The invention describes an
identity management system (IDMS) based on the concept of peer-to-peer protocols and the public identities ledger. The
system manages digital identities, which are digital objects that contain attributes used for the identification of persons and other entities in an IT
system and for making identity claims. The identity objects are encoded and cryptographically encapsulated.
Identity management protocols include the creation of identities, the validation of their binding to real-world entities, and their secure and reliable storage, protection, distribution,
verification, updates, and use. The identities are included in a specially constructed global, distributed,
append-only public identities ledger. They are forward- and backward-linked using the mechanism of digital signatures. The linking of objects and their chaining in the ledger is based on and reflect their mutual validation relationships. The identities of individual members are organized in the form of linked structures called the personal identities chains. Identities of groups of users that validated identities of other users in a group are organized in
community identities chains. The ledger and its chains support accurate and reliable validation of identities by other members of the system and by application services providers without the assistance of third parties. The ledger designed in this invention may be either permissioned or unpermissioned. Permissioned ledgers have special entities, called BIX
Security Policy Providers, which validate the binding of digital identities to real-world entities based on the rules of a given
security policy. In unpermissioned ledgers,
community members mutually validate their identities. The
identity management system provides security, privacy, and
anonymity for digital identities and satisfies the requirements for decentralized, anonymous identities management systems.