101 results about "Digital credential" patented technology

This invention provides a mechanism for performing secure configuration and data changes between a PSD and a hardware security module (HSM) using a communications pipe established between said PSD and said HSM. The data changes and configuration changes include but are not limited to installing, updating, replacing, deleting digital certificates, cryptographic keys, applets, other digital credentials, attributes of installed objects, or other stored proprietary information.

A digital voucher system facilitates the convenient application of vouchers against products and services purchased from a merchant by a consumer. A voucher enabled device carried by the consumer stores digital vouchers in memory. When the merchant detects a voucher enabled device nearby, the merchant queries and obtains applicable vouchers for the consumer from the voucher enabled device carried by the consumer, applies the vouchers to a transaction, and communicates the resulting transaction data back to the voucher enabled device.

A computer system and associated methods for verifying user identities online. Identity claims made by a requestor of an online access and/or a trusted transaction may be verified by associating digital credentials to verified personal identification information (PII) retrieved from real world events. PII item(s) may be retrieved from third-party verified identity information sources. Verified personal attributes related to PII items may be identified and correlated with the requestor's digital credentials, and stored to a verified identity record. Additional digital credentials for the same requestor may be similarly identified, correlated, and stored to the verified identity record. A subsequent transaction request by a person claiming the requestor's identity may be compared with the verified identity record. An identity match indicator and/or a match confidence score may be created and used to determine the risk that the identity claim by the person requesting the transaction is false.

A system for creating an identity mapping on a distributed ledger includes an interface and a processor. The interface is configured to receive a request to create an identity mapping on a distributed ledger. The processor is configured to generate an identity key pair; generate a mobile encryption key; encrypt a private identity key of the identity key pair using the mobile encryption key to create an encrypted private key; store the encrypted private key; create a mapping document; sign the mapping document with the private identity key of the identity key pair; and provide the signed mapping document to be stored in a distributed ledger.

A system and method for securing software applications installed on a computer network is disclosed. An authorized user is provided a digital credential and loads a secure access client onto a computerized device that can be connected to the network. The secure access client communicates with a secure access server within the network to authenticate the user and determine which applications the user is allowed to access. When the user sends a communication intended for a secured application, the secure access client intercepts the communication and uses cryptographic keys from the digital credential to encrypt and digitally sign the communication. The secure access server has access to cryptographic keys corresponding to those on the digital credential and is able to decrypt the communication and verify the digital credential. The decrypted message is then sent to an application server hosting the secured application.

Systems and methods for decentralized distribution of verifiable information, such as financial information, without requiring resort to centralized information system at the time of a query or other request for information. A decentralized method includes the steps of creating a digital wallet, issuing/receiving an issued verifiable digital credential signed by a credential issuer acting as a trust anchor for a claim contained in the verifiable digital credential, storing the verifiable digital credential within the digital wallet, receiving a request for verified information, and providing the verifiable digital credential, including the claim, from the digital wallet. The verification of information may occur as a zero-knowledge proof such that a required standard is verified as satisfied without disclosing more information about a consumer or other user than is absolutely necessary.

Providing virtualized credentials of a holder includes authorizing a subset of credential data to be sent to a device of a relying party that is different from the holder, where the subset of credential data depends on a role of the relying party, selection by the holder, and/or contextual data of the relying party and includes displaying the subset of credential data on a screen of the device of the relying party. The contextual data may be a privacy level setting, distance between the relying party and the holder, and/or geolocation of the relying party. The role of the relying party may be provided by the relying party. Role information provided by the relying party may be provided in a verifiable format. The role information may be digitally signed or securely derived and determined by a mutual authentication algorithm between the relying party and the holder.

A method for performing electronic transactions, comprising receiving a long-term certificate, authenticating a user associated with the long-term certificate, and then sending a short-term certificate to the authenticated user. In addition, risk associated with the user can be evaluated, and this risk information, as well as other information, can be included in the short-term certificate.

A system for credential authentication includes an interface and a processor. The interface is configured to receive a request from an application for authorization to access. Access to the application is requested by a user using a user device. The processor is configured to provide an authentication request to the user device, receive a device credential, wherein the device credential is backed by data stored in a distributed ledger, determine a user identifier and an authentication device associated with the user based at least in part on the device credential, provide a proof request to the authentication device, receive a proof response, determine that the proof response is valid, generate a token, and provide the token to the application authorizing access for the user.

