Private key decryption system and method of use

US 10,644,879 B2
Filed: 07/13/2018
Issued: 05/05/2020
Est. Priority Date: 05/19/2015
Status: Active Grant

First Claim

Patent Images

1. A host computer system comprising:

a central processing unit;

an initialized service instance of a plurality of services;

a master key loader configured to store an operational master key in a memory device of the initialized service instance;

a database having an address and an encrypted private key stored in association with one another;

a web application configured to receive a request for payment to a bitcoin address, the request for payment including an amount of bitcoin to be paid, generate an unsigned transaction in response to receiving the request for payment, the unsigned transaction including the amount of bitcoin to be paid in the request for payment, and request a signing of the unsigned transaction to create a signed transaction; and

a payment module configured to receive the request for signing the transaction, determine the address corresponding to the bitcoin address in the unsigned transaction, determine the encrypted private key stored in association with the address, decrypt the encrypted private key with the operational master key to generate a decrypted private key, and sign the transaction with the decrypted private key to create the signed transaction, the web application configured to receive the signed transaction, and broadcast the signed transaction over the bitcoin network,wherein the master key loader, the web application, and the payment module are executed by the central processing unit.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A key ceremony application creates bundles for custodians encrypted with their passphrases. Each bundle includes master key share. The master key shares are combined to store an operational master key. The operational master key is used for private key encryption during a checkout process. The operational private key is used for private key decryption for transaction signing in a payment process. The bundles further include TLS keys for authenticated requests to create an API key for a web application to communicate with a service and to unfreeze the system after it has been frozen by an administrator.

Citations

13 Claims

1. A host computer system comprising:
- a central processing unit;
  
  an initialized service instance of a plurality of services;
  
  a master key loader configured to store an operational master key in a memory device of the initialized service instance;
  
  a database having an address and an encrypted private key stored in association with one another;
  
  a web application configured to receive a request for payment to a bitcoin address, the request for payment including an amount of bitcoin to be paid, generate an unsigned transaction in response to receiving the request for payment, the unsigned transaction including the amount of bitcoin to be paid in the request for payment, and request a signing of the unsigned transaction to create a signed transaction; and
  
  a payment module configured to receive the request for signing the transaction, determine the address corresponding to the bitcoin address in the unsigned transaction, determine the encrypted private key stored in association with the address, decrypt the encrypted private key with the operational master key to generate a decrypted private key, and sign the transaction with the decrypted private key to create the signed transaction, the web application configured to receive the signed transaction, and broadcast the signed transaction over the bitcoin network,wherein the master key loader, the web application, and the payment module are executed by the central processing unit.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The host computer system of claim 1, further comprising:
    - a checkout module configured to generate an address and a private key, encrypt the private key with the operational master key to generate an encrypted private key.
  - 3. The host computer system of claim 1, further comprising a freeze flag logic configured to detect a freeze flag on-state, disallow signing of the transaction in response to detecting the freeze flag on-state, detect a freeze flag off-state, and allow signing of the transaction in response to detecting the freeze flag off-state.
  - 4. The host computer system of claim 3, wherein the freeze flag logic is configured to receive at least a plurality of authenticated requests to unfreeze transaction signing, and allows signing of the transactions upon a determination by the initialized service instance that the plurality of authenticated requests is at least equal to a predetermined number.
  - 5. The host computer system of claim 1, further comprising:
    - a key ceremony application configured to create a for-distribution master key, store the for-distribution master key in the memory device, split the for-distribution master key into N shares, distribute the N shares among N custodians, clear the for-distribution master key from the memory device; and
      
      a master key loader configured to receive at least M of the N shares, where M is equal to or less than N, and derive the operational master key from the M shares before storing the operational master key in the memory device.
  - 6. The host computer system of claim 2, wherein the web application is configured to receive, prior to receiving the request for payment from a customer computer system, a request for address, and request an address from the checkout module, the checkout module configured to receive the request for address for generating the address and the private key in response to the request for address, store the address and the encrypted private key in association with one another, and provide the address to the web application, the web application configured to receive the address from the initialized service instance, and transmit the address to the customer computer system.

