Decentralized data authentication
US-2022006634-A1 · Jan 6, 2022 · US
Authenticating client applications using an identity fabric blockchain
US11714894B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11714894-B2 |
| Application number | US-202117547959-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 10, 2021 |
| Priority date | Dec 10, 2021 |
| Publication date | Aug 1, 2023 |
| Grant date | Aug 1, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Methods and apparatuses are described for authenticating client applications using an identity fabric blockchain. A server receives a first registration request from a first client application. The server generates a first decentralized identifier corresponding to the first client application and stores the first identifier in an identity fabric blockchain. The server receives a second registration request from a second client application, generates a second decentralized identifier corresponding to the second client application, and stores the second identifier in the blockchain. The server receives a first authentication request from a first resource and authenticates the first client application based on the first authentication request and the first decentralized identifier stored in the blockchain. The server receives a second authentication request from a second resource and authenticates the second client application based on the second authentication request and the second decentralized identifier stored in the blockchain.
First claim
Opening claim text (preview).
What is claimed is: 1. A computerized method for authenticating client applications using an identity fabric blockchain, the method comprising: generating, by a key generation module of the server computing device, a first decentralized identifier corresponding to a first client application of a first client device from which a first registration request is received, the first registration request including a public key associated with a first key pair wherein a private key of the first key pair is stored on the first client device; storing, by the key generation module of the server computing device, the first decentralized identifier in an identity fabric blockchain, comprising generating a first record in the blockchain that includes the first public key and the first decentralized identifier; generating, by the key generation module of the server computing device, a second decentralized identifier corresponding to a second client application of a second client device from which a second registration request is received, the second registration request including a public key associated with a second key pair wherein a private key of the second key pair is stored on the second client device; storing, by the key generation module of the server computing device, the second decentralized identifier in the identity fabric blockchain, comprising generating a second record in the blockchain that includes the second public key and the second decentralized identifier; authenticating, an authorization server associated with a first remote resource server, the first client application based on a first authentication request received from the first client device and the first decentralized identifier stored in the identity fabric blockchain, comprising: executing an authentication challenge routine that causes the first client device to request an authorization challenge from the authorization server, receive a challenge message from the authorization server, generate an authentication response to the challenge message, request that the key generation module sign the authentication response using the first public key, and transmit the signed authentication response to the authorization server, requesting the first decentralized identifier from the identify fabric blockchain using the signed authentication response, verifying the signed authentication response using the first decentralized identifier, and generating an authentication token for transmission to the first client application, the token used by the first client application to access the first remote resource server; and authenticating, by a second remote resource server, the second client application based on a second authentication request received from the second client device and the second decentralized identifier stored in the identity fabric blockchain, comprising: requesting the second decentralized identifier indirectly from the identity fabric blockchain via the key generation module as a proxy, using the second public key as included in the second authentication request, verifying the second authentication request using the second decentralized identifier, and transmitting an authentication response to the second client application that enables the second client application to access the second remote resource server without the server computing device generating a separate authentication token. 2. The computerized method of claim 1 , wherein the first remote resource server comprises a first application programming interface called by the first client application and the second remote resource server comprises a second application programming interface called by the second client application. 3. The computerized method of claim 2 , wherein authenticating the first client application based on the first authentication request comprises granting access to the first application programming interface based upon the authentication token. 4. The computerized method of claim 2 , wherein authenticating the second client application based on the second authentication request comprises granting access to the second application programming interface based upon the authentication response. 5. A system for authenticating client applications using an identity fabric blockchain, the system comprising: a server computing device communicatively coupled to a first client application on a first client device and a second client application on a second client device over a network, an authorization server associated with a first remote resource server, and a second remote resource server, wherein a key generation module of the server computing device: generates a first decentralized identifier corresponding to the first client application from which a first registration request is received, the first registration request including a public key associated with a first key pair wherein a private key of the first key pair is stored on the first client device; stores the first decentralized identifier in an identity fabric blockchain, comprising generating a first record in the blockchain that includes the first public key and the first decentralized identifier; generates a second decentralized identifier corresponding to the second client application from which a second registration request is received, the second registration request including a public key associated with a second key pair wherein a private key of the second key pair is stored on the second client device; and stores the second decentralized identifier in the identity fabric blockchain, comprising generating a second record in the blockchain that includes the second public key and the second decentralized identifier; wherein the authorization server authenticates the first client application based on a first authentication request received from the first client device and the first decentralized identifier stored in the identity fabric blockchain, comprising: executing an authentication challenge routine that causes the first client device to request an authorization challenge from the authorization server, receive a challenge message from the authorization server, generate an authentication response to the challenge message, request that the key generation module sign the authentication response using the first public key, and transmit the signed authentication response to the authorization server, requesting the first decentralized identifier from the identify fabric blockchain using the signed authentication response, verifying the signed authentication response using the first decentralized identifier, and generating an authentication token for transmission to the first client application, the token used by the first client application to access the first remote resource server; and wherein the second remote resource server authenticates, the second client application based on a second authentication request received from the second client device and the second decentralized identifier stored in the identity fabric blockchain, comprising: requesting the second decentralized identifier indirectly from the identity fabric blockchain via the key generation module as a proxy, using the second public key as included in the second authentication request, verifying the second authentication request using the second decentralized identifier, and transmitting an authentication response to the second client application that enables the second client application to access the second remote resource server without the server computing device generating a separate authentication token. 6. The system of claim 5 , wherein the first resource comprises a first application programming interface called by the first client application and the second remote resource server comp
Assignees
Inventors
Classifications
involving digital signatures · CPC title
using tickets or tokens, e.g. Kerberos (network architectures or network communication protocols for entities authentication using tickets in a packet data network H04L63/0807) · CPC title
using hash chains, e.g. blockchains or hash trees · CPC title
- G06F21/44Primary
Program or device authentication · CPC title
involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11714894B2 cover?
- Methods and apparatuses are described for authenticating client applications using an identity fabric blockchain. A server receives a first registration request from a first client application. The server generates a first decentralized identifier corresponding to the first client application and stores the first identifier in an identity fabric blockchain. The server receives a second registra…
- Who is the assignee on this patent?
- Fmr Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/44. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Aug 01 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).