Description:The following specification particularly describes and ascertains the nature of this invention and the manner in which it is to be performed:-

TECHNICAL FIELD
[001] Embodiments disclosed herein relate to verification of identity of a user, and more particularly to methods and systems for decentralized verification of identity of the user which involves generation of a two-dimensional (2D) machine-readable code.

BACKGROUND
[001] Identity verification is the process of confirming the identity of a user or entity. One of the most commonly used identity verification process is Know Your Customer (KYC). KYC is a process which is used by businesses and financial institutions to verify the identity of their customers and assess their potential risks of money laundering, terrorist financing, or other financial crimes. KYC aims at preventing illegal activities, such as fraud, identity theft, and money laundering. In the KYC process, information is gathered about the customer’s identity and the information is verified through various means, such as government-issued identification documents, utility bills, bank statements, and the like. The information is then cross-checked against various databases to ensure the customer is legit.
[002] Each country has multiple Officially Valid Documents (OVDs), such as National ID, Driver’s licence, passport, tax card, etc, and consumer documents, such as tax certificate, EPFO, educational certificates, etc.
[003] In existing identity verification techniques, these documents are stored in a centralized repository, such as Unique Identification Authority of India (UIDAI), for example, documents such as Aadhar card and National Securities Depository Limited (NSDL) for Permanent Account Number (PAN) card. These documents can be accessed and verified with consumer consent individually with respective repositories. Consumers typically go through multi-step workflows that varies as per the cases. Further, the documents related to the identity verification are stored in a dedicated server, which require heavy computational resources.
OBJECTS
[004] The principal object of embodiments herein is to disclose methods and systems for decentralized identity verification of at least one user, which involves only one or steps in contrast to existing techniques that require multiple steps.
[005] Another object of embodiments herein enable storing of the decryption keys in the server instead of the digital copies of the identification related documents, thereby reducing computational resources.
[006] These and other aspects of the embodiments herein will be better appreciated and understood when considered in conjunction with the following description and the accompanying drawings. It should be understood, however, that the following descriptions, while indicating at least one embodiment and numerous specific details thereof, are given by way of illustration and not of limitation. Many changes and modifications may be made within the scope of the embodiments herein without departing from the spirit thereof, and the embodiments herein include all such modifications.

BRIEF DESCRIPTION OF FIGURES
[007] Embodiments herein are illustrated in the accompanying drawings, through out which like reference letters indicate corresponding parts in the various figures. The embodiments herein will be better understood from the following description with reference to the drawings, in which:
[008] FIG. 1 illustrates a system for decentralized identity verification of users, according to embodiments as disclosed herein;
[009] FIG. 2 illustrates the process of registration of the user, according to embodiments as disclosed herein;
[0010] FIG. 3A illustrates the processing module, according to embodiments as disclosed herein;
[0011] FIG. 3B illustrates the process of generating a QR code, according to embodiments as disclosed herein;
[0012] FIG. 3C illustrates the downloadable ID document with the QR code after processing of the KYC data and the biometric data, according to embodiments as disclosed herein;
[0013] FIG. 4A illustrates the verification module, according to the embodiments herein;
[0014] FIG. 4B illustrates the identity verification process by the verification module, according to the embodiments herein;
[0015] FIGs. 5A, 5B, and 5C illustrate a use case scenario with respect to generation of QR code when a user opens an application to apply for loan, according to the embodiments herein; and
[0016] FIGs. 6A, 6B, and 6C illustrate a use case scenario showing KYC process with respect to a loan application, according to the embodiments herein.

DETAILED DESCRIPTION
[0017] The embodiments herein and the various features and advantageous details thereof are explained more fully with reference to the non-limiting embodiments that are illustrated in the accompanying drawings and detailed in the following description. Descriptions of well-known components and processing techniques are omitted so as to not unnecessarily obscure the embodiments herein. The examples used herein are intended merely to facilitate an understanding of ways in which the embodiments herein may be practiced and to further enable those of skill in the art to practice the embodiments herein. Accordingly, the examples should not be construed as limiting the scope of the embodiments herein.
