Search

US-12626245-B2 - Systems and methods for distributed ledger-based identity management

US12626245B2US 12626245 B2US12626245 B2US 12626245B2US-12626245-B2

Abstract

Systems and methods for distributed ledger-based identity management are disclosed. In one embodiment, a computer-based method for managing attestations may include: (1) receiving, by a computer program executed by an electronic device for an identity consumer and from an identity provider, a notification from an identity provider server that an attestation is available, wherein the attestation may be generated by the identity provider based on authorization from a system operator and may include a chain of trust comprising an identification of the system operator and the identity provider; (2) requesting, by the computer program, the attestation from the identity provider; and (3) downloading, by the computer program, the attestation to an identity consumer electronic wallet for the identity consumer. The identity provider may commit the downloading of the attestation to a distributed ledger, wherein the distributed ledger maintains a current status for the attestation.

Inventors

  • Christine Moy
  • Tyrone Lobban
  • George KASSIS
  • VISHAKH
  • Bhaskar KISHORE
  • Navkiran ARNEJA

Assignees

  • JPMORGAN CHASE BANK, N.A.

Dates

Publication Date
20260512
Application Date
20241210

Claims (15)

  1. 1 . A system, comprising: an identity consumer electronic device for an identity consumer executing an identity consumer computer program and an identity consumer electronic wallet; an identity provider server for an identity provider executing an identity provider computer program; a system operator electronic device for a system operator executing a system operator computer program; and a relying party electronic device executing a relying party computer application; wherein: the identity consumer computer program provides the identity provider computer program with identity consumer information; the identity provider computer program validates the identity consumer information; the identity provider computer program receives a root attestation from a system operator that authorizes the identity provider server to issue identity provider attestations; the identity provider computer program generates an identity provider attestation comprising an attestation about the identity consumer information; the identity provider computer program generates a nested attestation comprising the identity provider attestation and the root attestation, wherein the nested attestation establishes a chain of trust by building the identity provider attestation on the root attestation in a single attestation; the identity consumer computer program receives, from the identity provider server, a notification that the nested attestation is available; the identity consumer computer program requests the nested attestation from the identity provider server; the identity consumer computer program downloads the nested attestation to the identity consumer electronic wallet for the identity consumer; the identity provider server commits the nested attestation to a distributed ledger, wherein the distributed ledger maintains a current status for the root attestation and the identity provider attestation; the identity consumer computer program receives a request for the nested attestation from the relying party computer application; the identity consumer computer program generates a machine-readable code for the nested attestation that is stored in the identity consumer electronic wallet; the identity consumer computer program communicates, to the relying party computer application, the machine-readable code for the nested attestation; the relying party computer application extracts the nested attestation from the machine-readable code; the relying party computer application identifies the root attestation and the identity provider attestation from the nested attestation; the relying party computer application verifies that the root attestation and the identity provider attestation on the distributed ledger are valid and active; and the relying party computer application, executes an action based on reliance on the verification.
  2. 2 . The system of claim 1 , wherein the identity provider attestation comprises a license, a certificate, a credential, or an authorization.
  3. 3 . The system of claim 1 , wherein the identity provider comprises one of a financial institution, a government agency, an employer, and a legal entity.
  4. 4 . The system of claim 1 , wherein the identity provider attestation comprises an identification of an attestor, an identification of an attestee, a type of identity provider attestation, and a date of issuance.
  5. 5 . The system of claim 1 , wherein the identity consumer electronic wallet comprises a wallet application, a mobile wallet, or a web-based wallet.
  6. 6 . The system of claim 1 , wherein the current status of the root attestation or the identity provider attestation comprises valid, expired, or revoked.
  7. 7 . The system of claim 1 , wherein the relying party computer application periodically verifies the current status of the root attestation or the identity provider attestation using the distributed ledger.
  8. 8 . The system of claim 1 , wherein the relying party computer application receives a notification that the root attestation or the identity provider attestation is revoked or expired from the distributed ledger.
  9. 9 . A system, comprising: an identity consumer electronic device for an identity consumer executing an identity consumer computer program and an identity consumer electronic wallet; an identity provider server for an identity provider executing an identity provider computer program; a system operator electronic device for a system operator executing a system operator computer program; and a relying party electronic device executing a relying party computer application; wherein: the identity consumer computer program provides the identity provider computer program with identity consumer information for an identity consumer; the identity provider computer program receives a root attestation from a system operator that authorizes the identity provider computer program to issue identity provider attestations; the identity provider computer program generates an identity provider attestation comprising an attestation about the identity consumer information; the identity provider computer program generates a nested attestation comprising the identity provider attestation and the root attestation, wherein the nested attestation establishes a chain of trust by building the identity provider attestation on the root attestation in a single attestation; the identity consumer computer program receives an identity of an object to sign; the identity consumer computer program requests the nested attestation from the identity provider computer program; the identity consumer computer program receives the nested attestation; the identity consumer computer program stores the nested attestation in the identity consumer electronic wallet for the identity consumer; the identity consumer computer program retrieves the object; the identity consumer computer program signs the object with the nested attestation that is stored in the identity consumer electronic wallet by embedding the attestation in the object; the identity consumer computer program sends the signed object to a receiving party computer program executed by an electronic device for a receiving party; the receiving party computer program extracts the nested attestation from the object; and the receiving party computer program verifies that the root attestation and the identity provider attestation on a distributed ledger that maintains a current status for the root attestation and the identity provider attestation are valid and active.
  10. 10 . The system of claim 9 , wherein the object comprises a document, and the identity provider attestation attests that the identity consumer is authorized to sign the document.
  11. 11 . The system of claim 9 , wherein the object is a payment, and the identity provider attestation attests that the identity consumer is authorized to make the payment.
  12. 12 . The system of claim 9 , wherein the object comprises digital currency.
  13. 13 . The system of claim 9 , wherein the identity provider attestation comprises a license, a certificate, a credential, or an authorization, and further comprises an identification of an attestor, an identification of an attestee, a type of identity provider attestation, and a date of issuance.
  14. 14 . The system of claim 9 , wherein: the identity provider computer program generates a receiving party attestation comprising an attestation about the receiving party; the identity provider computer program generates a receiving party nested attestation comprising the receiving party attestation and the root attestation, wherein the nested attestation establishes a chain of trust by building the receiving party attestation on the root attestation in a single attestation; the identity provider computer program receives a request for the object and the receiving party nested attestation from the receiving party computer program; and the identity consumer computer program verifies that the root attestation and the receiving party attestation on the distributed ledger are valid and active before sending the object to the receiving party.
  15. 15 . The system of claim 14 , wherein the receiving party attestation attests to an account for the receiving party.

