Abstract: Various implementations described herein may refer to a digital rights management (DRM) platform. In one implementation, a method may include receiving first biometric data associated with a user. The method may also include generating first biometric templates based on the first biometric data using a DRM platform. The method may further include receiving access control data from the user, where the access control data includes data indicating time periods during which requestors are permitted to authenticate the user using the first biometric templates. The method may additionally include transmitting the first biometric templates and the access control data to the requestors using the DRM platform, where the first biometric templates are configured to be compared to second biometric templates based on the access control data, and where the second biometric templates are configured to be generated using the DRM platform based on second biometric data associated with the user.

Abstract: Systems and methods are provided for provisioning identity credentials based on interactions with verified or trusted users. One exemplary computer-implemented method includes receiving a request for a digital identity from a user, where the request includes identifying information for the user and a verified user identifier, and transmitting, to a verified user associated with the verified user identifier, an attestation request for the user. The method also includes receiving, from the verified user, an attestation in response to the attestation request with regard to at least some of the identifying information for the user, generating a digital identity for the user based on a number of attestations of the identifying information for the user, and sharing a digital identity notice with the user including an identifier for the user, whereby the user is permitted to share the digital identity with a relying party via the identifier.

Abstract: Various implementations described herein may refer to a compliance platform for use with identity data. In one implementation, a method may include receiving a compliance data package from a user, where the compliance data package includes encrypted evidence data corresponding to digital identity data of the user. The method may also include encrypting the compliance data package using a first cryptographic key. The method may further include generating a user key shard, a requestor key shard, and a regulator key shard based on the first cryptographic key. The method may include generating an unlock data package that includes the requestor key shard and encrypting the unlock data package using a second cryptographic key. The method may also include transmitting the user key shard, the encrypted unlock data package, and the encrypted compliance data package to the user. The method may include transmitting the regulator key shard to a regulator.

Abstract: Systems and methods are provided for backing up a data file. One example computer-implemented method includes generating an L4 key and, for each contact attribute of the data file, generating an L3 file including the L4 key and an identifier of a user and encrypting the L3 file with an un-masked version of the contact attribute. The method also includes compiling the encrypted L3 file(s) and the masked version(s) of the contact attribute(s) into an L2 file, generating an L2 key, encrypting the L2 file with the L2 key, compiling the encrypted L2 file and L2 key into an L1 file, generating an L1 key, encrypting the L1 file with the L1 key, compiling an L4 file to include identity attributes of the user, encrypting the L4 file with the L4 key, and combining the encrypted L4 file and the encrypted L1 file.

Abstract: Systems and methods are provided for context-based authentication, via a decentralized network. One example method includes receiving, at a mobile device, from a relying party, a request for an attribute of a user in connection with an interaction between the user and the relying party and determining a type of authentication to be used for the interaction, based on an authentication policy of the relying party and multiple context signals stored in the mobile device prior to providing the attribute to the relying party. The multiple context signals are indicative of one or more patterns indicative of the user and/or the mobile device. The method also includes soliciting authentication data from the user consistent with the determined type of authentication, receiving, by the mobile device, the solicited authentication from the user, and providing the attribute to the relying party in response to the user being authenticated at the mobile device.

Abstract: Systems and methods are provided for restoring backup data files. One example computer-implemented method includes receiving a restore request including a backup data file having an L1 file, a wrapped L1 key, and an L4 file having an attribute of a user. In response, the method includes unwrapping the L1 key with a private key, decrypting the L1 file via the L1 key, and verifying a sample biometric included in the restore request against a reference biometric from the L1 file. Upon verification of the sample biometric, the method includes decrypting an L2 file of the L1 file, verifying a contact attribute from the L2 file with the user, decrypting an L3 file using the contact attribute, wrapping an L4 key from the L3 file with the public key of the restore request, and transmitting the wrapped L4 key to a mobile device of the user.

