Search

US-12626264-B2 - Decentralized identity methods and systems

US12626264B2US 12626264 B2US12626264 B2US 12626264B2US-12626264-B2

Abstract

The present techniques relate to, inter alia, cryptographically-verifiable insurance credentials and cryptographically-verifiable property transfer. The novel methods and systems of decentralized identity discussed herein improve user experience (whether individual or organizational) by moving control over identity from the hands of centralized entities, back to where it belongs—i.e., to the hands of individual organizations and users. In one aspect, a method includes obtaining a scanned image; processing the scanned image; transmitting a claim request; and receiving and storing an attestation response, and a computing system includes a processor; and a memory having stored thereon computer-executable instructions that, when executed by the one or more processors, cause the computing system to: receive a claim request; cryptographically verify the claim; and transmit an attestation response.

Inventors

  • Veena Vivek
  • EllaKate LeFebre
  • Stephen Dunstan

Assignees

  • STATE FARM MUTUAL AUTOMOBILE INSURANCE COMPANY

Dates

Publication Date
20260512
Application Date
20230824

Claims (20)

  1. 1 . A computing system for providing a cryptographically-signed credential, comprising: one or more processors; and one or more memories having stored thereon computer-executable instructions that, when executed by the one or more processors, cause the computing system to: transmit an out-of-band message including instructions to establish a decentralized identifier (DID) protocol for further communication, wherein a type of the DID protocol is selected from among a plurality of DID protocols and is indicated by the instructions of the out-of-band message; receive a decentralized identifier (DID) communication request according to the DID protocol indicated by the instructions of the out-of-band message from a mobile computing device, the DID communication request including at least a cryptographic key of a user and security data; verify the DID communication request based upon the cryptographic key and security data; and transmit an attestation response corresponding to the DID communication request to the mobile computing device.
  2. 2 . The computing system of claim 1 , the memories having stored thereon further instructions that, when executed by the one or more processors, cause the computing system to: receive a verification request from the mobile computing device; determine a set of credential proof parameters required to verify the verification request; transmit a credential proof request to the mobile computing device, the credential proof request including the set of credential proof parameters; and receive one or more credentials of the user, the one or more credentials corresponding to the one or more credential proof request parameters.
  3. 3 . The computing system of claim 2 , the memories having stored thereon further instructions that, when executed by the one or more processors, cause the computing system to: verify one or more cryptographic signatures of the received credentials; generate an electronic form including at least one field including values corresponding to the credential proof request parameters; and transmit the electronic form to the mobile computing device.
  4. 4 . The computing system of claim 3 , the memories having stored thereon further instructions that, when executed by the one or more processors, cause the computing system to: receive a submission of the electronic form; and process the electronic form.
  5. 5 . The computing system of claim 1 , the memories having stored thereon further instructions that, when executed by the one or more processors, cause the computing system to: transmit a proof-of-insurance credential to the mobile computing device.
  6. 6 . The computing system of claim 1 , the memories having stored thereon further instructions that, when executed by the one or more processors, cause the computing system to: transmit a vehicle proof-of-insurance credential to the mobile computing device, the proof-of-insurance credential including insurance description information including at least a policy number, a named insured, a policy effective date, a policy expiration data, a vehicle identification number, a vehicle make and a vehicle year.
  7. 7 . The computing system of claim 1 , the memories having stored thereon further instructions that, when executed by the one or more processors, cause the computing system to: transmit a homeowners' proof-of-insurance credential to the mobile computing device, the proof-of-insurance credential including insurance description information including at least a policy number, a named insured, a policy effective date, a policy expiration date, a coverage limit, a liability limit, a deductible and a policy premium.
  8. 8 . The computing system of claim 1 , the memories having stored thereon further instructions that, when executed by the one or more processors, cause the computing system to: receive a public key and security data including a session cookie identifying an authenticated web session of the user.
