Patent Issued for System for credential storage and verification (USPTO 11700117): Workday Inc.

2023 AUG 01 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- A patent by the inventors Hamel, Bjorn (Dublin, CA, US), Ruggiero, Jonathan David (Danville, CA, US), filed on March 26, 2019, was published online on July 11, 2023, according to news reporting originating from Alexandria, Virginia, by NewsRx correspondents.

Patent number 11700117 is assigned to Workday Inc. (Pleasanton, California, United States).

The following quote was obtained by the news editors from the background information supplied by the inventors: “A database system distributes cryptographic digital credentials to a user to allow the user to prove qualifications (e.g., a degree, employment experience, health insurance coverage, etc.). Credentials can be assigned to a user by a trusted third party client of the database system (e.g., a university, an insurer). In order for the user to securely take advantage of the credential system, the system has to be able to distribute the credential. This creates a problem in that the credential is no longer under control of the system after being distributed but must still be trusted by the system.”

In addition to the background information obtained for this patent, NewsRx journalists also obtained the inventors’ summary information for this patent: “The invention can be implemented in numerous ways, including as a process; an apparatus; a system; a composition of matter; a computer program product embodied on a computer readable storage medium; and/or a processor, such as a processor configured to execute instructions stored on and/or provided by a memory coupled to the processor. In this specification, these implementations, or any other form that the invention may take, may be referred to as techniques. In general, the order of the steps of disclosed processes may be altered within the scope of the invention. Unless stated otherwise, a component such as a processor or a memory described as being configured to perform a task may be implemented as a general component that is temporarily configured to perform the task at a given time or a specific component that is manufactured to perform the task. As used herein, the term ‘processor’ refers to one or more devices, circuits, and/or processing cores configured to process data, such as computer program instructions.

“A detailed description of one or more embodiments of the invention is provided below along with accompanying figures that illustrate the principles of the invention. The invention is described in connection with such embodiments, but the invention is not limited to any embodiment. The scope of the invention is limited only by the claims and the invention encompasses numerous alternatives, modifications and equivalents. Numerous specific details are set forth in the following description in order to provide a thorough understanding of the invention. These details are provided for the purpose of example and the invention may be practiced according to the claims without some or all of these specific details. For the purpose of clarity, technical material that is known in the technical fields related to the invention has not been described in detail so that the invention is not unnecessarily obscured.

“The system for digital credentialing is designed to empower individual users to own their verifiable professional identity and to be able to enable this identity to be useable in scenarios where a verified identity allows access by providing proof of identity. An application might use the system to prove the identity or verify a user’s access ability to something. The application queries the system regarding a proof of identity and the user provides the proof using a credential to the system that is ultimately passed to the application to prove identity of the user. The system allows an application developer to pick attributes that an application challenges for and the sources that will satisfy any given challenge. The proof of identity is embodied in a digital credential that is able to be secured using a combination of cryptography and a distributed ledger (e.g., a decentralized ledger, a permissioned ledger, a public ledger, etc.) to assure legitimacy of the proof of identity.

“A system for digital credentialing receives the digital credential from a credential issuing system. The system for digital credentialing stores user information for the user. The system for digital credentialing further determines a set of credentials available to the user based on the user information as well as stores a record of previously issued credentials. The credentials comprise categories satisfied by the user information at differing levels of specificity (e.g., greater than an amount, in a range of amounts, less than an amount, etc.). For example, in the case where the user comprises an employee earning $95,000 per year, the system for digital credentialing could determine credentials available to the user indicating that the user earns more than $60,000 per year, that the user earns more than $80,000 per year, that the user earns in the range of $90,000-$100,000 per year, etc. When the user interacts with the system for digital credentialing using a credential requesting app or application, the system determines the set of credentials available to the user and provides the list of credentials to the credential requesting app or application. The user can then provide (e.g., from a storage on a user device) one or more available credentials to the credential requesting app or application.

“In various embodiments, a credential comprises data that is validated or verified to be authentic-for example, data verifying academic diplomas, academic degrees, certifications, security clearances, identification documents, badges, passwords, user names, keys, powers of attorney, human resource data, personal information, or any other relevant information,”

The claims supplied by the inventors are:

“1. A system for credential storing and verifying, comprising: an interface configured to: receive an indication to register a credential transmitted to a holder device that is associated with a holder identifier; and a processor configured to: store in a distributed ledger a decentralized identifier (DID) document associated with the holder identifier using a smart contract, wherein storing using the smart contract employs a dual signature authentication scheme to authorize storing the DID in the distributed ledger based at least in part on determining that a signature associated with the holder identifier is valid and that a signature of a ledger writer of the distributed ledger is valid; store in the distributed ledger schema information associated with an issuer of the credential using the smart contract, wherein the schema information is received from the issuer; store in the distributed ledger a credential definition associated with the schema information using the smart contract, wherein the credential definition is received from the issuer; receive from a verifier an indication to check the distributed ledger, wherein the verifier receives a presentation regarding the credential from the holder device associated with the holder identifier, wherein the presentation comprises the credential and a schema of the credential, wherein the credential and the schema of the credential were provided by the issuer to a user to hold in the holder device, and check the distributed ledger, wherein checking the distributed ledger comprises to: receive the schema information and the credential definition stored in the distributed ledger; determine whether the schema information stored in the distributed ledger matches the schema of the credential; determine whether the credential definition stored in the distributed ledger matches the credential; determine whether a revocation registry stored in the distributed ledger associated with the presentation regarding the credential indicates the credential is revoked; and in response to a determination that the schema information matches the schema of the credential, the credential definition matches the credential, and the credential is not revoked, indicate the credential is verified.

