Blockchain Fintech – Steven Cornelis Versteeg, Nathan Allin Hastings, Xien Yao, John Sinclair Bird, CA Inc
Abstract for “Publicly-readable blockchain registry of personally identifiable data breaches”
A registry is used to identify personally identifiable information (PII), that has been compromised. A registry is a distributed database that multiple organizations share to track which PII was breached by other organizations. The first service provider receives PII from a user and the corresponding signed description. The PII can be used to verify the identity of the user. The signed descriptor describes what type of PII was received. The registry is consulted by the first service provider to verify that the signed descriptor has been submitted by a second provider to indicate that the user’s privacy has been compromised at the service provided by the second provider. The first service provider can use the breached PII to invalidate the second service provider.
Background for “Publicly-readable blockchain registry of personally identifiable data breaches”
“A large majority of websites and apps accessible via the Internet or mobile devices offer sign in or sign-up functionality. This allows a user to sign in or create an account on a website or app and access the associated service. Organizations often use personally identifiable information (PII), to verify a user’s identity. PII can include full names, addresses, social security numbers and dates of birth. It also includes non-public information like mother’s maiden or maiden names. Organizations usually store PII associated to user accounts in some type of database or directory. These directories and databases can be accessed by malicious agents, exposing users to identity theft or fraud. This is a constant reminder given by the rising rate of data breaches.
Users often reuse the same PII across multiple websites and applications to compound this problem. This presents a security problem in that a breach at one organization could allow a malicious actor access accounts at other organizations. Malicious actors have recently stolen tax refunds from around 104,000 people by using compromised PII.
“This summary presents a few concepts in simplified form. They will be further described in the detailed description. This summary should not be used to identify the key features or essential characteristics of claimed subject matter.
The present disclosure relates to the use of a registry to identify PII which has been compromised. A distributed database that is shared by many organizations to track which PII was breached in others organizations makes up the registry. The first service provider receives PII from a user and the corresponding signed description. The PII is used to verify the identity of the user by the first service provider. However, the signed descriptor details the type of PII (e.g. fingerprint, mother’s maiden, birth date, etc.). Once it is received. The registry can be accessed by the first service provider to verify that the signed descriptor has been submitted to it by a second provider. This indicates that the registry has been compromised at the service provided by the second provider. The first service provider can query the registry to determine if the signed descriptor of the user has been written to the registry by a second service provider. If so, the breached PII will be invalidated.
“The subject matter described in the present disclosure has been given specificity to comply with statutory requirements. The patent’s scope is not limited by the description. The inventors considered that the claimed subject matter could be embodied in different ways. This includes combinations or steps of steps similar to those described in this document. The terms “step” and/or “block” are not interchangeable. and/or ?block? Although these terms may be used to refer to different elements of the methods used, they should not be taken as implying any particular sequence of steps unless the specific order of the individual steps is clearly described. The singular forms?a? and?an? are used herein. ?an,? ?an,? Unless the context indicates otherwise, they are meant to include plural forms of the singular forms.
As mentioned in the background, organizations often use PII to verify a user’s identity. PII can include information like full name, address, social security number and date of birth. Organizations typically store PII in a variety of databases or directories. These directories and databases can be accessed by malicious agents, exposing users to identity theft or fraud. Users often use the same PII to access multiple accounts from multiple providers. A breach at one company could allow a malicious actor or person to compromise accounts at another organization.
The disclosures are directed at identifying PII breaches using a registry. This prevents malicious actors from using stolen PII for identity theft or fraud. The breached service provider publishes signed descriptors to the registry that identify the type and content of the compromised PII. As a way to track which PII was compromised in other organizations, the registry is a distributed database that multiple organizations share. The registry could be similar to a blockchain and prevents revision or tampering. Providers may periodically query the registry in order to see if the signed user descriptor has been added to the registry by another service provider. The breached PII will be invalidated if the first provider uses it.
For example, let’s say a user registers for both EBAY and GMAIL accounts. The attacker may then use the PII from both sites. An attacker could compromise EBAY’s service and steal EBAY PII to gain access to the GMAIL account. EBAY can publish the signed descriptors of PII that has been potentially compromised to prevent further attacks. If GMAIL monitors the registry, GMAIL can determine which PII has been breached and take steps in order to deny attackers access to the compromised PII.
EBAY might publish signed descriptors describing PII that may have been compromised to make public the breach of PII. GMAIL, as a subscriber to this registry, searches for signed descriptors that match the signatures in its repository. GMAIL can then deny access to the affected user using the corresponding PII, and force them to provide new PII. These proactive measures can be taken via SMS, email, or in-person.
Accordingly, the present disclosure addresses a non-transitory computer storage media that stores computer-useable instructions. When used by a computer device, the computer device performs operations that enable invalidating PII. Operations include receiving PII from a user at a first provider and the corresponding signed description. The first service provider uses the PII to verify the identity of the user. These operations include querying a synchronized Blockchain registry to determine if the PII has been compromised. The synchronized Blockchain Registry includes signed descriptors that are used by a number of users and a variety of service providers to indicate PII that was breached through the services provided by the service providers. Once the PII has been compromised, the operations include invalidating the PII.
“In another embodiment, this disclosure is directed at a computer-implemented way to facilitate utilizing a PII Blockchain Registry to identify PII breached. This involves subscribing by a service provider to a publicly accessible blockchain registry. Signed descriptors are available for a number of users, from a variety of service providers. The publicly accessible blockchain registry can be synchronized with a synchronized blockchain registry. The synchronizing update the synchronized Blockchain registry to include updates from the plurality service providers to the public available blockchain registry. These updates identify the signed descriptors of the plurality users and indicate the PII that has been compromised for the plurality users.
“In another embodiment, the present disclosure relates to a computerized system that facilitates the use of a password breach registry in order to secure a service. The system comprises a processor and computer storage medium that stores computer-useable instruction. When used, the processor will subscribe to a public blockchain registry. Signed descriptors are available for a number of users, from a variety of service providers. To update the synchronized Blockchain registry, the service providers provide updates to the publicly accessible blockchain registry. A synchronized registry is created and synchronized with the public available blockchain registry. Updates identify the signed descriptors of the plurality users, indicating the PII that has been compromised for the plurality users. To determine if PII has been compromised for a service provider user, the synchronized blockchain registry may be queried. Upon determining that PII has been compromised, users are asked to supply new PII along with the corresponding signed descriptors.
