Abstract: A client device is configured to (i) receive, from a credential issuer, a digital credential including (a) an identifier for the credential issuer and (b) credential information indicating an identity of a user associated with the client device, (ii) cause the digital credential to be maintained in storage, (iii) receive, from a credential verifier, an authentication challenge associated with a payment instrument, the authentication challenge including (a) an identifier for the credential verifier and (b) a request for credential information indicating the identity of the user of the payment instrument, where the request is encrypted using a private key of the credential verifier, (iv) use the identifier for the credential verifier to obtain a public key of the credential verifier, (v) use the public key to decrypt the encrypted request, and (vi) based on the decrypted request, transmit an authentication challenge response including the digital credential to the credential verifier.

Abstract: A computing platform is configured to (i) receive, from a user, a request to initiate a payment using a payment instrument, (ii) cause an authentication challenge to be presented to the user, the authentication challenge including a request for credential information indicating an identity of the user of the payment instrument, (iii) receive, from a client device associated with the user, an authentication challenge response including (a) an identifier for a credential issuer that previously verified the identity of the user and (b) credential information indicating the identity of the user, the credential information encrypted using a private key of the credential issuer, (iv) use the identifier for the credential issuer to obtain a public key of the credential issuer, (vii) use the public key to decrypt the credential information, (viii) verify that the credential information indicates the identity of the user of the payment instrument, and (ix) execute the payment.

Abstract: A method, system and computer program product for delivering a digital identity document. A request is received to purchase a digital identity document from a user by a system. An acquisition uniform resource locator (URL) with parameters corresponding to the identity of the user and the requested digital identity document is created and provided to the user. The user utilizes the received URL to communicate with an issuer to request the digital identity document. The system then receives the requested digital identity document in encrypted form from the issuer. The system then delivers the encrypted digital identity document to the user. In this manner, the system can deliver to the user an identity document in digital form that has been vetted as trusted in a secure manner thereby reducing the number of occurrences in providing improper identity documents as well as lessening the ability to generate falsified identity documents.

Abstract: A master digital copy of a registration is transmitted. The registration is proof that a physical object has been registered with a registration authority. A valid peripheral digital copy of the registration is received. The valid peripheral digital copy of the registration was made from the master digital copy of the registration and is incapable of being used to make other valid digital copies of the registration.

Abstract: An example operation may include one or more of connecting, by an identity server, to a blockchain configured to store an identity trait of a user, retrieving, by an identity server, the identity trait from the a blockchain, establishing, by the identity server, a trust group homomorphism digital signature algorithm (DSA) for the user associated with the identity trait based on a public key PK1, creating, by the identity server, a zero-knowledge proof function with a public key PK2 based on a DSA member of the trust group homomorphism for witness data, providing, by the identity server, the witness data to a challenger for the zero-knowledge proof function, and receiving, by the identity server, a validation of the user as a proved user based on execution of the zero-knowledge proof function based on the witness data.

Abstract: A method, system and computer program product for privacy control. A unique identifier for each data element of a group of data elements (e.g., driver's license contains a group of data elements, such as name, driver's license number) is created. These identifiers may be stored along with documentation (e.g., label) of the associated data elements in a manifest file. Alternatively, the identifiers may be stored in a file outside of the manifest file. In this manner, by utilizing a data element identifier which corresponds to a random number, security of privacy information is improved as one would only be able to obtain such sensitive information by obtaining such an identifier. Furthermore, the user only needs to send the requested data elements, as opposed to all the data elements of the group of data elements, to the challenger. In this manner, the user is preserving the security of other privacy information.

Abstract: An example operation may include one or more of connecting to a blockchain configured to store an identity trait of a user, retrieving the identity trait from the blockchain, establishing a trust group homomorphism digital signature algorithm (DSA) for the user based on a private key, creating a zero knowledge succinct non-interactive argument of knowledge (zkSNARK) proof constructed based on a DSA of a trait in the trust group homomorphism DSA as witness data, and obtaining further trust information related to the user from the witness data.

Abstract: An example operation may include one or more of connecting to a blockchain configured to store an identity trait of a user, retrieving the identity trait from the blockchain, establishing a trust group homomorphism digital signature algorithm (DSA) for the user based on a private key, creating a zero knowledge succinct non-interactive argument of knowledge (zkSNARK) proof constructed based on a DSA of a trait in the trust group homomorphism DSA as witness data, and obtaining further trust information related to the user from the witness data.

Abstract: An example operation may include one or more of connecting, by an identity server, to a blockchain configured to store an identity trait of a user, retrieving, by an identity server, the identity trait from the a blockchain, establishing, by the identity server, a trust group homomorphism digital signature algorithm (DSA) for the user associated with the identity trait based on a public key PK1, creating, by the identity server, a zero-knowledge proof function with a public key PK2 based on a DSA member of the trust group homomorphism for witness data, providing, by the identity server, the witness data to a challenger for the zero-knowledge proof function, and receiving, by the identity server, a validation of the user as a proved user based on execution of the zero-knowledge proof function based on the witness data.

Abstract: The method utilizes a passport identification number as an element of a homomorphic encryption used to stamp a passport with country entry/exit data to form a digital representation of a subset of information in the passport. As a result, exchange of the digital representation is permitted to allow a selective transfer of information without exposing a user-sensitive passport identification number. The homomorphic encryption comprises a support for exposing a trusted photo and a trusted group containing country travel entry and exit information. The digitally signed passport stamp may then be used to provide verification of the individual by ensuring linkage to that user's passport. The individual's identity and passport verification may occur unconnected, i.e., without having to connect to a central database.

