Search

EP-4492728-B1 - METHOD AND APPARATUS FOR GENERATING CERTIFIED USER DATA

EP4492728B1EP 4492728 B1EP4492728 B1EP 4492728B1EP-4492728-B1

Inventors

  • WILLIAMSON, Christopher Aaron Stanley
  • RYAN, MARK

Dates

Publication Date
20260513
Application Date
20220110

Claims (15)

  1. A computer-implemented method of providing an authenticated certificate by using a first set of data that has been associated with verified user data by an associating entity, wherein the verified user data comprises personal information of a user, the method performed by an issuing entity, the method comprising the steps of: encrypting using a public key of a trustee system the first set of data to form an encrypted first set of data, and wherein the encrypted first set of data forms an indication of the first set of data, creating the authenticated certificate to be modified in the generation of the certified user data, wherein the authenticated certificate comprises a modifiable portion including the indication of the first set of data; and providing the authenticated certificate for the generation of the certified user data, wherein the modifiable portion is modifiable such that, when modified, the authenticated certificate can no longer be associated with the verified user data.
  2. The method of claim 1, wherein the first set of data comprises one or more of a token, a database reference, or a serial number.
  3. The method of one of claims 1 to 2, wherein the modifiable portion of the created authenticated certificate comprises an identifier of the entity creating the authenticated certificate, and optionally, wherein the identifier comprises a signature signed using the entity's private key.
  4. The method of any preceding claim, wherein the modifiable portion comprises a re-randomizable portion.
  5. The method of any preceding claim, wherein the association between the first set of data and verified user data has been stored by the association entity, and optionally wherein the computer-implemented method of providing an authenticated certificate also uses an identifier of the association entity.
  6. The method of any preceding claim, further comprising the step of modifying the modifiable portion of the authenticated certificate to generate the certified user data.
  7. The method of any preceding claim, further comprising the step of storing auxiliary data, wherein the auxiliary data comprises an association between the verified user data and an encrypted version of an indication of the certified user data, and optionally, wherein the encryption to create the encrypted version of an indication of the certified user data occurs using a public key of a trustee system.
  8. The method of any preceding claim, wherein the personal information comprises identifying information, and/or wherein the certified user data comprises a cryptographic key of the user.
  9. A computer-implemented method of enabling the characterization of an unknown user from certified user data, wherein the certified user data has been generated through modification of an authenticated certificate, wherein the certified user data comprises a modified portion created through modification of a modifiable portion of the authenticated certificate, the modified portion and modifiable portion both comprising an encrypted first set of data, wherein the encrypted first set of data was created through encryption of a first set of data using at least one public key of a respective at least one trustee system, the first set of data having been associated with verified user data by an associating entity, the verified user data comprising personal information of the unknown user, wherein the modifiable portion is modifiable such that, when modified, the authenticated certificate can no longer be associated with the verified user data, wherein the certified user data comprises an identifier of the associating entity, and wherein the method is executed by the at least one trustee system, the method comprising the steps of: receiving, from a requestor, a request comprising the certified user data or an indication of the certified user data, wherein the indication of the certified user data allows the certified user data to be retrieved by the at least one trustee system; if the request comprises the indication of the certified user data, obtaining the certified user data based on the indication of the certified user data, decrypting the encrypted first set of data of the modified portion comprised in the certified user data, to provide the first set of data; and providing, to the requestor, the first set of data associated with the verified user data to enable the characterization of the unknown user.
  10. A computer-implemented method of characterizing an unknown user from certified user data, wherein the certified user data has been generated through modification of an authenticated certificate, wherein the certified user data comprises a modified portion created through modification of a modifiable portion of the authenticated certificate, the modified portion and modifiable portion both comprising an encrypted first set of data, wherein the encrypted first set of data was created through encryption of a first set of data using at least one public key of a respective at least one trustee system, , the first set of data having been associated with verified user data by an associating entity, the verified user data comprising personal information of the unknown user, wherein the modifiable portion is modifiable such that, when modified, the authenticate certificate can no longer be associated with the verified user data, wherein the certified user data comprises an identifier of the associating entity, the method performed by an entity desiring to characterize the unknown user, the method comprising the steps of: providing, to the at least one trustee system, the certified user data or an indication of the certified user data, wherein the indication of the certified user data allows the certified user data to be retrieved by the at least one trustee system; receiving, from the at least one trustee systems, the first set of data; providing, to the associating entity, the first set of data; and receiving, from the associating entity, verified user data comprising personal information of the unknown user.
  11. The method of claim 10, wherein the identifier of the associating entity comprises one or more of: a signature signed using the associating entity's private key, and optionally, wherein the signature is comprised within the modified portion; and a public key of the associating entity comprised within the authenticated certificate, and optionally, wherein the public key is comprised within an unmodified portion of the authenticated certificate.
  12. The method of any one of claims 10 to 11, wherein the modified portion is a re-randomized portion and wherein the modification is a re-randomization.
  13. A computer program product comprising instructions that, when executed, cause one or more processor(s) to perform the method of one of claims 1 to 12.
  14. A computer-readable medium comprising instructions that, when executed, cause one or more processor(s) to perform the method of one of claims 1 to 12.
  15. A processor configured to execute the method of one of claims 1 to 12.

