SECURE MULTIPARTY LOSS RESISTANT STORAGE AND TRANSFER OF CRYPTOGRAPHIC KEYS FOR BLOCKCHAIN BASED SYSTEMS IN CONJUNCTION WITH A WALLET MANAGEMENT SYSTEM

US 20180367298A1
Filed: 08/23/2018
Published: 12/20/2018
Est. Priority Date: 02/23/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of controlling access to a resource, the method comprising:

splitting a verification element into a plurality of shares;

determining a common secret at two or more nodes in a network; and

using the common secret to transmit at least one share of the verification element between the two or more nodes.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides a computer-implemented solution for controlling access to a computer-related resource such as, for example, a digital wallet. In one or more embodiments, the wallet may be implemented using a blockchain such as the Bitcoin blockchain but the invention is not limited in this regard. Use of the invention during the initial set-up of the wallet can enable subsequent operations such as wallet transactions to be handled in a secure manner over an insecure channel such as the interne. A method according to an embodiment of the invention can comprise the steps of splitting a verification element (such as a private key in an asymmetric cryptography pair) into a plurality of shares; determining a common secret at two or more nodes in a network; and using the common secret to transmit at least one share of the verification element between the two or more nodes. The shares can be split such that no share on its own is sufficient to arrive at the verification element. This means that no one party stores the entire private key, providing for enhanced security of the key. Two or more shares are required to restore the key. The shares are stored at separate locations one of which is an independent back-up or safe-storage location. If one of the other shares becomes unavailable, the share can be retrieved from back up to ensure that the key (and thus the controlled resource) is still accessible. To ensure safe transmission of the share(s), the common secret is generated at two different nodes independently of each other and then used to generate an encryption key. The encryption key can be used to encrypt at least one share of the verification element, or a message comprising it, to ensure that the share(s) are transmitted securely.

Citations

25 Claims

1. A computer-implemented method of controlling access to a resource, the method comprising:
- splitting a verification element into a plurality of shares;
  
  determining a common secret at two or more nodes in a network; and
  
  using the common secret to transmit at least one share of the verification element between the two or more nodes.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. A method according to claim 1 wherein the verification element is a cryptographic key, a representation of a cryptographic key, or some element which may be used to access, calculate or retrieve the cryptographic key.
  - 3. A method according to claim 1 and further comprising the step of using the common secret to generate an encryption key, wherein the encryption key is used to encrypt the at least one share of the verification element or a message comprising or relating to said at least one share.
  - 4. A method according to claim 1 and further comprising the step of:
    - storing at least three shares of the verification element at different locations relative to each other; and
      
      wherein at least one of the three shares is stored in or on a back-up or safe-storage facility which is separate, independent and/or distinct from the at least two other locations.
  - 5. A method according to claim 1, wherein the resource is a digital wallet or other resource relating to some form of currency.
  - 6. A method according to claim 1, wherein the verification element is split into a plurality of shares such that the verification element can be restored or regenerated from two or more of the shares;
    - andwherein the verification element is split into a plurality of shares using Shamir'"'"'s Secret Sharing Scheme.
  - 7. A method according to claim 1, wherein the common secret is:
    - i) determined at the two or more nodes independently of each other, such that the common secret does not require transmission over a communications channel between the nodes; and
      
      /orii) shared only by the two or more nodes.
  - 8. A method according to claim 1 comprising the step of setting up, creating or registering a digital wallet, wherein the verification element is associated with the digital wallet.
  - 9. A method according to claim 1, wherein the common secret is determined by first (C) and second (S) nodes in the network, wherein the first node (C) is associated with a first asymmetric cryptography pair having a first node master private key (V_1C) and a first node master public key (P_1C), and the second node (S) is associated with a second asymmetric cryptography pair having a second node master private key (V_1S) and a second node master public key (P_1S),wherein the method further comprises:
    - determining a first node second private key (V_2C) based on at least the first node master private key (V_1C) and a Generator Value (GV);
      
      determining a second node second public key (P_2S) based on at least the second node master public key (P_1S) and the Generator Value (GV); and
      
      determining the common secret (CS) based on the first node second private key (V_2C) and the second node second public key (P_2S),wherein the second node (S) has the same common secret (S) based on a first node second public key (P_2C) and a second node second private key (V_2S), wherein;
      
      the first node second public key (P_2C) is based on at least the first node master public key (P_1C) and the Generator Value (GV); and
      
      the second node second private key (V_2S) is based on at least the second node master private key (V_1S) and the Generator Value (GV).
  - 10. A method according to claim 9, wherein the Generator Value (GV) is based on a message (M).
  - 11. A method according to claim 10 and further comprising the steps of:
    - generating a first signed message (SM1) based on the message (M) and the first node second private key (V_2C); and
      
