Search

KR-102960629-B1 - Credential verification and issuance through credential service providers

KR102960629B1KR 102960629 B1KR102960629 B1KR 102960629B1KR-102960629-B1

Abstract

A method, system, device, and computer-readable medium are provided for storing processor-executable process steps for verifying a requested credential of a credential owner and/or issuing a new credential through one or more credential service providers. A method for verifying and issuing a credential includes the steps of providing a shared credential token and a service endpoint to a requesting device of a credential owner upon request by a first credential management system of a first credential service provider; receiving a shared credential token and a service endpoint from a verifier's verification device through a requesting device by a second credential management system of a second credential service provider; transmitting a credential request to the first credential management system based on the service endpoint by the second credential management system; generating a credential based on the credential request by the first credential management system; and verifying the credential based on credential encryption information retrieved from a distributed ledger by the second credential management system.

Inventors

  • 리 치아신
  • 우 링

Assignees

  • 티비씨에이소프트, 인코포레이티드

Dates

Publication Date
20260507
Application Date
20200226

Claims (20)

  1. As a method for verifying the requested credentials of the credential owner, (a) a step of providing a sharing credential token and a service endpoint to the requesting device of the credential owner by the first credential management system of the first credential service provider upon request, and (b) receiving the shared credential token and the service endpoint from the validator's verification device through the credential owner's request device by the second credential management system of the second credential service provider, and (c) a step of transmitting a proof request to the first credential management system of the first credential service provider based on the service endpoint by the second credential management system of the second credential service provider, and (d) a step of generating a certificate based on the certificate request by the first credential management system of the first credential service provider, and (e) a step of verifying the proof based on credential encryption information retrieved from a distributed ledger by the second credential management system of the second credential service provider. Credential verification method.
  2. In paragraph 1, The above step (a) further includes the step of authenticating the request device of the credential owner based on the ID of the request device by the first credential service provider. Credential verification method.
  3. In paragraph 2, The above request device is a mobile phone, and the above ID is an International Mobile Equipment Identity. Credential verification method.
  4. In paragraph 1, The above request includes a verification requirement document originating from the above verifier. Credential verification method.
  5. In paragraph 4, The above verification requirements document includes one or more attributes and one or more credentials to which each of the said attributes can be selected. Credential verification method.
  6. In paragraph 1, The above request includes a credential request identification, and the first credential management system obtains from a database or distributed ledger one or more corresponding attributes and one or more credentials, each of which can be selected based on the credential request identification. Credential verification method.
  7. In paragraph 6, The above credential request identification includes a verification requirement document ID. Credential verification method.
  8. In paragraph 1, Step (c) includes the step of transmitting the certification request and verification requirement document ID to the first credential management system of the first credential service provider based on the service endpoint by the second credential management system of the second credential service provider. Credential verification method.
  9. In paragraph 1, The above verification request includes a shared credential token Credential verification method.
  10. In Paragraph 9, The above shared credential token includes a globally unique identifier generated based on a timestamp. Credential verification method.
  11. In paragraph 1, The first credential management system above provides the shared credential token and the service endpoint in QR code format. Credential verification method.
  12. In paragraph 1, The above step (d) is, (d1) A step of authenticating the above shared credential token, and, (d2) A step of selecting one or more attributes from each of one or more credentials based on a verification requirement document, and (d3) a step of generating a proof by the first credential management system of the credential service provider by generating a revealed or predicate attribute for each selected attribute using a zero knowledge proof algorithm. Credential verification method.
  13. In paragraph 1, The above proof includes factual data of the attribute or predicates of the said attribute based on the verification requirements document. Credential verification method.
  14. In paragraph 1, The above credential encryption information includes a credential schema, a credential definition, the credential owner's public key, and the issuer's public key. Credential verification method.
  15. In paragraph 1, The above-mentioned first credential service provider and the above-mentioned second credential service provider are telecommunications business operators. Credential verification method.
  16. In paragraph 1, The above-mentioned first credential service provider is identical to the above-mentioned second credential service provider. Credential verification method.
  17. In Paragraph 16, The above-mentioned first credential management system is identical to the above-mentioned second credential management system Credential verification method.
  18. In paragraph 1, (f) a step of receiving a credential offer from the second credential management system by the first credential management system, and (g) a step of generating a credential request based on the credential proposal by the first credential management system, and (h) further comprising the step of generating a new credential based on a credential request received from the first credential management system by the second credential management system. Credential verification method.
  19. In Paragraph 18, (i) further comprising the step of the first credential management system or the requesting device receiving and storing the new credential. Credential verification method.
  20. In Paragraph 18, In step (g), the credential request is generated by signing the credential proposal with the credential owner's private key. Credential verification method.