Description

Technical Field The present invention lies generally in the technical field of information security. In particular, the present invention concerns a method of generating certified user data that cannot be associated with a specific user without the cooperation of a trustee system. Background Many people have one or more digital identities in addition to their official/legal identity, and many digital platforms require only a digital identity, which may be unique to the platform, for a person to operate on that platform. In many contexts, the digital identity is a customer account or 'log-in' that enables interaction with a digital platform. In some scenarios, for example obtaining a licence to drive a motor vehicle or to interact with a tax authority, there exists a need to ensure that a person's official identity, or at least a person's personal information, is verified prior to allocating a digital identity. For example, a digital ID to access a government platform is only provided after proof of ID. In some other scenarios, interacting with a second entity may rely on a previous verification that has been undertaken by a first entity, for example, a bank implicitly relies on the previous verification of a person's official identity when that person produces a passport to prove their ID when opening an account. In these scenarios, the first entity (e.g. a government authority) might collude with the second entity (e.g. a bank) to track a user's actions on the digital platform of the second entity. The use of digital identities without verification of the underlying official identities and personal information can give rise to socially or legally unacceptable pseudonymity. For example, trolling, deliberate misinformation, and abusive commentary in online media may be exercised without ultimate accountability because the responsible individual cannot be identified. Alternatively, without verification, an identity may be 'spoofed', leading to potentially fraudulent activity. In many scenarios, for example obtaining a licence to drive a motor vehicle or to interact with a tax authority, it has long been agreed that there exists a need to ensure that a person's official identity is verified prior to allocating a digital identity. Increasingly many digital platforms are realising that the need for a verified identity, or at least some verified personal information, applies to their services as well, either to remain in compliance with regulations or to improve user experiences. However, there is an important privacy consequence of verifying an individual's official identity and/or personal information. If the process of verifying, certifying, and storing official identities or personal information exposes or stores the link between a pseudonym and that official identity or personal information, then the privacy veil of such pseudonymisation is compromised or is susceptible to misuse because the verifying/certifying entity has knowledge of the link between the digital and official identities/personal information. Moreover, such a repository of links is a natural target to attack by a malicious entity such as a hacker, and if compromised, the links between pseudonyms and corresponding official identities/personal information may be obtained. In view of this, there exists a need for a secure method of providing the benefits of identity verification while preserving the privacy properties of pseudonyms in a manner that avoids increased risk of underlying leakage of personal and identifying information into the digital domain. PETIT JONATHAN ET AL: "Pseudonym Schemes in Vehicular Networks: A Survey", IEEE COMMUNICATIONS SURVEYS & TUTORIALS, vol. 17, no. 1 , pages 228-255, XP011576292 discloses a pseudonym certificate scheme for vehicular systems. PARK H PARK Y WON J LEE KISA S KENT BBN TECHNOLOGIES S: "Traceable Anonymous Certificate; rfc5636.txt", August 2009, XP015065657 discloses a mechanism to generate traceable certificates. Summary of the invention The present invention is directed to subject-matter as disclosed by the appended claims. Brief description of the figures Figure 1 is a block diagram of the architecture of a system capable of executing a method of providing an authenticated certificate to be modified in the generation of certified user data.Figure 2 is a block diagram of the certified user data that may be produced by the system of Figure 1.Figure 3 is a flow diagram of a method of providing an authenticated certificate to be modified in the generation of certified user data, and of the modification of that authenticated certificate.Figure 4 is a block diagram of the architecture of a system of characterizing an unknown user from certified user data and of enabling the characterization of that unknown user. Detailed description The following detailed disclosure outlines the features of specific embodiments of the present invention. In addition, some (but by no means all) variants of the specific em