• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    the present invention relates to a method for distributing multiple encrypted keys used to access data which includes: receiving a data signal superimposed on a passkey request, in which the passkey request includes at least one number, n, greater than 1, of requested keys; generating n key pairs using a key pair generating algorithm, in which each key pair includes a private key and a public key; derive a private access key by applying the private key included in each of the n key pairs to a key derivation algorithm; generate a public access key corresponding to the derived private access key using the key pair generator algorithm; and electronically transmitting a data signal superimposed on a private key included in one of the n key pairs for each of the n key pairs.
    公开号:BR112018011353B1
    申请号:R112018011353-0
    申请日:2017-01-06
    公开日:2020-03-17
    发明作者:Steven Charles DAVIS
    申请人:Mastercard International Incorporated;
    IPC主号:
    专利说明:

    Descriptive Report of the Invention Patent for "METHOD AND SYSTEM FOR PROVISION AND STORAGE OF CRYPTOGRAPHED KEY DISTRIBUTED VIA ELYPTIC CURVE CRYPTOGRAPHY". CROSS REFERENCE TO RELATED PATENT APPLICATIONS [001] This patent application claims priority and benefit from the filing date of US patent application, number 15 / 001,775, filed on January 20, 2016, which is incorporated here in its entirety by reference medium.
    FIELD
    [002] The present specification refers to the distribution of multiple encrypted keys used to access data and, specifically, the use of elliptical curve encryption to securely distribute a plurality of encrypted keys used to derive a single key for access data needed in negotiating ownership of data for recipients of encrypted keys.
    BACKGROUND
    [003] In a world in which the number of computing devices is in the billions, data transfer is a constant. Data can be transferred from one computing device to another, from one computing device to several other computing devices, or from multiple computing devices to a single device. In many cases, the security of a data transfer can be just as important as where the data is being transferred to. For example, if the data is properly protected so that only a recipient party is able to view it, it can be made publicly available to facilitate the recipient party's access. With a high level of security, data can be protected from any other entity than the recipient party despite public accessibility, which makes it extremely important to guarantee the security of data that is transferred via public channels.
    [004] However, such a hypothesis can be extremely difficult in cases where data must be made available to a group of recipient parties. For example, if an entity wants to make the data publicly available to a group of four different people, the party can encrypt the data and provide adequate data access keys for each of the four different people. In this case, a compromise of any of the four keys can corrupt the data being transferred, causing a significant reduction in security. To maintain the highest level of security, it may be best for the party to distribute a single key to access the data. However, the group of four may not be able to identify which person should receive the unique key, or such identification may be time consuming or cause another type of inconvenience for the party.
    [005] Thus, there is a need for a technical solution for the transfer of data to be accessed by a plurality of entities through the use of a single access key. In addition, there is a need for a technical solution whereby a sending party can provide data for each of the plurality of entities to negotiate ownership by the entities without the participation of a sending party. In this case, data can be transferred securely and the minimum probability of being compromised, providing access to only a single entity, which can be selected from the plurality of entities without requiring additional participation from a sending party.
    SUMMARY
    [006] This specification provides a description of systems and methods for distributing multiple encrypted keys to be used for data access.
    [007] A method for distributing multiple encrypted keys used to access data includes: receiving, via a receiving device from a processing server, a data signal superimposed on an access key request, in which the request for access key includes at least one number, n, greater than 1, of requested keys; generate, by means of a processing server generation module, n key pairs using a key pair generator algorithm, in which each key pair includes a private key and a public key; derive, by means of a derivation module from the processing server, a private access key by applying the private key included in each of the n key pairs to a key derivation algorithm; generate, through the generation module of the processing server, a public access key corresponding to the derived private access key using the key pair generator algorithm; and electronically transmitting, via a processing server transmission device, a data signal superimposed on a private key included in one of the n key pairs for each of the n key pairs.
    [008] A system for distributing multiple encrypted keys used to access data includes: a transmission device from a processing server; a receiving device from the processing server configured to receive a data signal superimposed on a passkey request, in which the passkey request includes at least one number, n, of requested keys; a processing server generation module configured to generate n key pairs using a key pair generator algorithm, in which each key pair includes a private key and a public key; and a processing server bypass module configured to derive a private access key by applying the private key included in each of the n key pairs to a key bypass algorithm. The generation module of the processing server is also configured to generate a public access key corresponding to the derived private access key using the key pair generator algorithm. The processing device of the processing server is configured to electronically transmit a data signal superimposed on a private key included in one of the n key pairs for each of the n key pairs.
    BRIEF DESCRIPTION OF THE DRAWINGS
    [009] The scope of this specification will be better understood from the following detailed description of the exemplary modalities when read in conjunction with the attached drawings, in which: [0010] Figure 1 is a block diagram illustrating an architecture of high level key distribution system for multiple entities to negotiate reward property according to exemplary modalities.
    [0011] Figure 2 is a block diagram illustrating the processing server in Figure 1 for the distribution of encrypted keys to multiple entities to be used in the negotiation of reward property according to exemplary modalities. [0012] Figure 3 is a flow diagram that illustrates the generation of an access key by the processing server of figure 2 to protect the data used in the negotiation of ownership by multiple entities according to exemplary modalities.
    [0013] Figure 4 is a flow diagram that illustrates a process flow for the transfer of an access key using elliptical curve cryptography according to exemplary modalities. [0014] Figure 5 is a flow chart that illustrates an exemplary method for distributing multiple encrypted keys used to access data according to exemplary modalities.
    [0015] Figure 6 is a block diagram that illustrates a computer system architecture according to exemplary modalities.
    [0016] Other areas of applicability of the present invention will become evident from the detailed description provided below. It is worth noting that the detailed description of the exemplary modalities serves only the purpose of illustration and, therefore, is not intended to necessarily limit the scope of the invention. DETAILED DESCRIPTION
    Glossary of Terms [0017] Blockchain - A public fiscal book of all transactions in a Blockchain-based currency. One or more computing devices can comprise a Blockchain network, which can be configured to process and record transactions as part of a block on the Blockchain. As soon as a block is completed, it is added to the Blockchain and the transaction record updated. In several cases, Blockchain can be a fiscal book of transactions organized in chronological order, or it can be presented in any other order whose use is suitable for the Blockchain network. In some configurations, transactions registered on the Blockchain may include a destination address and an amount of currency so that the Blockchain can record how much currency is attributable to a specific address. In some of these configurations, Blockchain can use a Blockchain-based digital currency, which can be unique to the respective Blockchain. In some cases, additional information may be captured, such as a source address, date and time, etc. In some modalities, Blockchain may also consist of additional data and, in some cases, arbitrary data that is confirmed and validated by the Blockchain network through proof of work and / or any other appropriate verification techniques associated with it. In some cases, such data may be included in the Blockchain as part of transactions, as included in additional data attached to the transaction data. In some cases, the inclusion of such data on the Blockchain may constitute a transaction. In such cases, Blockchain may not be directly associated with a specific digital and virtual approval or other type of currency. The Blockchain can be private, when only authorized systems or devices can access the Blockchain, or it can be public, when the Blockchain can be accessed by any device or system. In either case, it is possible to limit the ability of devices or systems to add transactions to the Blockchain.
