Threshold secret share authentication proof and secure blockchain voting with hardware security modules
First Claim
Patent Images
1. A method for secure voting among M peers in a channel on an action proposal, comprising:
- a) selecting a secret
;
b) dividing the secretinto M unique shares by using a threshold secret sharing scheme;
c) providing M hardware security modules with secure storage and firmware;
d) provisioning each of said M hardware security modules with a distinct one of the M unique shares, and the secret, and storing said distinct unique share and secret
in the hardware security module'"'"'s secure storage;
e) controlling login to each said provisioned hardware security module as a function of that hardware security module'"'"'s provisioned distinct unique share;
enabling calculation of a trial secret′
as a function of that hardware security module'"'"'s provisioned distinct unique share;
g) further enabling each of the M hardware security modules to compare the trial secret′
with the stored provisioned secretand if identical, to compute a credential by concatenation of a nonce with the provisioned secret
and one or more identity factors to create a concatenation value, and thereafter computing a one-way hash of the concatenation value, resulting in a KNAP credential;
h) assigning each of the provisioned and enabled hardware security modules to a distinct one of the M peers;
i) facilitating the transmission of the action proposal from one of the M peers, together with that peer'"'"'s KNAP credential, identity factors, and the nonce used to compute said KNAP credential to all other peers in the channel;
j) still further enabling each of the M peers to authenticate the received action proposal using the sender'"'"'s KNAP credential, and transmitted identity factors and nonce;
k) receiving a vote on the action proposal from one of the M peers; and
l) recording said vote in a distributed ledger.
2 Assignments
0 Petitions
Accused Products
Abstract
For an encryption-protected decentralized and replicated blockchain file storage system maintained and managed by a channel of peers, the invention creates the additional levels of trust that are needed for peer voter authentication and transaction proposal endorsement. The invention effectively excludes hostile agents from influencing or impersonating legitimate voter peers through the mathematical strength of the K-of-N mechanism based on secret sharing with cryptographic hashing. In a further embodiment an extension to nested signatures is disclosed to enforce signing order.
22 Citations
7 Claims
-
1. A method for secure voting among M peers in a channel on an action proposal, comprising:
-
a) selecting a secret ;
b) dividing the secret into M unique shares by using a threshold secret sharing scheme;
c) providing M hardware security modules with secure storage and firmware; d) provisioning each of said M hardware security modules with a distinct one of the M unique shares, and the secret , and storing said distinct unique share and secret
in the hardware security module'"'"'s secure storage;
e) controlling login to each said provisioned hardware security module as a function of that hardware security module'"'"'s provisioned distinct unique share; enabling calculation of a trial secret ′
as a function of that hardware security module'"'"'s provisioned distinct unique share;g) further enabling each of the M hardware security modules to compare the trial secret ′
with the stored provisioned secretand if identical, to compute a credential by concatenation of a nonce with the provisioned secret
and one or more identity factors to create a concatenation value, and thereafter computing a one-way hash of the concatenation value, resulting in a KNAP credential;
h) assigning each of the provisioned and enabled hardware security modules to a distinct one of the M peers; i) facilitating the transmission of the action proposal from one of the M peers, together with that peer'"'"'s KNAP credential, identity factors, and the nonce used to compute said KNAP credential to all other peers in the channel; j) still further enabling each of the M peers to authenticate the received action proposal using the sender'"'"'s KNAP credential, and transmitted identity factors and nonce; k) receiving a vote on the action proposal from one of the M peers; and l) recording said vote in a distributed ledger. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeSpyrus, Inc.
-
Original AssigneeSpyrus, Inc.
-
InventorsSandberg-Maitland, William, Tregub, Burton George
-
Primary Examiner(s)Vaughan, Michael R
-
Application NumberUS16/237,542Publication NumberTime in Patent Office519 DaysField of SearchUS Class CurrentCPC Class CodesG06F 16/1824 implemented using Network-a...G06F 16/1834 implemented based on peer-t...H04L 2209/463 Electronic votingH04L 9/0643 Hash functions, e.g. MD5, S...H04L 9/0822 using key encryption keyH04L 9/085 Secret sharing or secret sp...H04L 9/0897 involving additional device...H04L 9/321 involving a third party or ...H04L 9/3239 involving non-keyed hash fu...H04L 9/3247 involving digital signaturesH04L 9/50 using hash chains, e.g. blo...
