Blockchain identity management system based on public identities ledger

摘要

The invention describes an identity management system (IDMS) based on the concept of peer-to-peer protocols and the public identities ledger. The system manages digital identities, which are digital objects that contain attributes used for the identification of persons and other entities in an IT system and for making identity claims. The identity objects are encoded and cryptographically encapsulated. Identity management protocols include the creation of identities, the validation of their binding to real-world entities, and their secure and reliable storage, protection, distribution, verification, updates, and use. The identities are included in a specially constructed global, distributed, append-only public identities ledger. They are forward- and backward-linked using the mechanism of digital signatures. The linking of objects and their chaining in the ledger is based on and reflect their mutual validation relationships. The identities of individual members are organized in the form of linked structures called the personal identities chains. Identities of groups of users that validated identities of other users in a group are organized in community identities chains. The ledger and its chains support accurate and reliable validation of identities by other members of the system and by application services providers without the assistance of third parties. The ledger designed in this invention may be either permissioned or unpermissioned. Permissioned ledgers have special entities, called BIX Security Policy Providers, which validate the binding of digital identities to real-world entities based on the rules of a given security policy. In unpermissioned ledgers, community members mutually validate their identities. The identity management system provides security, privacy, and anonymity for digital identities and satisfies the requirements for decentralized, anonymous identities management systems.

主权项

1. A system for managing identities of entities in a computer network, comprising:
a plurality of computing devices in the computer network, each computing device being associated with at least one entity; and an electronic append-only public identities ledger maintained simultaneously at more than one of the plurality of computing devices, the electronic append-only public identities ledger comprising a plurality of cryptographically-encapsulated identity objects that each uniquely identify a respective entity within the computer network, wherein each of the plurality of cryptographically-encapsulated identity objects further comprises:
one or more identification attributes that uniquely identify a first entity associated with the respective cryptographically-encapsulated identity object, the one or more identification attributes being self-enveloped via a public cryptographic key of the first entity; andone or more validation attributes created by a second entity associated with a separate cryptographically-encapsulated identity object, wherein the one or more validation attributes are used to validate that the one or more identification attributes accurately identify the first entity, wherein, upon respective validation, each of the plurality of cryptographically-encapsulated identity objects are structured in a linked list and maintained simultaneously at at least a first computing device associated with the first entity and a second computing device associated with the second entity.