Referring to FIG. Referring now to FIG. 1, a block diagram illustrates a PII Registry System 100 that can be used to identify PII breaches, according an embodiment of this disclosure. This and other arrangements discussed herein should not be taken as an example. You can use other arrangements and elements, such as interfaces, machines, orders, functions, groupings of operations, and groups of functions, to create your own. You can use other elements or combinations of them, as well as some elements that may not be shown. Many of the elements herein can be used as functional entities. They may be used in combination with other components, in discrete or distributed configurations, or in any other location. Hardware, firmware, and/or other software can perform the various functions herein. A processor that executes instructions stored in memory may perform various functions. Any type of computing device can implement the PII registry 100, including computing device 500 as described below. Refer to FIG. 5. The PII registry system 100 can be implemented using one device or multiple devices working together in a distributed environment.
“The PII Registry System 100 is generally designed to allow subscribers to query the PII register and identify instances when PII may have been compromised at other services. FIG. 1. The PII Registry System 100 comprises, among other parts not shown, user devices 102A to102N, a public PII register 106, service providers 108A?108N, and synchronized PII registries 112A?110N. The PII registry 100 illustrated in FIG. One example of a suitable computing system architecture is 1 FIG. 1 shows each of the components. Each of the components shown in FIG. 1 can be implemented using any type or computing device. For example, computing device 500 is described with reference to FIG. 5.
“The components can communicate with one another via network 104. This may include one or more local area networks and/or large area networks (WANs). These networking environments are commonplace within offices, enterprise-wide computers networks, intranets and the Internet. Within the scope of this disclosure, any number of user devices and password breach registries as well as service providers can be used within the PII registry 100. Each device may be a single unit or multiple devices working together in a distributed environment. The PII registry 106, for example, may be provided by multiple devices arranged in a distributed setting that provide the functionality described above. Other components may be added to the network environment, even if they are not shown.
“As shown at FIG. 1. The PII Registry System 100 also includes a PII Registry 106. FIG. 1 shows only one PII registry 106. 1. It should be noted that the PII registry 100 may use any number of PII registries. Service providers 108A-108N can publish signed descriptors corresponding with breached PII to PII registry 106 in order to prevent malicious actors committing identity theft or fraud using the breached PII.
“In embodiments, PII registry 106 is stored in a blockchain-like format that prevents tampering or revision. This blockchain-like format allows for a public accessible distributed database that keeps a growing number of data blocks. Each data block includes time-stamped transactions as well as a hash of each previous block. These blocks can be linked together to create a chain. These transactions (e.g. signed descriptors), are stored in the PII Registry 106 and can be accessed via service providers 108A to108N or user devices 102A?102N. A service provider 108A to108N or a user device 102A to102N can connect to the PII Registry 106 via network 104 to send new transactions to it. They also verify transactions and create new blocks.
“Each service provider 108A to108N or user device 102A to102N can keep a local copy the PII registry (e.g. the synchronized PII registries110A-110N). Transactions can be broadcast to the PII registry 106 and may be sent to the synchronized PII registries 110A?110N. Broadcasted transactions may be received by any service provider 108A to108N that has a synchronized PII registry 110A?110N. Therefore, there is no requirement to maintain a central database that is managed by a trusted third-party. Software applications can broadcast transactions to the network. Once a service provider has validated transactions, they are added to the local copy. Then they can be broadcast to other providers. Alternativly, each service provider 108A to108N with a synchronized PII Registry 110A-110N can periodically or on an ad hoc base synchronizes with the PII Registry 106.
“The synchronized PII Registry 110A-110N is available for periodic or ad hoc querying to determine if any signed descriptors match a sign descriptor that corresponds with PII of a customer of a service provider(s). 108A-108N. The service provider(s), 108A-108N, or the user device(s), 102A-102N can query only the synchronized PII Registry 110A-110N. This allows them to keep privacy over queries that could reveal PII used by the user or service provider if they were run against the PII register 106.
“In embodiments the PII Registry system 100 allows each subscribing provider 108A to108N to query and view the most recent version of the password registry. A breached service provider can publish signed descriptors 110A-110N to the synchronized PII register 110A-110N. These may then be broadcast to PII Registry 106. Subscribing services providers 108A-108N can determine with reasonable certainty whether a transaction (i.e. a signed descriptor correspondingly to a subscribing provider) exists in the data set. This allows the service provider to quickly identify whether any other service providers have breached PII.
“Further,” the blockchain-like format makes it prohibitively expensive to attempt to alter or rewrite transaction history. This makes it impossible for malicious actors to modify or remove signed descriptors already written to the PII Registry 106. A malicious actor cannot modify or delete a signed description that has been submitted to the PII Registry 106 if it indicates that a user of a service had their PII stolen. Instead, it is possible for other service providers to take steps to protect the services they offer that the user has access to with the same PII, because the descriptor has been published to the blockchain.
A signed descriptor, which is a standardized description of the type of PII received and/or breached, is for clarity. The signed descriptor for PII which is the user’s mother name could be?Mother Maiden Name. Another example is?Fingerprint. This signed descriptor might be for PII. Another example is?Birth date?, which might be the signed descriptor of PII. If PII is leaked, the service provider posts the signed descriptor to PII registry 106. The actual PII that was breached is not made public. This prevents other service providers from allowing affected users to use the compromised PII at other services, and it also prevents malicious actors committing identity theft or fraud at these services.”
“In embodiments, users have both a private and public key pair. If a user gives any PII to a 108A-108N service provider, the user must also provide a signed description of the PII. Signed descriptors are signed using the private key. A standardized representation is used for signed descriptors. This ensures that different PII can have the same descriptors. The descriptor contains an identifier of the person (e.g. their public key or another unique label) as well as a standardized description about the PII. Signing the PII descriptor using the user’s personal key creates a token that can only be used by the user. This prevents attackers from claiming PII has been stolen and prevents denial-of-service attacks.
“The service provider 108A?108N secures both the PII as well as the signed PII description. The service provider will update the PII registry 106 with any signed descriptors in case of a breach.