“2. The system as in claim 1, wherein the DID document associated with the holder identifier comprises a public key and a private key.

“3. The system as in claim 1, wherein storing the DID document associated with the holder identifier includes checking uniqueness for the DID document associated with the holder identifier.

“4. The system as in claim 1, wherein the distributed ledger comprises a blockchain.

“5. The system as in claim 1, wherein the processor is further configured to store in the distributed ledger an issuer DID document associated with the issuer of the credential.

“6. The system as in claim 1, wherein in response to determining the schema information stored in the distributed ledger matches the schema of the credential, indicate that the credential matches.

“7. The system as in claim 1, wherein in response to determining the schema information stored in the distributed ledger does not match the schema of the credential, indicate that the credential does not match.

“8. The system as in claim 1, wherein in response to determining the credential definition matches the credential, indicate that the credential matches.

“9. The system as in claim 1, wherein in response to determining the credential definition does not match the credential, indicate that the credential does not match.

“10. The system as in claim 1, wherein in response to determining the credential is indicated as revoked, indicate that the credential is revoked.

“11. The system as in claim 1, wherein in response to determining the credential is indicated as not revoked, indicate that the credential is not revoked.

“12. The system as in claim 1, wherein the credential definition comprises personal information associated with the holder identifier.

“13. A method for credential storing and verifying comprising: receiving an indication to register a credential transmitted to a holder device that is associated with a holder identifier; storing, using a processor, in a distributed ledger a decentralized identifier (DID) document associated with the holder identifier using a smart contract, wherein storing using the smart contract employs a dual signature authentication scheme to authorize storing the DID in the distributed ledger based at least in part on determining that a signature associated with the holder identifier is valid and that a signature of a ledger writer of the distributed ledger is valid; storing in the distributed ledger schema information associated with an issuer of the credential using the smart contract, wherein the schema information is received from the issuer; storing in the distributed ledger a credential definition associated with the schema information using the smart contract, wherein the credential definition is received from the issuer; receiving from a verifier an indication to check the distributed ledger, wherein the verifier receives a presentation regarding the credential from the holder device associated with the holder identifier, wherein the presentation comprises the credential and a schema of the credential, wherein the credential and the schema of the credential were provided by the issuer to a user to hold in the holder device, and checking the distributed ledger, wherein checking the distributed ledger comprises: receiving the schema information and the credential definition stored in the distributed ledger; determining whether the schema information stored in the distributed ledger matches the schema of the credential; determining whether the credential definition stored in the distributed ledger matches the credential; determining whether a revocation registry stored in the distributed ledger associated with the presentation regarding the credential indicates the credential is revoked; and in response to a determination that the schema information matches the schema of the credential, the credential definition matches the credential, and the credential is not revoked, indicating the credential is verified.

“14. A computer program product for credential storing and verifying, the computer program product being embodied in a non-transitory computer readable storage medium and comprising computer instructions for: receiving an indication to register a credential transmitted to a holder device that is associated with a holder identifier; storing, using a processor, in a distributed ledger a decentralized identifier (DID) document associated with the holder identifier using a smart contract, wherein storing using the smart contract employs a dual signature authentication scheme to authorize storing the DID in the distributed ledger based at least in part on determining that a signature associated with the holder identifier is valid and that a signature of a ledger writer of the distributed ledger is valid; storing in the distributed ledger schema information associated with an issuer of the credential using the smart contract, wherein the schema information is received from the issuer; storing in the distributed ledger a credential definition associated with the schema information using the smart contract, wherein the credential definition is received from the issuer; receiving from a verifier an indication to check the distributed ledger, wherein the verifier receives a presentation regarding the credential from the holder device associated with the holder identifier, wherein the presentation comprises the credential and a schema of the credential, wherein the credential and the schema of the credential were provided by the issuer to a user to hold in the holder device, and checking the distributed ledger, wherein checking the distributed ledger comprises: receiving the schema information and the credential definition stored in the distributed ledger; determining whether the schema information stored in the distributed ledger matches the schema of the credential; determining whether the credential definition stored in the distributed ledger matches the credential; determining whether a revocation registry stored in the distributed ledger associated with the presentation regarding the credential indicates the credential is revoked; and in response to a determination that the schema information matches the schema of the credential, the credential definition matches the credential, and the credential is not revoked, indicating the credential is verified.”

URL and more information on this patent, see: Hamel, Bjorn. System for credential storage and verification. U.S. Patent Number 11700117, filed March 26, 2019, and published online on July 11, 2023. Patent URL (for desktop use only): https://ppubs.uspto.gov/pubwebapp/external.html?q=(11700117)&db=USPAT&type=ids

(Our reports deliver fact-based news of research and discoveries from around the world.)