API key generation of a security system forming part of a host computer for cryptographic transactions

US 9,882,715 B2
Filed: 07/12/2017
Issued: 01/30/2018
Est. Priority Date: 05/19/2015
Status: Active Grant

First Claim

Patent Images

1. A host computer system comprising:

a processor;

the non-transitory computer-readable medium having stored thereon a service and a set of instructions that, when executed by the processor of a computer carries out a method performed by the service;

wherein the service comprises a data store;

a master key loader to store an operational master key in the data store of the service;

a checkout module to generate an address and a private key, encrypt the private key with the operational master key to generate an encrypted private key, and store the address and the encrypted private key in association with one another prior to receiving a request for payment;

an application programmable interface (API) key generator to receive a plurality of requests to create an API key,generate, upon a determination by the API key generator that the plurality of requests to create an API key is at least equal to a minimum number (M) requests, an API key,store the API key, andprovide an output of the API key; and

a payment modulea web application on the non-transitory computer-readable medium and executable by the processor to;

receive the API key,store the API key,receive a request for payment to a cryptographic currency address, the request for payment including an amount of cryptographic currency to be paid,generate an unsigned transaction in response to receiving the request for payment, the unsigned transaction including the amount of cryptographic currency to be paid in the request for payment, andcommunicate with the service in response to receiving the request for payment, including providing the API key stored by the web application to the service, wherein the web application is configured and to request a signing of the unsigned transaction to create a signed transaction,the payment module of the service to receive the API key from the web application, and execute a procedure only if the API key received from the web server matches the API key stored by the service, the payment module to receive the request for signing the transaction, determine the address corresponding to the cryptographic currency address in the unsigned transaction, determine the encrypted private key stored in association with the address, decrypt the encrypted private key with the operational master key to generate a decrypted private key, and sign the transaction with the decrypted private key to create the signed transaction, the web application configured to receive the signed transaction, and broadcast the signed transaction over a cryptographic currency network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A key ceremony application creates bundles for custodians encrypted with their passphrases. Each bundle includes master key share. The master key shares are combined to store an operational master key. The operational master key is used for private key encryption during a checkout process. The operational private key is used for private key decryption for transaction signing in a payment process. The bundles further include TLS keys for authenticated requests to create an API key for a web application to communicate with a service and to unfreeze the system after it has been frozen by an administrator.

31 Citations

View as Search Results

9 Claims

1. A host computer system comprising:
- a processor;
  
  the non-transitory computer-readable medium having stored thereon a service and a set of instructions that, when executed by the processor of a computer carries out a method performed by the service;
  
  wherein the service comprises a data store;
  
  a master key loader to store an operational master key in the data store of the service;
  
  a checkout module to generate an address and a private key, encrypt the private key with the operational master key to generate an encrypted private key, and store the address and the encrypted private key in association with one another prior to receiving a request for payment;
  
  an application programmable interface (API) key generator to receive a plurality of requests to create an API key,generate, upon a determination by the API key generator that the plurality of requests to create an API key is at least equal to a minimum number (M) requests, an API key,store the API key, andprovide an output of the API key; and
  
  a payment modulea web application on the non-transitory computer-readable medium and executable by the processor to;
  
  receive the API key,store the API key,receive a request for payment to a cryptographic currency address, the request for payment including an amount of cryptographic currency to be paid,generate an unsigned transaction in response to receiving the request for payment, the unsigned transaction including the amount of cryptographic currency to be paid in the request for payment, andcommunicate with the service in response to receiving the request for payment, including providing the API key stored by the web application to the service, wherein the web application is configured and to request a signing of the unsigned transaction to create a signed transaction,the payment module of the service to receive the API key from the web application, and execute a procedure only if the API key received from the web server matches the API key stored by the service, the payment module to receive the request for signing the transaction, determine the address corresponding to the cryptographic currency address in the unsigned transaction, determine the encrypted private key stored in association with the address, decrypt the encrypted private key with the operational master key to generate a decrypted private key, and sign the transaction with the decrypted private key to create the signed transaction, the web application configured to receive the signed transaction, and broadcast the signed transaction over a cryptographic currency network.
- View Dependent Claims (2, 3, 4)
- - 2. The host computer system of claim 1, wherein the API key generator provides the API key to one of the custodians who provides the API key to the web application.
  - 3. The host computer system of claim 1, further comprising:
    - a key ceremony application configured to create a for-distribution master key, store the for-distribution master key in the data store, split the for-distribution master key into N shares, distribute the N shares among N custodians, clear the for-distribution master key from the data store; and
      
      a master key loader configured to receive at least M of the N shares and derive the operational master key from the M shares before storing the operational master key in the data store.
  - 4. The host computer system of claim 3, wherein the key ceremony application is configured to create a custodian transport layer security (TLS) key for each custodian, bundle a respective custodian TLS key with a respective share in a respective bundle, and distribute the respective bundles to the respective custodians, wherein the freeze logic is configured to authenticate the requests to unfreeze transaction signing with the respective custodian TLS keys.

