WO2019195205A1

WO2019195205A1 - Method and system for implementing an automation software testing and packaging framework with entitlements

Info

Publication number: WO2019195205A1
Application number: PCT/US2019/025273
Authority: WO
Inventors: Chagla M. SALEH-ESA; Bruce HORNER; Ajay D. SINDWANI
Original assignee: Jpmorgan Chase Bank, N.A.
Priority date: 2018-04-02
Filing date: 2019-04-02
Publication date: 2019-10-10

Abstract

The invention relates to an entitlements framework with proof of entitlement consensus. Tile innovative system comprises: a user interface that receives an input relating to one or more entitlement policies; a communication network that communicates with one or more targets via a distributed ledger functionality for entitlements: and a processor, coupled to the user interface and the communication network, that converts the input into an entitlement block and is configured to perform the steps of: identifying a smart contract that defines and federates entitlements associated with a resource; identifying one or more delegates added by an owner of the resource; and enabling each of the one or more delegates to create an entitlement to the resource based on the one or more entitlement polices.

Description

METHOD AND SYSTEM FOR IMPLEMENTING AN AUTOMATION SOFTWARE TESTING AND PACKAGING FRAMEWORK WITH

ENTITLEMENTS

CROSS REFERENCE TO RELATED APPLICATIONS

00 I| The application is a Continuation in Part (OP) of li.S. Patent Application No, 15/596,068 (Attorney Docket No.: 721 7.001268), Hied May 16, 2017 which claims priority to 0,S. Provisional Application 62/336,878 (Attorney Docket No.: 72167,001085),_: tiled May 16, 2016, the contents of which are incorporated herein in their entirety.

[0002] The present invention generally relates to automated software testing an packaging and more specifically to Implementing corporate technologies an risk iCTR ) performance testing and packaging fimnework and also to implementing an entitlement Blockch a with Proof of Entitlement (POE) consensus.

BACKGROUND OP THE INVEN TION

Application development service may take into account the entire lifecycle of an application design or build, testing release or deploy and operational support The current state involves a down-ihe-line approach where an application developer passes support production deployment to testing teams. The current state starts at a build phase, then moves to a test phase, then deploy phase and .finally to an operate phase in, a linear manner. The current process leads to gaps, such as capital gap, innovation gap and time gap. Application Development Services i a labor intensive siloe organization with layers of overheard and redundancy. Automation is limited to pockets of excellence within each s loed tower. Current processes can take months when the need is for daily responses to business needs. |00B4J Traditional performance testing takes a. significant amount of time effort and dedicated resources. Current technologies have delays In on-boarding, lack continuous packaging delivery, utilize semi-automated functions and suffer from coordination delays.

H065] These and other drawbacks exist.

Accordingly, one aspect of the invention is to address one or more of the drawbac s set forth above. According to an embodiment of the present invention, a system implements an entitlements framework with proof of entitlement consensus. The system comprises; a user interlace that receives an input relating to one or more entitlement policies; a communication network that communicates with one or more targets via a distributed ledger functionality for entitlements; and a processor, coupled to the user interface and the communication network, that con veils the: input into an entitlement block and is configured to perform the steps of: identifying a smart contract that defines and federates entitlements associated with a resource; identifying one or more delegates added by an owner of the resource; and enabling each of the one or more delegates to create an entitlement to the resource based on the one or more entitlement polices,

[06t7j According to another embodiment of the present invention, a computer implemented method implements an entitlements framework with proof of entitlement consensus. The method comprises foe step of: receiving, via a user interface, an input relating to one or more entitlement policies; converting, via a processor, the input into an entitlement block; ideal? tying a smart contract that defines and federates entitlements associated with a resource; identifying one or more delegates added by an owner of the resource; enabling each of the one or more delegates to create an entitlement to the resource based on foe one or more entitlement polices; and communicating, via_:a communication network, one or more targets vi a distributed ledger functionality for entitlements.

The computer implemented system, method and medium described herein provide unique advantages to application developers and various entities including financial institutions, according to various embodiments of the invention. The innovative system and method facilitates automated build by leveraging tirmwide code repositories and development tools in support of: standardization. The syste further provides continuous testing where end-to-end (E2E) automation allows application development teams to complete on demand testing activities for quality assurance performance and security. In addition, the system supports always-production-ready code through continuous integration into automated platform and infrastructure (c.g.. PaaS, laaS, ere.) and operates feedback loops where teams arc integrated early and often in the lifecycle. The innovative system and method further reduces labor and increases velocity by creating opportunity for multiple daily releases in support of changing business needs. The system provides integration of emergin technology where automation creates a beachhead for machine learning, Hiockchain an DevOps organizational structures. Also, b> rumor ing overhead, product owners can reallocate time to clients. These and other embodiments and advantages of the invention will become apparent from the following detailed description taken in conjunction with the accompanying drawings, illustrating by way of example the principles of the various exemplary embodiments.

BRIEF DESCRIPTION OF THE DRAWINGS

[0009] In order to facilitate a fuller understanding of the present inventions, reference is no made to the appended drawings_* These drawings should not be construed as limiting the present inventions, but are intended to be exemplary only. [0010] Figure 1 is an exemplary system diagram of an Automat ton Framework, according to an embodiment of the present invention.

[0011] Figure 2 is an exemplary illustration of an Automation Build Standards Framework, according to an ^embodiment of^' the present invention,

[80:1.2} Figure 3 is an exemplary illustration of an Automation Performance Processor, according to an embodiment of the present invention,

[0013] Fi gures 4 A and 4R are an exemplary diagra of an automated: test generator flow and automated test screen hash, according to an embodiment of the present invention.

