Single sign-on solution using blockchain

US 10,642,967 B2
Filed: 11/28/2017
Issued: 05/05/2020
Est. Priority Date: 11/28/2017
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by an API in electronic communication with a blockchain node, a single sign-on registration request comprising a registration credential;

transmitting, by the API, a request to the blockchain node to register the registration credential, the request including the registration credential and a hash registration password created according to the registration credential, wherein, in response to receiving the request, the blockchain node invokes a smart contract configured to;

determine that the registration credential fails to exists in a blockchain on the blockchain node;

write the registration credential to the blockchain in response to determining that the registration credential fails to exist in the blockchain; and

distribute, within a peer-to-peer network, the registration credential to at least a second blockchain node in the peer-to-peer network for writing to the blockchain; and

receiving, by the API, a confirmation from the blockchain node of a registration in the blockchain.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A single sign-on system using blockchain is disclosed. The single sign-on system may interconnect various organization systems over a peer-to-peer network, with each organization system having a blockchain node and an application programming interface (API). The blockchain node invokes and uses a smart contract to write registration credentials to the blockchain during a registration process. During a login process, the blockchain node invokes the smart contract to determine whether login credentials match stored login credentials in the blockchain. In response to matching login credentials, the API may generate a single sign-on token that can be used by a user device to access one or more organization systems connected over the network.

Citations

20 Claims

1. A method comprising:
- receiving, by an API in electronic communication with a blockchain node, a single sign-on registration request comprising a registration credential;
  
  transmitting, by the API, a request to the blockchain node to register the registration credential, the request including the registration credential and a hash registration password created according to the registration credential, wherein, in response to receiving the request, the blockchain node invokes a smart contract configured to;
  
  determine that the registration credential fails to exists in a blockchain on the blockchain node;
  
  write the registration credential to the blockchain in response to determining that the registration credential fails to exist in the blockchain; and
  
  distribute, within a peer-to-peer network, the registration credential to at least a second blockchain node in the peer-to-peer network for writing to the blockchain; and
  
  receiving, by the API, a confirmation from the blockchain node of a registration in the blockchain.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising generating, by the API, the hash registration password based on the registration credential, wherein the smart contract determines whether the registration credential exists in the blockchain by searching the blockchain based on the hash registration password and the registration credential.
  - 3. The method of claim 1, further comprising:
    - receiving, by the API, a login credential;
      
      transmitting, by the API, a login request to the blockchain node, the login request including the login credential and a hash login password; and
      
      wherein in response to the login request, the blockchain node invokes the smart contract to determine whether the login credential matches a stored login credential in the blockchain on the blockchain node.
  - 4. The method of claim 3, further comprising generating, by the API, the hash login password based on the login credential, wherein the smart contract determines whether the login credential matches the stored login credential in the blockchain by comparing the hash login password to a stored hash login password.
  - 5. The method of claim 3, further comprising generating, by the API, a single sign-on token based on the login credential in response to receiving a confirmation from the blockchain node that the login credential matches the stored login credential.
  - 6. The method of claim 5, further comprising transmitting, by the API, the single sign-on token to an application of a user device, wherein in response to receiving the single sign-on token the user device is granted access to systems in the peer-to-peer network.
  - 7. The method of claim 5, further comprising:
    - receiving, by the API, an access request from an application executed by a user device;
      
      wherein the access request comprises the single sign-on token; and
      
      verifying, by the API, the single sign-on token to authorize the access request from the application executed by the user device.

8. A computer-based system for balancing and control of message transfers, comprising:
- a client device comprising processor; and
  
  a tangible, non-transitory memory configured to communicate with the processor, the tangible, non-transitory memory having instructions stored thereon that, in response to execution by the processor, cause a single sign-on system to perform operations comprising;
  
  receiving, by the single sign-on system, a single sign on registration request comprising a registration credential; and
  
  transmitting, by the single sign-on system, a request to a blockchain node to register the registration credential, the request including the registration credential and a hash registration password, wherein in response to receiving the request, the blockchain node invokes a smart contract configured to;
  
  determine that the registration credential fails to exist in a blockchain on the blockchain node;
  
  write the registration credential to the blockchain in response to determining that the registration credential fails to exist in the blockchain; and
  
  distribute within a peer-to-peer network, the registration credential to at least a second blockchain node in the peer-to-peer network for writing to the blockchain; and
  
