US 12,143,520 B2
Network multi-tenant architecture for distributed ledger systems
Samer Falah, Brooklyn, NY (US); Chaddy Huussin, West New York, NJ (US); Angela Pratt, New York, NY (US); Jitendra Bhurat, Princeton, NJ (US); Nicolae Leonte, Bournemouth (GB); and Trung Nguyen, Jersey City, NJ (US)
Assigned to Consensys Software Inc., Brooklyn, NY (US)
Appl. No. 17/775,435
Filed by Consensys Software Inc., Brooklyn, NY (US)
PCT Filed Nov. 17, 2020, PCT No. PCT/US2020/060879
§ 371(c)(1), (2) Date May 9, 2022,
PCT Pub. No. WO2021/101888, PCT Pub. Date May 27, 2021.
Claims priority of provisional application 62/937,714, filed on Nov. 19, 2019.
Prior Publication US 2022/0400021 A1, Dec. 15, 2022
Int. Cl. H04L 9/00 (2022.01); H04L 9/32 (2006.01)
CPC H04L 9/50 (2022.05) [H04L 9/3213 (2013.01); H04L 9/3273 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer system for providing a Quorum network comprising an access-controlled state-isolated multi-tenant Ethereum-based distributed ledger system comprising multiple nodes, the computer system including:
a single node of the multiple nodes including circuitry configured to store resources from multiple entities, such that the resources are segregated and access to the resources is controlled based on a received token;
an authentication server including an index, wherein:
the index associates each of the stored resources with both:
permitted accessors of the stored resource; and
for each of the permitted accessors, permitted actions that the permitted accessor is authorized to perform on the stored resource;
the authentication server is configured to authenticate a user by:
receiving user credential from the user;
validating the received user credentials; and
when the received user credentials are valid:
based on the received user credentials, determining using the index a scope of access for the user including:
 accessible resources comprising the stored resources for which the user is one of the permitted accessors; and
 acceptable actions comprising, for each of the accessible resources, the permitted actions that the user is authorized to perform on the accessible resource;
generating the token authenticating the user and including the scope of access; and
outputting the token;
wherein the node is further configured to:
receive the token, and an access request from the user including a requested action to perform on a target resource of the stored resources;
when the token identifies both the target resource as one of the accessible resources, and the requested action as one of the acceptable actions for the accessible resource, perform the requested action on the target resource; and
when the token either does not identify the target resource as one of the accessible resources, or does not identify the requested action as one of the acceptable actions for the accessible resource, does not perform the requested action on the target resource.