Method for Securely Providing a Personalized Electronic Identity on a Terminal

Simple SummaryContent extracted from patent full text and abstract with AI.

This invention provides a secure method for generating and provisioning a personalized electronic identity on a user’s device (such as a smartphone, laptop, or computer). The process involves running identification, personalization, and identity provider applications that exchange and verify identity attributes using cryptographic key pairs, digital certificates, secure communications, and hashing. The personalized electronic identity is ultimately stored securely on the device, enabling the user to authenticate themselves for various online services in a universal and privacy-enhanced manner.

Use CasesContent extracted from patent full text and abstract with AI.

• Secure onboarding for e-government and digital ID programs (issuing digital IDs, driver’s licenses, etc.)
• User authentication for online banking, insurance, and healthcare portals.
• Enterprise identity and access management (IAM) for employees using personal devices.
• Mobile ID applications to access public or private sector online services.
• Personalized login and proof-of-identity for e-commerce and digital signatures.
• Enabling secure transactions in digital wallets or payment services.

BenefitsContent extracted from patent full text and abstract with AI.

• Strong user privacy by reducing tracking and centralized oversight—identity usage is not easily traceable to a central identity provider.
• Universal authentication—enables the user’s device to be used across many unrelated services with a single, highly secure digital identity.
• High security—leverages asymmetric cryptography, digital certificates, mutual TLS, and hashing to protect identity attributes and prevent attacks such as man-in-the-middle.
• Flexibility—can be deployed on various devices (mobile or desktop) and with different infrastructure configurations (single or multiple public-key infrastructures).
• User control—the user actively participates in the identity provisioning and sharing process, granting explicit consent at each step.
• Standards-based—compatible with widely used digital certificate standards (e.g., X.509), facilitating adoption and integration.

Technical Classifications (CPCs)

Inventors & Applicants

Patent Abstract

The invention relates to a method for securely providing a personalized electronic identity on a terminal (2) which can be used by a user (1) for identification purposes when claiming an online service. In the method, an identification application is ran on a terminal (2), which is assigned to a user (1), in a system comprising data processing devices (9; 10; 11; 12) and said terminal (2), and additionally a personalization application and an identity provider application are ran. The method has the following steps in particular: transmitting a request to transmit an identity attribute assigned to the user (1) from the personalization application to the identity provider application; transmitting the identity attribute from the identity provider application to the personalization application after an agreement to transmit the identity attribute by means of the identity provider application is received from the user (1); generating an asymmetric key pair with a public and a private key on the terminal (2) by means of the identification application; transmitting the public-key from the identification application on the terminal (2) to the personalization application; and generating an electronic certificate for the public-key by means of the personalization application and storing the electronic certificate in a data storage device in order to form a first public-key infrastructure of the personalization application, additionally having the steps of; generating a hash value for the identity attribute and recording the hash value onto the electronic certificate. The identity attribute is encoded and transmitted together with the electronic certificate from the personalization application to the identification application (14) on the terminal (2), where both are stored in a local storage device of the terminal (2).