Abstract: Various implementations described herein may refer to a compliance platform for use with identity data. In one implementation, a method may include receiving a compliance data package from a user, where the compliance data package includes encrypted evidence data corresponding to digital identity data of the user. The method may also include encrypting the compliance data package using a first cryptographic key. The method may further include generating a user key shard, a requestor key shard, and a regulator key shard based on the first cryptographic key. The method may include generating an unlock data package that includes the requestor key shard and encrypting the unlock data package using a second cryptographic key. The method may also include transmitting the user key shard, the encrypted unlock data package, and the encrypted compliance data package to the user. The method may include transmitting the regulator key shard to a regulator.

Abstract: Systems and methods are provided for provisioning identity credentials based on interactions with verified or trusted users. One exemplary computer-implemented method includes receiving a request for a digital identity from a user, where the request includes identifying information for the user and a verified user identifier, and transmitting, to a verified user associated with the verified user identifier, an attestation request for the user. The method also includes receiving, from the verified user, an attestation in response to the attestation request with regard to at least some of the identifying information for the user, generating a digital identity for the user based on a number of attestations of the identifying information for the user, and sharing a digital identity notice with the user including an identifier for the user, whereby the user is permitted to share the digital identity with a relying party via the identifier.

Abstract: Systems and methods are provided for imposing self-exclusion preferences for data access. One example computer-implemented method includes, in response to a request by a user to impose a self-exclusion preference on a digital identity of the user, requesting a token for the digital identity. The method also includes receiving and storing the token and a secret associated with the token in a record associated with the user and assigning the self-exclusion preference to the token. The method then includes receiving a request to share an identity attribute of the user's digital identity with a relying party, where the request includes the token, and retrieving the self-exclusion preference assigned to the token. And, in response to validation of the request to share the identity attribute, based on the self-exclusion preference, authorizing a mobile device of the user to share the at least one identity attribute with the relying party.

Abstract: Systems and methods are provided for provisioning identity credentials based on interactions with verifying or trusted users. One exemplary computer-implemented method includes receiving a request for a digital identity from a user, where the request includes identifying information for the user and a verified user identifier, and transmitting, to a verified user associated with the verified user identifier, an attestation request for the user. The method also includes receiving, from the verified user, an attestation in response to the attestation request with regard to at least some of the identifying information for the user, generating a digital identity for the user based on a number of attestations of the identifying information for the user, and sharing a digital identity notice with the user including an identifier for the user, whereby the user is permitted to share the digital identity with a relying party via the identifier.

Abstract: Systems and methods are provided for generating audit log entries for data packet transactions. One example computer-implemented method includes, in response to a request to share data about a user with a first party, retrieving data identified in the request and generating a transaction ID for the request where the transaction ID is unique to the request to share the data. The method also includes compiling a data packet including at least the transaction ID and the identified data, and generating a signature value for the data packet. The method then further includes transmitting, by the computing device, the data packet to the first party as a transaction and appending an entry to an audit log, which includes the transaction ID and the signature value, but not the identified data.

Abstract: Systems and methods are provided for using verifiable credentials. One example computer-implemented method includes receiving, by an identity provider (IDP) computing device, an identity request from a relying party and directing the request to a user of an application at a mobile device associated with the user, where the mobile device includes a verifiable credential. The method also includes receiving, by the IDP computing device, from the mobile device, the verifiable credential, verifying the verifiable credential based on a public key associated with an issuer of the verifiable credential, and transmitting a link and a first authorization of the verifiable credential to the relying party. The method further includes receiving, by the IDP computing device, a request for identity data from the relying party including a second authorization and, in response to the first authorization matching the second authorization, returning the identity data to the relying party.

Abstract: Systems and methods are provided for extending data files beyond sources of the data files. One example computer-implemented method includes receiving, from a mobile device of a user, selection of an option to extend a data file compiled at a source party, where the option includes a unique identifier for the user and a source identifier, and soliciting, from the mobile device, an image of the user. The method also includes receiving a captured image of the user from the mobile device and retrieving, based on the unique identifier and the source identifier, the data file from the source party. The method then includes, when the captured image matches the data file, storing the data file as a reusable data file, whereby the data file is available to be provided to one or more relying parties, different than the source party, upon consent from the user.