[0018] The embodiments herein achieve a decentralized identity verification of at least one user, which involves only one or two steps in contrast to existing techniques that require multiple steps and enable storing of the decryption keys in the server instead of the digital copies of the identification related documents, thereby reducing computational resources.
[0019] According to the embodiments herein, a method for decentralized identity verification of at least one user, comprises: registering the at least one user by prompting the at least one user to enter Personal Identifiable Information (PII) and to capture at least one input for biometric authentication to obtain biometric data; generating a downloadable ID document with a two-dimensional (2D) machine-readable code using a first encryption process for the biometric data and a second encryption process for the PII; decrypting an encrypted biometric hash using a first decryption key associated with the first encryption process for verification of the biometric data; decrypting the PII using a second decryption key associated with the second encryption process for verification of the PII, on successful decryption of the encrypted biometric hash; digitally signing the PII and the biometric data; and displaying on a computing device that the verification of the at least one user is completed, on digitally signing the PII and the biometric data.
[0020] According to the embodiments herein, a system for decentralized identity verification of at least one user comprises: a computing device communicatively coupled to one or more servers, the computing device comprising a processor and a memory coupled to the processor, the memory comprising a registration module, a processing module, and a verification module. The registration module is to register the at least one user by prompting the at least one user to enter Personal Identifiable Information (PII) and to capture at least one input for biometric authentication to obtain biometric data. The processing module is to generate a downloadable ID document with a two-dimensional (2D) machine-readable code using a first encryption process for the biometric data and a second encryption process for the PII. The verification module is to decrypt an encrypted biometric hash using a first decryption key associated with the first encryption process for verification of the biometric data; decrypt the PII using a second decryption key associated with the second encryption process for verification of the PII, on successful decryption of the encrypted biometric hash; digitally sign the PII and the biometric data; and displaying on the computing device, that the verification of the at least one user is completed, on digitally signing the PII and the biometric data.
[0021] Referring now to the drawings, and more particularly to FIGS. 1 through 6, where similar reference characters denote corresponding features consistently throughout the figures, there are shown embodiments.
[0022] FIG. 1 illustrates a system 100 for decentralized identity verification of users, according to the embodiments herein. According to embodiments herein, the identity verification, can be, for example, a Know Your Customer (KYC) process.
[0023] The system 100 comprises a computing device 102 communicatively coupled to one or more servers 104. The computing device 102 comprises a processor 106 coupled to a memory 108. The computing device 102 can be, but not limited to, a desktop computer and a mobile terminal such as, but not limited to, a mobile phone, a tablet computer, or a personal digital assistant. The memory 108 comprises a registration module 110, a processing module 112, and a verification module 114. The one or more servers 104, can be, for example, but not limited to government data centers, or a third-party server. an identity verification system 100 is provided, including a terminal 110 and a server 120. The one or more servers 104 may be, but not limited to, one physical server or multiple physical servers.
[0024] A display of the computing device 102 may be, but not limited to, a liquid crystal display or an electronic ink display. The input of the computing device 102 may be, but not limited to, a touch screen, or may be an external keyboard, touch panel, or mouse.
[0025] The registration module 110 prompts the user to enter the Personal Identifiable Information (PII), such as, but not limited to, KYC data. The terms “PII” and “KYC data” have been used interchangeably hereinafter. The KYC data can be, for example, but not limited to, PAN card details, Aadhar card details, and other Personal Identifiable Information (PII), such as, driver's license number, bank account number, passport number, email address, and the like. In an example, the registration module 110 can verify the identity of the user based on the details entered by the user, by means of an One Time Password (OTP). The registration module 110 prompts the user for biometric authentication. In an example, biometric authentication can be by way of face match and liveness detection, fingerprint, and voice recognition. The biometric input data is verified against trusted sources, such as, but not limited to, government data center. If the biometric authentication is unsuccessful, the registration module 110 prompts the user to repeat the biometric authentication process. The registration module 110 prompts the user to capture at least one input for the biometric authentication to obtain biometric data.
