Search

US-12619699-B1 - Credential issuing pools in a decentralized network

US12619699B1US 12619699 B1US12619699 B1US 12619699B1US-12619699-B1

Abstract

Technologies are described herein for improvements in the security of verifiable credentials. A method can include requesting, by a first decentralized identifier (DID) associated with a decentralized web node (DWN), a verifiable credential from a second DID, wherein the second DID is included in a pool of DIDs. The method also includes receiving, from the pool of DIDs and by the first DID, the verifiable credential. The method also includes receiving, from a third DID and at the first DID, a request to verify information associated with the first DID. The method also includes determining, at the DWN, that the verifiable credential includes the information requested by the third DID. The method also includes presenting, by the DWN, at least a portion of the verifiable credential to the third DID in response to determining that the verifiable credential includes the information.

Inventors

  • Michael Rihani
  • Alice Chen
  • Daniel Buchner
  • Jonathan Blackwell
  • Moiz Jangda

Assignees

  • BLOCK, INC.

Dates

Publication Date
20260505
Application Date
20240104

Claims (20)

  1. 1 . A computer-implemented method comprising: requesting, by a first decentralized identifier (DID) associated with a decentralized web node (DWN), a verifiable credential from a second DID, wherein the second DID is included in a pool of DIDs; receiving, from the pool of DIDs and by the first DID, the verifiable credential, the verifiable credential indicating the pool of DIDs as an issuer without indicating the second DID, wherein the verifiable credential includes a trustworthiness score that is issued by a governing body and that reflects a trustworthiness associated with the pool of DIDs, wherein the pool of DIDs is associated with a first tier of a plurality of tiers, and wherein the trustworthiness score is inversely proportional to a tier number of a corresponding tier; storing the verifiable credential in the DWN associated with the first DID; receiving, from a third DID and at the first DID, a request to verify information associated with the first DID; determining, at the DWN, that the verifiable credential includes the information associated with the first DID; and presenting, by the DWN, at least a portion of the verifiable credential to the third DID in response to determining that the verifiable credential includes the information.
  2. 2 . The method of claim 1 , wherein the governing body that issued the trustworthiness score is a government agency.
  3. 3 . The method of claim 1 , further comprising: receiving, at the DWN, one or more requests for additional information from the third DID, wherein the one or more requests for additional information are based on the trustworthiness score associated with the pool of DIDs falling below a threshold score value; and providing, by the DWN, responses to the one or more requests to the third DID, wherein access to a service provided by the third DID is granted based on the responses.
  4. 4 . The method of claim 1 , wherein the pool of DIDs is a first pool of DIDs, the trustworthiness score is a first trustworthiness score, a second pool of DIDs is associated with a second trustworthiness score and a second tier of the plurality of tiers, and the second trustworthiness score is lower than the first trustworthiness score.
  5. 5 . The method of claim 4 , further comprising: providing, by the first DID, multiple electronic documents to the second DID to authenticate the first DID; wherein the first DID receives the verifiable credential from the pool of DIDs that is associated with the first tier based on a respective type of the multiple electronic documents or a number of the multiple electronic documents provided to the second DID.
  6. 6 . The method of claim 1 , wherein the trustworthiness score is included in a DID document associated with the second DID.
  7. 7 . The method of claim 1 , wherein the pool of DIDs includes DIDs selected from one or more of geographically disparate locations, DIDs with different sizes, based on different private finance initiatives (PFIs), different types of DIDs, and combinations thereof.
  8. 8 . The method of claim 1 , further comprising: providing, by the first DID, access control rules that describe the portion of the verifiable credential to be presented by the DWN to the third DID.
  9. 9 . A computing device comprising: one or more processing devices; and a computer-readable storage medium coupled to the one or more processing devices and storing instructions that, responsive to execution by the one or more processing devices, cause the one or more processing devices to perform operations including: requesting, by a first decentralized identifier (DID) associated with a decentralized web node (DWN), a verifiable credential from a second DID, wherein the second DID is included in a pool of DIDs; receiving, from the pool of DIDs and by the first DID, the verifiable credential, the verifiable credential indicating the pool of DIDs as an issuer without indicating the second DID, wherein the verifiable credential includes a trustworthiness score that is issued by a governing body and that reflects a trustworthiness associated with the pool of DIDs, wherein the pool of DIDs is associated with a first tier of a plurality of tiers, and wherein the trustworthiness score is inversely proportional to a tier number of a corresponding tier; storing the verifiable credential in the DWN associated with the first DID; receiving, from a third DID and at the first DID, a request to verify information associated with the first DID; determining, at the DWN, that the verifiable credential includes the information associated with the first DID; and presenting, by the DWN, at least a portion of the verifiable credential to the third DID in response to determining that the verifiable credential includes the information.