[0014] Figure 5 is an exemplary diagram of entitlements, according to: an embodiment of the present invention,

10015] Figure 6 is an exemplary illustration of a Node Agent. according to an embodiment of the present invention.

Figure 7 is an exemplary screenshot of an event dashboard, according to an embodiment of the present invention,

10017} Figure 8 is an exemplary diagram illustrating entitlements, according to an embodiment of the present invention

00181 Figure 9 is exemplary provisioning flow, according to an embodiment of the present invention.

[O0Uf Figure 1:0 is an exemplary illustration of data and smart contract in chain, according to an embodiment of the present invention,

10020} Figure 1 1 is an exemplary user interface, according to an embodiment of the present invention.

Figure 12 is an exemplary data flow of a user inte face_s according to an embodiment of the present invention.

DESCRIPTION OF EMBODIMENTS OF THE INVENTION

[00221 The following description is intended to convey an understanding of the present invention by providing specific: embodiments and details. It is understood, however, that the present invention is not limited to these specific embodiments and details, which are exemplary only. It is further understood that one possessing ordinary skill in the art. in light of known systems and methods, would appreciate fee use of fee Invention for its intended: purposes and benefits In any number of alternative embodiments, depending upon specific design and e

needs.

A embodiment of th present invention is directed to creating a self-service portal for software developers in packaging, quality assurance and performance testing which utilizes distributed ledger Functionality, such as Btockchafe/Qpenchaio for entitlements and: events. For example. Bloekehain may represem distributed database structure that maintains a continuously growing list of data records that each refer to previous items on the list and is thus hardened against tampering and revision, Openehain may represent an open source distributed ledger: technology

[0024] /According: to an embodiment of the present invention, end-to-end (E2R) automationof packaging services aims to provide self-service onboardmg, self-service packaging, self- service deployments, set: standards to build environment, stable and resilient buil environments, integrated quality assurance and performance testing tollgate, authorized roles and responsibilities, up-to-date asset information, and transparency of controls and audit,

[0025J The various embodiments of the present invention provide multiple benefits an advantages. For example, the system and method of the present invention provides continuous application delivery without delays, Dev-Ops model, resource optimization, higher return on investment due to extreme automation, stable environment due to reduction of incidents, secureenvironment due to decentralize entitlements, and highly standard applicatio environments enabling ease of operate.

[OH ] The various embodiments of the present invention may be implemented in any software development. lifecycle- application An embodiment of the present invention enables software developers to be more agile and further ensures that the software code, ends op in production in an efficient manner.

[0027] An embodiment of the present invention is directed to the development of a CTR highway that connects various components in a decentralized: environment The software packaging solution of the present invention deploys software to various targets in a sail and consistent manner through a CTR highway that: facilitates software packaging, quality assuranc and performance testing,

[0028] An embodiment of the present invention is directed to creating automated test scripts and employing a B!oehehain technology to entitiemeats as well as keeping track of events that are happening o the system. This further includes node agents that provide micro sendees tor entitlements, change and release.

figure 1 is an exemplary system diagram of an Automation Framework, according to an embodiment of the present invention. Application Development Services may take int account the entire lifecycle of an application design or build, testing, release or deploy a d operational support. Figure 1 illustrates ars Application Development (A D) 1 10, User Interface i 12, CTR Highway 150, 152 In communication with a plurality of Targets, represented b 180, 182, 184, 186 and 188. CTR Highway 150 interlaces with a Build Framework 120. CTR Highway 150 further communicates with a plurality of Processors 130, 132 and 134, an Orchestration Engine ISO, a plurality of Consoles 160, 162, 164, 168, m Event Controller 170 an one or more repositories represented by Repository 172, The processors may include Packaging (PK.G) Processor 130, Performance (Peri) Processor 132 and Quality Assurance (QA) Processor 134, And, the consoles may include Packaging (PK.G) Console 160, Performance (Peri) Console 162. Quality Assurance (QA) Console 164 and Operate Console 166, New Test Scripts 190 an Existing and Non Source Test Scripts 192 may be generated and provided to Performance Processor 132 and QA Processor 132. Production Environment is represented by 194 and Test Environment is represented by 196. These modules/eomponents are exemplar}·' and illustrative, the system may include additional modules, a combination of the modules described and/or less modules than illustrated. While a single illustrative block, module or component is shown, these illustrative blocks, modules or components may be multiplied for various applications or different application environments, in addition, the modules or components ma be further combined into a consolidated unit The mo ules and/or components may be further duplicated, combined and/or separated across multiple systems at local and/or remote locations. Other architectures ma\ be realized.

An embodiment of the present invention is directed to delivering tools, processes an standards to support automated build, continuous testing and alwoys-prodiietion-ready code. For example. AD 110 may codify test and deploy retirements ( &.g volume, count, etc.) within code build tools and repositories. Build Framework 120 may include repositories and tools in support of efficient application development as well as a .framework interface in support of codification of testing and deployment requirements, The system may engage a Packaging; .Processor 130 ie.g.. ARM) to deliver code to a target environment with quality gate validation. via Orchestration Engine 140. A Deployment Framework may include approx al and quality gate fools in support: of valid deployment as well as tools and processes delivering deployment code to a target environment. Once deployment is complete. Performance Processor 1 2 and Quality Assurance (QA) Processor ! 34 ma be engaged. A Test Framework may include testing based on system integration and application response (via Performance Processor 132) as we)’ m testing based on completeness and expected results (via QA Processor 134). Standards may be defined and codified using build, deploy and test frame works. A Standards Framework may include rules in support of codification of policies and requirements to support build, test and deployment. Rules ma relate to environment, layout, entitlements, scans and policy, for example.

