USER ACCOUNT MANAGEMENT VIA A DISTRIBUTED LEDGER

US 20180101842A1
Filed: 10/10/2017
Published: 04/12/2018
Est. Priority Date: 10/10/2016
Status: Active Grant

First Claim

Patent Images

1. A method for providing user access to a set of data stored in a distributed ledger, the distributed ledger stored by a plurality of node computing entities, the method comprising:

receiving, by a first node computing entity of the plurality of node computing entities and comprising at least one processor, a memory, and a communications interface configured to communicate via at least one network, a share key request indicating that a first user account has authorized a second user account to have access to a set of data stored in the distributed ledger;

encrypting, by the first node computing entity, a data access key for accessing the set of data using an encrypting key corresponding to the second user account;

generating, by the first node computing entity, a block comprising the encrypted data access key;

signing, by the first node computing entity, the block comprising the encrypted data access key using a signing key corresponding to the first user account; and

posting, by the first node computing entity, the signed block comprising the encrypted data access key to the distributed ledger.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

User access to a set of data stored in a distributed ledger, wherein the distributed ledger is stored by a plurality of node computing entities, is provided. A first node computing entity receives a share key request indicating that a first user account has authorized a second user account to have access to a set of data stored in the distributed ledger. A data access key (DAK) for accessing the set of data is encrypted using an encrypting key of the second user account. A block comprising the encrypted DAK is generated, signed using a signing key of the first user account, and posted to the distributed ledger. The block is authenticated using an authentication key of the first user account and accessed via a decrypting key of the second user account such that the second user account may use the DAK to access the set of data.

148 Citations

20 Claims

1. A method for providing user access to a set of data stored in a distributed ledger, the distributed ledger stored by a plurality of node computing entities, the method comprising:
- receiving, by a first node computing entity of the plurality of node computing entities and comprising at least one processor, a memory, and a communications interface configured to communicate via at least one network, a share key request indicating that a first user account has authorized a second user account to have access to a set of data stored in the distributed ledger;
  
  encrypting, by the first node computing entity, a data access key for accessing the set of data using an encrypting key corresponding to the second user account;
  
  generating, by the first node computing entity, a block comprising the encrypted data access key;
  
  signing, by the first node computing entity, the block comprising the encrypted data access key using a signing key corresponding to the first user account; and
  
  posting, by the first node computing entity, the signed block comprising the encrypted data access key to the distributed ledger.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein upon receipt of the signed block comprising the encrypted data access key, a second node computing entity authenticates the signed block using an authentication key corresponding to the first user.
  - 3. The method of claim 2, wherein upon authenticating the signed block, the second node computing entity decrypts the encrypted data access key using a decrypting key corresponding to the second user.
  - 4. The method of claim 3, wherein upon decrypting the encrypted data access key, the data access key is stored to a wallet in a local file storage stored in a memory of the second computing entity.
  - 5. The method of claim 1, wherein the data access key provides retroactive permission for the second user account to access data encrypted with the data access key and stored in the distributed ledger.
  - 6. The method of claim 1, wherein the distributed ledger comprises one or more add/edit user messages creating or editing one or more user accounts.
  - 7. The method of claim 1, wherein the signing key (a) is a private digital signature key and (b) corresponds to an authentication key, the authentication key being a public digital signature key.
  - 8. The method of claim 1, wherein the encryption key (a) is a public Diffie-Hellman-Merkle key and (b) corresponds to a decryption key, the decryption key being a private Diffie-Hellman key.
  - 9. The method of claim 1, wherein the data access key is a symmetric key.

