Search

US-12619692-B2 - Personal digital identity management system and method

US12619692B2US 12619692 B2US12619692 B2US 12619692B2US-12619692-B2

Abstract

The present disclosure provides a personal identity management system and method. The method includes a client and a service end. The client uses a user-specified keyword to perform hierarchical management on keys, and the service end accepts the digital identity information from the client and performs digital signature and further displays the information in public. In the method of the present disclosure, available digital identities can be generated securely and quickly with an unlimited quantity, such that the user can perform switching between multiple digital identities so as to achieve the effect of combating the tracking for the digital identities and protecting the user privacy better. Furthermore, in a scenario where identity verification and access control are required, verification can be completed by providing public key and signature.

Inventors

  • Xinyu SHI

Assignees

  • Xinyu SHI

Dates

Publication Date
20260505
Application Date
20220513
Priority Date
20210517

Claims (17)

  1. 1 . A method for managing a digital identity, executed by a first client device, comprising: generating a plurality of digital identities for a user based on a plurality of keys, wherein each digital identity of the plurality of digital identities is generated based on a corresponding key among the plurality of keys, wherein generating the plurality of digital identities comprises, for each digital identity of the plurality of digital identities: determining the corresponding key from the plurality of keys; and generating the digital identity based on the corresponding key, wherein the digital identity comprises identity information, the identity information comprising at least a public key, wherein the corresponding key serves as a private key paired with the public key, and wherein generating the digital identity based on the corresponding key comprises: receiving an inputted first keyword, and invoking a first script which generates the identity information based on the inputted first keyword; and communicating with a server or a second client device by using a target digital identity to represent the user, wherein the target digital identity is capable of being switched among the plurality of digital identities.
  2. 2 . The method according to claim 1 , wherein the plurality of keys are grouped into at least two levels, wherein among the at least two levels, each key in a level other than a highest level is subordinate to a parent key in a directly previous level, and wherein the method further comprises: for each key in the level other than the highest level among the at least two levels, generating said key based on the parent key and a salt; and for each key in the highest level, generating said key based on a random number.
  3. 3 . The method according to claim 2 , wherein the salt comprises another random number, one or more second keywords, and time information.
  4. 4 . The method according to claim 3 , wherein for each key in a level other than the highest level and a second highest level among the at least two levels, the salt further comprises each second keyword in the salt for generating the parent key.
  5. 5 . The method according to claim 1 , wherein the identity information further comprises at least one of: a name of the digital identity, an additional signature, an index of the digital identity, a name of a platform, and one or both of an account and a password of the account for the platform.
  6. 6 . The method according to claim 1 , wherein generating the digital identity based on the corresponding key further comprises: receiving information of a platform; and invoking the first script which generates the identity information based on the inputted first keyword, wherein invoking the first script comprises: determining whether the first script comprises a second keyword representing the platform; and invoking the first script in response to the first script comprising the second keyword representing the platform.
  7. 7 . The method according to claim 6 , wherein generating the digital identity based on the corresponding key further comprises: in response to the first script not comprising the second keyword representing the platform, invoking a second script which generates the identity information based on the inputted first keyword, wherein the second script comprises the second keyword representing the platform or is specified by the user.
  8. 8 . The method according to claim 1 , wherein determining the corresponding key from the plurality of keys comprises: displaying the plurality of keys; receiving an operation of the user for selecting the corresponding key; and determining the corresponding key according to the operation.
  9. 9 . The method according to claim 1 , wherein the method further comprises: receiving a digital signature of the second client device; and adding the digital signature into the identity information, wherein the digital signature is generated by the second client device based on a private key of the second client device.
  10. 10 . The method according to claim 1 , wherein communicating with the server or the second client device by using the target digital identity to represent the user comprises: transmitting the identity information of the target digital identity to the server, to enable the server to assign an index for the target digital identity; and receiving the index from the server.
  11. 11 . The method according to claim 10 , wherein the index is configured to enable the first client device or another client device to request at least the public key of the identity information of the target digital identity from the server.
  12. 12 . The method according to claim 1 , wherein communicating with the server or the second client device by using the target digital identity to represent the user comprises: transmitting the identity information of the target digital identity to the server to enable the server to generate a digital signature for the target digital identity based on a private key of the server, wherein the digital signature is configured to prove that the server has verified the target digital identity.
  13. 13 . The method according to claim 1 , wherein communicating with the server or the second client device by using the target digital identity to represent the user comprises: generating a digital signature by using the corresponding key of the target digital identity; transmitting the digital signature to the second client device; and transmitting at least the identity information of the target digital identity to the server to enable the second client device to verify the digital signature by using the public key, which is requested by the second client device from the server.
  14. 14 . The method according to claim 1 , wherein communicating with the server or the second client device by using the target digital identity to represent the user comprises: displaying the plurality of digital identities; receiving an operation of the user for selecting a first digital identity from the plurality of digital identities; and determining the first digital identity to serve as the target digital identity.
  15. 15 . The method according to claim 14 , wherein communicating with the server or the second client device by using the target digital identity to represent the user comprises: receiving another operation of the user for selecting a second digital identity when the first digital identity serves as the target digital identity; and determining the second digital identity to serve as the target digital identity.
  16. 16 . An apparatus for managing a digital identity, comprising: a memory storing computer-readable instructions; and a processor, wherein the computer-readable instructions, when executed by the processor, configure a first client device to: generate a plurality of digital identities for a user based on a plurality of keys, wherein each digital identity of the plurality of digital identities is generated based on a corresponding key among the plurality of keys, wherein generating the plurality of digital identities comprises, for each digital identity of the plurality of digital identities: determining the corresponding key from the plurality of keys; and generating the digital identity based on the corresponding key, wherein the digital identity comprises identity information, the identity information comprising at least a public key, wherein the corresponding key serves as a private key paired with the public key, and wherein generating the digital identity based on the corresponding key comprises: receiving an inputted first keyword, and invoking a first script which generates the identity information based on the inputted first keyword; and communicate with a server or a second client device by using a target digital identity to represent the user, wherein the target digital identity is capable of being switched among the plurality of digital identities.
  17. 17 . A non-transitory computer-readable storage medium comprising computer-readable instructions, wherein the computer-readable instructions, when executed by a processor, configure a first client device to: generate a plurality of digital identities for a user based on a plurality of keys, wherein each digital identity of the plurality of digital identities is generated based on a corresponding key among the plurality of keys, wherein generating the plurality of digital identities comprises, for each digital identity of the plurality of digital identities: determining the corresponding key from the plurality of keys; and generating a digital identity based on the corresponding key, wherein the digital identity comprises identity information, the identity information comprising at least a public key, wherein the corresponding key serves as a private key paired with the public key, and wherein generating the digital identity based on the corresponding key comprises: receiving an inputted first keyword, and invoking a first script which generates the identity information based on the inputted first keyword; and communicate with a server or a second client device by using a target digital identity to represent the user, wherein the target digital identity is capable of being switched among the plurality of digital identities.

