System and method for blockchain-based cross entity authentication

US 10,756,885 B2
Filed: 01/08/2020
Issued: 08/25/2020
Est. Priority Date: 07/02/2019
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for blockchain-based cross-entity authentication, comprising:

obtaining, at a first computing system from a first entity, an authentication request for authenticating a user, wherein the authentication request comprises a decentralized identifier (DID) of the user;

determining, at the first computing system, that the first entity is permitted to access authentication information of the user corresponding to the DID, wherein the authentication information is endorsed by a second entity;

generating, at the first computing system, a blockchain transaction for obtaining an authentication result endorsed by the second entity of whether the DID is registered with the second entity;

adding the blockchain transaction to a blockchain;

obtaining, at the first computing system, a different blockchain transaction from the blockchain, the different blockchain transaction comprising the authentication result endorsed by the second entity of whether the DID is registered with the second entity; and

transmitting the obtained authentication result to the first entity for granting or denying the user access to the first entity based on the obtained authentication result.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for blockchain-based cross-entity authentication are provided. One of the methods includes: obtaining an authentication request by a first entity for authenticating a user, wherein the authentication request comprises a decentralized identifier (DID) of the user; in response to determining that the first entity is permitted to access authentication information of the user endorsed by a second entity, generating a blockchain transaction for obtaining an authentication result of the user by the second entity, wherein the authentication result is associated with the DID; and transmitting the blockchain transaction to a blockchain node for adding to a blockchain.

121 Citations

20 Claims

1. A computer-implemented method for blockchain-based cross-entity authentication, comprising:
- obtaining, at a first computing system from a first entity, an authentication request for authenticating a user, wherein the authentication request comprises a decentralized identifier (DID) of the user;
  
  determining, at the first computing system, that the first entity is permitted to access authentication information of the user corresponding to the DID, wherein the authentication information is endorsed by a second entity;
  
  generating, at the first computing system, a blockchain transaction for obtaining an authentication result endorsed by the second entity of whether the DID is registered with the second entity;
  
  adding the blockchain transaction to a blockchain;
  
  obtaining, at the first computing system, a different blockchain transaction from the blockchain, the different blockchain transaction comprising the authentication result endorsed by the second entity of whether the DID is registered with the second entity; and
  
  transmitting the obtained authentication result to the first entity for granting or denying the user access to the first entity based on the obtained authentication result.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, after adding the blockchain transaction to the blockchain and before obtaining the different blockchain transaction, further comprising:
    - obtaining, at a second computing system from the blockchain, the blockchain transaction for obtaining the authentication result;
      
      obtaining, at the second computing system, the authentication result by searching for the authentication information corresponding to the DID in a data store in response to the obtained blockchain transaction for obtaining the authentication result;
      
      generating, at the second computing system, the different blockchain transaction comprising the authentication result; and
      
      adding the different blockchain transaction to the blockchain.
  - 3. The method of claim 1, wherein:
    - the authentication result indicates that the DID is registered with the second entity; and
      
      transmitting the obtained authentication result to the first entity for granting or denying the user access to the first entity based on the obtained authentication result comprises transmitting the obtained authentication result to the first entity for granting the user access to the first entity.
  - 4. The method of claim 1, wherein:
    - the authentication result indicates that the DID is not registered with the second entity; and
      
      transmitting the obtained authentication result to the first entity for granting or denying the user access to the first entity based on the obtained authentication result comprises transmitting the obtained authentication result to the first entity for denying the user access to the first entity.
  - 5. The method of claim 1, wherein:
    - the user is registered with the second entity; and
      
      the user is not registered with the first entity.
  - 6. The method of claim 1, wherein before generating the blockchain transaction for obtaining the authentication result, the method further comprises:
    - obtaining, at the first computing system, a public key of the user from the blockchain based on the DID; and
      
      verifying, at the first computing system, that the user owns the DID based at least on the obtained public key of the user.
  - 7. The method of claim 6, wherein:
    - before generating the blockchain transaction for obtaining the authentication result, the method further comprises;
      
      generating, at the first computing system, a digital signature on the obtained authentication request with a private key of the first entity, andgenerating, at the first computing system, an authorization encrypted with a private key of the user indicating a permission for the first entity to access the authentication information of the user endorsed by the second entity;
      
      the encrypted authorization comprises the digital signature;
      
      the encrypted authorization comprises the DID of the user; and
      
      the generated blockchain transaction comprises the encrypted authorization.
  - 8. The method of claim 1, wherein:
    - the authentication information of the user endorsed by the second entity comprises information associated with a verifiable claim (VC) indicating that the user is a registered user of the second entity; and
      
      the VC is associated with the DID.
  - 9. The method of claim 8, wherein:
    - a hash value of the VC is stored in the blockchain;
      
      the VC is stored in a data store; and
      
      the data store comprises one or more of the following;
      
      a local data store maintained by the second entity, a public data store accessible to the second entity, and a data store maintained by a platform for the second entity.
  - 10. The method of claim 8, wherein:
    - the VC comprises a permission configured by the second entity or the user for permitting the first entity to access the VC.
  - 11. The method of claim 1, wherein:
    - the DID comprises a secondary DID;
      
      the user corresponds to a primary DID and the secondary DID both known by the second entity;
      
      the primary DID corresponds to privacy information of the user that is untraceable based on the secondary DID; and
      
      the secondary DID is a limited-use DID for the user to access the first entity.
  - 12. The method of claim 11, wherein:
    - the limited-use DID is limited by an expiring time, limited by an expiring number of use, or limited for accessing only the first entity.