[0026] On completing the biometric authentication process by the registration module 110, the processing module 112 performs encryption of biometric data and the KYC data. The processing module 112 encrypts the KYC data and the biometric data using a cryptographic algorithm. The processing module 112 encodes the KYC data and the biometric data into a two-dimensional (2D) machine-readable, such as, but not limited to, a Quick Response (QR) code, a barcode, and the like. In the encryption process, the processing module 112 generates a ciphertext that is unreadable without the corresponding decryption. The processing module 112 encrypts the biometric data using a first encryption process and generates an encrypted biometric hash. The processing module 112 encrypts the PII using a second encryption process and generates an encrypted PII. According to the embodiments herein, the processing module 112 generates two decryption keys: a first decryption key corresponding to the biometric data and a second decryption key corresponding to the PII. The processing module 112 uses a 2D machine-readable code generator, well known in the art, such as, but not limited to, a QR code generator, to encode the KYC data and the biometric data into the QR code. The embodiments herein are explained with respect to QR code. The processing module 112 checks whether the 2D machine-readable code generator supports the QR code encoding format that matches the encrypted information. However, it is within the scope of the embodiments herein to generate other 2D machine-readable codes, such as a barcode. The processing module 112 tests the QR code so that the QR code can be readable by a QR code scanner.
[0027] The verification module 114 scans the QR code to obtain the KYC data and the biometric data. The verification module 114 verifies the identity of the user in two steps: (a) The verification module 114 first decrypts the encrypted biometric hash using a first decryption key and (b) Only after the biometric data is verified by the verification module, the KYC data is decrypted using a second decryption key. According to the embodiments herein, a verification server communicatively coupled to the computing device stores only the decryption keys. The verification server does not store the KYC data, or the biometric data. According to the embodiments herein, the system stores only the encryption and decryption keys and not the KYC data. Therefore, the system can handle any amount of KYC data volume. In other words, the KYC data is not stored on any server. On decrypting the KYC data and the encrypted biometric hash, the verification module 114 digitally signs the KYC.
[0028] Embodiments herein simplify multistep consumer or vendor onboarding that follows range of workflows varying across industries, into one to two standard steps. Embodiments herein eliminate centralized storage of verified and unverified Personal Identifiable Information (PII). Embodiments herein enable liveness and face match based unlocking of the QR code to ensure content and data security. Embodiments herein enables the users to complete the KYC process in a single step. The user is able to manage the KYC data and the biometric data by way of a downloadable ID document with a QR code set. The user is not required to remember information such as personal identification number (PIN), passwords, and the like. Further, the user is not required to carry multiple KYC related documents in physical, or digital form.
[0029] FIG. 2 illustrates the process of registration of the user, according to the embodiments herein. Embodiments herein enable user to perform a one-time registration of the KYC data along with a photo, such as, but not limited to, a selfie. At step 202, the registration module 110 prompts the user to upload a picture, such as, but not limited to, a selfie. On uploading the picture, at step 204, the registration module 110 performs biometric authentication, such as, but not limited to face liveness detection. According to the embodiments herein, the biometric authentication can be way of face match and liveness detection, fingerprint recognition, voice recognition, and the like. On uploading the picture, at step 206, the registration module 110 checks the correctness of the uploaded picture by matching with records from trusted sources, such as government data centers. The government data centers can be, for example, Digitize India Platform (DIP). The Digitize India Platform (DIP) is an initiative by the Government of India to digitize and archive physical records and documents. The platform uses crowdsourcing to help convert scanned images of physical documents into digital form using Optical Character Recognition (OCR) technology. If the biometric authentication is unsuccessful, at step 208, the registration module 110 prompts the user to repeat the biometric authentication process. On performing the biometric authentication, at step 210, the registration module 110 prompts the user the enter the KYC data. The KYC data can be, for example, but not limited to, PAN card details, Aadhar card details, and other Personal Identifiable Information (PII), such as, driver's license number, bank account number, passport number, email address, and the like. In an example, the registration module 110 can verify the identity of the user based on the details entered by the user, by means of an One Time Password (OTP).
[0030] The various actions in method 200 may be performed in the order presented, in a different order or simultaneously. Further, in some embodiments, some actions listed in FIG. 2 may be omitted.
[0031] FIG. 3A illustrates the processing module, according to the embodiments herein. The processing module 112 comprises a QR generating unit 302 for processing the KYC data and the biometric authentication data and for providing a downloadable ID document with a QR code.