    Encrypted Key Distribution System via Elliptical Curve Encryption [0018] Figure 1 illustrates a system 100 for the transfer of encrypted keys using elliptical curve encryption for use in secure data transfer.
    [0019] System 100 may include a processing server 102. Processing server 102, discussed in more detail below, can be configured to generate multiple encrypted keys to be distributed using elliptical curve encryption and which are used to access access to data from a plurality of computing devices 104. This is done in a way that requires processing on a computer specifically programmed to perform the functions described here, which cannot be performed on a general purpose computer or designed in any way. realistically through a mental process or with paper and pencil, and thus provide a technical solution for the negotiation of reward property in secure data transfer. The processing server 102 can receive a passkey request containing a plurality of keys to be delivered to computing devices 104 for use in data access. The passkey request can be received from an external device, such as another computing device or system, such as via electronic transmission from that device or system using an appropriate communication network (for example, a local area network, a wide area network, radio frequency, Bluetooth, near field communication, the Internet, etc.), or can be received via one or more input devices interconnected with the processing server 102 that can be accessed by a processing server user 102. The passkey request can specify a number, n, of computing devices 104 for which passwords have been requested. In the example illustrated in figure 1, the access key request can be for three access keys.
    [0020] The processing server 102 can then generate the requested number, n, of key pairs. Each key pair can consist of a private key and a public key, referred to here as a "reward" key pair comprising a private key and a "reward" public key. The processing server 102 can use a suitable key pair generator algorithm in creating the requested number of key pairs. In an exemplary embodiment, the key pair generator algorithm can be an elliptical curve arrangement of keys. In another modality, the Diffie-Hellman elliptical curve (ECDH) key protocol protocol can be used in the generation of each of the n pairs of keys, as can be understood by a person skilled in the art. In any case, the key pair generator algorithm can be a suitable algorithm for the use of shared sigils, as discussed in more detail below.
    [0021] Once the n number of reward key pairs are generated, the processing server 102 can derive a private access key by applying the private reward key from each of the n reward key pairs to a derivation algorithm key. In some embodiments, the key derivation algorithm may include the use of a logical XOR operation. In exemplary modalities, the key derivation algorithm can be of such a kind that the variation in the ordering or sequence of reward private keys during the derivation of the private access key can result in the same private access key. In such modalities, any entity in possession of each of the reward private keys and who knows which key derivation algorithm should be used, is able to reproduce the private access key regardless of the ordering or sequence of the reward private keys.
    [0022] The processing server 102 can also be configured to generate a public access key corresponding to the derived access. The public access key can be generated using a key pair generator algorithm, which can be the same key pair generator algorithm used to generate the reward key pairs. For example, in an exemplary embodiment, processing server 102 may use the ECDH key agreement protocol to generate the public access key as part of a key pair with the derived private access key.
    [0023] Processing server 102 can use the private access key that has been derived to restrict access to data. And any suitable method for restricting access to data that uses a private key can be used. For example, in one case, data can be encrypted using the private access key and an appropriate encryption algorithm. In another example, the data for which access has been restricted may be an amount of Blockchain currency available via a Blockchain 106 network. In such an example, the public access key can be used to generate a destination address for an amount of currency Blockchain, in which the private access key is used to sign the destination address and provide access to the Blockchain currency associated with it. The use of key pairs to transfer and access Blockchain currency using a Blockchain 106 network will become evident to people skilled in the relevant technique.
    [0024] Once processing server 102 restricts access to desired data using the private access key, processing server 102 can electronically transmit a reward private key to each of the computing devices 104 so that each computing device 104 receive a different reward private key. For example, in the case illustrated in Figure 1, processing server 102 can generate reward keys Ka, Kb and Kc, which can be transmitted electronically to computing devices 104a, 104b, and 104c, respectively. In some embodiments, the reward private keys can be superimposed on a data signal transmitted electronically to the respective computing devices 104 using the Internet or another suitable communication network.
    [0025] In an exemplary form, reward private keys can be encrypted before transmission using a shared secret. In such an embodiment, the processing server 102 and each of the computing devices 104 can generate key pairs to be used in the transfer, encryption and decryption of the reward private keys by means of shared secrets. Processing server 102 and computing devices 104 can generate a key pair using the same key pair generator algorithm, which may be the ECDH key agreement protocol or another algorithm suitable for use in conjunction with shared sigils . Using the key pair generator algorithm, processing server 102 can generate a key pair referred to herein as a "transfer" key pair comprising a private key and a "transfer" public key. Each computing device 104 can generate a key pair using the key pair generating algorithm referred to herein as a "device" key pair comprising a private key and a "device" public key. Each computing device 104 can electronically transmit its associated device public key to processing server 102 using an appropriate method of communication. The processing server 102 can also transmit the public transfer key electronically to each of the computing devices 104. In some cases, the public transfer key can be transmitted (for example, in the same transmission or in an attached transmission) with the encrypted reward private key.
    [0026] After the processing server 102 receives the device public key from a computing device 104, the processing server 102 can generate a shared secret. Shared confidentiality can be generated using the private transfer key and the device public key in conjunction with the key pair generator algorithm used to generate the respective keys. The shared secret can be a secret that is equivalent when generated with the private key of a first key pair and the public key of a second key pair, or when generated with the public key of the first key pair and the private key the second pair of keys. For example, in the illustrated case, processing server 102 can generate a shared secret to be used in transmitting the reward private key Ka to computing device 104a using the private transfer key generated by processing server 102 and the public key device received from computing device 104a. The computing device 104a can generate an equivalent shared confidentiality using the public transfer key received from the processing server 102 and the device private key generated by the computing device 104a.
    [0027] Once processing server 102 generates a shared secret associated with a computing device 104 (for example, using that device device-specific public key for computing device), processing server 102 can encrypt the reward private key that is being transmitted to that computing device 104 using the associated shared sigil. Any suitable encryption algorithm can be used, such as the AES256 encryption algorithm. The encrypted reward private key can then be transmitted electronically to the associated computing device 104 using any suitable method of communication. In some cases, the processing server 102 may include the public transfer key in the electronic communication used to transmit an encrypted reward private key.
    [0028] Each computing device 104 can generate a shared secret for use in decrypting the encrypted reward private key that has been received. Shared confidentiality can be generated using the public transfer key transmitted electronically by the processing server 102 and the device private key of the computing device that was generated. Shared secrecy can be generated using the key pair generator algorithm used by the computing device 104 and the processing server 102 in generating the corresponding key pairs. The computing device 104 can use the shared secret to decrypt the reward private key using the appropriate encryption algorithm that was used by the processing server 102. For example, the computing device 104 can use the AES256 algorithm to decrypt the private key. reward using shared confidentiality.