“If other service provider 108A-108N discover that their users have their PII compromised, they will activate their internal process. The service provider might make the compromised PII inaccessible for authentication purposes. Alternately, the service provider might contact the user to request new PII. For example, if the right index fingerprint of the user was compromised, they may request the print of another finger. It is possible that other service providers are only using a subset or subset of the breached PII because the user may have provided different PII to different providers.
The user may request additional PII from a non-breached provider if they have enough non-breached PII to allow a user still to securely authenticate. This can be done once the user has authenticated. If a service provider does not have enough non-breached PII, an alternative procedure may be necessary. The user might be asked to present their official identification and update their PII at the service provider.
Users may also directly write to the PII registry 106. A user may send the signed descriptors for the corresponding PII to PII registry 106 if they suspect that their PII is being compromised. The private key is required to generate the signed descriptors. This means that only service providers who have received the signed descriptors can generate them. An attacker who has the private key or the user’s signed descriptors (i.e. there has been a breach) can update the PII registry 106 with the updated PII for a specific user.
The user’s private keys must be kept safe. An attacker could use the PII registry 106 update to list all user’s PII as compromised and deny them access to services that require PII authentication. A user can write a special “private key breach” message if their private key is stolen. 106. The private key breach message must include the user?s public key and should be signed with the private key. After a private key breach message has been sent to the PII registry 106 the user’s public keys become completely invalid. After the message is sent to the PII registry 106, the user must relink or assimilate their identity to a new pair of public-private keys. Any user’s PII that was actually compromised (as opposed signed descriptors not actually breached, but written to a registry with the stolen keys) should be replaced with new signed descriptors.
In some embodiments, the private key of the user is kept in an electronic key fob to increase security. The private key is then stored in a secured hardware device (i.e. the key fob). The key fob can be used to sign and the private key does not leave the key fob. Client tools may be provided for mobile, desktop and laptop devices in some embodiments. These client tools allow the creation of signed descriptors by the user in an intuitive and user-friendly manner, making it transparent to the user’s private-public key cryptography.
“In certain embodiments, the PII Registry system 100 does not rely on the breached provider to update the PII Registry 106. Rather, a user can update the PII Registry 106 if it suspects that PII has not been updated. If another service provider suspects that PII was breached, it can also update the PII Registry 106. A signed descriptor is all that is required to update the PII Registry 106. The signed descriptor cannot be generated by the private key holder, which in most cases is the user. Therefore, only the users and service providers who have shared PII should have a copy. The signed descriptor should not be given to anyone. Only after PII has been compromised should it be made public (i.e. when it is sent to the PII registry 106)
“In certain embodiments, the service providers are required to disclose their identity in order to identify the source of the breach. Other embodiments allow the service provider to write anonymously to the PII registry 106 to encourage disclosure of breaches, without any penalty to the breached provider.
“In practice, and referring to FIG. John Doe 202 opens an account at a bank. The bank 208 receives PII (e.g. his left index fingerprint and his mother’s maiden names) and signed descriptors 204 which identify the type of PII that is being provided. The signed descriptors 204 and PII are stored by the bank 208 in a data storage 210. This information is used for authentication purposes.
“Next, John Doe (202) opens an account on an online dating site 212. The PII (e.g. his mother’s maiden names) and a signed 206 descriptor 206 are provided to the dating service 212. This descriptor identifies which type of PII is being provided. If John Doe needs to retrieve his password, the dating service 212 stores his PII and signed description in a data storage 214.
“Assume that at some point the online dating site 212 is compromised and that all user account information has been stolen by a malicious actor.216 Online dating service 212 updates registry 218 with signed descriptions 220 of all PII (which also includes the identifier mentioned above). The registry 218 is updated with the signed descriptor 220 of John Doe’s mother maiden name 220. The bank 208 changes its registry copy and notices that John Doe has lost his mother’s maiden names.
“To prevent further damage, the bank 208 executes their process for third-party PII breaches. The bank 208 invalidates John Doe’s maiden name as a means of authentication. John Doe is notified by the bank that John Doe’s security information must be updated. The bank 208 may permit John Doe to use the bank’s online system to give John Doe his security credentials if he has enough non-breached PII (e.g. John Doe’s password and fingerprint). John Doe might be asked to visit a branch to verify John Doe’s identity and update his security credentials if there is not enough non-breached security data.
“Turning to FIG. 3 shows a flow diagram that illustrates a method 300 to invalidate PII that has been compromised, according to an embodiment of this disclosure. The PII registry 100 may be used to illustrate the method 300. 1. As described in step 302, a first provider of services receives personally identifiable information from the user and the corresponding signed description. To verify the identity of the user, the first service provider can use the PII. The signed descriptor identifies the type of PII (e.g. fingerprint, mother’s maiden, birth date, etc.). Once it is received. In some cases, client tools can be used to generate signed descriptors that are transparently visible to the user. Each signed descriptor cannot be generated without the possession of a user’s private key.
“At step 304, a PII Registry (e.g., a synchronized Blockchain registry) is queried in order to determine if the PII has been compromised. The PII contains signed descriptors that indicate PII breached by a plurality users using services provided by a plurality. The PII is not made public by the synchronized or publicly accessible blockchain registry if it relies on signed descriptors and not the actual PII.
“In embodiments, a synced blockchain registry is used so that the first service providers can avoid disclosing details about the queries (i.e. which signed descriptors were provided by users of the service provided by the second service provider). The synchronized blockchain registry must be synchronized with a publicly accessible blockchain registry. Each service provider can have its own synchronized Blockchain registry. In some cases, the publicly accessible blockchain registry contains an identification of the breach origin. Other embodiments allow for the identification of a breach source to remain anonymous via the publicly accessible blockchain registry.
“The PII is invalidated, at step 306, when the user determines that the PII has been compromised. In some cases, the first service provider may request that the user provides new PII and a signed descriptor. The user might request the new PII or corresponding signed description when he authenticates with the first provider. This is to confirm his identity. Another example is that the first service provider might request the new PII along with the corresponding signed description. Another example is the request for the new PII along with the corresponding signed description via communication initiated by the first service provider.
