METHOD OF MONITORING AND CONTROL DATA FROM DIFFERENT IDENTIFICATION DOMAINS ORGANIZED INTO STRUCTURED PLURALITY Russian patent published in 2016 - IPC H04L9/32 G06F21/32 

FIELD: data processing.

SUBSTANCE: invention relates to control and monitoring of various personal identification data. Method of controlling and monitoring of certain person various identifying data, wherein said data correspond to multiple identification domains, organized in structured plurality, wherein to form domain identification data of identification derivative, to which required identification data for one or more parent domain, for each of parent domains identification is performed authentication of said person on domain derivative identification control server based on identification data of said person for parent domain, wherein during such operation: - to domain derivative identification control server information is transmitted based on identification data in parent domain, and at least one element of acknowledgement information validity of such data, - identification derivative control server performs authentication of said person for parent domain and controls validity of transmitted information using said acknowledgement information, and by results of authentication and control: - server generates identification derivative control for said person, based on transmitted information, at least some part of identification data, allowing said person to carry out its authentication with domain derivative identification provider, - said identification derivative control server stores derivative information, including all information transmitted in authentication operation, or its part, for possible later establishing communication between data identifying domain derivative identification and identification data of parent domain, based on binding information transmitted by parent domain, wherein forming operation performed by different identification servers, arranged so, that in the absence of such binding information any communication based on authentication in two different domains cannot be established, wherein person identification data for authentication domain contain secret key and marker annulment for said authentication domain; during person authentication on domain derivative identification control server derivative identification information is transmitted on above domain control server $$\left(H_l(r{t}_i^k)\right)$$ , obtained from person cancellation marker for parental authentication domain, and formation of identification derivative data by derivative identification control server involves formation of private key $$\left(x_i^l\right)$$ for derivative authentication domain and marker $$\left(r{t}_i^l\right)$$ of person annulment for derivative authentication domain, wherein secret key and annulment marker are formed from marker $$\left(r{t}_i^k\right)$$ of person annulment for parent authentication domain.

EFFECT: creation of derivative identification on the basis of parent identification, wherein between these two identification is impossible to monitor in practice.

19 cl, 6 dwg