    [0029] Once each computing device 104 receives and decrypts, if applicable, its respective reward private key, computing devices 104 can negotiate ownership of each of the reward private keys. In some cases, users associated with computing devices 104 can negotiate possession of the reward private keys without using computing devices 104. For example, in the case illustrated, three users of computing devices 104 can negotiate offline an agreement for the computing device user 104a to collect each of the reward private keys. In this case, computing devices 104b and 104c can electronically transmit their reward private key to computing device 104a using a suitable method of communication.
    [0030] In some modalities, reward private keys can be transferred to computing devices 104 using shared secrets. In such embodiments, computing devices 104 can exchange their associated device public keys for use in generating shared sigils for encrypting reward private keys to be transferred. For example, computing device 104b can generate a shared secret to encrypt the Kb reward private key using the device private key generated by computing device 104b and the device public key generated by computing device 104a, and encrypt the key Kb private reward with shared confidentiality. The computing device 104b can electronically transmit the encrypted reward private key Kb to the computing device 104a using a suitable method of communication. Computing device 104a can generate a shared secret using the device private key generated by computing device 104a and the device public key generated by computing device 104b, and decrypt the reward private key Kb. Computing devices 104a and 104c can repeat the process for computing device 104a to receive and decrypt the reward private key Kc.
    [0031] Once a computing device 104 has possession of each of the reward private keys, computing device 104 can derive the private access key using the key derivation algorithm used by processing server 102 in deriving it . The computing device 104 can use the private access key to access the data being transferred. For example, if the data is a Blo-ckchain currency associated with the Blockchain network 106, computing device 104 can use the private passkey as a signature to access the Blockchain currency transferred to the destination address generated using the public access key.
    [0032] The methods and systems discussed here may allow the transfer of data that is accessible using a single private key, which must be derived via a plurality of keys delivered to multiple entities. With the use of keys delivered to multiple entities, it is possible to guarantee data protection until the moment when the negotiation between multiple entities is carried out, without the need for participation by a sending party. In addition, as the access key is derived using the keys delivered to each entity, the data can have a significantly higher level of security than when using a single key, which can provide greater protection for the data, particularly in cases where the data may be publicly available but not accessible, such as on a Blockchain 106 network. The use of elliptical curve cryptography can provide greater protection, as well as private reward keys may have a higher level of protection during your transfer. Therefore, the methods and systems discussed here can provide greater protection both in the transfer of data and in the transfer of keys used to access the transferred data.
    [0033] The use of the methods and systems discussed here can also be beneficial when storing an encrypted key used to access secure data. For example, an entity may have data to be securely stored and can use the methods discussed here to generate a single private key to encrypt the data, in which the reward private keys used to derive the unique private key are delivered to a plurality different computing systems and then the unique private key is discarded. In such cases, if the storage of the encrypted key for one of the computing systems is compromised, the data remains preserved since the entity that has gained access to the reward private key will not be able to derive the unique private key used to encrypt the data. The compromised private key can be provided to other computing systems, the unique private key can be derived from them and the process repeated to generate a new series of reward private keys. In this case, the data remains preserved even if any storage of the encrypted key is compromised. Therefore, the methods discussed here can be beneficial in providing secure storage of distributed encrypted keys.
    Processing Server [0034] Figure 2 illustrates a modality of processing server 102 of system 100. Obviously, people skilled in the relevant art will understand that the modality of processing server 102 illustrated in figure 2 is provided for illustration only and may not be thorough about all possible configurations of the processing server 102 suitable to perform the functions as discussed here. For example, the system computer 600 illustrated in figure 6 and discussed in more detail below can be an appropriate configuration of processing server 102.
    [0035] The processing server 102 can include a receiving device 202. The receiving device 202 can be configured to receive data through one or more networks via one or more network protocols. In some cases, the receiving device 202 may also be configured to receive data from computing devices 104, Blockchain networks 106 and other entities through suitable communication networks, such as local area networks, wide area networks, radio frequency networks, the Internet. In some embodiments, the receiving device 202 may consist of multiple devices, such as different receiving devices for receiving data over different networks, such as a first receiving device for receiving data via near field communication and a second receiving device to receive data over the Internet. The receiving device 202 can receive data signals that are transmitted electronically, in which the data can be superimposed on the data signal, decoded, analyzed, read or otherwise obtained upon receipt of the data signal by the receiving device 202. In some cases, the receiving device 202 may include an analysis module to analyze the received data signal and obtain the data overlaid on it. For example, the receiving device 202 may include an analysis program configured to receive and transform the received data signal into a usable register for the functions performed by the processing device to execute the methods and systems described here.
    [0036] Receiving device 202 can be configured to receive data signals transmitted electronically by computing devices 104 for use in performing the functions discussed here. Data signals transmitted electronically by computing devices 104 can be superimposed on public device keys, such as for use in the generation of shared sigils. Receiving device 202 can also receive data signals from additional devices and systems, such as from the Blockchain network 106 and / or from nodes associated with it for use in data transfer (e.g. Blockchain currency) via through the Blockchain network 106, such as an external computing device that sends a passkey request. In some cases, the receiving device 202 may receive a data signal superimposed on a passkey request for n reward private keys to access data from a computing device 104 and receive one of the reward private keys.
    [0037] Processing server 102 can also include a communication module 204. Communication module 204 can be configured to transmit data between modules, mechanisms, databases, memories and other components of processing server 102 for use in performing the functions discussed here. The communication module 204 can be composed of one or more types of communication and can use several communication methods to communicate within a computing device. For example, the communication module 204 can consist of a bus, contact pin connectors, wires, etc. In some embodiments, the communication module 204 can also be configured to communicate with the internal components of the processing server 102 and the external components of the processing server 102, such as externally connected databases, display devices, input devices , etc. Processing server 102 may also include a processing device. The processing device can be configured to perform the processing server functions 102 discussed here, as will become apparent to persons skilled in the relevant art. In some embodiments, the processing device may include and / or be composed of a plurality of mechanisms and / or modules specially configured to perform one or more functions of the processing device, such as a query module 218, a generation module 206 , a bypass module 208, an encryption module 210, decryption module 212, etc. As used here, the term "module" can be software or hardware that is particularly programmed to receive an input, execute one or more processes using the input and provide an output. The input, output and processes performed by various modules will become evident to a person skilled in the art based on the present descriptive report.
    [0038] The processing server 102 can include a query module 218. The query module 218 can be configured to run queries against databases to identify information. The query module 218 can receive one or more data values or query strings, and can execute a query string based on it in a specified database, such as a memory 216, to identify the information stored therein. The query module 218 can then send the identified information to an appropriate processing server mechanism or module 102 when necessary. The query module 218 can, for example, perform a query in memory 216 to identify one or more keys received from a computing device 104 or generated by processing server 102 for use in the methods discussed here.
    [0039] Processing server 102 can include a generation module 206. Generation module 206 can be configured to generate key pairs and shared sigils. The generation module 206 may receive a request as an entry, which may require the generation of a key pair or shared confidentiality and may include information for use in conjunction with it. The generation module 206 can perform the requested functions and send the requested data to be used by another module or engine of the processing server 102. For example, the generation module 206 can be configured to generate key pairs, such as pairs of keys. reward keys, using a key pair generator algorithm as included or otherwise indicated (for example, identified in memory 216 via query module 218) in the request. The generation module 206 can also be configured to generate a shared secret using a public key and a private key from two different key pairs, which can use the same key pair generator algorithm. In some cases, the generation module 206 can also be configured to generate a public key corresponding to a private key using the key pair generator algorithm. In an exemplary embodiment, the ECDH key agreement protocol can be used by the 206 generation module.