[0032] FIG. 3B illustrates the process of generating a QR code, according to the embodiments herein. On completing the biometric authentication process by the registration module, the processing module 112 performs encryption of biometric data and the KYC data. At step 304, the processing module 112 encrypts the KYC data and the biometric data using a cryptographic algorithm. At step 306, the processing module 112 encodes the KYC data and the biometric data into a two-dimensional (2D) machine-readable code, such as, but not limited to, a Quick Response (QR) code, a barcode, and the like. In the encryption process, the processing module 112 generates a ciphertext that is unreadable without the corresponding decryption. The processing module 112 generates an encrypted biometric hash corresponding to the biometric data using a first encryption process. The processing module 112 generates encrypted PII corresponding to the obtained PII or KYC data, using a second encryption process. The 2D machine-readable code contains the encrypted biometric hash and the encrypted PII along with non-encrypted user identifier. At step 308, the processing module 112 generates two decryption keys: one corresponding to the encrypted KYC data and the other one corresponding to the encrypted biometric hash. The processing module 112 uses a 2D machine-readable code generator, well known in the art, such as, but not limited to, a QR code generator, to encode the KYC data and the biometric data into the QR code. The embodiments herein are explained with respect to QR code. The processing module 112 checks whether the 2D machine-readable code generator supports the QR code encoding format that matches the encrypted information. However, it is within the scope of the embodiments herein to generate other 2D machine-readable codes, such as a barcode. On checking whether the 2D machine-readable code generator supports the QR code encoding format, at step 310, the processing module 112 generates the QR code with the encoded KYC data and the biometric data. In an embodiment, the processing module 112 can test the QR code so that the QR code can be readable by a QR code scanner.
[0033] The various actions in method 300 may be performed in the order presented, in a different order or simultaneously. Further, in some embodiments, some actions listed in FIG. 3B may be omitted.
[0034] FIG. 3C illustrates the downloadable ID document 312 with the QR code after processing of the KYC data and the biometric data, according to the embodiments herein.
[0035] FIG. 4A illustrates the verification module 114, according to the embodiments herein. The verification module 114 comprises a QR scanning unit for scanning the obtained QR code during the KYC verification process. The QR code can be stored in the device of the user. The QR code scanning unit scans the stored QR code. For example, an option can be provided to the user to browse for the QR code stored in the device.
[0036] FIG. 4B illustrates the identity verification process by the verification module, according to the embodiments herein. The downloaded ID document obtained with the QR code can be stored in a device of the user. At step 404, the verification module 114 scans the QR code to obtain the KYC data and the biometric data. At step 406, the verification module 114 verifies the identity of the user in two steps: (a) The verification module 114 first decrypts the encrypted biometric hash using a first decryption key and (b) Only after the biometric data is verified by the verification module, the KYC data is decrypted by a second decryption key. In an example, a verification server which is communicatively coupled to the computing device of the user stores only the encryption and decryption keys. The verification server does not store the KYC data, or the biometric data. According to the embodiments herein, the system stores only the encryption and decryption keys and not the KYC data. Therefore, the system can handle any amount of KYC data volume. In other words, the KYC data is not stored on any server. On decrypting the KYC data using the second decryption key, at step 408, the verification module 114 digitally signs the KYC.
[0037] The various actions in method 400 may be performed in the order presented, in a different order or simultaneously. Further, in some embodiments, some actions listed in FIG. 4B may be omitted.
[0038] FIG. 5A illustrates a use case scenario with respect to generation of QR code when a user opens an application to apply for loan, according to the embodiments herein. At step 502, a user opens an application for loan application. Once the application is open, the application can provide options such as “Manage my KYC”. On clicking “Manage my KYC”, at step 504, the user is prompted to register and open a KYC account. Other options such as, “Update” and “delete” may be provided. The ”update” option can be used by the user in order to update the KYC documents and the “delete” option can be used to delete any document that was already added. At step 506, the user is prompted to enter Personal Identifiable Information (PII) such as, email address, PAN number, Aadhar card number, and the like. Once the user enters the details, the application checks with trusted sources, such as Digitize India Platform (DIP), to authenticate the user. At step 508, the application prompts the user to enter a One Time Password (OTP) that was received on the authorized contact number provided for the documents related to KYC.
