US 2015/0356523 A1 - Decentralized Identity Verification Systems And Methods - The Lens

Decentralized Identity Verification Systems And Methods

Published: Dec 10, 2015
Earliest Priority: Jun 07 2014
Family: 1
Cited Works: 0
Cited by: 63
Cites: 13
Additional Info: Full text

Abstract

The present invention involves systems and methods that allow participants in cryptocurrency networks to exchange cryptocurrency for traditional currency legally and safely without requiring the use of a traditional exchange or online brokerage as a fiduciary. The invention accomplishes this through the use of a decentralized identity verification protocol that allows a service provider to verify the identity of a participant and then publish an identity signature on the participant's cryptocurrency address or addresses. The invention enables full compliance with Country specific customer identification program and anti-money laundering requirements, and maintains the ability to independently satisfy requests for information or data retention requirements if requested by legally authorized parties, but does not require that the participant store the private keys or access controls to their cryptocurrency on an exchange or brokerage service. The invention serves to verify a participant's identity in full compliance with US Bank Secrecy and Patriot Act provisions or similar regulations where identification may be achieved through non-documentary or documentary identity verification procedures. After passing the applicable verification procedure, the service provider stamps the participant's cryptocurrency address with a transaction containing an identity signature. This identity signature within the transaction consists of a public indicator of the participant's Country and subdivision, a compliance level code, an ID type indicator, and an identity hash. The identity hash is created from the digests of cryptographic hash functions where the participant's personal information is used as an input. The service provider signs the transaction with their authorized private key that corresponds to their publicly accessible public key. This serves as a publicly verifiable confirmation that the identity associated with the address in question was validated by the service provider authorized to act on behalf of the regulatory authority. The participant may then purchase and sell cryptographic currency from and to a third party exchange or brokerage service legally and safely when using their verified cryptocurrency address. This is because the third party is able to confirm compliance by openly referencing and verifying the identity verification transaction present on the address. Subsequent transactions where the third party sells or purchases cryptocurrency for the verified participant are similarly stamped with a transaction conforming to the identity verification protocol. This allows the third party interacting with the verified participant's address to observe any regulations limiting the amount or frequency of transactions over a variable period of time. It follows that this address could be used with any third party or participant in the cryptocurrency network that observes the decentralized identity verification protocol, all without requiring the third party or participant to collect and verify personal information redundantly. The ability to verify an identity remotely also eliminates the need for the third party to act as a fiduciary holding the private keys or access controls to the verified address. Lawful requests for information by authorized authorities are served to the service provider as digitally signed transactions that may then be linked to the participant's identity and transactions, allowing the protocol to observe subpoenas or similar lawful requests for information. The encrypted personal information may be held in escrow by the service provider indexed to the verified cryptocurrency address for such purposes. An alternate embodiment would store the encrypted personal information in a decentralized network of other participants, with the information accessible for retrieval using the public key of the verified cryptocurrency address and decryption using the corresponding private key, decentralizing the process entirely except for the identity verification step.

Claims

A method for uniquely identifying an individual comprising:
providing personal information for an individual;

using an element or plurality of elements of provided personal information as an input to a cryptographic hash function or a plurality of cryptographic hash functions;

identifying standard identification numbers at a subdivision, national, and international level;

using the digest of the cryptographic hash function or plurality of cryptographic hash functions to create an identity hash, where this hash uniquely identifies an individual within a subdivision, nation, or globally if a standard identification number is used as an input, while leaving the identity hash cryptographically impractical to reverse and the individual's provided personal information secure;

associating public geographic identifiers with the identity hash that reveal the subdivision and Country associated with the identity hash;

associating a compliance level code with an identity hash that reveals the level of verification associated with any documentary or non-documentary identity verification procedure, and if a standard identification number was used and the identity hash is unique to a subdivision, nation, or is globally unique;

associating an ID type indicator with the identity hash that reveals the type of identification that was used alone or with a plurality of other elements, salt, and other data to create the identity hash, also indicating if a standard identification number was used and the identity hash is unique to a subdivision, nation, or is globally unique;

associating other identifying data or metadata to the identity hash;

creating an identity signature for an individual comprising: the identity hash, or a concatenation of the identity hash and any or all of the geographic indicator, compliance level code, ID type indicator, or other identifying data or metadata;