  10. 10 . The computing device of claim 9 , wherein the governing body that issued the trustworthiness score is a government agency.
  11. 11 . The computing device of claim 9 , wherein the operations further include: receiving, at the DWN, one or more requests for additional information from the third DID, wherein the one or more requests for additional information are based on the trustworthiness score associated with the pool of DIDs falling below a threshold score value; and providing, by the DWN, responses to the one or more requests to the third DID, wherein access to a service provided by the third DID is granted based on the responses.
  12. 12 . The computing device of claim 9 , wherein the pool of DIDs is associated with a first tier that is based on the trustworthiness score meeting a threshold score value and wherein a second tier is associated with the trustworthiness score falling below the threshold score value.
  13. 13 . The computing device of claim 12 , wherein the operations further include: providing, by the first DID, multiple electronic documents to the second DID to authenticate the first DID; wherein the first DID receives the verifiable credential from the pool of DIDs that is associated with the first tier based on a respective type of the multiple electronic documents or a number of the multiple electronic documents provided to the second DID.
  14. 14 . The computing device of claim 9 , wherein the trustworthiness score is included in a DID document associated with the second DID.
  15. 15 . The computing device of claim 9 , wherein the pool of DIDs includes DIDs selected from one or more of geographically disparate locations, DIDs with different sizes, based on different private finance initiatives (PFIs), different types of DIDs, and combinations thereof.
  16. 16 . A non-transitory computer-readable medium with instructions stored thereon that, responsive to execution by one or more processing devices, cause the one or more processing devices to perform or control performance of operations comprising: requesting, by a first decentralized identifier (DID) associated with a decentralized web node (DWN), a verifiable credential from a second DID, wherein the second DID is included in a pool of DIDs; receiving, from the pool of DIDs and by the first DID, the verifiable credential, the verifiable credential indicating the pool of DIDs as an issuer without indicating the second DID, wherein the verifiable credential includes a trustworthiness score that is issued by a governing body and that reflects a trustworthiness associated with the pool of DIDs, wherein the pool of DIDs is associated with a first tier of a plurality of tiers, and wherein the trustworthiness score is inversely proportional to a tier number of a corresponding tier; storing the verifiable credential in the DWN associated with the first DID; receiving, from a third DID and at the first DID, a request to verify information associated with the first DID; determining, at the DWN, that the verifiable credential includes the information associated with the first DID; and presenting, by the DWN, at least a portion of the verifiable credential to the third DID in response to determining that the verifiable credential includes the information.
  17. 17 . The computer-readable medium of claim 16 , wherein the governing body that issued the trustworthiness score is a government agency.
  18. 18 . The computer-readable medium of claim 16 , wherein the operations further include: receiving, at the DWN, one or more requests for additional information from the third DID, wherein the one or more requests for additional information are based on the trustworthiness score associated with the pool of DIDs falling below a threshold score value; and providing, by the DWN, responses to the one or more requests to the third DID, wherein access to a service provided by the third DID is granted based on the responses.
  19. 19 . The computer-readable medium of claim 16 , wherein the pool of DIDs is associated with a first tier that is based on the trustworthiness score meeting a threshold score value and wherein a second tier is associated with the trustworthiness score falling below the threshold score value.
  20. 20 . The computer-readable medium of claim 19 , wherein the operations further include: providing, by the first DID, multiple electronic documents to the second DID to authenticate the first DID; wherein the first DID receives the verifiable credential from the pool of DIDs that is associated with the first tier based on a respective type of the multiple electronic documents or a number of the multiple electronic documents provided to the second DID.