  receiving, by the single sign-on system a confirmation from the blockchain node of a registration in the blockchain.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer-based system of claim 8, wherein, when executed by the processor, the instructions further cause the single sign-on system to perform operations comprising:
    - a hash registration password based on the registration credential, wherein the smart contract is configured to determine whether the registration credential exists in the blockchain by searching the blockchain based on the hash registration password and the registration credential.
  - 10. The computer-based system of claim 8, wherein, when executed by the processor, the instructions further cause the single sign-on system to perform operations comprising:
    - receiving a login credential; and
      
      transmitting the login credential and a hash login password to the blockchain node, wherein in response to receiving the login credential, the blockchain node invokes the smart contract to determine whether the login credential matches a stored login credential in the blockchain on the blockchain node.
  - 11. The computer-based system of claim 10, wherein, when executed by the processor, the instructions further cause the single sign-on system to perform operations comprising generating a hash login password based on the login credential, wherein the smart contract determines whether the login credential matches the stored login credential in the blockchain by comparing the hash login password to a stored hash login password.
  - 12. The computer-based system of claim 10, wherein, when executed by the processor, the instructions further cause the single sign-on system to perform operations comprising generating a single sign-on token based on the login credential in response to the login credential matching the stored login credential.
  - 13. The computer-based system of claim 12, wherein, when executed by the processor, the instructions further cause the single sign-on system to perform operations comprising transmitting the single sign-on token to a user device, wherein in response to receiving the single sign-on token the user device is granted access to systems in the peer-to-peer network.
  - 14. The computer-based system of claim 13, wherein, when executed by the processor, the instructions further cause the single sign-on system to perform operations comprising:
    - receiving, by the single sign-on system, an access request from the user device, wherein the access request comprises the single sign-on token; and
      
      verifying, by the single sign-on system, the single sign-on token to authorize the access request from the user device.

15. An article of manufacture including a non-transitory, tangible computer readable storage medium having instructions stored thereon that;
- in response to execution by a single sign-on system, cause the single sign-on system to perform operations comprising;
  
  receiving a single sign-on registration request comprising a registration credential;
  
  transmitting request to a blockchain node to register the registration credential, the request including the registration credential and a hash registration password created according to the registration credential, wherein, in response to receiving the request, the blockchain node invokes a smart contract configured to;
  
  determine that the registration credential fails to exists in a blockchain on the blockchain node;
  
  write the registration credential to the blockchain in response to determining that the registration credential fails to exist in the blockchain; and
  
  distribute, within a peer-to-peer network, the registration credential to at least a second blockchain node in the peer-to-peer network for writing to the blockchain; and
  
  receiving a confirmation from the blockchain node of a registration in the blockchain.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The article of manufacture of claim 15, further comprising generating, by the single sign-on system, the hash registration password based on the registration credential, wherein the smart contract determines whether the registration credential exists in the blockchain by searching the blockchain based on the hash password and the registration credential.
  - 17. The article of manufacture of claim 15, further comprising:
    - receiving, by the single sign-on system, a login credential, and transmitting, by the single sign-on system, a login request to the blockchain node, the login request including the login credential and a hash login password to the blockchain node,wherein in response to receiving the login request, the blockchain node invokes the smart contract to determinewhether the login credential matches a stored login credential in the blockchain on the blockchain node.
  - 18. The article of manufacture of claim 17, further comprising generating, by the single sign-on system, the hash login password based on the login credential, wherein the smart contract determines whether the login credential matches the stored login credential in the blockchain by comparing the hash login password to a stored hash login password.
  - 19. The article of manufacture of claim 17, further comprising generating, by the single sign-on system, a single sign-on token based on the login credential in response to receiving a confirmation from the blockchain node that the login credential matches the stored login credential.
  - 20. The article of manufacture of claim 19, transmitting the single sign-on token to an application executed on a user device, wherein in response to receiving the single sign-on token the user device is granted access to systems in the peer-to-peer network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Original Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Inventors
Balaraman, Balaji, Ferenczi, Andras L., Gale, Dallas L., Jadhav, Nilesh Yashavant, Naik, Harish R.
Primary Examiner(s)
Bayou, Yonas A

Application Number

US15/824,450
Publication Number

US 20190163896A1
Time in Patent Office

889 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/27   Replication, distribution o...

G06F 16/958   Organisation or management ...

G06F 21/41   where a single sign-on prov...

G06F 21/64   Protecting data integrity, ...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0815   providing single-sign-on or...

H04L 63/12   Applying verification of th...

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3226   using a predetermined code,...

H04L 9/3239   involving non-keyed hash fu...

H04L 9/50   using hash chains, e.g. blo...

Single sign-on solution using blockchain

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Single sign-on solution using blockchain

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links