[0031] CTR Highway 150, 152 provides a mechanism to communicate between Targets 180. 182, 184, 186, 188 and the variotts components of ti_le framework in a secure and stable manner. Using Blockchain/Openchain or other distributed architecture the system supports entitlements linked to other entitlements, In addition, CTR Highway implements a general tedger/Blockehahi functionality that provides guidance through the application process and ultimately functions as a self-service portal for developers.

[0032] Orchestration Engine 140 facilitates efficient workflows and orchestrates between and among different components of the framework.

P033| An embodiment of the present Invention is directed to integrating an innovative; framework that integrates standards, performance testing (PT) and QA features, as shown in Figure 1. The present invention is directe to automating: software package delivery·' into production, The system of an embodiment of the present invention provides end-to-end continuous application delivery. Accordingly, software developers may write code that ends u in production in an automatic manner. For example, when code is developed ihe system may auto-generate performance and QA test scripts and performance test scripts ns well as standards and packaging wrappers required for an application to ho delivered for production. If an error is detected, the entire process may be halted until the error is fixed or otherwise addressed. Once the build is completed and the package is ready, a sequence of processes may he performed. For example, a packaging processor may ensure that the package is created for the application. The processes ma further interact with Orchestration Engine 140, which may determine specifics associated with the application deployment;, ag._:, where to be deployed, environment, post testing, QA testing, etc.

An embodiment of the present invention may be directed to an Automation Performance Testing CPI) Framework. FT Framework may assist developers to create a load. For example. the system may determine what application characteristics should look like to support 1- 10 users and the additional testing, interfaces and oilier tools needed to support 5000 or more users. An AD may generate timing, values and iteration from .a framework. In response, performance test scripts may be generated for performance testing.

10035! Figure 2 is an exemplary illustration of an Automation Build Standards Framework, according to an embodiment of the present invention. Standards Framework represents a set of rules. Fo example, the rules may define certain characteristics of a software application. The set of rules may also include rules that affect the environment (e,g., this is how the environment should¹ work) logs, proper†_{) ,} versioning, etc.

0036J As shown in. Figure 2, Rules 1 I s may be directed to User Environment 212; Environment Overrides 214, Application Layout 2:16, ID and Entitlements 21 fo Scheduling and Notifications 220, and Scans 222. For example. User Environment 212 may include JDK/JRI.: version, blessed framework and version, standard repository, and application versioning. Environment Overrides 214 may include up to N~2 JDK/JME version, up to N-2 Framework versions and specific framework and repo. Application Layout 216 may Include application logs and policy, configurations, and properties. ID and Entitlements 218 may include application ID, roles and repository credentials. Scheduling and Notifications 220 may include build schedule and triggers, and even! notifications and distribution. Scans 222 ma include threat and vulnerability, security, code efficiency and golden rule compliance,

[9037] Figure 3 is so exemplary illustration of an Automation Performance Processor, according to an embodiment of the present invention. An exemplary Performance Processor may include components, such as Parser 310, Designer 312, Analyzer 314, Validator 316. Execution 318 and Reporting 320. For example. Analyzer 314 may generate test scripts for execution and reporting.

[0038] According to an embodiment of the present invention_:, a Testing Framework may include a Performance Processor and a Quality Assurance Processor, In this exemplar application. Parser 310 may represent a collection of data and correlation of testable categories. Once code is deployed!, Parser 310 may correlate data into testable categories (e.g, business, functional, eto.). Designer 312 may represent a test case generator and parameterization. Designer 312 may generate test scripts based on learned parameters an standards (e.g., performance - volume, iteration, count, etc). Analyzer 314 may represent confirmation of testable date and test cases. Analyzer 314 may confirm if test cases are complete or if additional review is needed {e.g.. not all date a be categorized). Validator 316 may perform a review of unstruetured data and Incomplete test scripts. Validator 316 may provide back to Designer 312 unstructured data and incomplete test scripts for additional review. Execution 318 may represent a test case buiider/designer and parameterization. Execution 318 may execute and complete test scripts and then make them available to Ap Dev end users as well as other users, i Reporting 320 may provide execution repotting and other supporting outputs

[0039] An embodiment of the present invention may include a design capable of leveraging enhanced automation technology to support design and buildipg of test cases and prameterizatimt. For example_* a Packaging Processor may represent tools and processes deli vering development code to a target environment, In this example. Parser 310 may represent a collection of data and correlation to testable categories. Parser 310 may categorize an create correlation of data. For example, categories may include Business, Functional Date and User Interface (UX) as well as Web Services Other categories may be defined and implemented. Business may include data in support of products an services, e.g. stock price $5,70, Business may also include inputs relating to notifications, such .as when a stock price goes to $5 70. Functional may Include data in support: of activity and process, e.g., last order execution. Functional may also include periodic stock price updates, running ticker of last order executed, up and down tick. etc. Data may include support scope of data, e. g , 6 .months of stocks. Data may also .include, trends, such as price trends including 6 month stock price trend, for example. User Interface ma includ support to layout and user interface, ag,, drop down. For example, inputs to a test case may be parameterized and the respective floor and ceiling values (e.g., boundary) may be a process of machine learning. According to an exemplary" illustration, it may he a iterative learning process where each of the inputs required are learned and parametrized along with the boundary values, Accordingly learning improves over ti e and the iterations based on knowledge base.