    [0040] The processing server 102 can also include a bypass module 208. The bypass module 208 can be configured to derive public and / or private keys. Derivation module 208 can receive one or more keys as well as a key derivation algorithm or an indication of it as an entry, can derive one or more requested keys and can send them to be used by another module or server mechanism processing 102. For example, bypass module 208 can receive a plurality of reward private keys generated by generation module 306 and can derive a corresponding private access key based on it using a suitable key bypass algorithm. In some modalities, the derivation module 208 may use an algorithm so that the ordering or sequence of the reward private keys is irrelevant, that is, so that the variation in the order of use of the reward private keys in the derivation can result in the same key private access. In such an embodiment, the key derivation algorithm may include the use of a logical XOR operation.
    [0041] The processing server 102 can also include an encryption module 210. The encryption module 210 can be configured to encrypt data using suitable encryption algorithms, such as the AES256 algorithm. The encryption module 210 can receive the data to be encrypted and a key to use it as an input, can encrypt the data using a suitable algorithm and can send the encrypted data to another processing server module or mechanism 102 to be encrypted. used by it. In some cases, the encryption module 210 may receive the encryption algorithm or an indication of it as an input. In other cases, the encryption module 210 can identify the encryption algorithm to be used. The encryption module 210 can, for example, encrypt a reward private key using a shared secret generated in association with it.
    [0042] Processing server 102 may also include a decryption module 212. Decryption module 212 may be configured to decrypt data using suitable encryption algorithms, such as the AES256 algorithm. The decryption module 212 can receive data to be decrypted and a key to use it as an input, can decrypt the data using a suitable algorithm and can send the decrypted data to another module or processing server mechanism 102 to use it. The input provided to the decryption module 212 may include the encryption algorithm to be used or may include an indication of it, such as an indication for use in identifying an encryption algorithm stored in memory 216 by means of a query module 218 The decryption module 212 can, for example, decrypt keys provided by computing devices 104 using associated shared sigils.
    [0043] In some embodiments, the processing server 102 may include additional modules or mechanisms for use in performing the functions discussed here. For example, processing server 102 may include additional modules for use in conjunction with a Blockchain 106 network, such as to initiate and perform Blockchain transactions and to sign Blockchain currency transfer transaction addresses and requests using the Blockchain 106 network In some cases, the processing server modules 102 illustrated in figure 2 and discussed here can be configured to perform additional functions in association with it. For example, generation module 206 can be configured to generate a Blockchain destination address using the public access key.
    [0044] Processing server 102 may also include a transmission device 214. Transmission device 214 may be configured to transmit data over one or more networks via one or more network protocols. In some cases, the transmission device 214 can be configured to transmit data to computing devices 104, Blockchain networks 106 and other entities through suitable communication networks, such as local area networks, wide area networks, radio frequency networks , the Internet. In some embodiments, the transmission device 214 may be composed of multiple devices, such as different transmission devices for transmitting data over different networks, such as a first transmission device for transmitting data via near field communication and a second transmission device to transmit data over the Internet. The transmission device 214 can electronically transmit data signals containing overlapping data that can be analyzed by a receiving computing device. In some cases, the transmission device 214 may include one or more modules to overlap, encode or otherwise format the data into data signals suitable for transmission.
    [0045] Transmission device 214 can be configured to transmit data signals electronically to computing devices 104, which are superimposed on public and / or private keys that can, in some cases, be encrypted using shared sigils. For example, the transmission device 214 can be configured to transmit data signals overlaid with encrypted reward private keys to computing devices 104, which can also be overlaid with a public transfer key for use by computing devices 104 in the generation of shared confidentiality. Transmission device 214 can also be configured to transmit data signals to Blockchain networks 106 to be used in the transfer of Blockchain currency.
    [0046] Processing server 102 can also include memory 216. Memory 216 can be configured to store data to be used by processing server 102 in performing the functions discussed here. Memory 216 can be configured to store data using suitable data formatting methods and schemes and can be any suitable type of memory, such as read-only memory, random access memory, etc. Memory 216 may include, for example, encrypted keys and algorithms, communication protocols and standards, data formatting standards and protocols, program code for processing device application modules and programs, and other data whose use is appropriate for the processing server 102 in the performance of the functions described here, as will become evident to persons versed in the relevant technique. Memory 216 can be configured to store key pair generating algorithms, key derivation algorithms and encryption algorithms for use in performing the processing server functions 102 discussed here.
    Deriving a Private Access Key [0047] Figure 3 illustrates a process 300 for deriving a private access key for use in accessing data using multiple encrypted keys generated to be delivered to a plurality of computing devices 104 .
    [0048] In step 302, the generation module 206 of the processing server 102 can generate a plurality of reward key pairs 304 using a suitable key pair generator algorithm, which can be an elliptical curve scheme according to keys, such as the ECDH key agreement protocol. The number of reward key pairs 304 generated by the generation module 206 can be based on an access key request as received by the receiving device 202 from the processing server 102 or by one or more input devices interconnected with the server. processing 102.
    [0049] In the example illustrated in figure 3, the generation module 206 can generate three pairs of reward keys 304, illustrated in figure 3 as key pair 1 304a, key pair 2 304b and key pair 3 304c . Each pair of reward keys 304 may comprise a reward private key and a corresponding reward public key. In step 306, bypass module 208 of processing server 102 can use a logical XOR operation with the reward private key from each of the pairs of reward keys 304 to derive a private access key 308. Using the logical XOR operation, the order of operations for derivation of the private access key 308 becomes irrelevant for the derived private access key. For example, in the process 300 illustrated in Figure 3, key pairs 304 may include three reward private keys R1, R2, and R3. The derived private access key 308 that uses an XOR logical operation 306 of all three keys via XOR (R1, XOR (R2, R3)) can be equivalent to the private access keys 308 derived through X0R operations (R2, X0R (R1, R3)) and XOR (R3, XOR (R1, R2)).
    [0050] The resulting private access key 308 can then be used by processing server 102 to restrict access to data. For example, private passkey 308 can be used to encrypt data, or it can be used to sign a destination address for receiving Blockchain currency associated with a Blockchain 106 network. The reward private keys included in each pair of reward 304 can be delivered to computing devices 104 as a means of providing access to restricted data. For the storage of distributed encrypted keys, an entity may use private access key 308 to encrypt or otherwise restrict access to data, may discard private access key 308 and may then distribute the reward private key between each reward key pair 304 of a computing device 104, which can be part of the entity (e.g., a subsidiary or controlled computing system) or can be a trusted associate entity. In such cases, if the storage of the keys of any computing device 104 is compromised, the data will remain protected.