“In certain embodiments, the first service providers may query a sync blockchain registry for a private message. A private key message is sent by the user to the publicly accessible blockchain registry. It indicates that the user’s private key has been stolen. A private key message could contain a public key that was signed by the user and a private key. The first service provider can invalidate the public user key if the private key message is identified by the user. The first service provider might request that the user associate a public-private key pair and a user ID.
Referring to FIG. “Referring now to FIG. 4, a flow diagram illustrates a 400-step method for utilizing a PII Blockchain Registry to identify PII breached, in accordance the embodiment of this disclosure. The PII registry 100 in FIG. could be used to implement the method 400. 1. A service provider subscribes, as shown in step 402, to a publicly accessible blockchain registry. Signed descriptors are available for multiple users, from a variety of service providers, in the publicly accessible blockchain registry. The signed descriptors, as mentioned above, describe the type and extent of PII that could have been stolen from the plurality service providers. Subscribing the public blockchain registry allows the service provider to ensure that different PII are not used for a service they provide (e.g. using the PII in order to verify an individual’s identity).
“A synchronized Blockchain Registry is created at step 404 and synchronized with the publicly accessible blockchain registry. The synchronization updates a synchronized blockchain register to include updates from the plurality service providers to the public available blockchain registry. These updates identify signed descriptors of the plurality users and indicate PII corresponding with the signed descriptors that have been violated for the plurality users.
The service provider can query the synchronized Blockchain Registry to determine if PII has been compromised. The service provider can query the synchronized Blockchain Registry to see if the signed descriptor that the user provided to the service provider was written to the synchronized Blockchain registry. The service provider might request the user to provide new PII along with the corresponding signed descriptors, if they have determined that PII has been compromised for a user. This may protect a malicious actor against identity theft or fraud at the service provider’s service for the user affected.
Below are examples of operating environments in which embodiments may be implemented according to the present disclosure. Referring to FIG. Referring to FIG. 5, a exemplary computing environment for implementing embodiments is shown. It is generally designated as computing device 500. Computing device 500 is only one example of a suitable environment. It is not meant to limit the functionality or scope of the inventive embodiments. The computing device 500 should not be taken to indicate any dependency or need for any of the components.
“The inventive embodiments can be described in the context of computer code, machine-useable instruction, including computer-executable programs such as program modules. These instructions are executed by a computer, other machine, such a personal computer assistant or handheld device. Program modules, which include routines, programs and objects, components, data structure, etc., are code that executes specific tasks or implements particular abstract data types. These inventive embodiments can be used in many different system configurations including consumer electronics, general-purpose computing devices, and more specialist computing devices. These inventive embodiments can also be used in distributed computing environments, where remote-processing devices are connected through a communication network to perform tasks.
“With reference to FIG. 5. Computing device 500 includes a bus510 that directly or indirectly couples the following devices: memory512, one (or more) processors 514 and one (or more) presentation components 516. Input/output ports 518, input/output components 520 and an illustrative powered supply 522. Bus 510 may represent one or more buses (such as an address, data, or combination thereof). FIG. 5 shows the different blocks with lines. However, in reality, it is not clear how to delineate them. FIG. 5 is shown with lines to make it easier to see the various blocks. However, it is difficult to delineate the components. One could consider a presentation device, such as a display unit, to be an I/O part. A processor also has memory. These are the facts of art. The inventors acknowledge this and remind that FIG. 5. is only an illustration of an exemplary computing gadget that can be used with any of the embodiments of this disclosure. There is no distinction between?workstation? and?server?. ?server,? ?laptop,? ?handheld device,? All of these are included in FIG. 5. and reference to “computing device.
Computer-readable media are typically included in computing device 500. Computer-readable media is any media that can be accessed using computing device 500. It includes volatile and nonvolatile media as well as removable and non-removable media. Computer-readable media can include communication media as well as computer storage media. Computer storage media can be volatile or nonvolatile, nonvolatile or removable, and can be used in any technology or method for storing information, such as computer-readable instructions and data structures, program modules, or other data. Computer storage media include, but are not limited to: RAM, ROM and EEPROM flash memory or another memory technology, CDROM, digital versatile discs (DVD), magnetic cassettes magnetic disk storage or magnetic disk storage, CD-ROM or other optical disk storage as well as magnetic cassettes, magnetic tapes, magnetic disk storage or magnetic disk storage or any other medium that can be used to store the requested information and can be accessed using computing device 500. Computer storage media doesn’t contain signals. Communication media usually encapsulates computer-readable instructions and data structures, program module or other data in a modulated signal, such as a carrier wave, other transport mechanism, or any other information delivery media. Modified data signals is a term that refers to a signal with a set or changed characteristic. A signal with one or more characteristics changed or set in such a way as to encode information within it. Communication media can include wired media, such as a direct-wired or wired connection, as well as wireless media like RF, infrared, and other wireless media. Computer-readable media should include combinations of any of these.
“Memory512” includes computer-storage media that can be volatile or nonvolatile memory. The memory can be removable, nonremovable or a combination of both. Examples of hardware devices are solid-state memory and hard drives. Computing device 500 can include one or more processors that can read data from different entities, such as memory 512 and I/O components 516. 516 Presentation components present data indications for a user or another device. Examples of presentation components are a speaker, printer component, vibrating component and a display device.
“I/O ports 518 enable computing device 500 to be logically connected to other devices, including I/O component 520. Some of these components may be integrated. A microphone, joystick and gamepad, a scanner, printer, wireless device and a scanner are just a few examples of the components. The I/O components 522 may be used to provide a natural user interface (NUI), which processes voice, air gestures, and other physiological inputs. In some cases, inputs can be sent to the appropriate network element for further processing. A NUI can implement speech recognition, touch, stylus recognition and facial recognition. It may also recognize gestures on the screen or adjacent to it. Air gestures, head tracking and touch recognition are all possible. For gesture recognition and detection, the computing device 500 can be equipped with depth cameras such as infrared camera system, stereoscopic camera system, RGB camera systems and combinations thereof. The computing device 500 can also be equipped with accelerometers and gyroscopes to detect motion. To render immersive augmented or virtual reality, the output from the accelerometers and gyroscopes can be displayed on the computing device 500.
“As you can see, the embodiments of this disclosure offer an objective approach to utilizing a PII Blockchain Registry to identify PII breached. This disclosure has been described with respect to specific embodiments. These are meant to be illustrative and not restrictive. Without limiting the scope of the disclosure, ordinary skill in the art will be able to see alternative embodiments.