5. A method of transacting cryptographic currency comprising:
- storing, by a master key loader, an operational master key in a data store of a service, wherein the service is stored on non-transitory computer readable medium and executable by a processor;
  
  generating, by the service, an address and a private key;
  
  encrypting, by the service, the private key with the operational master key to generate an encrypted private key;
  
  storing, by the service, the address and the encrypted private key in association with one another prior to receiving the request for payment;
  
  receiving, by the service, a plurality of requests to create an application programmable interface (API) key;
  
  generating, by the service, upon a determination by the service that the plurality of requests to create an API key is at least equal to a minimum number (M) requests, an API key;
  
  storing, by the service, the API key;
  
  providing, by the service, an output of the API key;
  
  receiving, by a web application on the non-transitory computer-readable medium and executable by the processor, the API key;
  
  storing, by the web application, the API key;
  
  receiving, by the web application, a request for payment to a cryptographic currency address, the request for payment including an amount of cryptographic currency to be paid;
  
  generating, by the web application, an unsigned transaction in response to receiving the request for payment, the unsigned transaction including the amount of cryptographic currency to be paid in the request from payment;
  
  communicating, by the web application, with the service in response to receiving the request, including providing the API key stored by the web application to the service and requesting, by the web application, a signing of the unsigned transaction to create a signed transaction;
  
  receiving, by the service, the API key and the request for signing the transaction from the web application;
  
  executing, by the service, a procedure only if the API key received from the web server matches the API key stored by the service, including;
  
  determining, by the service, the address corresponding to the cryptographic currency address in the unsigned transaction;
  
  determining, by the service, the encrypted private key stored in association with the address;
  
  decrypting, by the service, the encrypted private key with the operational master key to generate a decrypted private key; and
  
  signing, by the service, the transaction with the decrypted private key to create the signed transaction;
  
  receiving, by the web application, the signed transaction; and
  
  broadcasting, by the web application, the signed transaction over a cryptographic currency network.
- View Dependent Claims (6, 7, 8)
- - 6. The method of claim 5, wherein the service provides the API key to one of the custodians who provides the API key to the web application.
  - 7. The method of claim 5, further comprising:
    - creating, by a key ceremony application service, a for-distribution master key;
      
      storing, by the key ceremony application, the for-distribution master key in the data store;
      
      splitting, by the key ceremony application, the for-distribution master key into N shares;
      
      distributing, by the key ceremony application, the N shares among N custodians;
      
      clearing, by the key ceremony application, the for-distribution master key from the data store;
      
      receiving, by the key ceremony application, at least M of the N shares, where M is equal to or less than N; and
      
      deriving, by the key ceremony application, the operational master key from the M shares before storing the operational master key in the data store.
  - 8. The method of claim 7, further comprising:
    - creating, by the key ceremony application, a custodian transport layer security (TLS) key for each custodian;
      
      bundling, by the key ceremony application, a respective custodian TLS key with a respective share in a respective bundle;
      
      distributing, by the key ceremony application, the respective bundles to the respective custodians; and
      
      authenticating, by the key ceremony application, the requests to for an API key with the respective custodian TLS keys.

9. A non-transitory computer-readable medium having stored thereon a set of instructions that, when executed by a processor of a computer carries out a method of transacting cryptographic currency comprising:
- storing, by a master key loader, an operational master key in a data store of a service, wherein the service is stored the on non-transitory computer readable medium and executable by the processor;
  
  generating, by the service, an address and a private key;
  
  encrypting, by the service, the private key with the operational master key to generate an encrypted private key;
  
  storing, by the service, the address and the encrypted private key in association with one another prior to receiving the request for payment;
  
  receiving, by the service, a plurality of requests to create an application programmable interface (API) key;
  
  generating, by the service, upon a determination by the service that the plurality of requests to create an API key is at least equal to a minimum number (M) requests, an API key;
  
  storing, by the service, the API key;
  
  providing, by the service, an output of the API key;
  
  receiving, by a web application on the non-transitory computer-readable medium and executable by the processor, the API key;
  
  storing, by the web application, the API key;
  
  receiving, by the web application, a request for payment to a cryptographic currency address, the request for payment including an amount of cryptographic currency to be paid;
  
  generating, by the web application, an unsigned transaction in response to receiving the request for payment, the unsigned transaction including the amount of cryptographic currency to be paid in the request from payment;
  
  communicating, by the web application, with the service in response to receiving the request, including providing the API key stored by the web application to the service and requesting, by the web application, a signing of the unsigned transaction to create a signed transaction;
  
  receiving, by the service, the API key and the request for signing the transaction from the web application;
  
  executing, by the service, a procedure only if the API key received from the web server matches the API key stored by the service, including;
  
  determining, by the service, the address corresponding to the cryptographic currency address in the unsigned transaction;
  
  determining, by the service, the encrypted private key stored in association with the address;
  
  decrypting, by the service, the encrypted private key with the operational master key to generate a decrypted private key; and
  
  signing, by the service, the transaction with the decrypted private key to create the signed transaction;
  
  receiving, by the web application, the signed transaction; and
  
  broadcasting, by the web application, the signed transaction over a cryptographic currency network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Coinbase, Inc.
Original Assignee
Coinbase, Inc.
Inventors
Alness, Andrew E., Hudon, James Bradley
Primary Examiner(s)
GRACIA, GARY S

Application Number

US15/647,889
Publication Number

US 20170310477A1
Time in Patent Office

202 Days
Field of Search

None
US Class Current
CPC Class Codes

G06Q 20/065   using e-cash

G06Q 20/3823   combining multiple encrypti...

H04L 63/00   Network architectures or ne...

H04L 63/06   for supporting key manageme...

H04L 63/166   at the transport layer

H04L 9/0819   Key transport or distributi...

H04L 9/0822   using key encryption key

H04L 9/085   Secret sharing or secret sp...

H04L 9/0863   involving passwords or one-...

API key generation of a security system forming part of a host computer for cryptographic transactions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

31 Citations

9 Claims

Specification

Use Cases

Quick Links

Others

API key generation of a security system forming part of a host computer for cryptographic transactions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

9 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others