Blockstack, the control-your-data decentralized web developer, has patented the process behind its single sign-on for every dapp system, Blockstack Auth.
The patent covers Blockstack’s method for cryptographically signing into dapps with a single digital identity, without requiring a third party to authenticate.
The system received USPTO’s approval on March 24 following an uncharacteristically short eight month wait – most applications sit for about 32 months, according to Erickson Law Group – and exactly three years after Blockstack’s 2017 release of the Auth developer version.
Blockstack Auth aims to be Web 3.0’s one-password-to-rule-them-all, the patent documents show. It’s functionally similar to Google and Facebook’s massively popular one-click sign in processes that integrate with hundreds of thousands of websites.
“But the underlying data flow is unlike” the big tech’s OAuth protocol-reliant authentication services, the patent description reads. Those third-party platforms remove user control by checking all information against their centralized servers. Serverless Blockstack Auth gives it back – through public key cryptography.
The process works by exchanging JSON web tokens between the dApp and the Blockstack browser. At sign in, the dApp generates an “ephemeral transit key” whose public portion it sends to the browser through an “authRequest” token. The browser in turn encrypts an “app-private key” with that public portion, which it then returns to the dApp in an “authResponse” token.
“This inventive realization obviates the need for a server-side identity provider,” the patent read.
The patent’s language is at times nearly identical to Blockstack’s March 10, 2020, explainer article on Blockstack Auth, with verbatim subheadings and subtle differences attributable to the less declarative voice with which applicants write submissions.
(For example, the patent reads: “These tokens can be related to JSON Web…