Description

TECHNICAL FIELD Decentralized networks provide a variety of functionality in connection with implementing and securely transferring verifiable credentials. Additional functionality has been developed that leverages decentralized networks. The description provided herein is for the purpose of presenting the context of the disclosure. Content of this section, as well as aspects of the description that may not otherwise qualify as prior art at the time of filing, are neither expressly nor impliedly admitted as prior art against the present disclosure. BRIEF DESCRIPTION OF THE DRAWINGS The detailed description is described with reference to the accompanying figures. In the figures, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears. The same reference numbers in different figures indicate similar or identical items. FIG. 1 is a diagram showing aspects of an illustrative operating environment of a decentralized platform and several logical components in accordance with some implementations; FIG. 2 is a diagram showing aspects of an illustrative operating environment where a decentralized platform communicates with an edge node in accordance with some implementations; FIG. 3 is a diagram showing aspects of an illustrative operating environment where pools of decentralized identifiers are formed in accordance with some implementations; FIG. 4 is a diagram showing aspects of a tiered system of pools of decentralized identifiers in accordance with some implementations; FIG. 5A is a diagram of an example user interface for a digital wallet that includes access control options in accordance with some implementations; FIG. 5B is a diagram of an example verifiable credential as presented to the verifier decentralized identifier in accordance with some implementations; FIG. 6 is a flowchart illustrating an example method to obtain a verifiable credential from a pool of decentralized identifiers in accordance with some implementations; FIG. 7 is a flowchart illustrating an example method to verify a request for access to a service based on receiving a verifiable credential in accordance with some implementations; FIG. 8 is a flowchart illustrating an example method to join a pool of decentralized identifiers and issue verifiable credentials in accordance with some implementations; FIG. 9 illustrates an example environment with which techniques described herein may be implemented in accordance with some implementations; FIG. 10 illustrates an example environment with which techniques described herein may be implemented in accordance with some implementations; FIG. 11 illustrates example data store(s) 1100 that can be associated with the server(s) 1002 with which techniques described herein may be implemented in accordance with some implementations; FIG. 12 illustrates an example environment in which the environments of FIGS. 9 and 10 can be integrated to enable payments at the point-of-sale using assets associated with user accounts in the peer-to-peer environment of FIG. 11 with which techniques described herein may be implemented in accordance with some implementations. FIG. 13 is a block diagram illustrating a system that performs techniques described herein with which techniques described herein may be implemented in accordance with some implementations. DETAILED DESCRIPTION Decentralized identifiers are globally unique identifiers that are used to identify and/or authenticate an entity (e.g., an individual, a corporation, etc.) without using a central authority. Decentralized web nodes store discrete decentralized identifiers that are usable to prove the identity of an associated entity, along with storing other information associated with the respective decentralized identifiers. For example, an entity associated with a first decentralized identifier completes an educational course and requests a verifiable credential (e.g., a certificate of completion for the educational course) from the educational institution associated with a second decentralized identifier. The verifiable credential may include information about the course and the name of the educational institution. The verifiable credential, or a portion of the verifiable credential, can be presented to an entity associated with a third decentralized identifier. Continuing with the above example, the verifiable credential may be provided to a job recruiter associated with a third decentralized identifier in order to prove that the entity associated with a first decentralized identifier is qualified for a particular job as evidenced by completion of the educational course. In another example, an entity may try to qualify for a clinical trial to treat a rare form of cancer. The entity may request a verifiable credential from a second decentralized identifier associated with a hospital at which the entity was treated and diagnosed. The verifiable credential is used as part of an application to be accepte