10. An apparatus for providing user access to a set of data stored in a distributed ledger, the distributed ledger stored by a plurality of node computing entities, the apparatus being one of the plurality of node computing entities, the apparatus comprising at least one processor, a communications interface configured for communicating via at least one network, and at least one memory storing computer program code, the at least one memory and the computer program code configured to, with the processor, cause the apparatus to at least:
- receive a share key request indicating that a first user account has authorized a second user account to have access to a set of data stored in the distributed ledger;
  
  encrypt a data access key for accessing the set of data using an encrypting key corresponding to the second user account;
  
  generate a block comprising the encrypted data access key;
  
  sign the block comprising the encrypted data access key using a signing key corresponding to the first user account; and
  
  post the signed block comprising the encrypted data access key to the distributed ledger.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The apparatus of claim 10, wherein upon receipt of the signed block comprising the encrypted data access key, a second node computing entity authenticates the signed block using an authentication key corresponding to the first user.
  - 12. The apparatus of claim 11, wherein upon authenticating the signed block, the second node computing entity decrypts the encrypted data access key using a decrypting key corresponding to the second user.
  - 13. The apparatus of claim 12, wherein upon decrypting the encrypted data access key, the data access key is stored to a wallet in a local file storage stored in a memory of the second computing entity.
  - 14. The apparatus of claim 10, wherein the data access key provides retroactive permission for the second user account to access data encrypted with the data access key and stored in the distributed ledger.
  - 15. The apparatus of claim 10, wherein the distributed ledger comprises one or more add/edit user messages creating or editing one or more user accounts.
  - 16. The apparatus of claim 10, wherein the signing key (a) is a private digital signature key and (b) corresponds to an authentication key, the authentication key being a public digital signature key.
  - 17. The apparatus of claim 10, wherein the encryption key (a) is a public Diffie-Hellman-Merkle key and (b) corresponds to a decryption key, the decryption key being a private Diffie-Hellman key.
  - 18. The apparatus of claim 10, wherein the data access key is a symmetric key.

19. A computer program product for providing user access to a set of data stored in a distributed ledger the distributed ledger stored by a plurality of node computing entities, the computer program product comprising at least one non-transitory computer-readable storage medium having computer-executable program code instructions stored therein, the computer-executable program code instructions comprising program code instructions configured to, when executed by a processor of a node computing entity of the plurality of node computing entities:
- receive a share key request indicating that a first user account has authorized a second user account to have access to a set of data stored in the distributed ledger;
  
  encrypt a data access key for accessing the set of data using an encrypting key corresponding to the second user account;
  
  generate a block comprising the encrypted data access key;
  
  sign the block comprising the encrypted data access key using a signing key corresponding to the first user account; and
  
  post the signed block comprising the encrypted data access key to the distributed ledger.
- View Dependent Claims (20)
- - 20. The computer program product of claim 19, wherein:
    - the signing key (a) is a private digital signature key and (b) corresponds to an authentication key, the authentication key being a public digital signature key, andthe encryption key (a) is a public Diffie-Hellman-Merkle key and (b) corresponds to a decryption key, the decryption key being a private Diffie-Hellman key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alphapointe
Original Assignee
Alphapointe
Inventors
Ventura, Giuseppe, Tangowski, Jeffrey

Granted Patent

US 10,866,945 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/1448   Management of the data invo...

G06F 11/1458   Management of the backup or...

G06F 11/2025   using centralised failover ...

G06F 16/178   Techniques for file synchro...

G06F 16/235   Update request formulation

G06F 16/27   Replication, distribution o...

G06F 2201/84   Using snapshots, i.e. a log...

G06F 2201/85   Active fault masking withou...

G06F 3/0619   in relation to data integri...

G06F 3/065   Replication mechanisms

G06F 3/067   Distributed or networked st...

G06Q 10/087   Inventory or stock manageme...

G06Q 20/3674   involving authentication

G06Q 20/3829   involving key management

H04L 9/0841   involving Diffie-Hellman or...

H04L 9/3013   involving the discrete loga...

USER ACCOUNT MANAGEMENT VIA A DISTRIBUTED LEDGER

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

148 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

USER ACCOUNT MANAGEMENT VIA A DISTRIBUTED LEDGER

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

148 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links