7. A method of transacting bitcoin comprising:
- with a central processing unit included in a host computer system;
  
  storing, by an initialized service instance of a plurality of services, an operational master key in a memory device of the initialized service instance;
  
  storing, by the initialized service instance, an address and an encrypted private key in association with one another;
  
  receiving, by a web application, a request for payment to a bitcoin address, the request for payment including an amount of bitcoin to be paid;
  
  generating, by the web application, an unsigned transaction in response to receiving the request for payment, the unsigned transaction including the amount of bitcoin to be paid in the request for from payment;
  
  requesting, by the web application, a signing of the unsigned transaction to create a signed transaction;
  
  receiving, by the initialized service instance, the request for signing the transaction;
  
  determining, by the initialized service instance, the address corresponding to the bitcoin address in the unsigned transaction;
  
  determining, by the initialized service instance, the encrypted private key stored in association with the address;
  
  decrypting, by the initialized service instance, the encrypted private key with the operational master key to generate a decrypted private key;
  
  signing, by the initialized service instance, the transaction with the decrypted private key to create the signed transaction;
  
  receiving, by the web application, the signed transaction; and
  
  broadcasting, by the web application, the signed transaction over the bitcoin network,wherein the initialized service instance and the web application are executed by the central processing unit.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, further comprising:
    - generating, by the initialized service instance, an address and a private key; and
      
      encrypting, by the initialized service instance, the private key with the operational master key to generate an encrypted private key.
  - 9. The method of claim 7, further comprising:
    - detecting, by the initialized service instance, a freeze flag on-state;
      
      disallowing, by the initialized service instance, signing of the transaction in response to detecting the freeze flag on-state;
      
      detecting, by the initialized service instance, a freeze flag off-state; and
      
      allowing, by the initialized service instance, signing of the transaction in response to detecting the freeze flag off-state.
  - 10. The method of claim 9, further comprising:
    - receiving, by the initialized service instance, at least a plurality of authenticated requests to unfreeze transaction signing, the initialized service instance allowing signing of the transactions upon a determination by the initialized service instance that the plurality of authenticated requests is at least equal to a predetermined number.
  - 11. The method of claim 7, further comprising:
    - creating, by a key ceremony application, a for-distribution master key;
      
      storing, by the key ceremony application, the for-distribution master key in the memory device;
      
      splitting, by the key ceremony application, the for-distribution master key into N shares;
      
      distributing, by the key ceremony application, the N shares among N custodians;
      
      clearing, by the key ceremony application, the for-distribution master key from the memory device;
      
      receiving, by the initialized service instance, at least M of the N shares, where M is equal to or less than N; and
      
      deriving, by the initialized service instance, the operational master key from the M shares before storing the operational master key in the memory device.
  - 12. The method of claim 7, further comprising:
    - receiving, by the web application prior to receiving the request for payment from a customer computer system, a request for address;
      
      requesting, by the web application, an address from the initialized service instance;
      
      receiving, by the initialized service instance, the request for address for generating, by the initialized service instance, the address and the private key in response to receiving the request for address;
      
      storing, by the initialized service instance, the address and the encrypted private key in association with one another;
      
      providing, by the initialized service instance, the address to the web application;
      
      receiving, by the web application, the address from the initialized service instance; and
      
      transmitting, by the web application, the address to the customer computer system.

13. A non-transitory computer-readable medium having stored thereon a set of instructions that, when executed by a processor of a computer carries out a method of transacting bitcoin comprising:
- storing, by an initialized service instance of a plurality of services, an operational master key in a memory device of the initialized service instance; and
  
  storing, by the initialized service instance, an address and an encrypted private key in association with one another;
  
  receiving, by a web application, a request for payment to a bitcoin address, the request for payment including an amount of bitcoin to be paid;
  
  generating, by the web application, an unsigned transaction in response to receiving the request for payment, the unsigned transaction including the amount of bitcoin to be paid in the request for from payment;
  
  requesting, by the web application, a signing of the unsigned transaction to create a signed transaction;
  
  receiving, by the initialized service instance, the request for signing the transaction;
  
  determining, by the initialized service instance, the address corresponding to the bitcoin address in the unsigned transaction;
  
  determining, by the initialized service instance, the encrypted private key stored in association with the address;
  
  decrypting, by the initialized service instance, the encrypted private key with the operational master key to generate a decrypted private key;
  
  signing, by the initialized service instance, the transaction with the decrypted private key to create the signed transaction;
  
  receiving, by the web application, the signed transaction; and
  
  broadcasting, by the web application, the signed transaction over the bitcoin network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Coinbase, Inc.
Original Assignee
Coinbase, Inc.
Inventors
Alness, Andrew E., Hudon, James Bradley
Primary Examiner(s)
Gracia, Gary S

Application Number

US16/034,716
Publication Number

US 20180337774A1
Time in Patent Office

662 Days
Field of Search

713159, 713168, 713185, 705 64, 705 67, 705 69, 705 75
US Class Current
CPC Class Codes

G06Q 20/065   using e-cash

G06Q 20/3823   combining multiple encrypti...

H04L 63/00   Network architectures or ne...

H04L 63/06   for supporting key manageme...

H04L 63/166   at the transport layer

H04L 9/0819   Key transport or distributi...

H04L 9/0822   using key encryption key

H04L 9/085   Secret sharing or secret sp...

H04L 9/0863   involving passwords or one-...

Private key decryption system and method of use

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Private key decryption system and method of use

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links