Description

CROSS REFERENCE TO RELATED APPLICATIONS This application claims priority to Chinese Patent Application No. 202110535192.6 entitled “PERSONAL DIGITAL IDENTITY MANAGEMENT SYSTEM AND METHOD” filed on May 17, 2021, the entire content of which is incorporated herein by reference. TECHNICAL FIELD The present disclosure relates to the field of digital identity management and relates to a personal digital identity management system and method, and in particular to a method of actively providing multiple digital identities and preventing tracking and infringement on user privacy. BACKGROUND Password management is a very complex issue. When a large number of passwords need to be managed, it is very difficult to memorize all passwords and also difficult to generate a user name and a sufficiently secure password. On the other hand, the existing password management software cannot provide the capability of actively providing multiple digital identities and performing hierarchical management of the digital identities. Along with massive applications of big data technologies such as user portrait technology and the like, it is a usual thing for those internet giants to infringe on user privacy. Therefore, the users need a method of managing a digital identity and protecting privacy against infringement. SUMMARY The present disclosure provides a personal digital identity management system and method to help users perform management on digital identities, combat privacy infringement, and enable some cryptographic approaches to be available to the users. Some embodiments of the present disclosure provide a personal digital identity management system which includes a client and a service end. The client is capable of running independently and includes a cryptographically-secure random number generator, an information storage apparatus, a digital identity generator, a digital signature generating and verifying apparatus, a network communication apparatus, a hash calculator, a salt generator, and a display apparatus. The client uses a user-specified keyword to perform hierarchical management on keys; a level-1 key is generated by the random number generator; a secondary key including a level-2 key is generated by an upper-level key and a salt through the hash calculator; for the level-2 key, the salt used in a key generation process includes but not limited to a random number, a keyword, and time information: the client uses a user-specified keyword to perform marking and grading on keys; the time information is used to enable the keys to be updated over time; the keywords in the salt used in a further secondary key generation process includes all keywords of the upper-level key and new keywords specified by the user this time; namely, the salt used in the further secondary key generation process includes a random number, all the keywords of the upper-level key, the keywords specified by the user this time, the time information or other known information. A digital identity includes one master key for deriving the digital identity and additional information: the digital identity is generated by the digital identity generator and stored in the information storage apparatus. The additional information of the digital identity includes a name, a public key, an additional signature, an index, and user-defined information, where the user-defined information includes an address, a name of each network platform, a corresponding account, a password and a private key of a digital currency and a payment receiving address; the public key in the additional information is obtained by using the master key as a private key through calculation, and the master key can serve as a private key to execute a cryptographic function; the additional information is generated by the digital identity generator. The cryptographically-secure random number generator is configured to generate a random number with sufficient strength. The information storage apparatus is configured to store all keys, salts, digital identities, and digital identity generation rules, and record a storage time. The hash calculator is configured to, based on the upper-level key and the salt, generate a new lower-level key. The digital signature generating and verifying apparatus is configured to use a private key corresponding to the digital identity to give a digital signature of the information and use a public key to verify the signature. The network communication apparatus is inbuilt with a certificate used by the service end and configured to establish a trustable communication channel with the service end; the user is capable of sending the digital identity to the service end through the network communication apparatus. In some optional embodiments, the digital identity generator is configured to generate a digital identity and user-desired account information. Firstly, the user sets the digital identity generation rule. The digital identity generation rule is a set of an add