    Process for Transferring Keys via Elliptical Curve Encryption for Data Access [0051] Figure 4 illustrates a process for the distribution of private keys via elliptic curve encryption, such as for the distribution of reward private keys generated using the process 300 illustrated in figure 3 in the derivation of a private access key for data access.
    [0052] In step 402, the processing server 102 can generate a plurality of reward key pairs and derive a private access key therefrom, such as using the process 300 illustrated in figure 3 and discussed above. In step 404, the processing server 102 and a computing device 104 can exchange public keys for use in generating shared sigils. Computing device 104 can generate a device key pair using a key pair generating algorithm, such as the ECDH key agreement protocol, which may comprise a device private key and a device public key. The generation module 206 of the processing server 102 can generate a transfer key pair using the same key pair generator algorithm, which results in a private transfer key and a public transfer key. The exchange of public keys may include the electronic transfer of the device public key from computing device 104 to processing server 102 and the public transfer key from processing server 102 (for example, via the transmitting device 214) for computing device 104.
    [0053] In step 406, the generation module 206 of the processing server 102 can generate a shared confidentiality. Shared confidentiality can be generated using the same key pair generator algorithm, such as the ECDH key agreement protocol, using the private transfer key generated by the 206 generation module and the public device key received from the computing device 104. In step 406, computing device 104 can generate an equivalent shared confidentiality using the same key pair generator algorithm, the device private key previously generated by computing device 104 and the public transfer key received at from the processing server 104.
    [0054] In step 410, the encryption module 210 of the processing server 104 can encrypt the reward private key generated in step 402 and used in deriving the private access key by means of an appropriate encryption algorithm with shared confidentiality. The encryption algorithm can be, for example, the AES256 algorithm. In step 412, the transmission device 214 of the processing server 102 can electronically transmit a data signal superimposed on the encrypted reward private key to the computing device 104 using a suitable communication network and protocol.
    [0055] In step 414, the computing device 104 can receive the data signal and analyze the encrypted reward private key from it. In step 416, computing device 104 can decrypt the reward private key. The reward private key can be decrypted with the same encryption algorithm used by processing server 102 with shared confidentiality. The reward private key that has been decrypted can then be used to derive the private access key when combined with the other private reward keys (for example, keys received from other computing devices 104) using the appropriate key derivation algorithm. Exemplary Method for Distributing Multiple Encrypted Keys Used to Access Data [0056] Figure 5 illustrates a method 500 for distributing multiple encrypted keys to a plurality of computing devices, which can be used to derive an access key to access data .
    [0057] In step 502, a data signal superimposed on a passkey request can be received by a receiving device (for example, receiving device 202) from a processing server (for example, the processing server 102), in which the access key request includes at least one number, n, greater than 1, of requested keys. In step 504, n key pairs can be generated by a generation module (for example, generation module 206) from the processing server using a key pair generator algorithm, in which each key pair includes a private key and a public key.
    [0058] In step 506, a private access key can be derived by a bypass module (for example, bypass module 208) from the processing server by applying the private key included in each of the n key pairs to a key derivation algorithm. In step 508, a public access key corresponding to the private access key that has been derived can be generated by the processing server's generation module using the key pair generator algorithm. In step 510, a data signal superimposed on a private key included in one of the n key pairs can be transmitted electronically by a transmission device (for example, the transmission device 214) from the processing server to each of the n pairs of keys.
    [0059] In one embodiment, method 500 may also include: storing, in a memory (for example, memory 216) of the processing server, a pair of transfer keys that includes a public transfer key and a transfer key toilet; receiving, through the receiving device of the processing server, a data signal superimposed on a shared public key from each of n computing devices (for example, computing devices 104); generate, through the processing module of the processing server, n shared sigils, in which each shared sigil is generated using a shared public key of the n shared public keys and the private transfer key and the pair generating algorithm keys; and encrypt, by means of an encryption module (for example, the encryption module 210) of the processing server, the private key included in each of the n key pairs with one of the n sigils shared using an encryption algorithm, in the which the private key included and superimposed on the data signal transmitted electronically is the respective encrypted private key. In another embodiment, method 500 may also include transmitting electronically, through the transmission device of the processing server, a data signal superimposed on the public transfer key to the n computing devices.
    [0060] In yet another modality, the data signal superimposed on the public transfer key can be transmitted electronically to the n computing devices before receiving the data signal superimposed on the shared public key. In yet another embodiment, each data signal superimposed on the public transfer key can be a data signal equal to each data signal superimposed on an encrypted private key. In yet another embodiment, the data signal can be transmitted electronically to a node on a Blockchain network (for example, the Blockchain network 106) where the encrypted private key is included in a transaction request that also includes a destination address corresponding to the respective shared public key.
    [0061] In some modalities, the key pair generator algorithm can be an elliptic curve arrangement according to keys. In other modalities, the elliptical curve arrangement scheme of keys may be the Diffie-Hellman protocol of arrangement of keys in elliptical curve. In one embodiment, the key derivation algorithm may include the use of a logical XOR operation. In some embodiments, method 500 may also include transmitting electronically, through the transmission device of the processing server, a data signal superimposed on a transaction request to a node on a Blockchain network, in which the transaction request includes at least least one destination address signed using the derived private access key.
    Computer System Architecture [0062] Figure 6 illustrates a computer system 600 in which the modalities of this specification, or parts of them, can be implemented as computer-readable code. For example, the processing server 102 of figure 1 can be deployed to the system computer 600 using hardware, software, firmware, computer readable non-transitory media that have instructions stored in them or a combination of them, and can be deployed in one or more computer systems or other processing systems. Hardware, software or any combination thereof may incorporate modules and components used to implement the methods in figures 3 to 5.
    [0063] If programmable logic is used, that logic can be performed on a commercially available processing platform or on a special purpose device. A person skilled in the art will understand that the modalities of the subject described can be practiced with various computer system configurations, which include multi-core multiprocessor systems, minicomputers, mainframe computers, computers connected or grouped with distributed functions, as well as ubiquitous computers or miniature that can be embedded into virtually any device. For example, at least one processor device and memory can be used to implement the modalities described above.
    [0064] A processor unit or device as discussed here can be a single processor, a plurality of processors or combinations thereof. Processor devices can have one or more processor "cores". The terms "computer program medium", "computer-readable non-transitory medium" and "computer-usable medium", as discussed here, are generally used to refer to tangible media, such as a removable storage unit 618, a removable storage unit 622 and a hard drive installed in hard drive 612.
    [0065] Various modalities of this specification are described in relation to this exemplary computer system 600. After reading this description, it will become evident to a person skilled in the relevant technique how to deploy the present invention using other computer systems and / or computer architectures. Although operations have been described as a sequential process, some of these operations can in fact be performed in parallel, simultaneously and / or in a distributed environment, and with the program code stored locally or remotely to be accessed by machines with a or multiple processors. In addition, in some modalities, the order of operations can be redefined without departing from the spirit of the theme described.