Description

Credential verification and issuance through credential service providers The present invention relates to credential verification and/or issuance, and more specifically, to credential verification and/or issuance through one or more credential service providers. When verifying or issuing credentials, the credential holder must present at least one conventional credential, taking one of the forms such as paper, plastic cards, magnetic stripe cards, or chip cards, to a person (verifier/issuer) or their device/mechanism to verify whether the credential is genuine and contains the information necessary for verification or issuance. From the credential holder's perspective, in addition to physical forms that result in unsatisfactory portability and are prone to loss and theft, conventional credentials also have the following disadvantages, as illustrated in the examples below. First, taking the National ID card as an example, implementations to verify resident registration can typically be carried out using paper or plastic ID cards, or in more advanced cases, smart ID cards (chip cards or IC cards). In either case, the fundamental technical limitation is the need for a centralized national ID database that stores the nation's citizen information and is usually built over decades using outdated database technologies. Therefore, when a verifier, such as a police officer, requests identity verification, the citizen holding the ID card can present the card to the officer. Upon receiving the ID, the officer checks the photo on the card and then calls the police station to verify the ID number, name, address, etc., against a centralized database accessible from the station. In a more advanced scenario, the officer may carry a mobile device that allows them to query the database directly while on the move (after card authentication in the case of smart cards) to save time. This approach has disadvantages, such as the high cost of building and maintaining the verification infrastructure, the fact that the database is generally inaccessible to the general public due to privacy concerns, the requirement for validators to access a central server to verify identities, and the interruption of verification if the centralized site goes down. Secondly, taking company/building access badges as another example, verification can typically be implemented by issuing a QR code in advance and having it registered later at the reception desk. In this case, a company employee sends an invitation link to a visitor before they visit the company. The visitor registers the invitation in the company system, prints the QR code from the link, and then visits the invited building. Upon arrival, a receptionist scans the QR code to verify it in the company's registration database. If the QR code is valid, the visitor is granted access to the building. However, this approach has drawbacks: the link email could be spoofed, the QR code could be printed by unauthorized individuals, or the printed QR code could be stolen or scanned by someone else to gain access. This makes the approach unstable and vulnerable to man-in-the-middle attacks. As an alternative, visitors can simply visit the reception desk in person and present their identification without prior registration. Either the visitor or the receptionist can enter the ID information into a console. The receptionist then verifies the visitor's ID and information and issues the badge. This approach is inefficient and has the disadvantage that visitors must register at the reception desk upon arrival. Additionally, the IDs used in the verification process can be forged, making it difficult to verify the authenticity of the ID. To address the aforementioned drawbacks arising from existing credentials used for verification and issuance, digital credentials appear to be one of the solutions and a future trend. This disclosure describes a method for providing credential services for digital credentials in a more reliable and secure manner. Consequently, this disclosure describes a distributed system infrastructure and credential services across various credential service providers (e.g., various telecommunications operators worldwide) that ensure credential management services do not rely solely on a centralized credential service provider. The present disclosure relates to one or more methods, systems, devices, and computer-readable media storing processor-executable process steps for verifying a requested credential of a credential owner and/or issuing a new credential through one or more credential service providers. The method comprises: (a) providing a shared credential token and a service endpoint to a requesting device of a credential owner upon request by a first credential management system of a first credential service provider; (b) receiving a shared credential token and a service endpoint from a verifier's verification device through a requesting device by a second credential management s