summary information for this patent: “Implementations of the present disclosure are generally directed to an identity verification service that stores and controls access to identity data on distributed ledger system(s). More particularly, implementations of the present disclosure are directed to a service that is callable, by requesting entities and/or devices, to request the verification of the identity of an individual, where such requests are constrained by access rules specified by the individual to control the delegation of access to and/or use of the individual’s identity data.

“In general, implementations of innovative aspects of the subject matter described in this specification can be embodied in a method that includes the following operations: receiving a request that is sent from a requesting device to verify identity of an individual, the request including first identity data of the individual; in response to the request, and based on determining that the request complies with at least one access rule specified by the individual, retrieving second identity data stored on a distributed ledger system (DLS) that includes multiple host node devices, wherein the second identity data has previously been stored on the DLS based at least partly on the second identity data having been verified as identifying the individual; and comparing the first identity data to the second identity data and, based on a correspondence between the first identity data and the second identity data, sending a response to the requesting device indicating that the identity of the individual is verified.

“These and other implementations can each optionally include one or more of the following innovative aspects: the first identity data is an image of a physical credential of the individual; the requesting device is a point-of-sale terminal; the at least one access rule specifies one or more requesting entities that are authorized, by the individual, to request identity verification of the individual; determining that the request complies with the at least one access rule includes determining that a requesting entity associated with the requesting device is included in the one or more authorized requesting entities specified by the at least one access rule; the at least one access rule specifies one or more elements of identity data of the individual that are useable for verifying the identity of the individual; determining that the request complies with the at least one access rule includes determining that the first identity data is included in the one or more useable elements of identity data; the DLS is a private DLS; the request is initially sent to a public DLS that stores an obfuscated version of the second identity data, the public DLS being separate from the private DLS; an unobfuscated version of the second identity data is retrieved, from the private DLS, responsive to the request being received at the public distributed ledger; the obfuscated version is a hash of the unobfuscated version of the second identity data; and/or the public DLS stores audit information describing a history of requests to verify the identity of the individual.

“Other implementations of any of the above aspects include corresponding systems, apparatus, and/or computer programs that are configured to perform the operations of the methods. The present disclosure also provides a computer-readable storage medium coupled to one or more processors and having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations in accordance with implementations of the methods provided herein. The present disclosure further provides a system for implementing the methods provided herein. The system includes one or more processors, and a computer-readable storage medium coupled to the one or more processors having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations in accordance with implementations of the methods provided herein.

“The implementations described herein provide at least the following technical advantages and/or improvements compared to previously available techniques. By providing an identity verification service that verifies an individual’s identity based on identity data that includes image(s) of physical credentials, which have been confirmed as legitimate, implementations provide an authentication system that is more reliable than traditional systems that may depend solely on login, password, and/or other credentials that may be stolen and/or guessed. Accordingly, implementations avoid the expenditure of network bandwidth, storage space, active memory, processing capacity, and/or other computing resources that are used by traditional systems in repeated authentication attempts, such as repeated attempts to recover from errors in authentication and/or fraudulent access requests. Moreover, by using a distributed ledger system to store identity data, implementations incorporate the technical advantages of a distributed ledger including but not limited to data security, data immutability and reliability, and distributed storage (e.g., for failover support and storage redundancy).”

The claims supplied by the inventors are:

“1. A method, comprising: receiving, by at least one processor, a request including identity data of an individual from a requesting device to verify an identity of the individual; determining, by the at least one processor, that the request complies with one or more access rules associated with accessing verified identity data associated with the individual to verify the received identity data of the individual; determining, by the at least one processor, that the received identity data comprises unobfuscated identity data; transmitting, by the at least one processor, the request to a private distributed ledger, wherein the private distributed ledger comprises the verified identity data corresponding to the received identity data in response to determining that the request complies with the one or more access rules and determining that the received identity data comprises the unobfuscated identity data; accessing, by the at least one processor, the verified identity data from the private distributed ledger; performing, by the at least one processor, a comparison between the verified identity data and the received identity data; and transmitting, by the at least one processor, a response to the requesting device, the response indicative of a verification status of the received identity data based on the comparison between the received identity data and the verified identity data.

“2. The method of claim 1, wherein the at least one processor is configured to transmit the request to the private distributed ledger, access the verified identity data, and compare the verified identity data with the received identity data via a security module, wherein the security module is authorized to securely access the verified identity data on the private distributed ledger, and wherein the verified identity data is unobfuscated.

