System and method for autonomous mapping of enterprise identity
Abstract
The present disclosure may provide methods, systems, and computer-readable instructions for enabling the following operations: generating a secret key based on, at least in part, a target party's public key; encrypting a payload with the secret key, the payload comprising an auth token with a limited time to live (TTL); broadcasting, to a public blockchain, a message comprising the encrypted payload; receiving a request to establish a channel of communication outside of the public blockchain; receiving, with the request, the auth token within the TTL; validating the auth token within the TTL; establishing the channel of communication upon a validation of the auth token; engaging in a data-exchange over the channel of communication; verifying matching properties of the exchanged data with at least one internal system of record; and mapping an internal identifier within the at least one system of record to a decentralized identifier associated with the target party.
Claims
exact text as granted — not AI-modifiedThe following is claimed:
1 . A method comprising:
generating a private key by a first organization communicating with a second organization over a blockchain; establishing a decentralized identifier (DID) between the first organization and the second organization; generating, by the first organization, a mapping solicitation message encrypted by the private key, wherein the mapping solicitation message comprises an authentication token with a limited time to live (TTL); decrypting, by the second organization, the mapping solicitation message by the second organization's public key; extracting the authentication token from the decrypted mapping solicitation message; validating the authentication token within the TTL by the second organization using a blockchain validation mechanism; responsive to the validation, establishing a secure communication channel off the blockchain between the second organization and a first organization's message end point; and mapping an internal identifier associated with an entity connected to the first organization's message end point to the DID over the secure communication channel.
2 . The method of claim 1 , further comprising executing a smart contract to broadcast the mapping solicitation message over the blockchain.
3 . The method of claim 1 , further comprising:
detecting the mapping solicitation message by the second organization; decrypting the mapping solicitation message using a secret key based on the public key of the second organization; determining a first organization's message end point address; and presenting the authentication token for establishing the secure channel of communication at the first organization's message end point address within the TTL.
4 . The method of claim 3 , wherein the determining of the first organization's message end point address comprises retrieving the first organization's message end point address from a blockchain ledger.
5 . The method of claim 4 , wherein determining the first organization's message end point address comprises extracting the first organization's message end point address from the decrypted mapping solicitation message.
6 . The method of claim 1 , further comprising:
maintaining a ledger on the blockchain; and executing one or more smart contracts on the blockchain to:
publish a public key of the first organization on the ledger;
publish a public key associated with the second organization on the ledger;
publish the first organization's message end point address on the ledger; and
publish a message endpoint address of the second organization on the ledger.
7 . The method of claim 6 , further comprising associating the second organization with the decentralized identifier retrieved from the ledger.
8 . The method of claim 1 , further comprising:
communicating, by the first organization, a message comprising at least one instruction on how to derive a secret key from the public key of the second organization; receiving the message containing the confirmation of receipt; and responsive to receiving a conformation of receipt of the at least one instruction, broadcasting the encrypted mapping solicitation message.
9 . A method comprising:
retrieving by a requesting party a target public key associated with a target party based on a decentralized identifier (DID) associated with the target party and the requesting party; generating a secret key based on the target public key and a private key of the requesting party; generating a payload for establishing a direct private channel of communication between the requesting party and the target party, wherein the payload comprises an authentication token with a time to live (TTL); encrypting the payload using the secret key; broadcasting the encrypted payload to a blockchain; validating the target party based on the DID and the authentication token used to retrieve the target party's public key; and mapping an internal identifier associated with an entity connected to the requesting party to the DID over the direct private channel.
10 . The method of claim 9 , further comprising:
scanning the blockchain for the encrypted payload that can be decrypted by a key derived from the requesting party's public key; decrypting the payload to extract the authentication token with the limited TTL; and requesting to establish the direct private channel of communication at an endpoint associated with the requesting party based on the authentication token.
11 . The method of claim 10 , further comprising:
establishing a connection when the requesting party accepts the direct private channel of communication request; and exchanging, over the direct private channel of communication between the requesting party and the target party, validation data used to validate the identity of the target party and the requesting party.
12 . The method of claim 11 , further comprising:
validating an identity of the requesting party based on the validation data; and mapping an internal identifier of the target party to the DID.
13 . The method of claim 9 , further comprising:
receiving, from the target party, a request to establish the direct private channel of communication at an endpoint address associated with the requesting party, wherein receiving the request comprises receiving the authentication token with the request; and accepting a connection if the request comprises the authentication token within the TTL.
14 . The method of claim 13 , further comprising:
exchanging, over the direct channel of communication between the requesting party and the target party, data used to validate an identity of at least one party; validating the identity of the at least one party based on the data; and responsive to the validation, mapping a private key of the first party with a public key of the target party.
15 . The method of claim 14 , wherein receiving the request comprises receiving a request signed by the target party's public key.
16 . The method of claim 14 , further comprising receiving the request within the TTL.
17 . The method of claim 14 , wherein the data comprises hashes associated with underlying data corresponding to at least one record retrieved from a blockchain ledger.
18 . The method of claim 9 , wherein the authentication token is embedded into the encrypted payload.
19 . The method of claim 9 , further comprising:
maintaining a blockchain ledger; and executing one or more smart contracts on the blockchain to:
publish the public key associated with the requesting party,
publish the public key associated with the target party,
publish a first endpoint address associated with the requesting party, and
publish a second endpoint address associated with the target party.
20 . The method of claim 9 , wherein the mapping of the internal identifier associated with the entity connected to the requesting party to the decentralized identifier over the direct private channel comprises linking the private key of the requesting party to the target public key based on the authentication token.Join the waitlist — get patent alerts
Track US2023026642A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.