Designer 312 may represent, a test ease generator and parameterization. Designer 312 may progressivelybuild test eases In a stepped process based o learning fern initial test case(s). For example, Designer 312 may create an initial test case as a start point for a build. Designer 312 may then learn from each build step to create parameters and boundaries, e..g _f stock price will not be negative (boundary)_· The various features of the embodiments of the present invention realize benefits and advantages includin a reduction in extraneous documentation storage and auditability, Other benefits include consistency in quality by leveraging; defined standards and parameterized frameworks to drive high value outputs,_: The system also leverages automated deployment and testing that allows for App Dev to continuously test and integrate code.

[0041! According to an embodiment of the present invention, Parser 310 ma represent a KML and configuration parser w well as a correlator. For example, an audit process may involve parsing out data references, connection strings, ID passwords. This data may be used to generate test scripts and further validate the data. In this example. Parser 310 may receive inputs front configuration data (e.g , servlet mapping, service URL map, module configuration, service interface definition, esc.). Designer 312 may represent a tost case builder, designer and paratnetrizaiion. Designer 312 may receive an out of band user input test case. Analyzer 314 may generate known and structured test scripts that may be communicated to Execution 318 to run performance test, scripts. Execution 318 may also receive SLAs and volumes. Using the execution output, reports may be generated at 320. Other outputs may be provided. Further, Analyzer 314 may communicate unknown and unstructured test scripts to Validator 16, Validator 316 may then provide test scripts and results to Designer 312.

[00421 Figures 4A and 4B are an exemplary diagram of an automated test generator flow and automated test screen hash, according to an embodiment of the present invention. Figure 4 illustrates an exemplar y Automated ^'rest Generator Flow 402 and Figure; 4B illustrates an Automated Test Screen Hash 404.

|0043j An embodiment of the present invention is directed applying machine learning to enable the system to learn an application. Once the application is built and deployed into a testing environment, the system may instantiate the application and learn the application. For example, a web application may include different types of inputs including alphanumeric inputs, text inputs, choice inputs,radio inputs, and other types of inputs. An embodiment of the present invention is .directed to. generating test cases tor the various different types of inputs. An embodiment of: the present invention applies machine learning to the alphanumeric input based on application use eases and other data. For example, the machine learning aspect may be implemented by one or more processors, such as the QA Processor or Peri Processor, where the test eases are generated and automatically executed.

|ftS44j At step 410, the system may determine whether an alphanumeric (AN) input is available. If yes, Machine Learning AN module may he initiated, at step 412. For an alphanumeric input, machine learning may depend on whether the user is inputting an SID, password, specific symbol for a trade, address, etc. Because the input is specific to the application, an embodiment of the present invention may apply machine learning to generate test flows for possible scenarios. At step 414, tire system may determine whether a text input is available. If yes, Random Test Generator may he initiated, at step 416. At step 418, the system may determine whether a choice input (CD is available. If yes, Choice Generator Q module may be initiated, at step 420. At step 422. the system may determine whether a radio input (RI) is available, A radio Input may invoke two or more prodetermined choices, In this example, the system may generate a test: case for each available choice. If ves. Radio Generator RI module may be initiated, at step 424, At step 426, the system may determine Whether a submit input is available. At step 428, the system may determine whether a hyperlink input is available. For example, an input may involve submitting a hyperlink to another reference. If a submission or a hyperlink input are available, the system may determine a reference input is available, at step 430. If yes, t en a reference field may be set to IS at step 432. If not, then a reference held is set to null at step 434. A screen builder hash may be generated at step 436, which then feeds into a Screen Source at step 438. The order illustrated in Figure 4 Is merely exemplary. While the process of Figure 4 illustrates certain steps performed in a particular order, it should be understood that the embodiments of the present invention may be practiced by adding one or more steps to the processes, omitting steps within the processes and/or altering the order in which one or more steps arc performed.

[0045] Figure 4B is an exemplary diagram of an automated test screen hash, according to anembodiment of the present invention. The various input scenarios identified in the flow diagram of Figure 4A may be used to generate an Automated Test Screen Hash. In this example, Screen 440 may include various inputs, represented b 442, 446, 448 and 450, Each input may include a series of options or screens, represented by Ser 1 to Ser 5 for input 442; Ser 6 to Scr 7 for input 446, Ser S to Ser 1 for input 448 and Scr 13 to Scr 17 for input 4S0. Accordingly, Screen Flash represents the various possible inputs available on a representative screen.

[0046] Screen 440 may serve as an input to Test Case Generator 460. which then generates test cases represented by 462, Based o the type of inputs and. available responses, the system may generate a test case for each available choice. As discussed above, machine learning may be applie to certain inputs, such as an alphanumeric input_:. The test eases may then be_: executed via Test Execution 464 and further reported via Reporting 466. Figure 5 is an exemplary diagram of entitlements, according to an embodiment of the present invention. In this example, AD 1 10 may communicate entitlements blocks and event blocks, represented by 510, to various Targets, represen led by 180, 182 184 186. 18$, As shown in Figure 5, AD y create an Entitlement block. The Entitlemem block may be referenced by a Target during execution. As shown in Figure 5. an Event block may be read b Event Controller 1 70 arid entitlement blocks may be read by Targets. An Event may represent any type of occurrence or change in the system, such as submitting a new build, build failure, build success, etc. An embodiment of the present invention is directed to creating automated test scripts (including performance test scripts) and employing Blockchain to entitlements as well as monitor and manage events as they occur in the system.

