Patent Issued for Distributed ledger system for identity data storage and access control (USPTO 11936788): United Services Automobile Association

2024 APR 05 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- United Services Automobile Association (San Antonio, Texas, United States) has been issued patent number 11936788, according to news reporting originating out of Alexandria, Virginia, by NewsRx editors.

The patent’s inventors are Shipley, Brian F. (San Antonio, TX, US).

This patent was filed on July 28, 2022 and was published online on March 19, 2024.

From the background information supplied by the inventors, news correspondents obtained the following quote: “Organizations that operate online services expend a large amount of computing resources, engineering time, and/or other resources to verify the identity of individuals requesting access to the services. Authentication and/or authorization features operate to ensure that a user is who they claim to be, and that they are authorized to access information or request actions through the services. Traditional methods for authenticating a user may be unreliable given the strong incentive for malicious individuals to attempt unauthorized access, particularly in instances where the services being accessed are related to finance, such that unauthorized parties may gain access to steal funds and/or confidential information.”

Supplementing the background information on this patent, NewsRx reporters also obtained the inventors’ summary information for this patent: “Implementations of the present disclosure are generally directed to an identity verification service that stores and controls access to identity data on distributed ledger system(s). More particularly, implementations of the present disclosure are directed to a service that is callable, by requesting entities and/or devices, to request the verification of the identity of an individual, where such requests are constrained by access rules specified by the individual to control the delegation of access to and/or use of the individual’s identity data.

“In general, implementations of innovative aspects of the subject matter described in this specification can be embodied in a method that includes the following operations: receiving a request that is sent from a requesting device to verify identity of an individual, the request including first identity data of the individual; in response to the request, and based on determining that the request complies with at least one access rule specified by the individual, retrieving second identity data stored on a distributed ledger system (DLS) that includes multiple host node devices, wherein the second identity data has previously been stored on the DLS based at least partly on the second identity data having been verified as identifying the individual; and comparing the first identity data to the second identity data and, based on a correspondence between the first identity data and the second identity data, sending a response to the requesting device indicating that the identity of the individual is verified.

“These and other implementations can each optionally include one or more of the following innovative aspects: the first identity data is an image of a physical credential of the individual; the requesting device is a point-of-sale terminal; the at least one access rule specifies one or more requesting entities that are authorized, by the individual, to request identity verification of the individual; determining that the request complies with the at least one access rule includes determining that a requesting entity associated with the requesting device is included in the one or more authorized requesting entities specified by the at least one access rule; the at least one access rule specifies one or more elements of identity data of the individual that are useable for verifying the identity of the individual; determining that the request complies with the at least one access rule includes determining that the first identity data is included in the one or more useable elements of identity data; the DLS is a private DLS; the request is initially sent to a public DLS that stores an obfuscated version of the second identity data, the public DLS being separate from the private DLS; an unobfuscated version of the second identity data is retrieved, from the private DLS, responsive to the request being received at the public distributed ledger; the obfuscated version is a hash of the unobfuscated version of the second identity data; and/or the public DLS stores audit information describing a history of requests to verify the identity of the individual.

“Other implementations of any of the above aspects include corresponding systems, apparatus, and/or computer programs that are configured to perform the operations of the methods. The present disclosure also provides a computer-readable storage medium coupled to one or more processors and having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations in accordance with implementations of the methods provided herein. The present disclosure further provides a system for implementing the methods provided herein. The system includes one or more processors, and a computer-readable storage medium coupled to the one or more processors having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations in accordance with implementations of the methods provided herein.

“The implementations described herein provide at least the following technical advantages and/or improvements compared to previously available techniques. By providing an identity verification service that verifies an individual’s identity based on identity data that includes image(s) of physical credentials, which have been confirmed as legitimate, implementations provide an authentication system that is more reliable than traditional systems that may depend solely on login, password, and/or other credentials that may be stolen and/or guessed. Accordingly, implementations avoid the expenditure of network bandwidth, storage space, active memory, processing capacity, and/or other computing resources that are used by traditional systems in repeated authentication attempts, such as repeated attempts to recover from errors in authentication and/or fraudulent access requests. Moreover, by using a distributed ledger system to store identity data, implementations incorporate the technical advantages of a distributed ledger including but not limited to data security, data immutability and reliability, and distributed storage (e.g., for failover support and storage redundancy).”