    [0066] The processor device 604 can be a special purpose or general purpose processor device specifically configured to perform the functions discussed here. The processor device 604 can be connected to a communication infrastructure 606, such as a bus, message queue, network, multicore scheme for message passing, etc. The network can be any network suitable for performing the functions as described here and can include a local area network (LAN), a wide area network (WAN), a wireless network (for example, WiFi), a communication network mobile, a satellite network, the Internet, optical fiber, coaxial cable, infrared, radio frequency (RF) or any combination thereof. Other suitable types of networks and configurations will become apparent to persons skilled in the relevant technique. Computer system 600 may also include main memory 608 (for example, random access memory, read-only memory, etc.) and may also include secondary memory 610. Secondary memory 610 may include hard drive 612 and a removable storage unit 614, such as a floppy drive, a magnetic tape drive, an optical disc drive, a flash memory, etc.
    [0067] Removable storage unit 614 can read and / or write to removable storage unit 618 in a well known manner. The removable storage unit 618 may include a removable storage medium that can be read by and written to the removable storage unit 614. For example, if the removable storage unit 614 is a floppy drive or a universal serial bus input, the removable storage unit 618 can be a floppy disk or a portable flash drive, respectively. In one embodiment, the removable storage unit 618 can be a non-transient, computer-readable recording medium.
    [0068] In some embodiments, secondary memory 610 may include alternative means to allow computer programs or other instructions to be loaded onto computer system 600, for example, removable storage unit 622 and an interface 620. Examples of such means may include a program cartridge and cartridge interface (for example, like that found on video game systems), a removable memory chip (for example, EEPROM, PROM, etc.) and associated socket, and other removable storage units 622 and interfaces 620, as will become apparent to persons skilled in the relevant technique.
    [0069] Data stored in computer system 600 (for example, in main memory 608 and / or in secondary memory 610) can be stored in any suitable type of computer-readable medium, such as optical storage (for example, a compact disc, digital versatile disc, Blu-ray disc, etc.) or magnetic tape storage (for example, a hard disk drive). The data can be configured in any type of suitable database configuration, such as a relational database, a structured query language (SQL) database, a distributed database, an object-oriented database , etc. The appropriate types of configurations and storage will become evident to people skilled in the relevant technique.
    [0070] The computer system 600 can also include a communication interface 624. The communication interface 624 can be configured to allow software and data to be transferred between the computer system 600 and external devices. Examples of 624 communication interfaces may include a modem, a network interface (for example, an Ethernet card), a communications port, a PCMCIA card slot, etc. The software and data transferred via the 624 communication interface may be in the form of signals, which may be electronic, electromagnetic, optical or other signals, as will become evident to persons skilled in the relevant technique. The signals can travel through a 626 communication path that can be configured to carry the signals and can be deployed using wire, cable, optical fibers, a phone line, a cell phone connection, a radio frequency connection, etc.
    [0071] Computer system 600 can also include an 802 display interface. Display interface 602 can be configured to allow data transfer between computer system 600 and external screen 630. Examples of display interfaces 602 may include high definition multimedia interface (HDMI), digital visual interface (DVI), video graphics set (VGA), etc. The screen 630 can be any type of screen suitable for displaying the data transmitted via the computer system display interface 602 600, which includes a cathode ray tube (CRT) screen, a liquid crystal display (LCD) , a light-emitting diode (LED) screen, a capacitive touch screen, a thin-film transistor (TFT) screen, etc.
    [0072] The terms "computer program medium" and "computer usable medium" can refer to memories, such as main memory 608 and secondary memory 610, which can be memory semiconductors (eg DRAMs, etc. .). And these computer program-like products can be a means of providing software for computer system 600. Computer programs (for example, computer control logic) can be stored in main memory 608 and / or secondary memory 610 Computer programs can also be received via the communication interface 624. Such computer programs, when executed, may allow computer system 600 to implement the present methods as discussed here. In particular, computer programs, when executed, may allow the processor device 604 to implement the methods illustrated in figures 3 to 5, as discussed here. Consequently, such computer programs may represent controllers of the computer system 600. When the present invention is deployed using software, the software can be stored in a computer program-type product and loaded into computer system 600 using the removable storage unit 614, interface 620 and hard drive 612, or communication interface 624.
    [0073] The processor device 604 may comprise one or more modules or mechanisms configured to perform the functions of the computer system 600. Each of the modules or mechanisms can be deployed using hardware and, in some cases, also software, for example. example, corresponding to a program code and / or programs stored in main memory 608 or in secondary memory 610. In such cases, the program code can be compiled by the processor device 604 (for example, by a compilation module or mechanism) before being executed by the computer system hardware 600. For example, the program code can be a source code written in a programming language that is translated into a lower level language, such as assembly language or machine code, to be performed by the processor device 604 and / or any additional hardware components of the computer system 600. The compilation process can to include the use of lexical analysis, pre-processing, parsing, semantic analysis, syntax-based translation, code generation, code optimization and any other techniques that are suitable for translating program code into a lower level language suitable for controlling the computer system 600 in its task of carrying out the functions described here. Obviously, persons skilled in the relevant art will understand that because of such processes, computer system 600 is a specially configured computer system 600, programmed exclusively to perform the functions discussed above.
    [0074] Techniques consistent with the present invention provide, among other functionalities, systems and methods for using digital signatures in the signature of Blockchain transactions. Although several examples of system and method modalities have been described above, it is worth noting that its purpose is only to exemplify and not to limit the invention to the precise form presented here. In this way, modifications and variations are possible in view of the aforementioned teachings or can be conceived from the practice of the invention, without departing from its scope and scope.
    权利要求:
    Claims (14)
    [1]
    1. Method for distributing multiple encrypted keys used to access data, CHARACTERIZED for understanding: receiving (502), via a receiving device from a processing server, a data signal comprising an access key request, in which the access key request includes at least one number, n, greater than 1, of requested keys; generating (504), by means of a processing server generation module, n key pairs using a key pair generator algorithm, wherein each key pair includes a private key and a public key; derive (506), by means of a derivation module from the processing server, a private access key by applying the private key included in each of the n key pairs to a key derivation algorithm, in which the private key access is used to restrict access to data; generate (508), through the generation module of the processing server, a public access key corresponding to the derived private access key using the key pair generator algorithm; and electronically transmitting (510), via a processing server transmission device, a data signal comprising a private key included in one of the n key pairs for each of the n key pairs for each of the n computational devices , so that each of the n computational devices receives a different private key, the method further comprising: storing, in a memory of the processing server, a pair of transfer keys, including a transfer public key and a transfer private key ; receiving, by the receiving device of the processing server, a data signal comprising a shared public key from each of the n computational devices; generate, through the processing module of the processing server, n shared sigils, in which each shared sigil is generated using a shared public key from the n shared public keys and the transfer private key and the key pair generation algorithm; and encrypt, by means of an encryption module of the processing server, the private key included in each of the n key pairs with one of the n nodes shared using an encryption algorithm, in which the private key is comprised by the transmitted data signal electronically is the respective encrypted private key.
    [2]
    2. Method according to claim 1, CHARACTERIZED by further comprising: transmitting electronically, through the transmission device of the processing server, a data signal comprising the public transfer key for the n computing devices.