associating the identity signature with a cryptocurrency address or plurality of cryptocurrency addresses by sending a digitally signed transaction to the address or plurality of addresses, or by digitally signing a transaction sent from the address or plurality of addresses where the transaction contains the identity signature and the digital signature is provided by an authorized service provider who created the identity signature and optionally the documentary or non-documentary identity verification procedure directly, through a lawful agency, or through the use of an authorized vendor.
The method of claim 1, further applying a non-documentary or documentary identity verification procedure to provided personal information in order to suitably validate the identity of the individual if required by governing regulation.
The method of claim 1, using random or non-random data to be used as salt with an element or plurality of elements of provided personal information before entering information into a cryptographic hash function or plurality of cryptographic hash functions.
The method of claim 1, including provided or other data such as a passphrase, biometric identifiers, financial, or contact information with an element or plurality of elements of provided personal information before entering information into a cryptographic hash function or plurality of cryptographic hash functions.
The method of claim 1, automating settlement of any fees associated with the method for uniquely identifying an individual by including fees in the transaction or plurality of transactions containing the identity signature so as to compensate the ID verification service provider for the ID verification service, potentially as an output within a transaction or plurality of transactions depending on the underlying cryptocurrency protocol.
The method of claim 1, associating the identity signature with a stealth or routing cryptocurrency address or plurality of stealth or routing cryptocurrency addresses by sending a digitally signed transaction to the stealth or routing address or plurality of stealth or routing addresses, or by digitally signing a transaction sent from the stealth or routing address or plurality of stealth or routing addresses where the transaction contains the identity signature and the digital signature is provided by an authorized service provider who created the identity signature and optionally the documentary or non-documentary identity verification procedure directly, through a lawful agency, or through the use of an authorized vendor.
The method of claim 6, allowing regulations limiting the count or aggregate amount of transactions associated with a stealth or routing cryptocurrency address or Plurality of stealth or routing cryptocurrency addresses by sending a transaction or plurality of transactions to the stealth or routing cryptocurrency address or plurality of stealth or routing cryptocurrency addresses containing an identity signature along with count and amount metadata from private addresses derived from the stealth or routing cryptocurrency address or plurality of stealth or routing cryptocurrency addresses, leaving the participant's transaction history private through child addresses, while allowing compliant transactions going forward by referencing the count and amount metadata visible on the stealth or master address publicly.
A method for revoking an identification event comprising:
regenerating a the identity signature using a portion of the steps outlined in claim 1 and or methods of claim 1 or copying the identity signature directly;

replacing the existing compliance level code in the identity signature with a revocation code; or, if a compliance level code was not present in the identity signature, by concatenating a revocation code to the identity signature and thereby creating a revocation signature;

associating the revocation signature with the cryptocurrency address or plurality of cryptocurrency addresses previously associated with an identity signature by sending a digitally signed transaction to the address or plurality of addresses containing the revocation signature, or by digitally signing a transaction sent from the address or plurality of addresses containing the revocation signature where the digital signature is provided by an authorized service provider, through a lawful agency, or through the use of an authorized vendor.
The method of claim 8 automating settlement of any fees associated with the revocation event by including fees in the transaction or plurality of transactions containing the revocation signature so as to compensate the ID verification service provider for the revocation event, potentially as an output within a transaction or plurality of transactions depending on the underlying cryptocurrency protocol.
A method for validating the association of an identity with a cryptocurrency address or plurality of addresses comprising:
scanning for a transaction or plurality of transactions present on a cryptocurrency address or plurality of cryptocurrency addresses containing an identity signature;

verifying a transaction containing an identity signature is valid by comparing the digital signature of the service provider to the public key of the service provider and ensuring the difference between the timestamp of the transaction and the present time does not exceed any defined expiry period;

scanning for a transaction or plurality of transactions present on a cryptocurrency address or plurality of cryptocurrency addresses containing a revocation signature with a timestamp later than any transactions containing a corresponding identity signature;

verifying a transaction or plurality of transactions containing a revocation signature invalidates the identity verification of a previously verified cryptocurrency address or plurality of addresses by comparing the digital signature of the service provider to the public key of the service provider and confirming the timestamp associated with the revocation signature or plurality of revocation signatures is later than the timestamp associated with the identity signature or plurality of identity signatures.
A method of claim 10 for authorizing or denying a transaction or plurality of transactions with a verified cryptocurrency address or plurality of addresses comprising:
scanning for a transaction or plurality of transactions present on a verified cryptocurrency address or plurality of verified cryptocurrency addresses for subsequent transactions containing a matching identity signature;

counting the number of such transactions, or amount of principal in such transactions over variable periods of time;

denying, authorizing, or requiring additional levels of identity verification or information disclosure based on these amounts or counts if required by regulation.
A method of claim 10 for authorizing or denying a transaction or plurality of transactions with a verified cryptocurrency address or plurality of verified cryptocurrency addresses comprising:
scanning for the identity signature present on a transaction or plurality of transactions on a verified cryptocurrency address or plurality of addresses;

scanning for a geographic indicator, ID type indicator, or compliance level code within the identity signature;

authorizing, denying, or requiring additional levels of identity verification or information disclosure based on the Country and subdivision, compliance level code, or ID type indicator associated with the verified cryptocurrency address or plurality of verified cryptocurrency addresses.
A method for associating a verified cryptocurrency address or plurality of addresses containing an identity verification transaction and identity signature or plurality of such transactions and signatures with an encrypted personal information profile.
A method of claim 13 where an encrypted personal information profile is stored in a locally hosted or cloud hosted database.
A method of claim 13 where an encrypted personal information profile is stored in a stored on a decentralized encrypted network.
A method of claim 13 where a participant may read or modify the encrypted personal information by producing the access controls and or corresponding private keys for the verified cryptocurrency address or plurality of addresses if allowed by applicable regulation.
A method of claims 15 and 16 where a participant may retrieve their encrypted personal information by requesting it from a decentralized network using their identity signature, cryptocurrency address, or corresponding public key with a digital signature generated using the private key to their cryptocurrency address, and decrypting this information with their private key.
A method of claim 13 where a lawful entity may access encrypted personal information by producing a valid private key or access controls, or by serving a lawful order to the service provider.
A method of claims 1, 8, 10 and 13 where an application of these methods for any purpose requiring the identification of an individual in a decentralized system, especially applications satisfying regulation requiring individual identification and data retention as a requisite for performing financial activities.