The claims supplied by the inventors are:

“1. A system comprising: at least one processor; and a memory communicatively coupled to the at least one processor, the memory storing instructions which, when executed, cause the at least one processor to perform operations comprising: receiving a request to receive verified information associated with a vehicle, and an image of the vehicle from a requesting device; determining that the request complies with at least one access rule associated with accessing the verified information of the vehicle; identifying the vehicle associated with the image; retrieving the verified information of the vehicle stored on a distributed ledger system (DLS), wherein the DLS includes multiple host node devices; and sending the verified information of the vehicle to the requesting device.

“2. The system of claim 1, wherein the verified information comprises contact information of an individual associated with the vehicle, an insurance policy information of the vehicle, a vehicle identification number (VIN) of the vehicle, or a combination thereof.

“3. The system of claim 1, wherein the instructions which, when executed, cause the at least one processor to perform the operations for determining that the request complies with the at least one access rule comprises: determining that a requesting entity associated with a requesting device is included as one or more authorized requesting entities authorized as specified by the at least one access rule.

“4. The system of claim 1, wherein the instructions which, when executed, cause the at least one processor to perform the operations for determining that the request complies with the at least one access rule comprises: determining that the received request corresponds to one or more elements of the verified information of the vehicle, wherein the at least one access rule is indicative of the one or more elements of the verified information of the vehicle that are useable for verifying identity of an individual associated with the vehicle.

“5. The system of claim 4, wherein the one or more elements comprise biometric data, identification information, contact information, account information, context information, an image, one or more images of physical credentials, or any combination thereof of the individual, and wherein the request comprises the one or more elements.

“6. The system of claim 1, wherein the instructions which, when executed, cause the at least one processor to perform the operations for determining that the request complies with the at least one access rule comprises: accessing a public distributed ledger comprising an obfuscated version of the image of the vehicle; and retrieving the obfuscated version of the image of the vehicle from the public distributed ledger to identify the vehicle.

“7. One or more non-transitory computer-readable medium comprising one or more computer-executable instructions that, when executed by a processor, are configured to cause the processor to perform operations comprising: receiving a request to determine an identity of an individual associated with a vehicle and an image of the vehicle from a requesting device; determining that the received request complies with at least one access rule previously specified by the individual; identifying the vehicle associated with the image; retrieving verified identity data of the individual stored on a distributed ledger system comprising multiple host node devices, wherein the verified identity data has been previously verified as identifying the individual associated with the vehicle; and providing the verified identity data of the individual to the requesting device.

“8. The one or more non-transitory computer-readable medium of claim 7, wherein the verified identity data comprises an image of a physical credential of the individual.

“9. The one or more non-transitory computer-readable medium of claim 7, wherein the computer-executable instructions that, when executed by a processor, are configured to cause the processor to perform the operations comprising: determining that a requesting entity associated with a requesting device is included as one or more authorized requesting entities authorized as specified by the at least one access rule.

“10. The one or more non-transitory computer-readable medium of claim 7, wherein the requesting device comprises a point-of-sale terminal.

“11. The one or more non-transitory computer-readable medium of claim 7, wherein the computer-executable instructions that, when executed by a processor, are configured to cause the processor to perform the operations comprising: accessing a public distributed ledger comprising an obfuscated version of the image of the vehicle; and retrieving the obfuscated version of the image of the vehicle from the public distributed ledger to identify the vehicle.”

For the URL and additional information on this patent, see: Shipley, Brian F. Distributed ledger system for identity data storage and access control. U.S. Patent Number 11936788, filed July 28, 2022, and published online on March 19, 2024. Patent URL (for desktop use only): https://ppubs.uspto.gov/pubwebapp/external.html?q=(11936788)&db=USPAT&type=ids

(Our reports deliver fact-based news of research and discoveries from around the world.)