[0039] The step involved in FIG. 5A are continued in FIG. 5B. On completion of the OTP verification, at step 510, the application prompts the user to take a selfie. At step 512, the user clicks a selfie. An option can be provided to adjust the photo as per requirements. At step 514, the user uploads the clicked selfie. On uploading the selfie, at step 516, the application checks the authenticity of the user by matching the face with the records from the trusted sources, such as the DIP.
[0040] FIG. 5C illustrates the downloadable ID document that is obtained after the successful authentication of the user. The downloadable document 518 comprises a photo 520 and a QR code 522 containing the encrypted KYC data, the encrypted biometric hash, and non-encrypted information. The user can store the downloadable ID document 518 on his/her device and use it for the identity verification.
[0041] FIG. 6A illustrates a use case scenario showing KYC process with respect to a loan application, according to the embodiments herein. At step 602, the user can select the option “loan application”. At step 604, the user is prompted to enter the loan details, such as loan amount, tenure, purpose of loan, and the like. At step 606, the application can prompt the user to choose the mode by which the user prefers to verify KYC details and biometric.
[0042] FIG. 6B is the continuation of the process shown in FIG. 6B. An option “scan QR code may be provide as shown in step 608. At step 610, the application scans the QR code by enabling the user to browse the QR code through the device. Once the QR code is successfully scanned, the same can be indicated as shown in step 612.
[0043] FIG. 6C is the continuation of the process shown in FIGs. 6A and 6B. After step 612, at step 614, the user can be then prompted to take a selfie. At step 616, the user clicks a selfie. At step 618, once the selfie is successfully uploaded, the user may be prompted to give consent for sharing the KYC details for loan application purposes. At step 620, the application can indicate to the user that the loan has been successfully sanctioned.
[0044] The embodiments disclosed herein can be implemented through at least one software program running on at least one hardware device and performing network management functions to control the network elements. The network elements shown in Fig. 1 include blocks which can be at least one of a hardware device, or a combination of hardware device and software module.
[0045] The embodiment disclosed herein describes methods and systems for decentralized identity verification of at least one user, which involves only one or steps in contrast to existing techniques that require multiple steps. Embodiments herein enable storing of the decryption keys in the server instead of the digital copies of the identification related documents, thereby reducing computational resources.
[0046] Therefore, it is understood that the scope of the protection is extended to such a program and in addition to a computer readable means having a message therein, such computer readable storage means contain program code means for implementation of one or more steps of the method, when the program runs on a server or mobile device or any suitable programmable device. The method is implemented in at least one embodiment through or together with a software program written in e.g. Very high speed integrated circuit Hardware Description Language (VHDL) another programming language, or implemented by one or more VHDL or several software modules being executed on at least one hardware device. The hardware device can be any kind of portable device that can be programmed. The device may also include means which could be e.g. hardware means like e.g. an ASIC, or a combination of hardware and software means, e.g. an ASIC and an FPGA, or at least one microprocessor and at least one memory with software modules located therein. The method embodiments described herein could be implemented partly in hardware and partly in software. Alternatively, the invention may be implemented on different hardware devices, e.g. using a plurality of CPUs.
[0047] The foregoing description of the specific embodiments will so fully reveal the general nature of the embodiments herein that others can, by applying current knowledge, readily modify and/or adapt for various applications such specific embodiments without departing from the generic concept, and, therefore, such adaptations and modifications should and are intended to be comprehended within the meaning and range of equivalents of the disclosed embodiments. It is to be understood that the phraseology or terminology employed herein is for the purpose of description and not of limitation. Therefore, while the embodiments herein have been described in terms of embodiments and examples, those skilled in the art will recognize that the embodiments and examples disclosed herein can be practiced with modification within the spirit and scope of the embodiments as described herein.
