SECURE TOKEN PASSING VIA HASH CHAINS

US 20190014100A1
Filed: 07/10/2017
Published: 01/10/2019
Est. Priority Date: 07/10/2017
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a request to add an expansion node to a hash chain associated with a resource to signify a transfer of a privilege associated with the resource, wherein the request includes a confirmation possession token;

generating a confirmation hash digest based on the confirmation possession token via a hashing function associated with the hash chain;

verifying the confirmation hash digest matches a predecessor hash digest indicated in a predecessor node of the hash chain, wherein the hashing function maps a predecessor possession token to the predecessor hash digest; and

linking the expansion node to the predecessor node, wherein the expansion node indicates the predecessor possession token and a successor hash digest, wherein the successor hash digest is based on a successor possession token.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments presented herein provide systems and methods for creating and modifying a hash chain. A hash chain is created to track resource-privilege transfers between entities. A root node of the hash chain identifies the resource and specifies a digest of a possession token held by a first entity that initially possesses the privilege. A transfer of the privilege to a second entity can be recorded by adding an expansion node to the hash chain. If the second entity successfully reveals a possession token that a hashing function associated with the hash chain maps to the digest, an expansion node is linked to the root node. The expansion node indicates the possession token and a successor digest that is based on a successor possession token.

Citations

20 Claims

1. A method comprising:
- receiving a request to add an expansion node to a hash chain associated with a resource to signify a transfer of a privilege associated with the resource, wherein the request includes a confirmation possession token;
  
  generating a confirmation hash digest based on the confirmation possession token via a hashing function associated with the hash chain;
  
  verifying the confirmation hash digest matches a predecessor hash digest indicated in a predecessor node of the hash chain, wherein the hashing function maps a predecessor possession token to the predecessor hash digest; and
  
  linking the expansion node to the predecessor node, wherein the expansion node indicates the predecessor possession token and a successor hash digest, wherein the successor hash digest is based on a successor possession token.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the predecessor node includes an identifier of a first entity and the expansion node includes an identifier of a second entity, and wherein the expansion node indicates a transfer of the privilege from the first entity to the second entity.
  - 3. The method of claim 1, further comprising:
    - determining an order of a set of nodes included in a predecessor level of the hash chain, wherein the set of nodes includes the predecessor node; and
      
      selecting the predecessor node from the set of nodes based on a position of the predecessor node in the order and a predefined policy.
  - 4. The method of claim 1, further comprising:
    - receiving a plurality of requests to add additional nodes to the hash chain, wherein each request indicates a corresponding confirmation possession token;
      
      generating, for each additional node, a corresponding hash digest based on the corresponding confirmation possession token;
      
      verifying each corresponding hash digest matches the predecessor hash digest; and
      
      linking each additional node to the predecessor node, wherein each additional node indicates the predecessor possession token and an additional hash digest based on an additional possession token associated with the additional node.
  - 5. The method of claim 1, further comprising:
    - receiving, in the request, a plurality of segments derived from the predecessor possession token, wherein the segments are associated with a set of nodes in a predecessor level of the hash chain, and wherein the set of nodes includes the predecessor node;
      
      generating the confirmation possession token from the plurality of segments based on a segmentation scheme; and
      
      generating the confirmation hash digest by inputting the confirmation possession token into the hashing function associated with the hash chain.
  - 6. The method of claim 1, further comprising:
    - receiving, in the request, a second confirmation possession token;
      
      generating a second confirmation hash digest based on the second confirmation possession token via the hashing function;
      
      verifying the second confirmation hash digest matches a second predecessor hash digest indicated in a second predecessor node of the hash chain, wherein the hashing function maps a second predecessor possession token to the second predecessor hash digest; and
      
      linking the successor node to the second predecessor node, wherein the successor node indicates the second predecessor possession token.
  - 7. The method of claim 1, wherein a root node of the hash chain includes a resource-identifier token that identifies the resource associated with the hash chain.

8. A system comprising:
- one or more processors; and
  
  memory storing one or more applications that, when executed on the one or more processors, perform an operation comprising;
  
  receiving a request to add an expansion node to a hash chain associated with a resource to signify a transfer of a privilege associated with the resource, wherein the request includes a confirmation possession token;
  
  generating a confirmation hash digest based on the confirmation possession token via a hashing function associated with the hash chain;
  
  verifying the confirmation hash digest matches a predecessor hash digest indicated in a predecessor node of the hash chain, wherein the hashing function maps a predecessor possession token to the predecessor hash digest; and
  
  linking the expansion node to the predecessor node, wherein the expansion node indicates the predecessor possession token and a successor hash digest, wherein the successor hash digest is based on a successor possession token.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the predecessor node includes an identifier of a first entity and the expansion node includes an identifier of a second entity, and wherein the expansion node indicates a transfer of the privilege from the first entity to the second entity.
  - 10. The system of claim 8, wherein the operation further comprises:
    - determining an order of a set of nodes included in a predecessor level of the hash chain, wherein the set of nodes includes the predecessor node; and
      
