Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
1 like598 views
The document discusses the state of blockchain-based decentralized identifier (DID) technology as reflected in patent applications up to June 15, 2020. It highlights key innovation entities like Alibaba, IBM, and Microsoft, and outlines various application areas such as authentication/verification, management, and exchange of DIDs. The document also examines a novel protocol for anonymizing the exchange of identifiers in financial services using blockchain, ensuring privacy and unlinkability among involved parties.
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
- 1. 1 ©2020 TechIPm, LLC All Rights Reserved http://www.techipm.com/ Blockchain Decentralized Identifier (DID) Innovation Insights from Patents Alex G. Lee1 Patents are a good information resource for obtaining the state of the art of blockchain based decentralized identifier (DID) technology innovation insights. I. DID Technology Innovation Status Patents that specifically describe the major blockchain applications for DID are a good indicator of the DID innovations in a specific innovation entity. To find DID technology innovation status, patent applications in the USPTO as of June 15, 2020 that specifically describe the major blockchain applications for DID are searched and reviewed. 29 published patent applications that are related to the key DID technology innovation are selected for detail analysis. Following figure shows DID patent application landscape with respect to the innovation entity. As shown in the figure, the key DID innovation entities are Alibaba Group, IBM, Microsoft, Civic Technologies, Inc., HRB Innovations, Inc., ChainID LLC, Dell EMC, HYPR Corp., Infosys Limited, Keir Finlow-Bates, Michael Thomas Gillan, and Veridium IP Limited. 1 Alex G. Lee, Ph.D Esq., is a CTO and patent attorney at TechIPm, LLC.
- 3. 3 ©2020 TechIPm, LLC All Rights Reserved http://www.techipm.com/ Following figure shows DID patent application landscape with respect to the key technology innovation field. As shown in the figure, DID Authentication/Verification is the most innovated DID technology followed by DID Management, DID Exchange/Transfer , Access Management, Cross-Entity Authentication, DID Creation, DID Associated Event Data Notification, DID Resolver Service, DID to Real-World Entity Mapping, Verifiable-Claim Issuance, and Verifiable-Claim Verification. DID Authentication/Verification 31% DID Management 17% DID Exchange/Transfer 10% Access Management 10% Cross‐Entity Authentication 7% DID Creation 7% DID Associated Event Data Notification 4% DID Resolver Service 4% DID to Real‐World Entity Mapping 4% Verifiable‐Claim Issuance 3% Verifiable‐Claim Verification 3% Other 16% DID Technology Landscape
- 4. © A e g p a ©2020 TechIPm, A patent coun evolution of t growth trends publication da activity is in e LLC All Rights Re nting for grow echnology inn s. Since there ate by around early stage an NumberofPatentApplications eserved http://ww wth in patentin novation. Foll is usually a ti two years, th d is expected 0 2 4 6 8 10 12 14 2014 ww.techipm.com ng over a perio lowing patent ime lag betwe he patent appli to be in rapid 2015 2016 Priority Y / od of times ca t application a een the initial ication activit d growth stage 2017 2018 Year an be a good m activity chart application d ty chart indica e soon. 2019 measuring too shows DID te ate (priority y ates that DID DID Patent Appl ol for monitor echnology inn year) and the technology in lications 4 ring the novation nnovation
- 5. 5 ©2020 TechIPm, LLC All Rights Reserved http://www.techipm.com/ II. DID Technology Innovation Details Patent information can provide many valuable insights that can be exploited for developing and implementing new technologies. Patents can also be exploited to identify new product/service development opportunities. DID Management System/ US20200145209 (Alibaba Group) Blockchain can provide a cost-effective digital identifier management without the need for a trusted third-party because the data stored in a distributed ledger are shared by all members, immutable, and cryptographically linked with other time ordered data. Blockchain based DIDs are a new type of identifier, which are independent from any centralized registry, identity provider, or certificate authority. Distributed ledger technology provides the opportunity for using fully decentralized identifiers. Following figure illustrates a DID management system. The identity authentication system 340 comprises an identity service 341, which can be implemented on servers or cloud platforms. The identity service 341 processes requests for identity authentication, controls a client-side application 342 to collect identity data for individuals or entities, generates proofs of identity authentication, stores/accesses identity information in a database 343, performs operations on the blockchain 330 to obtain identity information and store proof of identity authentication. The identity authentication system 340 establishes mapping relationships between DIDs and real-world identities. The identity authentication is performed based on documents, photos, or other suitable materials provided by an individual or entity. The identity authentication system 340 is coupled to the user-side system 310 and/or the service-side system 320. The identity authentication system 340 receives requests from the user-side
- 6. 6 ©2020 TechIPm, LLC All Rights Reserved http://www.techipm.com/ system 310 or the service-side system 320 for proofs of identity authentication. In response, the identity authentication system 340 performs any necessary identity authentication and sends the proofs of identity authentication back to the requester. The proofs of identity authentication comprise, for example, a confirmation message, a security key, a unique identification code, or other suitable proofs. The identity authentication system 340 is coupled to the blockchain system 330 that is coupled to the service-side system 320.