    [3]
    3. Method according to claim 2, CHARACTERIZED by the fact that the data signal comprising the public transfer key is transmitted electronically to the n computing devices before receiving the data signal comprising the shared public key.
    [4]
    4. Method according to claim 2, CHARACTERIZED by the fact that each data signal comprising the public transfer key is a data signal equal to each data signal comprising an encrypted private key.
    [5]
    5. Method according to claim 1, CHARACTERIZED by the fact that the transmitted data signal is transmitted electronically to a node on a Blockchain network and where the encrypted private key is included in a transaction request that also includes a destination address corresponding to the respective shared public key.
    [6]
    6. Method according to claim 1, CHARACTERIZED by the fact that the key derivation algorithm includes the use of a logical XOR operation.
    [7]
    7. Method according to claim 1, CHARACTERIZED by further comprising: transmitting electronically, through the transmission device of the processing server, a data signal comprising a transaction request to a node on a Blockchain network, in which the request The transaction code includes at least one destination address signed using the derived private access key.
    [8]
    8. System for the distribution of multiple encrypted keys used to access data, CHARACTERIZED for understanding: a transmission device (214) of a processing server; a receiving device (202) from the processing server configured to receive a data signal comprising a passkey request, wherein the passkey request includes at least one number, n, of requested keys; a processing server generation module (206) configured to generate n key pairs using a key pair generating algorithm, each key pair including a private key and a public key; and a derivation module (208) of the processing server configured to derive a private access key by applying the private key included in each of the n key pairs to a key derivation algorithm, wherein the private access key is used to restrict access to data, where the processing server generation module is also configured to generate a public access key corresponding to the derived private access key using the key pair generator algorithm, and the transmission device the processing server is configured to electronically transmit a data signal comprising a private key included in one of the n key pairs for each of the n key pairs for each of the n computational devices, so that each of the n computational devices receive a different private key, the system further comprising: an encryption module (210) from the processing server; and a processing server memory (216) configured to store a transfer key pair, including a transfer public key and a transfer private key, wherein the processing server receiving device is further configured to receive a signal. of data comprising a shared public key from each of the n computational devices, the processing server generation module is further configured to generate n shared sigils, where each shared sigil is generated using a shared public key from the n public keys shared and private transfer key and key pair generation algorithm, the processing server encryption module is configured to encrypt the private key included in each of the n key pairs with one of the n shared sigils using an algorithm encryption, and the private key comprised by the data transmitted electronically is the respective encrypted private key.
    [9]
    9. System according to claim 8, CHARACTERIZED by the fact that the transmission device of the processing server is also configured to electronically transmit a data signal comprising the public transfer key to the n computational devices.
    [10]
    10. System according to claim 9, CHARACTERIZED by the fact that the data signal comprising the public transfer key is transmitted electronically to the n computational devices before receiving the data signal comprising the shared public key.
    [11]
    11. System according to claim 9, CHARACTERIZED by the fact that each data signal comprising the public transfer key is a data signal equal to each data signal comprising an encrypted private key.
    [12]
    12. System according to claim 8, CHARACTERIZED by the fact that the transmitted data signal is transmitted electronically to a node on a Blockchain network and where the encrypted private key is included in a transaction request that also includes a destination address corresponding to the respective shared public key.
    [13]
    13. System according to claim 8, CHARACTERIZED by the fact that the key derivation algorithm includes the use of a logical XOR operation.
    [14]
    14. System according to claim 8, CHARACTERIZED by the fact that the transmission device of the processing server is also configured to electronically transmit a data signal comprising a transaction request to a node on a Blockchain network, in which the transaction request includes at least one destination address signed using the derived private passkey.
    类似技术:
    公开号 | 公开日 | 专利标题
    BR112018011353B1|2020-03-17|METHOD AND SYSTEM FOR PROVISION AND STORAGE OF CRYPTOGRAPHED KEY DISTRIBUTED VIA ELYPTIC CURVE CRYPTOGRAPHY
    WO2019205380A1|2019-10-31|Electronic device, blockchain-based data processing method and program, and computer storage medium
    BR112018011775B1|2020-02-11|METHOD AND SYSTEM FOR USING DIGITAL SIGNATURES TO SIGN BLOCKCHAIN TRANSACTIONS
    US11140160B2|2021-10-05|Method and system for establishing inter-device communication
    US9122888B2|2015-09-01|System and method to create resilient site master-key for automated access
    US20180340466A1|2018-11-29|Method and apparatus for securing communications using multiple encryption keys
    US20170163413A1|2017-06-08|System and Method for Content Encryption in a Key/Value Store
    JP6941183B2|2021-09-29|Data tokenization
    CN108345806B|2020-07-07|Hardware encryption card and encryption method
    CN106789052A|2017-05-31|A kind of remote cipher key based on quantum communication network issues system and its application method
    US8769302B2|2014-07-01|Encrypting data and characterization data that describes valid contents of a column
    CN112131316A|2020-12-25|Data processing method and device applied to block chain system
    Sethia et al.2019|Smart health record management with secure NFC-enabled mobile devices
    Wu et al.2021|Security and privacy of patient information in medical systems based on blockchain technology
    CN203232424U|2013-10-09|Universal serial bus | external device
    CN111933292B|2021-01-29|Block chain-based hospital body and medical data interaction method and storage medium
    WO2019058952A1|2019-03-28|Medical data search system, medical data search method, and medical data search program
    EP3554042A1|2019-10-16|Method and system for managing centralized encryption and data format validation for secure real time multi-party data distribution
    CN109525579A|2019-03-26|Cloud storage data grant method and device based on terminal identity verification
    CN113132081A|2021-07-16|User information encryption and decryption method and device, equipment and storage medium
    CN112751670A|2021-05-04|Attribute-based searchable encryption of multi-center ciphertext strategy and corresponding method for searching and acquiring data