Abstract: A master digital copy of a registration is transmitted. The registration is proof that a physical object has been registered with a registration authority. A valid peripheral digital copy of the registration is received. The valid peripheral digital copy of the registration was made from the master digital copy of the registration and is incapable of being used to make other valid digital copies of the registration.

Abstract: A master digital copy of a registration is transmitted. The registration is proof that a physical object has been registered with a registration authority. A valid peripheral digital copy of the registration is received. The valid peripheral digital copy of the registration was made from the master digital copy of the registration and is incapable of being used to make other valid digital copies of the registration.

Abstract: A method, system and computer program product for privacy control. A unique identifier for each data element of a group of data elements (e.g., driver's license contains a group of data elements, such as name, driver's license number) is created. These identifiers may be stored along with documentation (e.g., label) of the associated data elements in a manifest file. Alternatively, the identifiers may be stored in a file outside of the manifest file. In this manner, by utilizing a data element identifier which corresponds to a random number, security of privacy information is improved as one would only be able to obtain such sensitive information by obtaining such an identifier. Furthermore, the user only needs to send the requested data elements, as opposed to all the data elements of the group of data elements, to the challenger. In this manner, the user is preserving the security of other privacy information.

Abstract: A method, system and computer program product for privacy control. A unique identifier for each data element of a group of data elements (e.g., driver's license contains a group of data elements, such as name, driver's license number) is created. These identifiers may be stored along with documentation (e.g., label) of the associated data elements in a manifest file. Alternatively, the identifiers may be stored in a file outside of the manifest file. In this manner, by utilizing a data element identifier which corresponds to a random number, security of privacy information is improved as one would only be able to obtain such sensitive information by obtaining such an identifier. Furthermore, the user only needs to send the requested data elements, as opposed to all the data elements of the group of data elements, to the challenger. In this manner, the user is preserving the security of other privacy information.

Abstract: A method, system and computer program product for privacy control. A unique identifier for each data element of a group of data elements (e.g., driver's license contains a group of data elements, such as name, driver's license number) is created. These identifiers may be stored along with documentation (e.g., label) of the associated data elements in a manifest file. Alternatively, the identifiers may be stored in a file outside of the manifest file. In this manner, by utilizing a data element identifier which corresponds to a random number, security of privacy information is improved as one would only be able to obtain such sensitive information by obtaining such an identifier. Furthermore, the user only needs to send the requested data elements, as opposed to all the data elements of the group of data elements, to the challenger. In this manner, the user is preserving the security of other privacy information.

Abstract: A method, system and computer program product for privacy control. A unique identifier for each data element of a group of data elements (e.g., driver's license contains a group of data elements, such as name, driver's license number) is created. These identifiers may be stored along with documentation (e.g., label) of the associated data elements in a manifest file. Alternatively, the identifiers may be stored in a file outside of the manifest file. In this manner, by utilizing a data element identifier which corresponds to a random number, security of privacy information is improved as one would only be able to obtain such sensitive information by obtaining such an identifier. Furthermore, the user only needs to send the requested data elements, as opposed to all the data elements of the group of data elements, to the challenger. In this manner, the user is preserving the security of other privacy information.

Abstract: Methods and systems may provide for technology to receive, by a computing device, privacy information, a unique identifier (ID) and one or more digital signatures associated with the privacy information and the unique ID. Additionally, the technology may store the unique ID and the digital signature(s) to a record of an authentication log on the computing device and delete the privacy information from the computing device. In one example, the technology conducts a public key authentication of the digital signature(s).

Abstract: A method, system and computer program product for privacy control. A unique identifier for each data element of a group of data elements (e.g., driver's license contains a group of data elements, such as name, driver's license number) is created. These identifiers may be stored along with documentation (e.g., label) of the associated data elements in a manifest file. Alternatively, the identifiers may be stored in a file outside of the manifest file. In this manner, by utilizing a data element identifier which corresponds to a random number, security of privacy information is improved as one would only be able to obtain such sensitive information by obtaining such an identifier. Furthermore, the user only needs to send the requested data elements, as opposed to all the data elements of the group of data elements, to the challenger. In this manner, the user is preserving the security of other privacy information.

Abstract: A method, system and computer program product for privacy control. A unique identifier for each data element of a group of data elements (e.g., driver's license contains a group of data elements, such as name, driver's license number) is created. These identifiers may be stored along with documentation (e.g., label) of the associated data elements in a manifest file. Alternatively, the identifiers may be stored in a file outside of the manifest file. In this manner, by utilizing a data element identifier which corresponds to a random number, security of privacy information is improved as one would only be able to obtain such sensitive information by obtaining such an identifier. Furthermore, the user only needs to send the requested data elements, as opposed to all the data elements of the group of data elements, to the challenger. In this manner, the user is preserving the security of other privacy information.

Abstract: A method, system and computer program product for facilitating the generating of digital identity documents. A system receives a selection and initialization of properties (e.g., identity attributes, document type, alternate views, an acquisition uniform resource locator (URL)) to be used in a digital identity document (e.g., driver's license). The system then builds a template using the selected properties. The system may then present a list of built templates to a user/verifier to be used in generating a corresponding digital identity document. Upon receiving the selected template, the system provides the acquisition URL associated with the selected template to the user/verifier to be used by the user/verifier to request the corresponding digital identity document from the issuer. After receiving the digital identity document constructed by the issuer from the issuer, the system delivers the received digital identity document to the user/verifier.