10048] Figure 6 is an exemplary illustration of a Node Agent, according to an embodiment of the present invention. As shown in Figure 6, Node Agent 620 may receive inputs f om Control and Entitlemem 610 where data may be stored in Cache 622. Remote commands to be executed may be sent to the Node Agent for processing which then follows the entitlements to complete the request. The results of the execution ma be returned to the requester by the Node Agent. Once a command request urg , cmd.1 , cmd2_s cmdlk etc.) is received by the Node Agent, it may validate the: request based on the entitlements that are in Cache 622. As shown in Figure 6, entitlements stored in Cache 633 are illustrate by 630. Upon successful validation of the request, the command may then be forwarded to Executor 626 for execution of the command an return the results to the requester, via 612. In some eases, there may be more than one_: execution as a command may have dependency commands to be fulfilled. The requests and the: dependencies may be validated by Validator 624 with the entitlements.

Figure 7 is an exemplary screenshot of an event dashboard, according to an embodiment of the present invention. The CTR Highway may capture and provide entitlements and f rfher allow for data mining; and creation of an Interactive user interface, .g„ a dashboard,Figure 7 is anexe plaiy dashboard of an air traffic ( ont il view. Using node block technology, described in Figure 6, the framework of as embodiment of the present invention provides an illustration of impact of change and how the change effects an entire environment Figure 7 illustrates different applications set to be: deployed at a given date and time on each target machine. For example, Node 702 represents a Target Machine. Applications are scheduled to be deployed at a deployment date and time. The application scheduled for a near deployment (e.g. , Application 704} is illustrated as proximate to the Landing Node while the application scheduled for a later deployment (e.g,, Application 706} is illustrated as farther way fro the Landing Node (c.g. , Node 702) i this example. Application 704 is scheduled ahead of Application 706 for deployment on Target Machine 702. Each target machine is_: represented as a landing node Node 702} with deployment application bundles (e.g,. Applications 7Q4, 706). Figure 7 may also illustrate, and verify that certain applications that build off of earlier applications are deployed in a correct sequence, For example, if Application 706 is dependent on Application 704, the system may confirm that Application 704 is scheduled for deployment before Application 7Q6. Figure 7 further illustrates how Target Machines may be connected. Figure 7 may also illustrate whether Nodes are m the same or different: regions based on type of connection (tog., different color for different regions, etc.). As shown in Figure: 7, node 710 represents a system down; node 712 represents an intrusion and node 714 represents a warning or possible conflict. For example, if more than one application is scheduled to be deployed on a single target, the system may identity a conflict where- the effects of the conflic on downstream components may be displayed. Also, if an unauthorized deployment is scheduled, the system. may Hag and require approval and other actions

jO0_sJ©l Figure 8 is an exemplary diagram illustrating entitlements, according to an embodiment of the present invention. An embodiment of the present invention is directed to delivering tools, processes and standards to support user II) provisioning. Ledger based Access, consensus Reconciliation and Dc- Provisioning. As shown in Figure 8, provisioning a onboard end users to ledge with unique ID attributes, as shown by 810 The system provides provisioning of users to ledger technolog leveraging key entitlement attributes and housing of private encryption key. For example, end users may he onboard to the disturbed ledger based on user attributes in support of trusted access fine grain entitlements along with an encryption key ( .g- private). Access ay be provided based on user (D and peer access rules, as shown by 812. Access may be provided based on target environment policies and consensus confirmation of trusted source. For example, target access may be pro vided based on verification of private key across distributed ledger locations and end user entai intent attr butes {e.g,, name, role, etc.}. Reconciliation provides real time systemic review for right updates to ledger, as shown by 814Reconciliation may be performed as each access transaction is added to the distributed ledger for near real time monitoring and auditability. For example, monitoring may take place based on exceptions and/or anomalies within a distribute leader (eg.. Ledger should be the same across all locations).

The system provides attribute based access by levering codified entitlements that may align to firmwk!e policies, eg, , separation of duties, privilege access, ete. The system may be non-eemraiized where entitlements are maintained in distributed ledgers allowing for speed of access and trusted source confirmation. The system may further provide entitlement review with the ability to monitor in near real time transactions aligned to user attributes where access ma be confirmed by security and operational teams.

[0052] An embodiment of the present invention is directed to entitlement Biockchain and more specifically to entitlement Biockchain with Proof of Entitlement (POF) consensus. According to an exemplary embodiment, the POE is a modified raft consensus,

[0Q53] Figure 9 is an exemplary provisioning flow, according to an embodiment of the present invention. Entitlement Biockchain recognizes two major roles namely, Aurhori/cr and Delegate_:. Authorizer 910 represents a sole o wner of a resource and etermines a particular grain of access to the resource. As shown in Figure 9, Authorizer 910 may delegate entitlement rights to chosen Delegates, as shown by 920, 922 and 924. IMs: allows for the federatio of entitlement activities. For example. Delegates may provision Entitlements 930, 932 and 934 on behalf of Authorizer 10.

[0054] With the eatsfiements of an embodiment of the present invention, an entity may allow other entities (e.g,_t companies, eicJ) to provision entitlements to access the entity’s own resources. For example. Authorize? 910 may represent a resource owner within an entity. The resource may be any data, reports, applications, privileges, etc·, in various forms. Authorizer 910, as a resource owner, may give permissions to Delegates to provision the resource. The addresses (or identifiers} of the Delegates are store in a block. In this scenario, only the Authorizer, as the resource owner, may execute the smart contract in the block. If anyone else tries to add a Delegate into the block, the request wil 1 be denied.