  9. 9 . A non-transitory computer-readable medium having stored thereon computer-executable instructions, that when executed, cause a computer to: transmit an out-of-band message including instructions to establish a decentralized identifier (DID) protocol for further communication, wherein a type of the DID protocol is selected from among a plurality of DID protocols and is indicated by the instructions of the out-of-band message; receive a decentralized identifier (DID) communication request according to the DID protocol indicated by the instructions of the out-of-band message from a mobile computing device, the DID communication request including at least a cryptographic key of a user and security data; verify the DID communication request based upon the cryptographic key and security data; and transmit an attestation response corresponding to the DID communication request to the mobile computing device.
  10. 10 . The non-transitory computer-readable medium of claim 9 , having stored thereon further computer-executable instructions, that when executed, cause a computer to: receive a verification request from the mobile computing device; determine a set of credential proof parameters required to verify the verification request; transmit a credential proof request to the mobile computing device, the credential proof request including the set of credential proof parameters; and receive one or more credentials of the user, the one or more credentials corresponding to the one or more credential proof request parameters.
  11. 11 . The non-transitory computer-readable medium of claim 10 , having stored thereon further computer-executable instructions, that when executed, cause a computer to: verify one or more cryptographic signatures of the received credentials; generate an electronic form including at least one field including values corresponding to the credential proof request parameters; and transmit the electronic form to the mobile computing device.
  12. 12 . The non-transitory computer-readable medium of claim 11 , having stored thereon further computer-executable instructions, that when executed, cause a computer to: receive a submission of the electronic form; and process the electronic form.
  13. 13 . The non-transitory computer-readable medium of claim 12 , having stored thereon further computer-executable instructions, that when executed, cause a computer to: transmit a vehicle proof-of-insurance credential to the mobile computing device, the proof-of-insurance credential including insurance description information including at least a policy number, a named insured, a policy effective date, a policy expiration data, a vehicle identification number, a vehicle make and a vehicle year.
  14. 14 . The non-transitory computer-readable medium of claim 9 , having stored thereon further computer-executable instructions, that when executed, cause a computer to: transmit a homeowners' proof-of-insurance credential to the mobile computing device, the proof-of-insurance credential including insurance description information including at least a policy number, a named insured, a policy effective date, a policy expiration date, a coverage limit, a liability limit, a deductible and a policy premium.
  15. 15 . The non-transitory computer-readable medium of claim 9 , having stored thereon further computer-executable instructions, that when executed, cause a computer to: receive a public key and security data including a session cookie identifying an authenticated web session of the user.
  16. 16 . A computer-implemented method for providing a cryptographically-signed credential, comprising: transmitting an out-of-band message including instructions to establish a decentralized identifier (DID) protocol for further communication, wherein a type of the DID protocol is selected from among a plurality of DID protocols and is indicated by the instructions of the out-of-band message; receiving a decentralized identifier (DID) communication request according to the DID protocol indicated by the instructions of the out-of-band message from a mobile computing device, the DID communication request including at least a cryptographic key of a user and security data; verifying the DID communication request based upon the cryptographic key and security data; and transmitting an attestation response corresponding to the DID communication request to the mobile computing device.
  17. 17 . The computer-implemented method of claim 16 , further comprising: receiving a verification request from the mobile computing device; determining a set of credential proof parameters required to verify the verification request; transmitting a credential proof request to the mobile computing device, the credential proof request including the set of credential proof parameters; and receiving one or more credentials of the user, the one or more credentials corresponding to the one or more credential proof request parameters.
  18. 18 . The computer-implemented method of claim 17 , further comprising: verifying at least one cryptographic signature of the received credentials; generating an electronic form including at least one field including values corresponding to the credential proof request parameters; and transmitting the electronic form to the mobile computing device.
  19. 19 . The computer-implemented method of claim 18 , further comprising: receiving a submission of the electronic form; and process the electronic form.
