US 12,407,530 B2
Automation of user identity using network protocol providing secure granting or revocation of secured access rights
Kevin Nickels, San Jose, CA (US); Colin Constable, Mariposa, CA (US); and Jagannadh Vanguri, Telangana (IN)
Assigned to Atsign, Inc., San Jose, CA (US)
Filed by Atsign, Inc., San Jose, CA (US)
Filed on Oct. 12, 2023, as Appl. No. 18/485,932.
Application 18/485,932 is a continuation of application No. 17/781,464, granted, now 11,849,053, previously published as PCT/US2021/040628, filed on Jul. 7, 2021.
Claims priority of provisional application 63/105,755, filed on Oct. 26, 2020.
Claims priority of provisional application 63/062,092, filed on Aug. 6, 2020.
Claims priority of provisional application 63/049,460, filed on Jul. 8, 2020.
Prior Publication US 2024/0039739 A1, Feb. 1, 2024
Int. Cl. H04L 9/32 (2006.01); H04L 9/08 (2006.01)
CPC H04L 9/3271 (2013.01) [H04L 9/0825 (2013.01); H04L 9/0894 (2013.01)] 15 Claims
OG exemplary drawing
 
1. A computer-implemented method comprising:
receiving, at a server that manages access to a first decentralized resource directory of a providing entity in a system of decentralized resource directories, via a first connection and from a first requesting entity, an authentication request to authenticate the first requesting entity to the first decentralized resource directory, wherein the authentication request identifies the first requesting entity;
generating, in response to the authentication request, an authentication challenge value and an authentication challenge key;
providing, via the first connection and in response to the authentication request, an authentication challenge to the first requesting entity that instructs the first requesting entity to store the authentication challenge value for the authentication challenge key in a defined location in a second decentralized resource directory of the system of decentralized resource directories that is associated with the first requesting entity;
receiving, via the first connection, a confirmation from the first requesting entity that the authentication challenge value has been stored by the first requesting entity for the authentication challenge key, in response to the authentication challenge, in the defined location in the second decentralized resource directory of the first requesting entity;
establishing, in response to receiving the confirmation that the authentication challenge value has been stored for the authentication challenge key in the defined location in the second decentralized resource directory of the first requesting entity, a second connection with the second decentralized resource directory of the first requesting entity;
sending, via the second connection, a first lookup request for a value stored for the authentication challenge key in the defined location in the second decentralized resource directory of the first requesting entity;
receiving, via the second connection and from the second decentralized resource directory, a first response value in response to the first lookup request;
comparing the first response value to the authentication challenge value to determine whether the first response value matches the authentication challenge value; and
in response to determining that the first response value matches the authentication challenge value, responding to the authentication request, via the first connection, with an indication that the first requesting entity is authenticated to the first decentralized resource directory.