[0035J According to an embodiment of the present invention. Delegates govern the rights to provision. Delegates may provision entitlements based on policies and/or rales that are provided. The policies may he provided by an electronic source or through a user input or interface:. For example, the system may support different policies with different entitlements to different resources. The system may determine what resources a particular person or entity is allowed to provision. For example, a delegate may he restricted to provision a particular user or group of users.

[0656] An entitlement block may he added by a leader of Blockehain for a term. The term represents a duration that may be agreed upon for version of die POE. Each block in addition to the hash may have the term and leader information as part ed the header. The term and leader information may he useful in maintaining a quorum in the chain,

[0057] for example, all the nodes in fee Bloekchain may be known to every othe node. In this example, each node may keep track of other neighboring nodes. This may be determined by a number hops in the network. A node may enter the leader election when it has a required points for FOE. Gathering of points b a, node ma be a structured approach and may gain points for various actions.

00581 Node(s) may obtain entitlement points from another entitled node(s), where entitlement points may be transferred from a providing node to a receiving node. The request and negotiation of entitlement points and quantity of it may be done outside of fee chain: between the recei ving an providing nodes. The providing node may create an entitlement transaction as a Erst transaction in the Mock when it becomes the leader and commits pending entitlements, The total amount of entitlement points that may be transferred between nodes may he governed by version and policy information,

[0059] For example, the owner of a resource may provide entitlement points to node(s) where the total points cannot exceed a set value. This may happen when the owner becomes the leader and commits the new entitlement smar contract.. The owner may create new entitlement points for each of delegate in the contract For example every time a delegate provisions an entitlement;, it may receive a certain number of entitlement points. These points .may later be transferred between nodes as detailed in the preceding paragraph,

0 6O] The entitlement points for node may start to diminish if it fails to: be elected for a certain number of terms until it becomes a non-transacting node. The status of the node may change to a transacting node once it collects the necessary entitlement points for an election. Non-transacting nodes do not commit entitlements but may seme the entitlement blocks,

[0061.] According to an exemplary embodiment, the nodes may stop ail communication with: a node that serves unauthorized entitlements and may blacklist the offending node permanently. This guarantees or promotes good behavior and responsibility of the nodes in the chain. Other actions may he applied.

|0062| According to an embodiment of the present invention, a new node may be registered with the other nodes I» a: Blocfcchain when it recei ves: its first entitlement point.

10063] When the required amount of entitlements are obtained by a bode, it may automatically enter the election to be a leader provided it has transactions to commit. The node may be a participant until it does not get a heartbeat from die leader. Once the heartbeat is missed, the node with enough entitlement points may vote tor itself and send the request to other nodes for vote, The node with more than 50% votes (or other threshold) of registered entitled nodes may be considered to wi and become the leader for the term. Other thresholds and conditions: may be applied to determine a leader. Other nodes may then exit the election process and wait for the next term or until a failed heartbeat from the leader which initiates the election.

[0064] An exemplary POE consensus control data structure is illustrated below:

“Registered jtKxies” : {

"DelegaieHniitlemeniPoints" : {

sent invention is directed to a Smart: Contract for Entitlements. For example, two smart contracts may be used to define and federate entitlements. The first is a smart contract that may only he executed by the owner of the smart contract Theowner may then add delegate users to the list of users that may provision and manage the entitlements for a give» use. A delegate then has the ability to create the entitlements based on policies and rules implemented in user interface (til). All other users may not he able to execute the smart contracts.

(0066] The blocks may be validated and stored based on Proof of Entitlement. There is no mining overhead in using the POE Blockchahi. I» a private Blockchain, all the entities on the chain are known.· For example new nodes may join the Blockchain once they are certified by two or more nodes in the Blockchain. All of the addresses and/or users may be created in entitlement Blockchuin. The users cannot login in to ent tlement Bloukcbain without an address. Smart contacts may be deployed on to entitlement Bluckchain. Only owner of the contract may add a delegate to the smart contract. All delegates in tire list may provision and manage entitlements. Entitlement data stnietofe may be defined with version control capability; Entitlements ma have the capability to define number of use, provide life span for entitlement and'^' or other specifics. Entitlement data structure may provide fine pain capabilities,

f0ft67J According to an exemplary illustration, each resource may have its own smart contract where the contract identifier av be a contract address.

Figure 1.0 is an exemplary illustration of data and smart contract in chain, according to: an embodiment of the present invention. This example illustrates a view of data and smart contract 1010 in the chain. The Smart: Contract may be associated wife a unique identifier or address, as shown in Figure Kb Delegates 1020 may also he identified b a unique identifier or address. Provisioned emblements are illustrated at 1030.

[0069] According to an embodiment of the present invention, the roles and users may be identified using their address. The address may be represented as a unique identifier in the chain. The a dress is usually a hash and may be created wife multiple factors. In this example, all of the users need to bo created as an account in the Bloekchaln, This may be- different from the contrac address of the smart contract. The smart contract address_: may be required to identify tlie smart contract feat needs to be executed.

[0O7Oj According an embodiment of the present invention, there is a contract within the contract that may only allow the owner of the smart contract io designate delegates. Once delegates are designated, they have full control on provisioning: entitlements to users. Accordingly, the owner provisions the delegates with the ability to create entitlements and delegates in turn provision entitlement for risers.