      sending, over a communications network, the first signed message (SM1) to the second node (S),wherein the first signed message (SM1) can be validated with a first node second public key (P_2C) to authenticate the first node (C).
  - 12. A method according to claim 10 and further comprising:
    - receiving, over a communications network, a second signed message (SM2) from the second node (S);
      
      validating the second signed message (SM2) with the second node second public key (P2S); and
      
      authenticating the second node (S) based on the a result of validating the second signed message (SM2),wherein the second signed message (SM2) was generated based on the message (M), or a second message (M2), and the second node second private key (V_2S).
  - 13. A method according to claim 9 and further comprising:
    - generating a message (M); and
      
      sending, over a communications network, the message (M) to the second node (S).
  - 14. A method according to claim 10 further comprising:
    - receiving the message (M), over a communications network, from the second node (S).
  - 15. A method according to claim 10 further comprising:
    - receiving the message (M), over a communications network, from another node.
  - 16. A method according to claim 9, wherein the first node master public key (P_1C), second node master public key (P_1S) are based on elliptic curve point multiplication of respective first node master private key (V_1C) and second node master private key (V_1S) and a base point (G).
  - 17. A method according to claim 9 further comprising the steps of:
    - receiving, over a communications network, the second node master public key (P_1S); and
      
      storing, at a data store associated with the first node (C), the second node master public key (P_1S).
  - 18. A method according to claim 9 further comprising the steps of:
    - generating, at a first node (C), the first node master private key (V_1C) and the first node master public key (P_1C);
      
      sending, over a communications network, the first node master public key (P_1C) to the second node (S) and/or other node; and
      
      storing, in a first data store associated with the first node (C), the first node master private key (V_1C).
  - 19. A method according to claim 9, wherein the Generator Value (GV) is based on determining a hash of a previous Generator Value (GV).
  - 20. A method according to claim 9, wherein the first asymmetric cryptography pair and the second asymmetric cryptography pair are based on a function of respective previous first asymmetric cryptography pair and previous second asymmetric cryptography pair.
  - 21. A computer-based system arranged to perform the steps of claim 1.
  - 22. A system according to claim 21, wherein:
    - the resource is a digital wallet or other resource relating to some form of currency.
  - 23. A system according to claim 21, wherein the system comprises software arranged to enable the setup, creation or registration of a digital wallet, wherein the verification element is associated with the digital wallet.

24. A computer-implemented system arranged to control access to a digital wallet, the computer-implemented system being operative to:
- determine a first entity second private key based on at least a first entity master private key and a generator value;
  
  determine a second entity second private key based on at least a second entity master private key and the generator value; and
  
  determine a common secret (CS) at the first entity based on the first entity second private key and a second entity second public key, and determining the common secret (CS) at the second entity based on the second entity second private key and first entity second public key,wherein;
  
  the first entity second public key and the second entity second public key are respectively based on at least the first/second entity master private key and the generator value.

25. A method of controlling access to a digital wallet, the method comprising:
- determining a first entity second private key based on at least a first entity master private key and a generator value;
  
  determining a second entity second private key based on at least a second entity master private key and the generator value; and
  
  determining a common secret (CS) at the first entity based on the first entity second private key and [[the ]]a second entity second public key, and determining the common secret (CS) at the second entity based on the second entity second private key and first entity second public key,wherein;
  
  the first entity second public key and the second entity second public key are respectively based on at least the first/second entity master private key and the generator value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nchain Licensing AG (Nchain Holdings Limited)
Original Assignee
Nchain Holdings Limited
Inventors
Wright, Craig Steven, Savanah, Stephane

Granted Patent

US 10,659,223 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06Q 20/3678   e-cash details, e.g. blinde...

G06Q 20/3829   involving key management

G06Q 2220/00   Business processing using c...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0442   wherein the sending and rec...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/085   Secret sharing or secret sp...

H04L 9/0861   Generation of secret inform...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3066   involving algebraic varieti...

H04L 9/3247   involving digital signatures

H04L 9/3252   using DSA or related signat...

SECURE MULTIPARTY LOSS RESISTANT STORAGE AND TRANSFER OF CRYPTOGRAPHIC KEYS FOR BLOCKCHAIN BASED SYSTEMS IN CONJUNCTION WITH A WALLET MANAGEMENT SYSTEM

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE MULTIPARTY LOSS RESISTANT STORAGE AND TRANSFER OF CRYPTOGRAPHIC KEYS FOR BLOCKCHAIN BASED SYSTEMS IN CONJUNCTION WITH A WALLET MANAGEMENT SYSTEM

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links