Platform and associated method for authenticating the identity of a user in a decentralized system without need for a third-party identity service

US 10,601,829 B1
Filed: 08/29/2019
Issued: 03/24/2020
Est. Priority Date: 08/29/2019
Status: Active Grant

First Claim

Patent Images

1. A client computing device of a blockchain-based decentralized network comprising:

a network interface configured to couple the client computing device to a storage server configured to store data specific to a user and a decentralized application, the stored data being available for use by the decentralized application;

a display;

a hardware processor;

a non-transitory computer readable storage medium storing program instructions for execution by the hardware processor in order to cause the client computing device to;

receive from an instance of a decentralized application executed on the client computing device a request to login initiated by a first user selection of a graphical button displayed on the display in a first graphical user interface of the decentralized application;

in response to the received request, invoke an authenticator application that is distinct from the decentralized application for execution by the client computing device;

with the display, display a second graphical user interface of the authenticator application, the second graphical user interface configured to display one or more user IDs associated with the authenticator application;

receive from the authenticator application a second user selection comprising a selected ID of the one or more IDs;

in response to the received selected ID, receive from the authenticator application a username associated with the received selected ID, an application-specific private key that is specific to the decentralized application, and a storage server identifier associated with the username;

with the decentralized application, access the storage server for read and write access with the decentralized application-specific private key and the storage server identifier;

receive from the decentralized application or from the authenticator application a request to logout; and

clear a local state of the decentralized application such that the decentralized application and the authenticator application do not store and have no access to the decentralized application-specific private key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A decentralized application platform and associated method creates an ID that can be used to sign into any decentralized application that follows the platform protocol without having a centralized third party having to vouch for the user'"'"'s identity.

Citations

18 Claims

1. A client computing device of a blockchain-based decentralized network comprising:
- a network interface configured to couple the client computing device to a storage server configured to store data specific to a user and a decentralized application, the stored data being available for use by the decentralized application;
  
  a display;
  
  a hardware processor;
  
  a non-transitory computer readable storage medium storing program instructions for execution by the hardware processor in order to cause the client computing device to;
  
  receive from an instance of a decentralized application executed on the client computing device a request to login initiated by a first user selection of a graphical button displayed on the display in a first graphical user interface of the decentralized application;
  
  in response to the received request, invoke an authenticator application that is distinct from the decentralized application for execution by the client computing device;
  
  with the display, display a second graphical user interface of the authenticator application, the second graphical user interface configured to display one or more user IDs associated with the authenticator application;
  
  receive from the authenticator application a second user selection comprising a selected ID of the one or more IDs;
  
  in response to the received selected ID, receive from the authenticator application a username associated with the received selected ID, an application-specific private key that is specific to the decentralized application, and a storage server identifier associated with the username;
  
  with the decentralized application, access the storage server for read and write access with the decentralized application-specific private key and the storage server identifier;
  
  receive from the decentralized application or from the authenticator application a request to logout; and
  
  clear a local state of the decentralized application such that the decentralized application and the authenticator application do not store and have no access to the decentralized application-specific private key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The client computing device of claim 1, wherein the first graphical interface is configured to display data-access permissions requested by the decentralized application.
  - 3. The client computing device of claim 1, wherein the second graphical user interface is a browser comprising navigation icons and a display area configured to display graphics and human-readable content.
  - 4. The client computing device of claim 1, wherein the one or more IDs are stored in a local storage of the client computing device and accessible for reading by the authenticator application.
  - 5. The client computing device of claim 1, wherein invoking the authenticator application comprises opening a session of the authenticator application when no session is currently open.
  - 6. The client computing device of claim 1, wherein invoking the authenticator application comprises switching to an open session of the authenticator application.
  - 7. The client computing device of claim 1, wherein the non-transitory computer readable storage medium further stores program instructions for execution by the hardware processor in order to cause the client computing device to derive, with the authenticator application, the decentralized application-specific private key based on a top-level private key associated with the IDs and an identifier of the decentralized application.
  - 8. The client computing device of claim 1, wherein the network interface is further configured to couple the client computing device to a blockchain core node associated with nodes of the blockchain-based decentralized network that are distinct from the core node, and wherein the non-transitory computer readable storage medium further stores program instructions for execution by the hardware processor in order to cause the authenticator application to query the blockchain core node for information sufficient to determine the IDs that are associated with a top-level private key associated with the authenticator application.