[9071} An Entitlement Data Structure may include the Blockcham address to identify the users or have other means of identification. The data structure Identities what access is given to what resource. The data structure may include various levels of granularity and may also vary based on application type and other factors. An exemplary entitlement data structure for a user max be illustrated as shown below:

Allowed: true

Scope: FXspoi

r

i »

r

0xa236582365450dff354160237956435767 - Resource Ox 438612957 d eaafO 1587 fv? 7213420a90730 - Emits· t

Allowed: true

DailyLirnit: 1000

CurrencvPair: f USDGBPl

}

I [00T3[ Figure 13 is an exemplary user interlace, according to an embodiment of the present invention, Figure 1 1 enables users, such as delegates, to control and/or manage policies and entitlements provisioned. Trader information may be provided at 1 1 10. An address may be displayed at 11 12, Products may be selected at 1 120, which may include foreign exchange iFX)

1 1 2, commodities 1 124. Other types of products may be available. Actions may be identified at 1130, which may include Trade action at 1132, Roll Position action at 1134, Other actions may be supported by the system. Trade Limits 1140 may be identified at 1 142, Also, a user may request Reports 1150 and/or other outputs via download: 1152, ie s 1154 and/or in other various formats. Depending on rite application, the user interlace may include other features and terms. The illustration in Figure 31 is merely exemplary.

[0074] For example, an owner of a markets reporting application may define who has access to what reports. An entitlement may specify that a user from company A can access X reports hut not V reports. According to another example, a company may want to define a trader: as being able to trade only two lypes of currency. In this scenario, the company is autlion/mg die trader to operate on the company's behalf. This trader may he associated with a currency pair and may be further associated with additional refinements, e.g. , trade limits or maximum da ly exposure

[0075 [ Figure 12 is an exemplary user interface, according to an embodiment of the present invention. Figure 12 illustrates a data flow representation of Role Policies 1200 Role Policies may include roles from local business entities, as shown a 12.12. Role Policies may also include mapped entitlements from business partners, as shown at 1214. In this example. Policies may represent policies of another business partner (company) that are mapped to policies of the hosting business (company) to provide: seamless mapping of entitlements. The entitlement bloekchain provides fee solution so that the entitlements need not be apped,

[00761 Other embodiments, uses, and ad vantages of the invention will ½ apparent to those skilled in the art from consideration of the specification and practice of the inv ention disclosed herein. The specification and exam les should be considered exemplary only* and the scope of the invention is accordingly not intended to be limited thereby

[0077] While the exemplary embodiments d ^Ttbed herein may show the various embodiments of the invention (or portions thereof) collocated, it is to be appreciated that the various components of the various embodiments may be located at distant portions of a; distributed network, such as a local area network, a wide area network, a telecommunications network, an intranet and/or the Internet or within a dedicated object handling system. Thus, it should fee appreciated that the components of the various emhodimenis ma be combined into one or more devices; or collocated on a particular node of a distributed network, such as a telecommunieaiions network, for example. As will be appreciated fro the following description, and for reasons of computational efficiency, the components of the various embodiments may be arranged at any location within a distributed network without affecting the operati n of tire respective system,

[0078] Data and information maintained by a Processor may be stored and cataloged in a Database which may comprise or interface with a searchable database, The database ma comprise, include or interface to a relational database. Other databases, such as a query format datable, a Standard Query Language (SQL) format database, a storage area network (SAN;, or another similar data storage device, query format, platform o resource may be used. The database may comprise a single database or a collection of databases, dedicated or otherwise. In one embodiment, the database may store or cooperate with other databases to store the various data and information described herein. In some embodiments, the database may comprise a tile management system, program or application for storing and maintaining data and information used or generated by the various features and functions of the systems an methods described here®. In some embodiments, the database may store, maintain and permit access to participant information, transaction information accoun information, and general information used to process transactions as described herein. In some em bod^'· eats, fee database is connected directly to the Processor, which, in some embodiments, it is accessible through a network, such as a communication network for example,

{0079] Communications network may be comprised of, or may interface to any one or moreof, the Internet, _:an intranet a Personal Area etwork (PAM), a Local Area Network (LAN), a Wide Area Network (WAN), a Metropolitan Area Network (MAN), a storage area network (SAN), a frame relay connection, an Advanced Intelligent Network (AIN) connection, a synchronous optical network (SONET) connection, a digital T1, T3. P.1 or 1.3 line, a Digital Dat Service (DDS) connection, a Digital Subscriber Line (DSL) connection an Ethernet connection, an Integrated Services Digital Network (ISDN) line, a dial-up port such as a V.9(). a ¥.34 or a \' .34bN analog mode connection, a cable modem, an Asynchronous Transfer Mode (ATM) connection, a Fiber Distributed Data Ihiertaee (F DDl) connection, or a Copper Distributed Data inferiace (CDD!) connection.

Coni unieationS: network may also comprise, include or interface to any one or snore of a Wireless Application Protocol (WAP) ink, ;a General Packet Radii Service (GPRS) link, a Global System for Mobile Communication (GSM) link, a Code Division Multiple Access (CDMA)_: link or a Time Division Multiple Access (TDMA) link such as a cellular phone channel, a Global Positioning System (GPS) link, a cellular digital packet data (CDPD) link a Research in Motion, Limited (RIM) duplex paging type device, a Bluetooth radio link, or an IEEE 802.1 1 -based radio frequency link. Communications network. 107 may further comprise, include or interface to any one or more of an RS-232 serial connection, an IEEE 394 (Firewire) connection, a Fibre Channel connection, an infrared (It DA) port, a Small Computer Systems

Interface (SCSI) connection, a Universal Serial Bus (USB) connection or another wired or wireless digital or analog interlace or connection.

|O08t} In some embodiments cominmneatfon network may comprise a satellite communications network, such as a direct broadcast communication system (DBS) .having the requisite number of dishes. satellites arid transnutter/receiver boxes;, for example. Communications network may also comprise a telephone communications network, such as the Public Switched Telephone Network (PSTN). In another embodiment, communication network may comprise a Personal Branch Exchange (PBX), which may further connect to the PSTN.

