Abstract: The disclosure relates to a method of authenticating a digital credential of a bearer by a validating device, the method including capturing the bearer credential by the validating device and transmitting to a validation service the bearer credential with a validator credential bound to the validating device. The method also includes at the validation service, validating the bearer credential and the validation credential, and if the validator credential is valid, using the bearer credential to access a data item of a digital profile and creating an electronic message for transmission to the validating device, the electronic message indicating the data item and comprising a fresh validator credential generated by the validation service. The method further includes issuing a fresh bearer credential and creating an electronic message to transmit the fresh bearer credential to an address associated with the bearer.

Abstract: A computer system according to certain aspects uses past ticket usage data indicating a probability that a respective entity would personally use a ticket issued to them based on a history of past ticket usage. A ticket controller can respond to ticket requests by determining whether a ticket should be issued to a requesting entity based on the past ticket usage data associated with the requesting entity's profile, and if so issue a ticket to the requesting entity in electronic form. The system can receive a ticket use notification and update the past ticket usage data associated with the requesting entity's profile based on the ticket use notification, where the updated past ticket usage data conveys whether the requesting entity presented the ticket themselves.

Abstract: The disclosure relates to a method of authenticating content offered by a content source to a local device for displaying content. The method includes establishing a communication session between the content source and a browser executing at the local device, transmitting from the content source to the browser a validation page comprising a content authentication token which is a randomly generated one-time use only credential bound to the content source, and capturing the content authentication token from the browser by a verification application. The method also includes transmitting the authentication token to a validation service which determines whether the token is bound to a valid source of content and causing the content to be displayed on the local device if the token is bound to a valid source of content.

Abstract: A liveness detection system comprises a controller, a video input, a feature recognition module, and a liveness detection module. The controller is configured to control an output device to provide randomized outputs to an entity over an interval of time. The video input is configured to receive a moving image of the entity captured by a camera over the interval of time. The feature recognition module is configured to process the moving image to detect at least one human feature of the entity. The liveness detection module is configured to compare with the randomized outputs a behaviour exhibited by the detected human feature over the interval of time to determine whether the behaviour is an expected reaction to the randomized outputs, thereby determining whether the entity is a living being.

Abstract: In a liveness detection system, a first set of one or more parameters of a first liveness test is selected at random. The first parameter set is transmitted to a user device available to an entity, thereby causing the user device to perform the first liveness test according to the first parameter set. Results of the first liveness test performed at the user device according to the first parameter set are received form the user device. Results of a second liveness test pertaining to the entity are received. The liveness detection system determines whether the entity is a living being using the results of the liveness tests, the results of the first liveness test being so used by comparing them with the first parameter set.

Abstract: A computer system according to certain aspects uses past ticket usage data indicating a probability that a respective entity would personally use a ticket issued to them based on a history of past ticket usage. A ticket controller can respond to ticket requests by determining whether a ticket should be issued to a requesting entity based on the past ticket usage data associated with the requesting entity's profile, and if so issue a ticket to the requesting entity in electronic form. The system can receive a ticket use notification and update the past ticket usage data associated with the requesting entity's profile based on the ticket use notification, where the updated past ticket usage data conveys whether the requesting entity presented the ticket themselves.

Abstract: A computer system for tracking assets comprises an asset tracking system, a digital identity system and a computer interface. The asset tracking system comprises electronic storage and a profile manager. The electronic storage of the asset tracking system holds an initial profile of an asset in association with an asset identifier of the asset. The digital identity system comprises a profile manager and electronic storage configured to hold profiles of entities. The computer interface is configured to receive asset transfer notifications. Each asset transfer notification identifies the asset and a respective entity participating in a transfer of the asset. The profile manager of the asset tracking system is configured to, each time an asset transfer notification is received, create in the electronic storage a new profile of the asset comprising an identifier of the respective participating entity. The new profile of the asset is stored in association with the asset identifier.

Abstract: A computer system according to certain aspects uses past ticket usage data indicating a probability that a respective entity would personally use a ticket issued to them based on a history of past ticket usage. A ticket controller can respond to ticket requests by determining whether a ticket should be issued to a requesting entity based on the past ticket usage data associated with the requesting entity's profile, and if so issue a ticket to the requesting entity in electronic form. The system can receive a ticket use notification and update the past ticket usage data associated with the requesting entity's profile based on the ticket use notification, where the updated past ticket usage data conveys whether the requesting entity presented the ticket themselves.

Abstract: The disclosure relates to a digital identity system including an enrolment module executing on a processor configured to receive a data item from an enrolling device and to create in persistent electronic storage a digital profile comprising the data item. The system also includes a credential creation module executing on a processor configured to generate a credential from a random sequence, to associate the credential with the digital profile in a database, and to transmit the credential to the enrolling device. The system further includes a publication module executing on a processor configured, in response to later presentation of the credential to the digital identity system, to publish the digital profile by storing a version of the digital profile in a memory location accessible to a device presenting the credential.

Abstract: The disclosure relates to a computer system including electronic storage, a network interface configured to receive electronic messages, and a processor configured to execute identity management code. The processor is configured to receive an electronic message from the network interface, the message including at least one data item to be included in a digital profile for an entity, the data item associated with the entity and uniquely identifying the entity. The processor is further configured to extract the data item from the electronic message and create a digital profile using the data item in the electronic storage, wherein the profile comprises the data item. The processor is also configured to allocate a confidence value to the profile, wherein the confidence value is allocated based on at least one of a source of the electronic message and a type of the data item.

Abstract: The disclosure relates to a method of authenticating a digital credential of a bearer by a validating device, the method including capturing the bearer credential by the validating device and transmitting to a validation service the bearer credential with a validator credential bound to the validating device. The method also includes at the validation service, validating the bearer credential and the validation credential, and if the validator credential is valid, using the bearer credential to access a data item of a digital profile and creating an electronic message for transmission to the validating device, the electronic message indicating the data item and comprising a fresh validator credential generated by the validation service. The method further includes issuing a fresh bearer credential and creating an electronic message to transmit the fresh bearer credential to an address associated with the bearer.

Abstract: The disclosure relates to a digital identity system for creating a computer stored digital identity. The system includes a network interface configured to send and receive electronic messages, persistent electronic storage, a profile management module executing on a processor configured to receive from an entity an electronic message comprising a data item, extract the data item from the electronic message and store the data item in a digital profile in the persistent electronic storage. The system also includes a credential creation module executing on a processor, a publication module executing on a processor, and a receipt generation module executing on a processor.

Abstract: The disclosure relates to a method of authenticating content offered by a content source to a local device for displaying content. The method includes establishing a communication session between the content source and a browser executing at the local device, transmitting from the content source to the browser a validation page comprising a content authentication token which is a randomly generated one-time use only credential bound to the content source, and capturing the content authentication token from the browser by a verification application. The method also includes transmitting the authentication token to a validation service which determines whether the token is bound to a valid source of content and causing the content to be displayed on the local device if the token is bound to a valid source of content.