A status arbiter includes a first input operative to receive at least one of a server public key and an agent public key. A second input is operative to receive a secure confirmation signal, where the secure confirmation signal may include an encrypted signal indicating of the state of an underlying device. An authenticating means for determining the state of the underlying device is coupled to the private key input, which provides for the release of digital credentials indicating that the underlying device is secure. A secure device operating method includes receiving an authentication request. Next, providing a device credential in response to the authentication request, where the device credential is provided in response to a secure confirmation signal indicating that the underlying device is authorized to perform the authentication request.

In accordance with the present invention, there is given methods, systems and apparatus for revoking a derived credential formed from an initial credential and an indication value within a network. An example method comprises the steps of: updating an accumulator value based on a plurality of user credential keys where each user credential key is associated with a user device entitled to the derived credential; providing public information that comprises a public key for verifying the initial credential and the accumulator value; an entity receiving from a user device derived-credential information comprising an initial-credential information and an indication-value information indicating that the user credential key is inherently included in the accumulator value, and request information; and, processing the request information in response to verifying by the entity that the initial-credential information and the indication-value information are valid.

Techniques described herein relate to generating and managing digital credentials using a digital credential platform in communication with various digital credential template owners and digital credential issuers. In some embodiments, a digital credential platform server may receive and coordinate requests and responses between the digital credential template owners and a set of digital credential issuers, to determine which digital credential issuers are authorized to issue digital credential based on which digital credential templates. The digital credential platform server may provide the authorized issuers with access to particular digital credential templates and the functionality to issue digital credentials to users based on any of the particular digital credential templates. Additional techniques described herein relate to tracking, analyzing, and reporting data metrics for issued digital credentials.

This invention discloses a digital credentials method based on notarization information. A notarization program of notarization organization is led to an electric identification certification so as to provide the public credibility certification of user true identification and credentials. The binding technical of using notarization mark technology and the credibility information of user related identification is used for forming the digital credentials used by the user identification certification and guaranteeing the integrity. Compared with the currently adopted CA certification organization mode under PKI system, this invention effectively conquers the drawbacks that the nonstandard technical standard, low authority of certification and fairness caused by the current PKI system, and the low commonality caused by remarkable region and professional, and has remarkable advantages of saving large amount of cost of creating the CA certification organization. And this invention can be immediately performed. This invention can be widely applied to the business windows, such as the electronic business, the electronic government affairs, the administration, the bank, the Telecommunications, the insurance, and can be applied to the user identification certification under the system of real name of fields of each special business system, hotel, traffic, customs and so on.

The invention relates to the technical field of block chains, in particular to a commodity circulation method and device based on commodity digital certificates, and the method comprises the steps: receiving commodity order information sent by a first user, wherein the commodity order information comprises the type and number information of target commodity digital certificates needing to be purchased by the first user; determining a second user corresponding to the first user based on the commodity order information, the second user being a supplier of the first user; after it is determined that the first user completes payment, the preset number of target commodity digital certificates belonging to the second user are sent to the first user, wherein the preset number of target commoditydigital certificates can be sold to a third user or used for picking up commodities from a manufacturer who issues the target commodity digital certificates. By adopting the scheme, the commodity circulation efficiency is improved, and the logistics cost is reduced.

Systems and methods which provide the ability for users to track the lifecycle and conditional rules associated with credentials, which can include digitally verified third-party assertions of identity, education, licensing, work history, provenance, authenticity, outcomes, ingredients, etc. through a network of certified primary source or primary source equivalent issuers of credentials. Verifiable data registry technology can be used to provide access to information associated with the credentials, such as validity and schemas. Credential presentation and subscription processes are also utilized. Ecosystem communication and management functions can be executed through various agent instances associated with the actors, including administrators. Rating systems and fee transactions are also managed.

Techniques described herein relate to receiving multiple sources of verified data associated with a digital credential receiver, and mapping the digital credential receiver to one or more data field data objects based on analyses of the verified data. In some embodiments, a digital credential platform server may analyze the various data sources associated with the digital credential receiver, in order to determine and calculate correlation scores between the digital credential receiver and various field data objects. A combination of analyses and/or comparisons may be used between the credential receiver data and the corresponding retrieved from field data objects, such as the digital credential objects earned by the credential receiver, the credential receiver's verified evaluation records, and/or the career phase of the digital credential receiver.