  20. 20 . The computer-implemented method of claim 16 , further comprising: transmit a vehicle proof-of-insurance credential to the mobile computing device, the proof-of-insurance credential including insurance description information including at least a policy number, a named insured, a policy effective date, a policy expiration data, a vehicle identification number, a vehicle make and a vehicle year.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS The present application claims priority to U.S. Provisional Application No. 63/431,869, entitled DECENTRALIZED IDENTITY METHODS AND SYSTEMS, filed Dec. 12, 2022, and U.S. Provisional Application No. 63/400,717, entitled DECENTRALIZED IDENTITY METHODS AND SYSTEMS FOR CRYPTOGRAPHICALLY-VERIFIABLE PROPERTY TRANSFER, filed Aug. 24, 2022, the entire contents of which are incorporated herein by reference in its entirety. TECHNICAL FIELD The present disclosure is generally directed to methods and systems for decentralized identity methods and systems and, more particularly, to techniques for cryptographically-verifiable insurance credentials and cryptographically-verifiable property transfer. BACKGROUND Conventionally, individuals and organizations have used identifiers for many purposes. For example, when an individual—call her Jane—desires to start a new business website (e.g., JanesBakery.com), she may start a website and serve it via HTTP. However, most web browsers are configured to display various warnings and errors to users visiting HTTP-only websites (i.e., sites that lack cryptographic identification). In some cases, modern web browsers refuse altogether access to sites like Jane's. Jane's only recourse has been to obtain a cryptographically-signed digital certificate from a third party certificate authority (CA), certifying that JanesBakery.com belongs to a particular website (e.g., IP address) under Jane's control. Once obtained, HTTPS (i.e., secure HTTP) transparently negotiates the cryptographic authenticity of https://janesbakery.com using the certificate for all web visitors. In general, HTTPS may be the means by which a person visiting a website knows that they are, in fact, visiting the desired web page, and not the website of a malicious actor. This is of course important for many reasons, especially when there is any exchange of private information. In the same way, the holographic watermark of a person's driver's license, or the blue check next to their Twitter handle, may be an indication, issued by a central authority—the Department of Motor Vehicles and Twitter, respectively—of the authenticity of the identity of the bearer. However, there are drawbacks to these pervasive centralized systems of identity. In Jane's case, the CA may be a centralized third party verifier that intermediates trust between a website such as JanesBakery.com and an individual visitor (e.g., one of Jane's customers). Jane may have no control over whether to use the CA, and individuals visiting Jane's website may have no control over whether the centralized CA is involved in the transaction. Jane's only choice in the matter may be to choose from among a pool of CAs, all of which may be centralized to the same practical extent. If the centralized CA Jane selects is ever compromised, Jane and/or her visitors may be harmed, for example by having their private information leaked or stolen. There are numerous other examples of adhesive centralized figures that individuals may have to contend with to obtain and verify various forms of identification required to get along in today's world. As mentioned, there are the several motor vehicle authorities the United States and Territories, each of which issue unique driver's licenses. Other examples include the phone companies that issue unique telephone numbers to subscribers. As noted, there are social media companies (e.g., LinkedIn, Twitter and Facebook, to name a few) that issue unique usernames to their users. There are freemium email services (e.g., Gmail, Yahoo! Mail, etc.) that issue unique email addresses to users. Government agencies like the Internal Revenue Service (IRS) issue Taxpayer Identification Numbers (TINs) and Employer Identification Numbers (EINs) that uniquely identify businesses, whether sole practitioners or large entities with hundreds or thousands or more employees. Until recently, the IRS required taxpayers to submit biometric data to a third-party facial recognition provider in order to authenticate their identity, until it was discontinued due to privacy concerns. The list of attempts, both successful and less so, to centralize identity management goes on and on, and applies to products (e.g., serial numbers) as well as to individual people and organizations. The link (and flaw) connecting each of the aforementioned examples may be that conventionally, global identifiers such as cryptographic certificates, email addresses, etc. are maintained, signed and issued by centralized authorities whose practices are completely outside of the control of the user or organization being identified. Unfortunately, individuals and organizations alike often understand control of their identities to be, ultimately, the prerogative of entrenched, centralized actors who may be, at best, neutral regarding the best interest of the individual or organization. Whether those parties are corporate or government actors, this lack of c