9. A method of authenticating a user with a client computing device of a decentralized network, the method comprising:
- under the control of a client computing device configured to communicate with a storage server via a network interface and to execute a decentralized application and an authenticator application,receiving from an instance of a decentralized application on the client computing device a request to login initiated by a first user selection via a user interface of the decentralized application;
  
  in response to the received request, invoking an authenticator application for execution on the client computing device;
  
  with a display, displaying the authenticator application in a second graphical user interface, the second graphical user interface configured to display one or more user IDs associated with the authenticator application;
  
  with the authenticator application, receiving a second user selection comprising a selected ID of the one or more IDs and identify a pre-defied address on the storage server associated with the selected ID;
  
  with the authenticator application, generating an application-specific private key that is specific to the decentralized application based on a top-level private key and an identifier associated with the decentralized application;
  
  with the authenticator application, return the application-specific private key and the pre-defined address to the decentralized application;
  
  with the decentralized application, access the address on the storage server for read and write access with the decentralized application-specific private key;
  
  receiving from the decentralized application or from the authenticator application a request to logout; and
  
  clearing a local state of the decentralized application such that the decentralized application and the authenticator application do not store and have no access to the decentralized application-specific private key.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9, wherein the second graphical user interface is a browser comprising navigation icons and a display area configured to display graphics and human-readable content.
  - 11. The method of claim 9, wherein the one or more IDs are stored in a local storage of the client computing device and accessible for reading by the authenticator application.
  - 12. The method of claim 9, wherein invoking the authenticator application comprises opening a session of the authenticator application when no session is currently open.

13. Non-transitory, computer-readable storage media comprising computer-executable instructions for authenticating a user with a client computing device of a decentralized network, wherein the computer-executable instructions, when executed by a computer system, cause the client computer to:
- receive from an instance of a decentralized application executed on the client computing device, a request to login initiated by a first user selection of a graphical button displayed on the display in a first graphical user interface of the decentralized application;
  
  in response to the received request, invoke an authenticator application;
  
  display a second graphical user interface of the authenticator application, the second graphical user interface configured to display one or more user IDs associated with the authenticator application;
  
  receive from the authenticator application a second user selection comprising a selected ID of the one or more IDs;
  
  in response to the received selected ID, receive from the authenticator application, an application-specific private key that is specific to the decentralized application and an address associated with a storage server;
  
  with the decentralized application, access the address associated with the storage server for read and write access with the decentralized application-specific private key;
  
  receive from the decentralized application or from the authenticator application a request to logout; and
  
  clear a local state of the decentralized application such that the decentralized application and the authenticator application do not store and have no access to the decentralized application-specific private key.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The non-transitory, computer-readable storage media of claim 13, wherein the first graphical interface is configured to display data-access permissions requested by the decentralized application.
  - 15. The non-transitory, computer-readable storage media of claim 13, wherein the second graphical user interface is a browser comprising navigation icons and a display area configured to display graphics and human-readable content.
  - 16. The non-transitory, computer-readable storage media of claim 13, wherein the one or more IDs are stored in a local storage of the client computing device and accessible for reading by the authenticator application.
  - 17. The non-transitory, computer-readable storage media of claim 13, wherein invoking the authenticator application comprises opening a session of the authenticator application when no session is currently open.
  - 18. The non-transitory, computer-readable storage media of claim 13, wherein invoking the authenticator application comprises switching to an open session of the authenticator application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hiro Systems PBC
Original Assignee
Blockstack Pbc
Inventors
Nelson, Jude, Blankstein, Aaron, Salibra, Lawrence, Liao, Yukan, Little, Matthew
Primary Examiner(s)
Getachew, Abiy

Application Number

US16/555,677
Time in Patent Office

208 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/954   Navigation, e.g. using cate...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0884   by delegation of authentica...

H04L 63/12   Applying verification of th...

H04L 63/123   received data contents, e.g...

H04L 9/0861   Generation of secret inform...

H04L 9/3226   using a predetermined code,...

H04L 9/3239   involving non-keyed hash fu...

H04L 9/50   using hash chains, e.g. blo...

Platform and associated method for authenticating the identity of a user in a decentralized system without need for a third-party identity service

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Platform and associated method for authenticating the identity of a user in a decentralized system without need for a third-party identity service

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links