Blockstack, the control-your-data decentralized web developer, has patented the process behind its single sign-on for every dapp system, Blockstack Auth.Â
The patent covers Blockstackâs method for cryptographically signing into dapps with a single digital identity, without requiring a third party to authenticate.Â
The system received USPTOâs approval on March 24 following an uncharacteristically short eight month wait â most applications sit for about 32 months, according to Erickson Law Group â and exactly three years after Blockstackâs 2017 release of the Auth developer version.Â
Blockstack Auth aims to be Web 3.0âs one-password-to-rule-them-all, the patent documents show. Itâs functionally similar to Google and Facebookâs massively popular one-click sign in processes that integrate with hundreds of thousands of websites.
âBut the underlying data flow is unlikeâ the big techâs OAuth protocol-reliant authentication services, the patent description reads. Those third-party platforms remove user control by checking all information against their centralized servers. Serverless Blockstack Auth gives it back â through public key cryptography.Â
The process works by exchanging JSON web tokens between the dApp and the Blockstack browser. At sign in, the dApp generates an âephemeral transit keyâ whose public portion it sends to the browser through an âauthRequestâ token. The browser in turn encrypts an âapp-private keyâ with that public portion, which it then returns to the dApp in an âauthResponseâ token.
âThis inventive realization obviates the need for a server-side identity provider,â the patent read.
The patentâs language is at times nearly identical to Blockstackâs March 10, 2020, explainer article on Blockstack Auth, with verbatim subheadings and subtle differences attributable to the less declarative voice with which applicants write submissions.
(For example, the patent reads: âThese tokens can be related to JSON Web Tokens (JWT), and they can be passed via URL query strings,â whereas the GitHub-editable March 10 explainer reads: âThese tokens are JSON Web Tokens, and they are passed via URL query strings.â)
The granting, Blockstackâs first, gives legal clout to the Public Benefit Corporationâs universal login tool for the decentralized web. But intellectual property rights bring more than just legal protection for the GitHub-loving Blockstack. It also prompts thorny questions about partitioning off ideas in a space, and by a company that claims to put open-source at the âheart of everything we do.â
Two days after the patentâs issuance, Blockstack CEO Muneeb Ali opened a forum to discuss âBlockstack PBC and patents.â CoinDesk was directed to the forum after reaching out to Blockstack for this story.
âWe donât want to be in a position where some other (large) company files a patent similar to the work PBC and the community is doing,â he wrote, pointing to the ârecent surgeâ of big tech companies, such as IBM, that file seemingly endless reams of blockchain patent applications.
Ali wrote that Blockstack may file patents on its core teamâs efforts â purely for ââdefensiveâ reasons.â He left the door open on transferring patents to the independent Stacks Foundation, procuring a defensive patent license, or even pledging to never initiate enforcement, as Tesla did in 2014.Â
The discussion partially answers questions raised in November 2017, when Twitter user @lightcoin, who had come across a separate Blockstack patent still waiting for approval, called on the firm to explain its patent strategy.
âPatents are like nuclear weapons: the best way to prevent them from being abused is to not create them in the first place,â @lightcoin said.
At the time Ali said Blockstack had to stake its claims before others did. He promised to âpost about our future patent strategyâ at a later date.
The debate is similar to one crypto exchange Coinbase faced. CEO Brian Armstrong said in the past that he believes âpatents should be abolishedâ but, like Blockstack, sees it as necessary to build a portfolio for âdefensiveâ reasons.
