| CPC H04L 63/0807 (2013.01) [G06F 16/1824 (2019.01); G06F 16/1834 (2019.01); H04L 9/0643 (2013.01); H04L 63/0884 (2013.01); H04L 67/51 (2022.05); H04L 9/50 (2022.05); H04L 2209/56 (2013.01)] | 19 Claims |
|
1. A computer-implemented method performed by an authorizing service executed by at least one processor, the method comprising:
receiving, by the authorizing service, a plurality of access requests from an aggregator service on behalf of an application, each access request including an authorization token, the authorization token having previously been issued to the aggregator service by the authorizing service responsive to:
(A) a first communication from the aggregator service requesting issuance of an application client identifier (ID), wherein the authorizing service issues the application client ID to the aggregator service in response to the first communication, and
(B) a second communication from the aggregator service including the application client ID and requesting issuance of the authorization token; and
responsive to each of the plurality of access requests from the aggregator that include the authorization token:
providing, by the authorizing service, access to data of an end-user in accordance with a permission scope indicated by the authorization token included with the respective access request; and
adding, to a block in a blockchain, data associated with the respective access request, wherein the block in the blockchain holds a history of access requests made by the aggregator service.
|