“3. The method of claim 1, wherein the one or more access rules comprise: one or more time constraints to access the verified identity data; location-based constraints to access the verified identity data indicative of one or more geographical locations where accessing the verified identity data is allowed to or blocked from; one or more entities previously allowed to access the verified identity data; and one or more types of entities previously allowed to access the verified identity data.

“4. The method of claim 1, wherein the one or more access rules is associated a key, a token, or a security credential.

“5. The method of claim 1, wherein the one or more access rules corresponds to one or more elements associated with the identity data of the individual previously set by the individual.

“6. The method of claim 5, wherein the one or more elements associated with the identity data of the individual comprises biometric data, one or more images of physical credentials, or both.

“7. The method of claim 1, wherein the at least one processor is associated with a public distributed ledger.

“8. The method of claim 7, wherein the public distributed ledger comprises verified identity data that is obfuscated and the at least one processor is configured to retrieve the obfuscated and verified identity data from the public distributed ledger in response to determining that the received identity data comprises obfuscated identity data.

“9. The method of claim 1, wherein the request to verify the identity of the individual comprises a request for returning the verified identity data to the requesting device for verification at the requesting device.

“10. A system comprising: at least one processor; and a memory communicatively coupled to the at least one processor, the memory storing instructions which, when executed, cause the at least one processor to perform operations comprising: receiving a request comprising identity data of an individual from a requesting device to verify an identity of the individual; determining that the request complies with at least one access rule previously specified by the individual; retrieving verified identity data associated with the received identity data from a distributed ledger system (DLS), wherein the DLS includes multiple host node devices; and comparing the received identity data to the verified identity data and, in response to the received identity data matching the verified identity data, sending a response to the requesting device indicating that the identity of the individual is verified.

“11. The system of claim 10, wherein the received identity data comprises an image of a physical credential of the individual.

“12. The system of claim 10, wherein: the at least one access rule is indicative of one or more requesting entities that are authorized, by the individual, to request identity verification of the individual; and determining that a requesting entity associated with the requesting device is included in the one or more authorized requesting entities that are authorized as specified by the at least one access rule.

“13. The system of claim 10, wherein: the at least one access rule is indicative of one or more elements of the verified identity data of the individual that are useable for verifying the identity of the individual; and determining that the received identity data corresponds to the one or more elements of the verified identity data.

“14. The system of claim 13, wherein the one or more elements comprise biometric data, identification information, contact information, account information, context information, an image of the individual, one or more images of physical credentials, or any combination thereof.

“15. The system of claim 10, wherein: the at least one access rule specifies one or more requesting entities that are authorized, by the individual, to request identity verification of the individual; and determining that a requesting entity associated with the requesting device is included in the one or more requesting entities that are authorized as specified by the at least one access rule.

“16. One or more non-transitory computer-readable storage media storing instructions which, when executed, cause at least one processor to perform operations comprising: receiving a request comprising identity data of an individual that is sent from a requesting device to verify an identity of the individual; determining that the received request complies with at least one access rule previously specified by the individual; retrieving verified identity data stored on a distributed ledger system that includes multiple host node devices, wherein the verified identity data has previously and verified as identifying the individual; and comparing the received identity data to the verified identity data and, in response to the received identity data matching the verified identity data, sending a response to the requesting device indicating that the identity of the individual is verified.

“17. The one or more non-transitory computer-readable storage media of claim 16, wherein the received identity data is an image of a physical credential of the individual.

“18. The one or more non-transitory computer-readable storage media of claim 16, wherein: the at least one access rule specifies one or more elements of the verified identity data of the individual for verifying the identity of the individual, wherein the one or more elements of the verified identity data are accessible by the at least one processor to verify the identity of the individual, and wherein the one or more elements comprise biometric data, identification information, contact information, account information, context information, an image of the individual, one or more images of physical credentials, or any combination thereof; and determining that the received identity data comprises one or more elements that corresponds to one or more elements of the verified identity data.

“19. The one or more non-transitory computer-readable storage media of claim 16, wherein the requesting device is a point-of-sale terminal.

“20. The one or more non-transitory computer-readable storage media of claim 16, wherein: the at least one access rule specifies one or more requesting entities that are authorized, by the individual, to request identity verification of the individual; and determining that a requesting entity associated with the requesting device is included in the one or more requesting entities that are authorized as specified by the at least one access rule.”

URL and more information on this patent, see: Shipley, Brian F. Distributed ledger system for identity data storage and access control. U.S. Patent Number 11418348, filed October 29, 2020, and published online on August 16, 2022. Patent URL: http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.htm&r=1&f=G&l=50&s1=11418348.PN.&OS=PN/11418348RS=PN/11418348

(Our reports deliver fact-based news of research and discoveries from around the world.)