, Claims:
STATEMENT OF CLAIMS
I/We claim:
1. A method for decentralized identity verification of at least one user, the method performed by a computing device (102), the method comprising:
registering the at least one user, by a registration module (110), by prompting the at least one user to enter Personal Identifiable Information (PII) and to capture at least one input for biometric authentication to obtain biometric data;
generating, by a processing module (112), a downloadable ID document (312) with a two-dimensional (2D) machine-readable code using a first encryption process for the biometric data and a second encryption process for the PII;
obtaining, by the processing module (112), an encrypted biometric hash using the first encryption process and encrypted PII using the second encryption process;
decrypting, by a verification module (114), the encrypted biometric hash using a first decryption key associated with the first encryption process for verification of the biometric data;
decrypting, by the verification module (114), the PII using a second decryption key associated with the second encryption process for verification of the PII, on successful decryption of the encrypted biometric hash;
digitally signing, by the verification module (114), the PII and the biometric data; and
displaying on the computing device (102), by the verification module (114), that the verification of the at least one user is completed, on digitally signing the PII and the biometric data.
2. The method as claimed in claim 1, wherein the PII is Know Your Customer (KYC) data.
3. The method as claimed in claim 1, wherein the biometric authentication comprises one of face liveness detection, fingerprint recognition, and voice recognition.
4. The method as claimed in claim 1, wherein the 2D machine-readable code is one of QR code and 2D barcode.
5. The method as claimed in claim 1, wherein generating the downloadable ID document (312) with the 2D machine-readable code using the first encryption process for the biometric data comprises:
encrypting, by the processing module (112), the biometric data using a cryptographic technique, by generating a ciphertext that is readable by the first decryption key and obtaining the encrypted biometric hash; and
storing, by the processing module (112), the first decryption key corresponding to the encrypted biometric hash in a verification server.
6. The method as claimed in claim 1, wherein generating the downloadable ID document (312) with the 2D machine-readable code using the second encryption process for the PII comprises:
encrypting, by the processing module (112), the PII using a cryptographic technique, by generating a ciphertext that is readable by the second decryption key, on successful encryption of the biometric data; and
storing, by the processing module (112), the second decryption key corresponding to the PII in a verification server.
7. A system (100) for decentralized identity verification of at least one user, the system comprising:
a computing device (102) communicatively coupled to one or more servers (104), the computing device (102) comprising a processor (106) and a memory (108) coupled to the processor (106), wherein the memory (108) comprises a registration module (110), a processing module (112), and a verification module (114),
wherein the registration module (110) is to:
register the at least one user by prompting the at least one user to enter Personal Identifiable Information (PII) and to capture at least one input for biometric authentication to obtain biometric data;
wherein the processing module (112) is to:
generate a downloadable ID document with a two-dimensional (2D) machine-readable code using a first encryption process for the biometric data and a second encryption process for the PII; and
obtain an encrypted biometric hash using the first encryption process and encrypted PII using the second encryption process; and
wherein the verification module (114) is to:
decrypt the encrypted biometric hash using a first decryption key associated with the first encryption process for verification of the biometric data;
decrypt the PII using a second decryption key associated with the second encryption process for verification of the PII, on successful decryption of the encrypted biometric hash;
digitally sign the PII and the biometric data; and
displaying on the computing device, that the verification of the at least one user is completed, on digitally signing the PII and the biometric data.
8. The system as claimed in claim 7, wherein the one or more servers (104) comprises at least one verification server and a third-party server.
9. The system as claimed in claim 7, wherein the processing module (112) is to generate the downloadable ID document (312) with the 2D machine-readable code using the first encryption process for the biometric data by:
encrypting the biometric data using a cryptographic technique, by generating a ciphertext that is readable by the first decryption key and obtaining an encrypted biometric hash; and
storing the first decryption key corresponding to the encrypted biometric hash in a verification server.
10. The system as claimed in claim 7, wherein the processing module (112) is to generate the downloadable ID document (312) with the 2D machine-readable code using the second encryption process for the PII by:
encrypting the PII using a cryptographic technique, by generating a ciphertext that is readable by the second decryption key, on successful encryption of the biometric data; and
storing the second decryption key corresponding to the PII in a verification server.

Dated this 25th May 2023

Signatures:
Name of the Signatory: Nitin Mohan Nair
Patent Agent No: 2585