[8082] I some embodiments, the processor may include any terminal (e.g., a typical personal computer system, telephone, persona! digital assistant (PDA) or other like device) whereby a user may interact with a network, such as communications network, for example, that is responsible for transmitting and delivering data and information used by the various systems and methods described herein. The processor may Include, for instance, a personal o laptop computer, a telephone, or PDA The processor may include a microprocessor, a microcontroller or other general or special purpose device operating under programmed control. The processo may farther include an electronic memor such as a random access memor (RAM) or electronically programmable read only memory (EPROM), a storage such as a har drive, a CDROM or a rewritable CDROM or another magnetic, optical or other media, and other associate components connected over an electronic bus, as will be appreciated by persons skilled In the ait. The processor may be equipped with an integral or connectable cathode ray tube (CRT), a liquid crystal display (LCD), electroluminescent display, a light emitting diode (LED) or another display screen, panel or device for viewing and .manipulating files, data and other resources, lor instance using a graphical user interface (GUI) or a command line interface (CL1). The processor may also include a network-enabled appliance, a browser-equipped or other network -enabled cellular telephone, or another TCP/IP client or other device.

[0083] The system of the invention or portions of the system of the invention may be In the form of a‘'processing machine,” such as a genera! purpose computer, lor example· As used herein, the term‘'processing machine^" is to be understood to include at least one processor that uses at least one memory. The at least one memory stores a set of instructions. The instructions may be either permanently or temporarily stored in the memory" or memories of the processing machine. The processor executes the instructions that are stored in the memor or memories in order to process data. The set of instructions may include various instructions that perform a particular task or tasks, such as those tasks described above in the flowcharts. Such a_: set of instructions for performing a particular task may he characterised as a program, software program or simply software.

10884] The embodiments of the present inventions are not to be limited: In scope by the specific e bodiments described herein. For example, although many of the embodiments disclosed herein have been described with reference to identifying events and communicating notification, the principles herein are equally applicable to other applications. Indeed, various modifications of the embodiments of the present inventions in addition to those described herein, will be apparent to those of ordinary skill in the art fro the foregoing description and accompanying drawings. Thus, such modifications are intended to fall wi thin the scope of the following appen ed claims.

{0085| Further, although the embodiments of the piesent inventions have been described herein in the context of a particular implementation in a particular environment for a particular purpose, those of ordinary skill in the art will recognize that its usefulness is not limited thereto and that tile embodiments of the present inventions can be beneficially implemente in any number of environments for any number of purposes. Accordingly, the claims set forth below should he construed in view of the full breadth and spirit of the embodiments of the present inventions as disclosed herein.

Claims

Claims;

1. A system that implements; an entitlements framework with proof of entitlement consensus, the system comprising;

a user interface that receives an input relating to one or more entitlement policies^* a communication network that communicates with one or more targets via a distributed ledger functionality for entitlements; and

a processor, couple to the user interface and the communication network_s that converts the input into an entitlement block and is configured to perform the steps of;

identifying a smart contract that defines an federates entitlements associated with a resource;

identifying one or more delegates added by ah owner of the resource: and

enabling each of the one or more del ©gates to; create an entitlement to the resource based on the one or more entitlement polices.

2. The system of claim 1, wherein the entitlement comprises a data structure that comprises a Blockchain address So identify one or more users.

3. The system of claim I, die entitlement block is validated and stored based on proof of entitlement.

4. The system of claim 1 , wherein the entitlement defines version control capability.

5. The system of claim I. wherein die entitlement defines number of use.

6. The system of claim 1, wherein the entitlement defines a life spaa tor the entitlement.

7. The system of claim 1 , wherein the entitlement defines one or more fine grain capabilities.

The system of claim 6, wherein each resource has its own smart contract and the contract Identifier is a contract address. ihe system of claim 1 , where the distributed ledger functionality is Blockchainand the Proof of Entitlement is a modified raft consensus.

10. The system of claim 1, wherein: the entitlement block comprises a term that defines a duration and leader infbmu ioit.

11, A computer implemented method that implements an entitlements_: framework with proof of entitlement consensus the method comprising the steps of:

receiving, via a user interlace, an input relating to one or more entitlement policies;

converting, via a processor, the input into an entitlement block;

identifying a smart contract that defines and federates entitlements associated with a resource;

identifying one or more delegates added by an owner of the resource enabling each of the one or more delegates to create an entitlement to the resource based on the one or more entitlement polices;: and

communicating, via a communication network, one or more targets via a distributed ledger fimettonaiity for entitlements.

12. The method of claim 1 , wherein the entitlement comprises a data structure that comprises a Blockeham address to identity one or more users,

13. Ihe method of claim 1, the entitlement block is validated and store based on proof of entitlement.

14. The method of claim I L wherein the entitlement deities version control capability.

15. The method of claim 1 1, wherein the entitlement defines number of use

16. The method of claim 1 1, wherein the entitlement defines a life span for the entitlement.

17. The method of claim 1 1, wherein: the entitlement defines one or more fine grain capabilities.

18. The method of claim 16, wherein each resource has its own smart contract and the contract identifier is a contract addres s,

19. The method of claim P, where the distributed ledger functionality is loohehain and the Proof of Entitlement m a modified raft consensus.

20. The method of claim 11, wherein the entitlement block comprises a term that defines a duration and leader information.