      selecting the predecessor node from the set of nodes based on a position of the predecessor node in the order and a predefined policy.
  - 11. The system of claim 8, wherein the operation further comprises:
    - receiving a plurality of requests to add additional nodes to the hash chain, wherein each request indicates a corresponding confirmation possession token;
      
      generating, for each additional node, a corresponding hash digest based on the corresponding confirmation possession token;
      
      verifying each corresponding hash digest matches the predecessor hash digest; and
      
      linking each additional node to the predecessor node, wherein each additional node indicates the predecessor possession token and an additional hash digest based on an additional possession token associated with the additional node.
  - 12. The system of claim 8, wherein the operation further comprises:
    - receiving, in the request, a plurality of segments derived from the predecessor possession token, wherein the segments are associated with a set of nodes in a predecessor level of the hash chain, and wherein the set of nodes includes the predecessor node;
      
      generating the confirmation possession token from the plurality of segments based on a segmentation scheme; and
      
      generating the confirmation hash digest by inputting the confirmation possession token into the hashing function associated with the hash chain.
  - 13. The system of claim 8, wherein the operation further comprises:
    - receiving, in the request, a second confirmation possession token;
      
      generating a second confirmation hash digest based on the second confirmation possession token via the hashing function;
      
      verifying the second confirmation hash digest matches a second predecessor hash digest indicated in a second predecessor node of the hash chain, wherein the hashing function maps a second predecessor possession token to the second predecessor hash digest; and
      
      linking the successor node to the second predecessor node, wherein the successor node indicates the second predecessor possession token.
  - 14. The system of claim 8, wherein a root node of the hash chain includes a resource-identifier token that identifies the resource associated with the hash chain.

15. A non-transitory computer-readable storage medium containing instructions that, when executed by one or more processors, perform an operation comprising:
- receiving a request to add an expansion node to a hash chain associated with a resource to signify a transfer of a privilege associated with the resource, wherein the request includes a confirmation possession token;
  
  generating a confirmation hash digest based on the confirmation possession token via a hashing function associated with the hash chain;
  
  verifying the confirmation hash digest matches a predecessor hash digest indicated in a predecessor node of the hash chain, wherein the hashing function maps a predecessor possession token to the predecessor hash digest; and
  
  linking the expansion node to the predecessor node, wherein the expansion node indicates the predecessor possession token and a successor hash digest, wherein the successor hash digest is based on a successor possession token.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable storage medium of claim 15, wherein the predecessor node includes an identifier of a first entity and the expansion node includes an identifier of a second entity, and wherein the expansion node indicates a transfer of the privilege from the first entity to the second entity.
  - 17. The non-transitory computer-readable storage medium of claim 15, wherein the operation further comprises:
    - determining an order of a set of nodes included in a predecessor level of the hash chain, wherein the set of nodes includes the predecessor node; and
      
      selecting the predecessor node from the set of nodes based on a position of the predecessor node in the order and a predefined policy.
  - 18. The non-transitory computer-readable storage medium of claim 15, wherein the operation further comprises:
    - receiving a plurality of requests to add additional nodes to the hash chain, wherein each request indicates a corresponding confirmation possession token;
      
      generating, for each additional node, a corresponding hash digest based on the corresponding confirmation possession token;
      
      verifying each corresponding hash digest matches the predecessor hash digest; and
      
      linking each additional node to the predecessor node, wherein each additional node indicates the predecessor possession token and an additional hash digest based on an additional possession token associated with the additional node.
  - 19. The non-transitory computer-readable storage medium of claim 15, wherein the operation further comprises:
    - receiving, in the request, a plurality of segments derived from the predecessor possession token, wherein the segments are associated with a set of nodes in a predecessor level of the hash chain, and wherein the set of nodes includes the predecessor node;
      
      generating the confirmation possession token from the plurality of segments based on a segmentation scheme; and
      
      generating the confirmation hash digest by inputting the confirmation possession token into the hashing function associated with the hash chain.
  - 20. The non-transitory computer-readable storage medium of claim 15, wherein the operation further comprises:
    - receiving, in the request, a second confirmation possession token;
      
      generating a second confirmation hash digest based on the second confirmation possession token via the hashing function;
      
      verifying the second confirmation hash digest matches a second predecessor hash digest indicated in a second predecessor node of the hash chain, wherein the hashing function maps a second predecessor possession token to the second predecessor hash digest; and
      
      linking the successor node to the second predecessor node, wherein the successor node indicates the second predecessor possession token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intuit, Inc.
Original Assignee
Intuit, Inc.
Inventors
SCOTT, Glenn, KERI, Induprakas

Granted Patent

US 10,567,369 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/20   for managing network securi...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3242   involving keyed hash functi...

H04L 9/50   using hash chains, e.g. blo...

SECURE TOKEN PASSING VIA HASH CHAINS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE TOKEN PASSING VIA HASH CHAINS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links