“From the above, it is clear that the disclosure is well-suited to achieve all the ends and objectives set forth above. In addition to other advantages, the system and method have many inherent advantages. You will understand that some features and subcombinations can be used without regard to other features or subcombinations. This is permitted by the claims.
Summary for “Publicly-readable blockchain registry of personally identifiable data breaches”
“A large majority of websites and apps accessible via the Internet or mobile devices offer sign in or sign-up functionality. This allows a user to sign in or create an account on a website or app and access the associated service. Organizations often use personally identifiable information (PII), to verify a user’s identity. PII can include full names, addresses, social security numbers and dates of birth. It also includes non-public information like mother’s maiden or maiden names. Organizations usually store PII associated to user accounts in some type of database or directory. These directories and databases can be accessed by malicious agents, exposing users to identity theft or fraud. This is a constant reminder given by the rising rate of data breaches.
Users often reuse the same PII across multiple websites and applications to compound this problem. This presents a security problem in that a breach at one organization could allow a malicious actor access accounts at other organizations. Malicious actors have recently stolen tax refunds from around 104,000 people by using compromised PII.
“This summary presents a few concepts in simplified form. They will be further described in the detailed description. This summary should not be used to identify the key features or essential characteristics of claimed subject matter.
The present disclosure relates to the use of a registry to identify PII which has been compromised. A distributed database that is shared by many organizations to track which PII was breached in others organizations makes up the registry. The first service provider receives PII from a user and the corresponding signed description. The PII is used to verify the identity of the user by the first service provider. However, the signed descriptor details the type of PII (e.g. fingerprint, mother’s maiden, birth date, etc.). Once it is received. The registry can be accessed by the first service provider to verify that the signed descriptor has been submitted to it by a second provider. This indicates that the registry has been compromised at the service provided by the second provider. The first service provider can query the registry to determine if the signed descriptor of the user has been written to the registry by a second service provider. If so, the breached PII will be invalidated.
“The subject matter described in the present disclosure has been given specificity to comply with statutory requirements. The patent’s scope is not limited by the description. The inventors considered that the claimed subject matter could be embodied in different ways. This includes combinations or steps of steps similar to those described in this document. The terms “step” and/or “block” are not interchangeable. and/or ?block? Although these terms may be used to refer to different elements of the methods used, they should not be taken as implying any particular sequence of steps unless the specific order of the individual steps is clearly described. The singular forms?a? and?an? are used herein. ?an,? ?an,? Unless the context indicates otherwise, they are meant to include plural forms of the singular forms.
As mentioned in the background, organizations often use PII to verify a user’s identity. PII can include information like full name, address, social security number and date of birth. Organizations typically store PII in a variety of databases or directories. These directories and databases can be accessed by malicious agents, exposing users to identity theft or fraud. Users often use the same PII to access multiple accounts from multiple providers. A breach at one company could allow a malicious actor or person to compromise accounts at another organization.
The disclosures are directed at identifying PII breaches using a registry. This prevents malicious actors from using stolen PII for identity theft or fraud. The breached service provider publishes signed descriptors to the registry that identify the type and content of the compromised PII. As a way to track which PII was compromised in other organizations, the registry is a distributed database that multiple organizations share. The registry could be similar to a blockchain and prevents revision or tampering. Providers may periodically query the registry in order to see if the signed user descriptor has been added to the registry by another service provider. The breached PII will be invalidated if the first provider uses it.
For example, let’s say a user registers for both EBAY and GMAIL accounts. The attacker may then use the PII from both sites. An attacker could compromise EBAY’s service and steal EBAY PII to gain access to the GMAIL account. EBAY can publish the signed descriptors of PII that has been potentially compromised to prevent further attacks. If GMAIL monitors the registry, GMAIL can determine which PII has been breached and take steps in order to deny attackers access to the compromised PII.
EBAY might publish signed descriptors describing PII that may have been compromised to make public the breach of PII. GMAIL, as a subscriber to this registry, searches for signed descriptors that match the signatures in its repository. GMAIL can then deny access to the affected user using the corresponding PII, and force them to provide new PII. These proactive measures can be taken via SMS, email, or in-person.
Accordingly, the present disclosure addresses a non-transitory computer storage media that stores computer-useable instructions. When used by a computer device, the computer device performs operations that enable invalidating PII. Operations include receiving PII from a user at a first provider and the corresponding signed description. The first service provider uses the PII to verify the identity of the user. These operations include querying a synchronized Blockchain registry to determine if the PII has been compromised. The synchronized Blockchain Registry includes signed descriptors that are used by a number of users and a variety of service providers to indicate PII that was breached through the services provided by the service providers. Once the PII has been compromised, the operations include invalidating the PII.
“In another embodiment, this disclosure is directed at a computer-implemented way to facilitate utilizing a PII Blockchain Registry to identify PII breached. This involves subscribing by a service provider to a publicly accessible blockchain registry. Signed descriptors are available for a number of users, from a variety of service providers. The publicly accessible blockchain registry can be synchronized with a synchronized blockchain registry. The synchronizing update the synchronized Blockchain registry to include updates from the plurality service providers to the public available blockchain registry. These updates identify the signed descriptors of the plurality users and indicate the PII that has been compromised for the plurality users.
“In another embodiment, the present disclosure relates to a computerized system that facilitates the use of a password breach registry in order to secure a service. The system comprises a processor and computer storage medium that stores computer-useable instruction. When used, the processor will subscribe to a public blockchain registry. Signed descriptors are available for a number of users, from a variety of service providers. To update the synchronized Blockchain registry, the service providers provide updates to the publicly accessible blockchain registry. A synchronized registry is created and synchronized with the public available blockchain registry. Updates identify the signed descriptors of the plurality users, indicating the PII that has been compromised for the plurality users. To determine if PII has been compromised for a service provider user, the synchronized blockchain registry may be queried. Upon determining that PII has been compromised, users are asked to supply new PII along with the corresponding signed descriptors.