    CN111355710A|2020-06-30|Data request method and device of network service
    CN111415155A|2020-07-14|Encryption method, device, equipment and storage medium for chain-dropping transaction data
    同族专利:
    公开号 | 公开日
    CN112804257A|2021-05-14|
    US10848308B2|2020-11-24|
    US10103885B2|2018-10-16|
    CN108463983A|2018-08-28|
    BR112018011353A2|2018-12-04|
    WO2017127238A1|2017-07-27|
    CA3009338A1|2017-07-27|
    HK1259028A1|2019-11-22|
    EP3668049A1|2020-06-17|
    CA3009338C|2020-10-27|
    EP3381172B1|2020-02-26|
    AU2019246903A1|2019-10-31|
    US20170207917A1|2017-07-20|
    US10396988B2|2019-08-27|
    DK3381172T3|2020-04-27|
    EP3381172A1|2018-10-03|
    SG11201804697PA|2018-07-30|
    AU2017208878B2|2019-07-11|
    CN108463983B|2021-02-12|
    AU2019246903B2|2021-08-12|
    AU2017208878A1|2018-06-07|
    MX2018007856A|2018-08-01|
    US20190342094A1|2019-11-07|
    ES2781091T3|2020-08-28|
    US20190028275A1|2019-01-24|
    JP2019507539A|2019-03-14|
    SG10202002256UA|2020-04-29|
    US20210044437A1|2021-02-11|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    US6330671B1|1997-06-23|2001-12-11|Sun Microsystems, Inc.|Method and system for secure distribution of cryptographic keys on multicast networks|
    JPH11239124A|1998-02-23|1999-08-31|Nippon Telegr & Teleph Corp <Ntt>|Method and device for restoring secret key|
    JP3331327B2|1998-12-09|2002-10-07|日本電信電話株式会社|Key management method and program recording medium|
    WO2000049768A1|1999-02-17|2000-08-24|Thomas Mittelholzer|Method for signature splitting to protect private keys|
    SE9902339L|1999-06-21|2001-02-20|Ericsson Telefon Ab L M|Device comprising a capacitive proximity sensing sensor|
    US6850252B1|1999-10-05|2005-02-01|Steven M. Hoffberg|Intelligent electronic appliance system and method|
    US7181017B1|2001-03-23|2007-02-20|David Felsher|System and method for secure three-party communications|
    JP2004048479A|2002-07-12|2004-02-12|Kddi Corp|Encryption key management method of shared encryption information|
    US6931133B2|2002-09-03|2005-08-16|Verisign, Inc.|Method and system of securely escrowing private keys in a public key infrastructure|
    EP1984866B1|2006-02-07|2011-11-02|Nextenders Private Limited|Document security management system|
    US8254579B1|2007-01-31|2012-08-28|Hewlett-Packard Development Company, L.P.|Cryptographic key distribution using a trusted computing platform|
    WO2010067433A1|2008-12-11|2010-06-17|三菱電機株式会社|Self-authentication communication device, self-authentication verification communication device, device authentication system, device authentication method for device authentication system, self-authentication communication program, and self-authentication verification communication program|
    CN101917403B|2010-07-23|2013-06-05|华中科技大学|Distributed key management method for ciphertext storage|
    US9053329B2|2012-05-24|2015-06-09|Lockbox Llc|Systems and methods for validated secure data access|
    US10728231B2|2012-07-09|2020-07-28|Massachusetts Institute Of Technology|Data security using inter-zone gate circuits|
    US9350536B2|2012-08-16|2016-05-24|Digicert, Inc.|Cloud key management system|
    CN103560882B|2013-10-29|2016-08-17|武汉理工大学|A kind of elliptic curve cipher system based on mark|
    US9280678B2|2013-12-02|2016-03-08|Fortinet, Inc.|Secure cloud storage distribution and aggregation|
    US20150213433A1|2014-01-28|2015-07-30|Apple Inc.|Secure provisioning of credentials on an electronic device using elliptic curve cryptography|
    US20150254640A1|2014-03-05|2015-09-10|Cryptographi, Inc.|Method and apparatus for digital currency paper wallet|
    US10796302B2|2014-04-23|2020-10-06|Minkasu, Inc.|Securely storing and using sensitive information for making payments using a wallet application|
    CN104717297A|2015-03-30|2015-06-17|上海交通大学|Safety cloud storage method and system|
    US20170132626A1|2015-11-05|2017-05-11|Mastercard International Incorporated|Method and system for processing of a blockchain transaction in a transaction processing network|DE102016103498A1|2016-02-26|2017-08-31|Infineon Technologies Ag|A method of communicating data from a sensor device to an electronic control unit, a sensor device, and an electronic control unit|
    US10341309B1|2016-06-13|2019-07-02|Allstate Insurance Company|Cryptographically protecting data transferred between spatially distributed computing devices using an intermediary database|
    US10067810B2|2016-07-28|2018-09-04|Cisco Technology, Inc.|Performing transactions between application containers|
    WO2018031702A1|2016-08-10|2018-02-15|Nextlabs, Inc.|Sharing encrypted documents within and outside an organization|
    US11128452B2|2017-03-25|2021-09-21|AVAST Software s.r.o.|Encrypted data sharing with a hierarchical key structure|
    US10749670B2|2017-05-18|2020-08-18|Bank Of America Corporation|Block chain decoding with fair delay for distributed network devices|
    US11132451B2|2017-08-31|2021-09-28|Parity Technologies Ltd.|Secret data access control systems and methods|
    WO2019055290A1|2017-09-12|2019-03-21|Northwestern University|Blockchain distribution network|
    WO2021229410A1|2020-05-11|2021-11-18|Autnhive Corporation|Generating keys using controlled corruption in computer networks|
    CN110493168A|2018-07-19|2019-11-22|江苏恒宝智能系统技术有限公司|Medical curative effect based on asymmetric encryption techniques monitors sharing method|
    CN109104419B|2018-07-27|2021-06-01|苏州朗润创新知识产权运营有限公司|Block chain account generation method and system|
    US10764039B2|2018-08-01|2020-09-01|The Toronto-Dominion Bank|Dynamic generation and management of asymmetric cryptographic keys using distributed ledgers|
    US10491404B1|2018-09-12|2019-11-26|Hotpyp, Inc.|Systems and methods for cryptographic key generation and authentication|
    KR102286301B1|2018-11-27|2021-08-09|어드밴스드 뉴 테크놀로지스 씨오., 엘티디.|Asymmetric Key Management in Consortium Blockchain Networks|
    US10937339B2|2019-01-10|2021-03-02|Bank Of America Corporation|Digital cryptosystem with re-derivable hybrid keys|
    CN109921900A|2019-02-18|2019-06-21|深圳市优学链科技有限公司|A kind of algorithm of distributed key generation|
    US11245516B2|2019-04-24|2022-02-08|Veridify Security Inc.|Shared secret data production with use of concealed cloaking elements|
    KR20200129306A|2019-05-08|2020-11-18|삼성에스디에스 주식회사|Apparatus and method for sharing data|
    法律状态:
    2019-10-01| B15K| Others concerning applications: alteration of classification|Free format text: AS CLASSIFICACOES ANTERIORES ERAM: H04L 29/06 , H04L 9/08 Ipc: H04L 29/06 (1990.01), H04L 9/08 (1990.01), H04L 9/ |
    2019-10-08| B07A| Technical examination (opinion): publication of technical examination (opinion) [chapter 7.1 patent gazette]|
    2020-02-04| B09A| Decision: intention to grant [chapter 9.1 patent gazette]|
    2020-03-17| B16A| Patent or certificate of addition of invention granted|Free format text: PRAZO DE VALIDADE: 20 (VINTE) ANOS CONTADOS A PARTIR DE 06/01/2017, OBSERVADAS AS CONDICOES LEGAIS. |
    优先权:
    申请号 | 申请日 | 专利标题
    US15/001,775|2016-01-20|
    US15/001,775|US10103885B2|2016-01-20|2016-01-20|Method and system for distributed cryptographic key provisioning and storage via elliptic curve cryptography|
    PCT/US2017/012437|WO2017127238A1|2016-01-20|2017-01-06|Method and system for distributed cryptographic key provisioning and storage via elliptic curve cryptography|
    [返回顶部]