- 7. 7 ©2020 TechIPm, LLC All Rights Reserved http://www.techipm.com/ The user-side system 310 comprises a server 311 and a database 313. The database 313 stores data associated with user accounts of the users of the entity. The entity corresponding to the user-side system 310 creates and manage DIDs and Verifiable claims (VCs) for itself as well as its users. The server 311 includes software development kits (SDKs) 312 for managing creation and authentication of DIDs or issuance and verification of VCs. The service-side system 320 comprises agents 321, resolvers 322, key management systems 323, and clouds 324. The agent 321 provides various services or applications related to DIDs or VCs and maintain databases mapping account information or other business data from the user-side system 310 to DIDs, VCs, or other information or data stored on one or more blockchains. The agent 321 provides application programming interfaces (APIs), which can be used by the user-side system 310 to directly submit requests related to DIDs or VCs. The agent 321manages communications among the user-side system 310, the resolver 322 and the cloud 324. The agent 321 is coupled to a key management system (KMS) 323. The KMS 323 generates, distributes, and manages cryptographic keys for devices and applications. The agent 321 is coupled to a resolver 322, which comprises software applications for managing interactions between the agent and a blockchain 330 in transactions related to DIDs or VCs (e.g., correspondence between a DID and a DID document). The resolver 322 and cloud 324 are coupled to a blockchain 330. The blockchain 330 comprises blockchain smart contracts 331. The blockchain smart contracts 331 perform operations associated with DIDs and VCs. The operations comprises creating a new DID, storing a DID document, updating a DID document, identifying a DID document based on a DID, storing information associated with a VC,
- 8. 8 ©2020 TechIPm, LLC All Rights Reserved http://www.techipm.com/ and retrieving information associated with a VC. The resolver 322 and cloud 324 deploys transactions on the blockchain 330 that invoke the blockchain smart contracts 331. The transactions trigger operations related to DIDs and VCs. Following figure illustrates an architecture for managing DIDs and VCs. The agent services 321 process requests related to DIDs and VCs that are received from users and manage mapping relationships between account information on user-side systems 310 and DIDs of the owners of the accounts. The agent services 321 comprise a DID agent service API 410 for receiving DID-related requests from user-side systems 310. Depending on the nature of a request, it is fed to a user agent 411 for performing operations such as creation and authentication of DIDs or an issue agent 412 for performing operations such as issuance of VCs. The requests from a party desiring to verify a VC is fed to the verifier agent 413. The agent services 321 provide a verifiable claim repository 414 for storing VCs. The agent services 321 use memories 415 and databases 416. The agent services 321 are coupled to the KMS 323, a BaaS Cloud 324, and the resolver services 322. The agents of the agent services send requests to a DID resolver API 420 associated with the resolver services 322. The resolver services 322 process interactions between the agent services 321 and the blockchain 330. The resolver services 322 perform operations such as obtaining data from the blockchain 300, adding data to the blockchain 330, creating blockchain contracts 331, and deploying transaction to the blockchain 330 to invoke blockchain contracts 331. The resolver services 322 comprise a DID resolver 421 to manage DIDs and DID documents stored on the blockchain 330 and a VC resolver 422 to manage VCs for DIDs created based on the blockchain 330. The resolver services 322 comprise a listener 424 for obtaining data from the blockchain 331. The
- 9. 9 ©2020 TechIPm, LLC All Rights Reserved http://www.techipm.com/ listener 424 store obtained data to a database 423. The data is used by the DID resolver 421 and the VC resolver 422. The DID resolver 421, VC resolver 422, and listener 424 are coupled to a BaaS cloud 324 for interactions with the blockchain 330. The blockchain 330 comprises blockchain smart contracts (331 a, 331 b, 331 c) for managing DIDs and DID documents and blockchain smart contracts (331 d, 331 e, 3310) for managing VCs.
