Authentication Using a Plurality of Electronic Identities

Simple SummaryContent extracted from patent full text and abstract with AI.

This invention discloses a method and system for securely granting access to one or more identity attributes from a collection of electronic identities stored on a mobile device, such as a smartphone. The process involves centralized authentication of a requesting computer system using certificates, so that only verified and authorized external systems can access certain identity attributes, and only for specific types of electronic identities, as administered by apps on the mobile device. The system uses strong cryptographic and certification methods, enabling granular and secure handling of different digital IDs on one device.

Use CasesContent extracted from patent full text and abstract with AI.

• Mobile phones used as digital identity wallets for accessing government e-services or banking platforms.
• Secure digital ID verification at physical access points such as offices, airports, or rental agencies.
• Multi-ID management for professionals who need different credentials (e.g., business and personal) on one device.
• Granting permission to service providers (e.g., insurance, healthcare, car sharing) to access only necessary digital identity attributes for personalized services.
• Managing and verifying user identities for online transactions that require regulatory compliance, such as KYC/AML in fintech.

BenefitsContent extracted from patent full text and abstract with AI.

• Centralized and standardized way to authenticate and authorize computer systems seeking access to identity attributes.
• Enhanced user privacy—attributes are only released after explicit authentication/permission and are limited to what is necessary.
• Support for multiple digital identities of different types on a single device with secure separation (e.g., work, personal, government).
• Improved security through use of digital certificates, strong cryptography, and secure hardware elements (e.g., SE, TEE) to store keys and sensitive data.
• Reduces user effort and potential confusion by providing unified, controlled management of identity sharing across services.

Technical Classifications (CPCs)

Inventors & Applicants

Patent Abstract

The invention relates to a method for unlocking, for a reading computer system (200), one or more identity attributes of one or more electronic identities (113) stored on a mobile terminal (100). Authentication of the reading computer system (200) comprises: * receiving a read request from the reading computer system (200) with a read certificate (246), * centrally executing the authentication of the reading computer system (200), * determining a group of one or more electronic identities (113) having those electronic identities (113) stored on the mobile terminal (100) which belong to one of the types of electronic identities for which the read certificate (246) defines read permissions, * identifying, within the determined group of electronic identities (113), one or more electronic identities which, according to the read request, belong to one of the types of electronic identities to be read, * sending authentication confirmations to one or more applications (108, 109) installed on the mobile terminal (100) which manage identified electronic identities (113).