US 11,887,112 B2
Hybrid identity as a service for decentralized browser based wallets
Jitendra Singh Dikhit, Bangalore (IN); Alaric M. Eby, Chicago, IL (US); Andras L. Ferenczi, Peoria, AZ (US); Ashish Kumar, Gunjurpalya Bangalore (IN); and Upendra Mardikar, San Jose, CA (US)
Assigned to AMERICAN EXPRESS TRAVEL RELATED SERVICES COMPANY, INC, New York, NY (US)
Filed by American Express Travel Related Services Co., Inc., New York, NY (US)
Filed on Jan. 3, 2019, as Appl. No. 16/239,017.
Prior Publication US 2020/0219094 A1, Jul. 9, 2020
Int. Cl. G06Q 20/38 (2012.01); G06Q 20/40 (2012.01)
CPC G06Q 20/3829 (2013.01) [G06Q 20/3827 (2013.01); G06Q 20/4014 (2013.01); G06Q 2220/00 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method, comprising:
receiving, by a security provider, a user identifier and a password from a user device;
hashing, by the security provider, the user identifier and the password to produce a password hash;
comparing, by the security provider, the password hash to a stored password hash to determine that the password hash matches the stored password hash;
hashing, by the security provider, account creation information associated with the stored password hash to create hashed account creation information, wherein the account creation information and the password are different values;
decrypting an encrypted first passcode stored in association with the account creation information to generate a first passcode, wherein a cryptowallet on the user device can use the first passcode to perform cryptographic processes on one or more keys stored by the cryptowallet on the user device, wherein an encrypted private key is at least one of the one or more keys;
generating, by the security provider, a second passcode in response to decrypting the encrypted first passcode, wherein the first passcode is different from the second passcode, wherein the cryptowallet on the user device can use the second passcode to perform cryptographic processes on the one or more keys stored by the cryptowallet on the user device;
encrypting, by the security provider, the second passcode using the hashed account creation information as an encryption key to create an encrypted passcode;
returning, by the security provider, the first passcode and the second passcode to the cryptowallet on the user device;
decrypting, by the user device via the cryptowallet, the encrypted private key using the returned first passcode to generate a decrypted private key;
signing, by the user device via the cryptowallet, a transaction request with the decrypted private key; and
in response to signing the transaction request, re-encrypting, by the user device via the cryptowallet, the decrypted private key using the returned second passcode.