SECURE MULTIPARTY LOSS RESISTANT STORAGE AND TRANSFER OF CRYPTOGRAPHIC KEYS FOR BLOCKCHAIN BASED SYSTEMS IN CONJUNCTION WITH A WALLET MANAGEMENT SYSTEM
First Claim
1. A computer-implemented method of controlling access to a resource, the method comprising:
- splitting a verification element into a plurality of shares;
determining a common secret at two or more nodes in a network; and
using the common secret to transmit at least one share of the verification element between the two or more nodes.
3 Assignments
0 Petitions
Accused Products
Abstract
The invention provides a computer-implemented solution for controlling access to a computer-related resource such as, for example, a digital wallet. In one or more embodiments, the wallet may be implemented using a blockchain such as the Bitcoin blockchain but the invention is not limited in this regard. Use of the invention during the initial set-up of the wallet can enable subsequent operations such as wallet transactions to be handled in a secure manner over an insecure channel such as the interne. A method according to an embodiment of the invention can comprise the steps of splitting a verification element (such as a private key in an asymmetric cryptography pair) into a plurality of shares; determining a common secret at two or more nodes in a network; and using the common secret to transmit at least one share of the verification element between the two or more nodes. The shares can be split such that no share on its own is sufficient to arrive at the verification element. This means that no one party stores the entire private key, providing for enhanced security of the key. Two or more shares are required to restore the key. The shares are stored at separate locations one of which is an independent back-up or safe-storage location. If one of the other shares becomes unavailable, the share can be retrieved from back up to ensure that the key (and thus the controlled resource) is still accessible. To ensure safe transmission of the share(s), the common secret is generated at two different nodes independently of each other and then used to generate an encryption key. The encryption key can be used to encrypt at least one share of the verification element, or a message comprising it, to ensure that the share(s) are transmitted securely.
-
Citations
25 Claims
-
1. A computer-implemented method of controlling access to a resource, the method comprising:
-
splitting a verification element into a plurality of shares; determining a common secret at two or more nodes in a network; and using the common secret to transmit at least one share of the verification element between the two or more nodes. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A computer-implemented system arranged to control access to a digital wallet, the computer-implemented system being operative to:
-
determine a first entity second private key based on at least a first entity master private key and a generator value; determine a second entity second private key based on at least a second entity master private key and the generator value; and determine a common secret (CS) at the first entity based on the first entity second private key and a second entity second public key, and determining the common secret (CS) at the second entity based on the second entity second private key and first entity second public key, wherein; the first entity second public key and the second entity second public key are respectively based on at least the first/second entity master private key and the generator value.
-
-
25. A method of controlling access to a digital wallet, the method comprising:
-
determining a first entity second private key based on at least a first entity master private key and a generator value; determining a second entity second private key based on at least a second entity master private key and the generator value; and determining a common secret (CS) at the first entity based on the first entity second private key and [[the ]]a second entity second public key, and determining the common secret (CS) at the second entity based on the second entity second private key and first entity second public key, wherein; the first entity second public key and the second entity second public key are respectively based on at least the first/second entity master private key and the generator value.
-
Specification