Referring to FIG. Referring now to FIG. 1, a block diagram illustrates a PII Registry System 100 that can be used to identify PII breaches, according an embodiment of this disclosure. This and other arrangements discussed herein should not be taken as an example. You can use other arrangements and elements, such as interfaces, machines, orders, functions, groupings of operations, and groups of functions, to create your own. You can use other elements or combinations of them, as well as some elements that may not be shown. Many of the elements herein can be used as functional entities. They may be used in combination with other components, in discrete or distributed configurations, or in any other location. Hardware, firmware, and/or other software can perform the various functions herein. A processor that executes instructions stored in memory may perform various functions. Any type of computing device can implement the PII registry 100, including computing device 500 as described below. Refer to FIG. 5. The PII registry system 100 can be implemented using one device or multiple devices working together in a distributed environment.
“The PII Registry System 100 is generally designed to allow subscribers to query the PII register and identify instances when PII may have been compromised at other services. FIG. 1. The PII Registry System 100 comprises, among other parts not shown, user devices 102A to102N, a public PII register 106, service providers 108A?108N, and synchronized PII registries 112A?110N. The PII registry 100 illustrated in FIG. One example of a suitable computing system architecture is 1 FIG. 1 shows each of the components. Each of the components shown in FIG. 1 can be implemented using any type or computing device. For example, computing device 500 is described with reference to FIG. 5.
“The components can communicate with one another via network 104. This may include one or more local area networks and/or large area networks (WANs). These networking environments are commonplace within offices, enterprise-wide computers networks, intranets and the Internet. Within the scope of this disclosure, any number of user devices and password breach registries as well as service providers can be used within the PII registry 100. Each device may be a single unit or multiple devices working together in a distributed environment. The PII registry 106, for example, may be provided by multiple devices arranged in a distributed setting that provide the functionality described above. Other components may be added to the network environment, even if they are not shown.
“As shown at FIG. 1. The PII Registry System 100 also includes a PII Registry 106. FIG. 1 shows only one PII registry 106. 1. It should be noted that the PII registry 100 may use any number of PII registries. Service providers 108A-108N can publish signed descriptors corresponding with breached PII to PII registry 106 in order to prevent malicious actors committing identity theft or fraud using the breached PII.
“In embodiments, PII registry 106 is stored in a blockchain-like format that prevents tampering or revision. This blockchain-like format allows for a public accessible distributed database that keeps a growing number of data blocks. Each data block includes time-stamped transactions as well as a hash of each previous block. These blocks can be linked together to create a chain. These transactions (e.g. signed descriptors), are stored in the PII Registry 106 and can be accessed via service providers 108A to108N or user devices 102A?102N. A service provider 108A to108N or a user device 102A to102N can connect to the PII Registry 106 via network 104 to send new transactions to it. They also verify transactions and create new blocks.
“Each service provider 108A to108N or user device 102A to102N can keep a local copy the PII registry (e.g. the synchronized PII registries110A-110N). Transactions can be broadcast to the PII registry 106 and may be sent to the synchronized PII registries 110A?110N. Broadcasted transactions may be received by any service provider 108A to108N that has a synchronized PII registry 110A?110N. Therefore, there is no requirement to maintain a central database that is managed by a trusted third-party. Software applications can broadcast transactions to the network. Once a service provider has validated transactions, they are added to the local copy. Then they can be broadcast to other providers. Alternativly, each service provider 108A to108N with a synchronized PII Registry 110A-110N can periodically or on an ad hoc base synchronizes with the PII Registry 106.
“The synchronized PII Registry 110A-110N is available for periodic or ad hoc querying to determine if any signed descriptors match a sign descriptor that corresponds with PII of a customer of a service provider(s). 108A-108N. The service provider(s), 108A-108N, or the user device(s), 102A-102N can query only the synchronized PII Registry 110A-110N. This allows them to keep privacy over queries that could reveal PII used by the user or service provider if they were run against the PII register 106.
“In embodiments the PII Registry system 100 allows each subscribing provider 108A to108N to query and view the most recent version of the password registry. A breached service provider can publish signed descriptors 110A-110N to the synchronized PII register 110A-110N. These may then be broadcast to PII Registry 106. Subscribing services providers 108A-108N can determine with reasonable certainty whether a transaction (i.e. a signed descriptor correspondingly to a subscribing provider) exists in the data set. This allows the service provider to quickly identify whether any other service providers have breached PII.
“Further,” the blockchain-like format makes it prohibitively expensive to attempt to alter or rewrite transaction history. This makes it impossible for malicious actors to modify or remove signed descriptors already written to the PII Registry 106. A malicious actor cannot modify or delete a signed description that has been submitted to the PII Registry 106 if it indicates that a user of a service had their PII stolen. Instead, it is possible for other service providers to take steps to protect the services they offer that the user has access to with the same PII, because the descriptor has been published to the blockchain.
A signed descriptor, which is a standardized description of the type of PII received and/or breached, is for clarity. The signed descriptor for PII which is the user’s mother name could be?Mother Maiden Name. Another example is?Fingerprint. This signed descriptor might be for PII. Another example is?Birth date?, which might be the signed descriptor of PII. If PII is leaked, the service provider posts the signed descriptor to PII registry 106. The actual PII that was breached is not made public. This prevents other service providers from allowing affected users to use the compromised PII at other services, and it also prevents malicious actors committing identity theft or fraud at these services.”
“In embodiments, users have both a private and public key pair. If a user gives any PII to a 108A-108N service provider, the user must also provide a signed description of the PII. Signed descriptors are signed using the private key. A standardized representation is used for signed descriptors. This ensures that different PII can have the same descriptors. The descriptor contains an identifier of the person (e.g. their public key or another unique label) as well as a standardized description about the PII. Signing the PII descriptor using the user’s personal key creates a token that can only be used by the user. This prevents attackers from claiming PII has been stolen and prevents denial-of-service attacks.
“The service provider 108A?108N secures both the PII as well as the signed PII description. The service provider will update the PII registry 106 with any signed descriptors in case of a breach.
“If other service provider 108A-108N discover that their users have their PII compromised, they will activate their internal process. The service provider might make the compromised PII inaccessible for authentication purposes. Alternately, the service provider might contact the user to request new PII. For example, if the right index fingerprint of the user was compromised, they may request the print of another finger. It is possible that other service providers are only using a subset or subset of the breached PII because the user may have provided different PII to different providers.