Description

RELATED APPLICATIONS This application is a continuation of U.S. Patent Application Ser. No. 17/174,650, now U.S. Pat. No. 12,217,245, filed Feb. 12, 2021, and claims priority to, and the benefit of, U.S. Provisional Patent Application Ser. No. 62/976,262 filed Feb. 13, 2020 and U.S. Provisional Patent Application Ser. No. 63/126,335 filed Dec. 16, 2020. The disclosure of each is hereby incorporated, by reference, in its entirety. BACKGROUND OF THE INVENTION 1. Field of the Invention Embodiments are generally directed to systems and methods for distributed ledger-based identity management. 2. Description of the Related Art In online transactions, it is difficult to know whether the other party to the transaction is who the other party purports to be, especially in person-to-person transactions. While there are some ways of verifying the identity of the other party, they are difficult, awkward, and time-consuming. SUMMARY OF THE INVENTION Systems and methods for distributed ledger-based identity management are disclosed. In one embodiment, a computer-based method for managing attestations may include: (1) receiving, by a computer program executed by an electronic device for an identity consumer and from an identity provider, a notification from an identity provider server that an attestation is available, wherein the attestation may be generated by the identity provider based on authorization from a system operator and may include a chain of trust comprising an identification of the system operator and the identity provider; (2) requesting, by the computer program, the attestation from the identity provider; and (3) downloading, by the computer program, the attestation to an identity consumer electronic wallet for the identity consumer. The identity provider may commit the downloading of the attestation to a distributed ledger, wherein the distributed ledger maintains a current status for the attestation. In one embodiment, the attestation may include a license, a certificate, a credential, or an authorization. In one embodiment, the identity provider may include one of a financial institution, a government agency, an employer, and a legal entity. In one embodiment, the attestation may include an identification of an attestor, an identification of an attestee, a type of attestation, and a date of issuance. In one embodiment, the method may further include providing, by the computer program, the attestation to a relying party computer application for a relying party, wherein a computer program for the relying party verifies the status of the attestation on the distributed ledger. In one embodiment, the identity consumer electronic wallet may include a wallet application, a mobile wallet, or a web-based wallet. According to another embodiment, a computer-based method for managing attestations may include: (1) receiving, by a computer program executed by an electronic device for an identity consumer and from a relying party computer application for a relying party, a request for an attestation; (2) retrieving, by the computer program and from an electronic wallet for the identity consumer, the attestation; and (3) sending, by the computer program and to the relying party computer application, the attestation. The relying party computer program may verify a status for the attestation using a distributed ledger. In one embodiment, the attestation may include a license, a certificate, a credential, or an authorization, and may include an identification of an attestor, an identification of an attestee, a type of attestation, and a date of issuance. In one embodiment, the identity consumer electronic wallet may include a wallet application or a web-based wallet. In one embodiment, the status of the attestation may indicate whether the attestation is valid, expired, or revoked. In one embodiment, the relying party computer application may periodically verify the status of the attestation using the distributed ledger. In one embodiment, the relying party may receive a notification that the attestation is revoked or expired from the distributed ledger. In one embodiment, relying party computer program may further verify a chain of trust for the attestation, wherein the chain of trust identifies a system operator and an identity provider, wherein the system operator authorizes the identity provider to issue the attestation. According to another embodiment, a computer-based method for sending an object using attestations may include: (1) receiving, by a computer program executed by an electronic device for an identity consumer, an identity of an object to sign; (2) receiving, by the computer program executed by an electronic device for the identity consumer, a selection of an attestation to sign the object with; (3) retrieving, by the computer program executed by an electronic device for the identity consumer, the identified object and the selected attestation; (4) signing, by the computer program executed by an electroni