Retrieving public data for blockchain networks using highly available trusted execution environments

US 11,082,240 B2
Filed: 02/01/2021
Issued: 08/03/2021
Est. Priority Date: 03/27/2019
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for retrieving data from a data source that is external to a blockchain network, the method comprising:

receiving, by a relay system smart contract executing within the blockchain network and from a client within the blockchain network, a request for data from the data source;

transmitting, by the relay system smart contract, the request to a relay system that is external to the blockchain network, the relay system comprising a multi-node cluster that comprises a plurality of relay system nodes;

receiving, by the relay system smart contract, a result provided from a relay system node of the multi-node cluster, the result being digitally signed with a digital signature using a private key of the relay system node, the result including the data from the data source;

identifying, by the relay system smart contract, a first unique identification of the relay system node, wherein the first unique identification of the relay system node comprises a web address of the relay system node;

determining, by the relay system smart contract, that the first unique identification of the relay system node matches a second unique identification comprised in a plurality of unique identifications, wherein the plurality of unique identifications are comprised in the relay system smart contract and are associated with a plurality of registered relay system nodes;

in response to determining that the first unique identification of the relay system node matches the second unique identification, verifying, by the relay system smart contract, that the relay system node is registered at the relay system smart contract;

in response to verifying that the relay system node is registered at the relay system smart contract, verifying, by the relay system smart contract, an integrity of the result based on a public key of the relay system node and the digital signature; and

in response to verifying the integrity of the result, transmitting the result to the client.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for enhancing blockchain network security. Implementations include receiving a request for data from the data source, transmitting the request to a relay system that is external to the blockchain network and that includes a multi-node cluster including a plurality of relay system nodes, receiving a result provided from a relay system node, the result being digitally signed using a private key of the relay system node, verifying that the relay system node is registered, verifying an integrity of the result based on a public key of the relay system node and a digital signature of the result in response to verifying that the relay system node is registered, and transmitting the result to a client in response to verifying the integrity of the result.

53 Citations

18 Claims

1. A computer-implemented method for retrieving data from a data source that is external to a blockchain network, the method comprising:
- receiving, by a relay system smart contract executing within the blockchain network and from a client within the blockchain network, a request for data from the data source;
  
  transmitting, by the relay system smart contract, the request to a relay system that is external to the blockchain network, the relay system comprising a multi-node cluster that comprises a plurality of relay system nodes;
  
  receiving, by the relay system smart contract, a result provided from a relay system node of the multi-node cluster, the result being digitally signed with a digital signature using a private key of the relay system node, the result including the data from the data source;
  
  identifying, by the relay system smart contract, a first unique identification of the relay system node, wherein the first unique identification of the relay system node comprises a web address of the relay system node;
  
  determining, by the relay system smart contract, that the first unique identification of the relay system node matches a second unique identification comprised in a plurality of unique identifications, wherein the plurality of unique identifications are comprised in the relay system smart contract and are associated with a plurality of registered relay system nodes;
  
  in response to determining that the first unique identification of the relay system node matches the second unique identification, verifying, by the relay system smart contract, that the relay system node is registered at the relay system smart contract;
  
  in response to verifying that the relay system node is registered at the relay system smart contract, verifying, by the relay system smart contract, an integrity of the result based on a public key of the relay system node and the digital signature; and
  
  in response to verifying the integrity of the result, transmitting the result to the client.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-implemented method of claim 1, further comprising:
    - receiving an attestation verification report, wherein the attestation verification report comprises a first measurement value associated with the relay system node;
      
      comparing the first measurement value with a second measurement value that is associated with the relay system node and is pre-stored in the relay system smart contract;
      
      in response to determining that the first measurement value corresponds to the second measurement value, determining that the relay system node is valid; and
      
      in response to determining that the relay system node is valid, storing the first unique identification of the relay system node in the relay system smart contract.
  - 3. The computer-implemented method of claim 2, wherein the attestation verification report comprises a signature of an attestation service that generated the attestation verification report, wherein the signature is generated by a private key of the attestation service, and wherein the computer-implemented method further comprises:
    - verifying the signature using a public key of the attestation service; and
      
      in response to determining that the signature is verified, determining that the attestation verification report is valid.
  - 4. The computer-implemented method of claim 2, wherein the second measurement value is obtained from the relay system node or from a developer of the relay system node.
  - 5. The computer-implemented method of claim 2, wherein the second measurement value comprises a digest of an initial state of the relay system node.
  - 6. The computer-implemented method of claim 2, wherein the second measurement value comprises a hash value of a process code that is implemented on the relay system node.

7. A non-transitory, computer-readable storage medium storing one or more instructions executable by a computer system to perform operations comprising:
- receiving, by a relay system smart contract executing within a blockchain network and from a client within the blockchain network, a request for data from a data source;
  
  transmitting, by the relay system smart contract, the request to a relay system that is external to the blockchain network, the relay system comprising a multi-node cluster that comprises a plurality of relay system nodes;
  
  receiving, by the relay system smart contract, a result provided from a relay system node of the multi-node cluster, the result being digitally signed with a digital signature using a private key of the relay system node, the result including the data from the data source;
  
  identifying, by the relay system smart contract, a first unique identification of the relay system node, wherein the first unique identification of the relay system node comprises a web address of the relay system node;
  
  determining, by the relay system smart contract, that the first unique identification of the relay system node matches a second unique identification comprised in a plurality of unique identifications, wherein the plurality of unique identifications are comprised in the relay system smart contract and are associated with a plurality of registered relay system nodes;
  