The user may request additional PII from a non-breached provider if they have enough non-breached PII to allow a user still to securely authenticate. This can be done once the user has authenticated. If a service provider does not have enough non-breached PII, an alternative procedure may be necessary. The user might be asked to present their official identification and update their PII at the service provider.
Users may also directly write to the PII registry 106. A user may send the signed descriptors for the corresponding PII to PII registry 106 if they suspect that their PII is being compromised. The private key is required to generate the signed descriptors. This means that only service providers who have received the signed descriptors can generate them. An attacker who has the private key or the user’s signed descriptors (i.e. there has been a breach) can update the PII registry 106 with the updated PII for a specific user.
The user’s private keys must be kept safe. An attacker could use the PII registry 106 update to list all user’s PII as compromised and deny them access to services that require PII authentication. A user can write a special “private key breach” message if their private key is stolen. 106. The private key breach message must include the user?s public key and should be signed with the private key. After a private key breach message has been sent to the PII registry 106 the user’s public keys become completely invalid. After the message is sent to the PII registry 106, the user must relink or assimilate their identity to a new pair of public-private keys. Any user’s PII that was actually compromised (as opposed signed descriptors not actually breached, but written to a registry with the stolen keys) should be replaced with new signed descriptors.
In some embodiments, the private key of the user is kept in an electronic key fob to increase security. The private key is then stored in a secured hardware device (i.e. the key fob). The key fob can be used to sign and the private key does not leave the key fob. Client tools may be provided for mobile, desktop and laptop devices in some embodiments. These client tools allow the creation of signed descriptors by the user in an intuitive and user-friendly manner, making it transparent to the user’s private-public key cryptography.
“In certain embodiments, the PII Registry system 100 does not rely on the breached provider to update the PII Registry 106. Rather, a user can update the PII Registry 106 if it suspects that PII has not been updated. If another service provider suspects that PII was breached, it can also update the PII Registry 106. A signed descriptor is all that is required to update the PII Registry 106. The signed descriptor cannot be generated by the private key holder, which in most cases is the user. Therefore, only the users and service providers who have shared PII should have a copy. The signed descriptor should not be given to anyone. Only after PII has been compromised should it be made public (i.e. when it is sent to the PII registry 106)
“In certain embodiments, the service providers are required to disclose their identity in order to identify the source of the breach. Other embodiments allow the service provider to write anonymously to the PII registry 106 to encourage disclosure of breaches, without any penalty to the breached provider.
“In practice, and referring to FIG. John Doe 202 opens an account at a bank. The bank 208 receives PII (e.g. his left index fingerprint and his mother’s maiden names) and signed descriptors 204 which identify the type of PII that is being provided. The signed descriptors 204 and PII are stored by the bank 208 in a data storage 210. This information is used for authentication purposes.
“Next, John Doe (202) opens an account on an online dating site 212. The PII (e.g. his mother’s maiden names) and a signed 206 descriptor 206 are provided to the dating service 212. This descriptor identifies which type of PII is being provided. If John Doe needs to retrieve his password, the dating service 212 stores his PII and signed description in a data storage 214.
“Assume that at some point the online dating site 212 is compromised and that all user account information has been stolen by a malicious actor.216 Online dating service 212 updates registry 218 with signed descriptions 220 of all PII (which also includes the identifier mentioned above). The registry 218 is updated with the signed descriptor 220 of John Doe’s mother maiden name 220. The bank 208 changes its registry copy and notices that John Doe has lost his mother’s maiden names.
“To prevent further damage, the bank 208 executes their process for third-party PII breaches. The bank 208 invalidates John Doe’s maiden name as a means of authentication. John Doe is notified by the bank that John Doe’s security information must be updated. The bank 208 may permit John Doe to use the bank’s online system to give John Doe his security credentials if he has enough non-breached PII (e.g. John Doe’s password and fingerprint). John Doe might be asked to visit a branch to verify John Doe’s identity and update his security credentials if there is not enough non-breached security data.
“Turning to FIG. 3 shows a flow diagram that illustrates a method 300 to invalidate PII that has been compromised, according to an embodiment of this disclosure. The PII registry 100 may be used to illustrate the method 300. 1. As described in step 302, a first provider of services receives personally identifiable information from the user and the corresponding signed description. To verify the identity of the user, the first service provider can use the PII. The signed descriptor identifies the type of PII (e.g. fingerprint, mother’s maiden, birth date, etc.). Once it is received. In some cases, client tools can be used to generate signed descriptors that are transparently visible to the user. Each signed descriptor cannot be generated without the possession of a user’s private key.
“At step 304, a PII Registry (e.g., a synchronized Blockchain registry) is queried in order to determine if the PII has been compromised. The PII contains signed descriptors that indicate PII breached by a plurality users using services provided by a plurality. The PII is not made public by the synchronized or publicly accessible blockchain registry if it relies on signed descriptors and not the actual PII.
“In embodiments, a synced blockchain registry is used so that the first service providers can avoid disclosing details about the queries (i.e. which signed descriptors were provided by users of the service provided by the second service provider). The synchronized blockchain registry must be synchronized with a publicly accessible blockchain registry. Each service provider can have its own synchronized Blockchain registry. In some cases, the publicly accessible blockchain registry contains an identification of the breach origin. Other embodiments allow for the identification of a breach source to remain anonymous via the publicly accessible blockchain registry.
“The PII is invalidated, at step 306, when the user determines that the PII has been compromised. In some cases, the first service provider may request that the user provides new PII and a signed descriptor. The user might request the new PII or corresponding signed description when he authenticates with the first provider. This is to confirm his identity. Another example is that the first service provider might request the new PII along with the corresponding signed description. Another example is the request for the new PII along with the corresponding signed description via communication initiated by the first service provider.
“In certain embodiments, the first service providers may query a sync blockchain registry for a private message. A private key message is sent by the user to the publicly accessible blockchain registry. It indicates that the user’s private key has been stolen. A private key message could contain a public key that was signed by the user and a private key. The first service provider can invalidate the public user key if the private key message is identified by the user. The first service provider might request that the user associate a public-private key pair and a user ID.