- 10. 10 ©2020 TechIPm, LLC All Rights Reserved http://www.techipm.com/ DID Exchange/US20200044848 (IBM) An identifier is defined as digital information that is about a user and that identifies the user. An identifier is made up of attributes that include financial information about the user, employment information about the user, commercial information about the user, etc. The identifier that describe users can be shared between parties in a digital identity ecosystem (e.g., identity providers and identity consumers) for acquiring a bank loan, buying real or personal property, gaining employment, etc. Let’s consider following use case: Bob first consumes financial services from bank A, where he performs identity verification and due diligence steps for Know Your Customer (KYC) compliance. Later Bob needs to consume financial services from bank B as well. At this point, both Bob and bank B want to know if Bob has already gone through such a process and if so, they would like to re-use the identifier created during the initial process. Although Bob would like to re-use the identity asset created at bank A when interacting with bank B, Bob would not like to reveal to bank B which bank(s) Bob has interacted with before. In the same way, Bob would not like to reveal to bank A, which bank(s) Bob is planning to be a customer of. Bank A and bank B themselves would also not like to reveal their identities to each other during the identifier exchange, due to business competition. Therefore, the anonymity of the parties who exchange the identifier is a key privacy requirement. On the other hand, Bob would not like the transactions he carries out (with different banks based on the same identifier) to be linkable by anyone except bank A, who is providing the identifier. Therefore, unlinkability (i.e., the inability of
- 11. 11 ©2020 TechIPm, LLC All Rights Reserved http://www.techipm.com/ associating one party to the transaction to another party to the transaction) of the transaction is another key privacy requirement that the improvements to the blockchain can be achieved. A new and novel protocol for anonymous and unlinkable identifier exchange through the use of a blockchain can be developed. In this protocol, an identifier provider (e.g., bank A) and the identifier consumer (e.g., bank B) exchange the identifier of the user anonymously, in a decentralized identifier management platform backed by a blockchain network. Carrying out the identifier exchange transactions over the decentralized and trusted identifier platform backed by blockchain eliminates the requirement of a trusted third party. Thus, only the original owners of the identifier are able to legitimately transfer the identifier to an identifier consumer. Following figure illustrates a high-level overview for the identifier exchange process. Bank A is an identifier producer (IAP), as shown in block 701. Bank A has acquired enough attributes about an entity (e.g., “Bob”) to build an identifier about Bob (block 703), as shown in block 705. The information retrieved from and/or exchanged with Bob by Bank A include not only personal information about Bob (Bob's attributes), but also pseudonyms that identify Bank A (A1) and User Bob (U1), and (optionally) the pseudonym of the identity asset itself (PIA). As shown in block 707, Bob requests a service (e.g., a loan) from an entity other than Bank A (e.g., Bank B, shown in block 709). Bank B is a potential identifier consumer (IAC) of the identity that was created earlier by Bank A. However, rather than simply asking Bank A for the identifier of Bob (which would lead to security issues due to the lack of anonymity between Bank A and Bank B), an identifier discovery phase is executed between Bank B and Bob, as shown in block 711. This enables Bank B to learn the pseudonyms of the owners of the identifier in order to initiate the anonymous identifier exchange phase with the blockchain (block 715), as shown in
- 12. 12 ©2020 TechIPm, LLC All Rights Reserved http://www.techipm.com/ block 713. Similarly, Bank A is able to retrieve the identifier from the blockchain, and then send that identifier (as retrieved from the blockchain) to Bob, as shown in block 717.