  in response to determining that the first unique identification of the relay system node matches the second unique identification, verifying, by the relay system smart contract, that the relay system node is registered at the relay system smart contract;
  
  in response to verifying that the relay system node is registered at the relay system smart contract, verifying, by the relay system smart contract, an integrity of the result based on a public key of the relay system node and the digital signature; and
  
  in response to verifying the integrity of the result, transmitting the result to the client.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The non-transitory, computer-readable storage medium of claim 7, the operations further comprising:
    - receiving an attestation verification report, wherein the attestation verification report comprises a first measurement value associated with the relay system node;
      
      comparing the first measurement value with a second measurement value that is associated with the relay system node and is pre-stored in the relay system smart contract;
      
      in response to determining that the first measurement value corresponds to the second measurement value, determining that the relay system node is valid; and
      
      in response to determining that the relay system node is valid, storing the first unique identification of the relay system node in the relay system smart contract.
  - 9. The non-transitory, computer-readable storage medium of claim 8, wherein the attestation verification report comprises a signature of an attestation service that generated the attestation verification report, wherein the signature is generated by a private key of the attestation service, and wherein the operations further comprise:
    - verifying the signature using a public key of the attestation service; and
      
      in response to determining that the signature is verified, determining that the attestation verification report is valid.
  - 10. The non-transitory, computer-readable storage medium of claim 8, wherein the second measurement value is obtained from the relay system node or from a developer of the relay system node.
  - 11. The non-transitory, computer-readable storage medium of claim 8, wherein the second measurement value comprises a digest of an initial state of the relay system node.
  - 12. The non-transitory, computer-readable storage medium of claim 8, wherein the second measurement value comprises a hash value of a process code that is implemented on the relay system node.

13. A computer-implemented system, comprising:
- one or more computers; and
  
  one or more computer memory devices interoperably coupled with the one or more computers and having tangible, non-transitory, machine-readable media storing one or more instructions that, when executed by the one or more computers, perform one or more operations comprising;
  
  receiving, by a relay system smart contract executing within a blockchain network and from a client within the blockchain network, a request for data from a data source;
  
  transmitting, by the relay system smart contract, the request to a relay system that is external to the blockchain network, the relay system comprising a multi-node cluster that comprises a plurality of relay system nodes;
  
  receiving, by the relay system smart contract, a result provided from a relay system node of the multi-node cluster, the result being digitally signed with a digital signature using a private key of the relay system node, the result including the data from the data source;
  
  identifying, by the relay system smart contract, a first unique identification of the relay system node, wherein the first unique identification of the relay system node comprises a web address of the relay system node;
  
  determining, by the relay system smart contract, that the first unique identification of the relay system node matches a second unique identification comprised in a plurality of unique identifications, wherein the plurality of unique identifications are comprised in the relay system smart contract and are associated with a plurality of registered relay system nodes;
  
  in response to determining that the first unique identification of the relay system node matches the second unique identification, verifying, by the relay system smart contract, that the relay system node is registered at the relay system smart contract;
  
  in response to verifying that the relay system node is registered at the relay system smart contract, verifying, by the relay system smart contract, an integrity of the result based on a public key of the relay system node and the digital signature; and
  
  in response to verifying the integrity of the result, transmitting the result to the client.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computer-implemented system of claim 13, the operations further comprising:
    - receiving an attestation verification report, wherein the attestation verification report comprises a first measurement value associated with the relay system node;
      
      comparing the first measurement value with a second measurement value that is associated with the relay system node and is pre-stored in the relay system smart contract;
      
      in response to determining that the first measurement value corresponds to the second measurement value, determining that the relay system node is valid; and
      
      in response to determining that the relay system node is valid, storing the first unique identification of the relay system node in the relay system smart contract.
  - 15. The computer-implemented system of claim 14, wherein the attestation verification report comprises a signature of an attestation service that generated the attestation verification report, wherein the signature is generated by a private key of the attestation service, and wherein the operations further comprise:
    - verifying the signature using a public key of the attestation service; and
      
      in response to determining that the signature is verified, determining that the attestation verification report is valid.
  - 16. The computer-implemented system of claim 14, wherein the second measurement value is obtained from the relay system node or from a developer of the relay system node.
  - 17. The computer-implemented system of claim 14, wherein the second measurement value comprises a digest of an initial state of the relay system node.
  - 18. The computer-implemented system of claim 14, wherein the second measurement value comprises a hash value of a process code that is implemented on the relay system node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Advanced New Technologies Company Limited (Ant Group Co., Ltd.)
Original Assignee
Advanced New Technologies Company Limited (Ant Group Co., Ltd.)
Inventors
Yu, Yirong
Primary Examiner(s)
Ho, Dao Q

Application Number

US17/164,621
Publication Number

US 20210160083A1
Time in Patent Office

183 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/6218   to a system of files or obj...

G06F 21/71   to assure secure computing ...

H04L 2209/127   Trusted platform modules [TPM]

H04L 9/30   Public key, i.e. encryption...

H04L 9/3239   involving non-keyed hash fu...

H04L 9/3247   involving digital signatures

H04L 9/50   using hash chains, e.g. blo...

Retrieving public data for blockchain networks using highly available trusted execution environments

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

53 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Retrieving public data for blockchain networks using highly available trusted execution environments

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links