Referring to FIG. “Referring now to FIG. 4, a flow diagram illustrates a 400-step method for utilizing a PII Blockchain Registry to identify PII breached, in accordance the embodiment of this disclosure. The PII registry 100 in FIG. could be used to implement the method 400. 1. A service provider subscribes, as shown in step 402, to a publicly accessible blockchain registry. Signed descriptors are available for multiple users, from a variety of service providers, in the publicly accessible blockchain registry. The signed descriptors, as mentioned above, describe the type and extent of PII that could have been stolen from the plurality service providers. Subscribing the public blockchain registry allows the service provider to ensure that different PII are not used for a service they provide (e.g. using the PII in order to verify an individual’s identity).
“A synchronized Blockchain Registry is created at step 404 and synchronized with the publicly accessible blockchain registry. The synchronization updates a synchronized blockchain register to include updates from the plurality service providers to the public available blockchain registry. These updates identify signed descriptors of the plurality users and indicate PII corresponding with the signed descriptors that have been violated for the plurality users.
The service provider can query the synchronized Blockchain Registry to determine if PII has been compromised. The service provider can query the synchronized Blockchain Registry to see if the signed descriptor that the user provided to the service provider was written to the synchronized Blockchain registry. The service provider might request the user to provide new PII along with the corresponding signed descriptors, if they have determined that PII has been compromised for a user. This may protect a malicious actor against identity theft or fraud at the service provider’s service for the user affected.
Below are examples of operating environments in which embodiments may be implemented according to the present disclosure. Referring to FIG. Referring to FIG. 5, a exemplary computing environment for implementing embodiments is shown. It is generally designated as computing device 500. Computing device 500 is only one example of a suitable environment. It is not meant to limit the functionality or scope of the inventive embodiments. The computing device 500 should not be taken to indicate any dependency or need for any of the components.
“The inventive embodiments can be described in the context of computer code, machine-useable instruction, including computer-executable programs such as program modules. These instructions are executed by a computer, other machine, such a personal computer assistant or handheld device. Program modules, which include routines, programs and objects, components, data structure, etc., are code that executes specific tasks or implements particular abstract data types. These inventive embodiments can be used in many different system configurations including consumer electronics, general-purpose computing devices, and more specialist computing devices. These inventive embodiments can also be used in distributed computing environments, where remote-processing devices are connected through a communication network to perform tasks.
“With reference to FIG. 5. Computing device 500 includes a bus510 that directly or indirectly couples the following devices: memory512, one (or more) processors 514 and one (or more) presentation components 516. Input/output ports 518, input/output components 520 and an illustrative powered supply 522. Bus 510 may represent one or more buses (such as an address, data, or combination thereof). FIG. 5 shows the different blocks with lines. However, in reality, it is not clear how to delineate them. FIG. 5 is shown with lines to make it easier to see the various blocks. However, it is difficult to delineate the components. One could consider a presentation device, such as a display unit, to be an I/O part. A processor also has memory. These are the facts of art. The inventors acknowledge this and remind that FIG. 5. is only an illustration of an exemplary computing gadget that can be used with any of the embodiments of this disclosure. There is no distinction between?workstation? and?server?. ?server,? ?laptop,? ?handheld device,? All of these are included in FIG. 5. and reference to “computing device.
Computer-readable media are typically included in computing device 500. Computer-readable media is any media that can be accessed using computing device 500. It includes volatile and nonvolatile media as well as removable and non-removable media. Computer-readable media can include communication media as well as computer storage media. Computer storage media can be volatile or nonvolatile, nonvolatile or removable, and can be used in any technology or method for storing information, such as computer-readable instructions and data structures, program modules, or other data. Computer storage media include, but are not limited to: RAM, ROM and EEPROM flash memory or another memory technology, CDROM, digital versatile discs (DVD), magnetic cassettes magnetic disk storage or magnetic disk storage, CD-ROM or other optical disk storage as well as magnetic cassettes, magnetic tapes, magnetic disk storage or magnetic disk storage or any other medium that can be used to store the requested information and can be accessed using computing device 500. Computer storage media doesn’t contain signals. Communication media usually encapsulates computer-readable instructions and data structures, program module or other data in a modulated signal, such as a carrier wave, other transport mechanism, or any other information delivery media. Modified data signals is a term that refers to a signal with a set or changed characteristic. A signal with one or more characteristics changed or set in such a way as to encode information within it. Communication media can include wired media, such as a direct-wired or wired connection, as well as wireless media like RF, infrared, and other wireless media. Computer-readable media should include combinations of any of these.
“Memory512” includes computer-storage media that can be volatile or nonvolatile memory. The memory can be removable, nonremovable or a combination of both. Examples of hardware devices are solid-state memory and hard drives. Computing device 500 can include one or more processors that can read data from different entities, such as memory 512 and I/O components 516. 516 Presentation components present data indications for a user or another device. Examples of presentation components are a speaker, printer component, vibrating component and a display device.
“I/O ports 518 enable computing device 500 to be logically connected to other devices, including I/O component 520. Some of these components may be integrated. A microphone, joystick and gamepad, a scanner, printer, wireless device and a scanner are just a few examples of the components. The I/O components 522 may be used to provide a natural user interface (NUI), which processes voice, air gestures, and other physiological inputs. In some cases, inputs can be sent to the appropriate network element for further processing. A NUI can implement speech recognition, touch, stylus recognition and facial recognition. It may also recognize gestures on the screen or adjacent to it. Air gestures, head tracking and touch recognition are all possible. For gesture recognition and detection, the computing device 500 can be equipped with depth cameras such as infrared camera system, stereoscopic camera system, RGB camera systems and combinations thereof. The computing device 500 can also be equipped with accelerometers and gyroscopes to detect motion. To render immersive augmented or virtual reality, the output from the accelerometers and gyroscopes can be displayed on the computing device 500.
“As you can see, the embodiments of this disclosure offer an objective approach to utilizing a PII Blockchain Registry to identify PII breached. This disclosure has been described with respect to specific embodiments. These are meant to be illustrative and not restrictive. Without limiting the scope of the disclosure, ordinary skill in the art will be able to see alternative embodiments.
“From the above, it is clear that the disclosure is well-suited to achieve all the ends and objectives set forth above. In addition to other advantages, the system and method have many inherent advantages. You will understand that some features and subcombinations can be used without regard to other features or subcombinations. This is permitted by the claims.
Click here to view the patent on Google Patents.