Identity verification while respecting privacy

摘要

Aspects of the technology for implementing an authentication protocol that allows a trusted provider to vouch for a requesting entity when that entity seeks verification from an authenticating entity (Figure 1). This is done without passing confidential or other personal information of the requesting entity directly to the authenticating entity (Figure 1). Instead, the trusted provider may use specific information about a requesting entity, such as: For example, contact information that forms an identity record (404) and generates a hash of the record (408). The hash is sent to an authenticating entity (410) that returns a secure token to the trusted provider (508). The secure token and identity record information is used to create a verification URL (414) that is sent to the requesting entity (416). The verification URL, when clicked, links back to the authenticating entity (Figure 1) that validates the requesting entity (512, 514). This allows for the immediate identification of the requesting entity without the parties having to perform advanced cryptographic operations (516).