US 12,256,007 B2
Decentralized identity access management using byzantine fault tolerant state machine replication
Ram Krishnan, Cupertino, CA (US); Kostas Teofanidis, Sofia (BG); Vijaya Prakash Masilamani, Bangalore (IN); and Michael William Achenbach, Los Altos, CA (US)
Assigned to VMWare LLC, Palo Alto, CA (US)
Filed by VMware LLC, Palo Alto, CA (US)
Filed on Feb. 1, 2023, as Appl. No. 18/104,329.
Claims priority of application No. 202241069641 (IN), filed on Dec. 2, 2022.
Prior Publication US 2024/0187234 A1, Jun. 6, 2024
Int. Cl. H04L 9/32 (2006.01); H04L 9/00 (2022.01); H04L 9/08 (2006.01)
CPC H04L 9/3213 (2013.01) [H04L 9/0819 (2013.01); H04L 9/50 (2022.05)] 21 Claims
OG exemplary drawing
 
1. A method comprising:
receiving, by each replica in a set of N replicas that compose a Byzantine fault tolerant (BFT) state machine replication (SMR) system, a request for authenticating a user, the request including security credentials for the user;
in response to receiving the request, communicating, by each replica with other replicas in the set of N replicas, using a BFT consensus protocol to agree upon an execution sequence number for the request; and
upon reaching the execution sequence number:
verifying, by each replica, that the security credentials for the user are correct;
retrieving, by each replica, resource access permissions associated with the user from a local storage layer of the replica;
generating, by each replica, an access token with a set of claims based on the resource access permissions; and
signing, by each replica, the access token using a share of a private key of the BFT SMR system that is assigned to the replica, the share being known only to the replica and being unknown to the other replicas in the set of N replicas.