Abstract: Systems and methods are provided for restoring backup data files. One example computer-implemented method includes receiving a restore request including a backup data file having an L1 file, a wrapped L1 key, and an L4 file having an attribute of a user. In response, the method includes unwrapping the L1 key with a private key, decrypting the L1 file via the L1 key, and verifying a sample biometric included in the restore request against a reference biometric from the L1 file. Upon verification of the sample biometric, the method includes decrypting an L2 file of the L1 file, verifying a contact attribute from the L2 file with the user, decrypting an L3 file using the contact attribute, wrapping an L4 key from the L3 file with the public key of the restore request, and transmitting the wrapped L4 key to a mobile device of the user.

Abstract: Systems and methods are provided for changing attributes of user identities based on event driven rules. One example computer-implemented method includes receiving, at a computing device, from a mobile device, identification information associated with enrollment of an identity attribute of a user to a digital identity for the user and also receiving, from the mobile device, a request for a change to the identity attribute of the digital identity of the user. The method also includes determining a rule applicable to the change of the identity attribute based on a type of the identity attribute and/or a source of the identity attribute and determining whether the change to the at least one identity attribute is consistent with the rule. And, the method then includes effecting the change to the at least one identity attribute, when the change is consistent with the rule.

Abstract: Various implementations described herein may refer to a compliance platform for use with identity data. In one implementation, a method may include receiving a compliance data package from a user, where the compliance data package includes encrypted evidence data corresponding to digital identity data of the user. The method may also include encrypting the compliance data package using a first cryptographic key. The method may further include generating a user key shard, a requestor key shard, and a regulator key shard based on the first cryptographic key. The method may include generating an unlock data package that includes the requestor key shard and encrypting the unlock data package using a second cryptographic key. The method may also include transmitting the user key shard, the encrypted unlock data package, and the encrypted compliance data package to the user. The method may include transmitting the regulator key shard to a regulator.

Abstract: A selective transaction authorization method and system wherein the payment authorization request includes restriction information indicating a restricted purchase is requested, and the payment authorization request is declined or authorized according to a status of the account with which the purchase is being attempted.

Abstract: Systems and methods are provided for providing verified claims, based on multiple credentials, to relying parties. One example method includes receiving, by a computing device, a request for identity claims from a relying party. The method also includes, in response to the request, soliciting an authentication input from the user, authenticating the user based on the authentication input received from the user at the computing device, and, in response to authentication of the user, compiling, from multiple credentials included in the computing device, the identity claims included in the request. The method then includes sharing the determined identity claims with the relying party.

Abstract: Various implementations described herein may refer to a digital rights management (DRM) platform. In one implementation, a method may include receiving first biometric data associated with a user. The method may also include generating first biometric templates based on the first biometric data using a DRM platform. The method may further include receiving access control data from the user, where the access control data includes data indicating time periods during which requestors are permitted to authenticate the user using the first biometric templates. The method may additionally include transmitting the first biometric templates and the access control data to the requestors using the DRM platform, where the first biometric templates are configured to be compared to second biometric templates based on the access control data, and where the second biometric templates are configured to be generated using the DRM platform based on second biometric data associated with the user.

Abstract: Systems and methods are provided for context-based authentication, via a decentralized network. One example method includes receiving, at a mobile device, from a relying party, a request for an attribute of a user in connection with an interaction between the user and the relying party and determining a type of authentication to be used for the interaction, based on an authentication policy of the relying party and multiple context signals stored in the mobile device prior to providing the attribute to the relying party. The multiple context signals are indicative of one or more patterns indicative of the user and/or the mobile device. The method also includes soliciting authentication data from the user consistent with the determined type of authentication, receiving, by the mobile device, the solicited authentication from the user, and providing the attribute to the relying party in response to the user being authenticated at the mobile device.