13. A system for blockchain-based cross-entity authentication, the system comprising one or more processors and one or more non-transitory computer-readable memories coupled to the one or more processors and configured with instructions executable by the one or more processors to cause the system to perform operations comprising:
- obtaining, from a first entity, an authentication request for authenticating a user, wherein the authentication request comprises a decentralized identifier (DID) of the user;
  
  determining that the first entity is permitted to access authentication information of the user corresponding to the DID, wherein the authentication information is endorsed by a second entity;
  
  generating a blockchain transaction for obtaining an authentication result endorsed by the second entity of whether the DID is registered with the second entity;
  
  transmitting adding the blockchain transaction to a blockchain;
  
  obtaining a different blockchain transaction from the blockchain, the different blockchain transaction comprising the authentication result endorsed by the second entity of whether the DID is registered with the second entity; and
  
  transmitting the obtained authentication result to the first entity for granting or denying the user access to the first entity based on the obtained authentication result.
- View Dependent Claims (14, 15, 16)
- - 14. The system of claim 13, wherein:
    - the authentication information of the user endorsed by the second entity comprises information associated with a verifiable claim (VC) indicating that the user is a registered user of the second entity; and
      
      the VC is associated with the DID.
  - 15. The system of claim 13, wherein:
    - the authentication result indicates that the DID is registered with the second entity; and
      
      the operations further comprise transmitting the obtained authentication result to the first entity for granting or denying the user access to the first entity based on the obtained authentication result comprises transmitting the obtained authentication result to the first entity for granting the user access to the first entity.
  - 16. The system of claim 13, wherein:
    - the authentication result indicates that the DID is not registered with the second entity; and
      
      the operations further comprise transmitting the obtained authentication result to the first entity for granting or denying the user access to the first entity based on the obtained authentication result comprises transmitting the obtained authentication result to the first entity for denying the user access to the first entity.

17. A non-transitory computer-readable storage medium for blockchain-based cross-entity authentication, the storage medium configured with instructions executable by one or more processors to cause the one or more processors to perform operations comprising:
- obtaining, from a first entity, an authentication request for authenticating a user, wherein the authentication request comprises a decentralized identifier (DID) of the user;
  
  determining that the first entity is permitted to access authentication information of the user corresponding to the DID, wherein the authentication information is endorsed by a second entity;
  
  generating a blockchain transaction for obtaining an authentication result endorsed by the second entity of whether the DID is registered with the second entity;
  
  adding the blockchain transaction to a blockchain;
  
  obtaining a different blockchain transaction from the blockchain, the different blockchain transaction comprising the authentication result endorsed by the second entity of whether the DID is registered with the second entity; and
  
  transmitting the obtained authentication result to the first entity for granting or denying the user access to the first entity based on the obtained authentication result.
- View Dependent Claims (18, 19, 20)
- - 18. The storage medium of claim 17, wherein:
    - the authentication information of the user endorsed by the second entity comprises information associated with a verifiable claim (VC) indicating that the user is a registered user of the second entity; and
      
      the VC is associated with the DID.
  - 19. The storage medium of claim 17, wherein:
    - authentication result indicates that the DID is registered with the second entity; and
      
      the operations further comprise transmitting the obtained authentication result to the first entity for granting or denying the user access to the first entity based on the obtained authentication result comprises transmitting the obtained authentication result to the first entity for granting the user access to the first entity.
  - 20. The storage medium of claim 17, wherein:
    - the authentication result indicates that the DID is not registered with the second entity; and
      
      the operations further comprise transmitting the obtained authentication result to the first entity for granting or denying the user access to the first entity based on the obtained authentication result comprises transmitting the obtained authentication result to the first entity for denying the user access to the first entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Advanced New Technologies Company Limited (Ant Group Co., Ltd.)
Original Assignee
Alibaba Group Holding Ltd.
Inventors
Li, Shubo, Liu, Jiawei, Yang, Renhui
Primary Examiner(s)
Schwartz, Darren B

Application Number

US16/737,806
Publication Number

US 20200153606A1
Time in Patent Office

230 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

H04L 63/126   the source of the received ...

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3239   involving non-keyed hash fu...

H04L 9/3247   involving digital signatures

H04L 9/50   using hash chains, e.g. blo...

System and method for blockchain-based cross entity authentication

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

121 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for blockchain-based cross entity authentication

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

121 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links