information protection system and method

专利摘要:
A computer-implemented method comprises: committing a transaction value t of a transaction with a commitment scheme to obtain a transaction commitment value t, the commitment scheme comprising at least one transaction concealment factor r_t; encrypt a combination of transaction concealment factor r_t and transaction value t with a public key pk_b from a transaction receiver; and transmitting the commitment value of transaction t and the encrypted combination to a receiver node associated with the receiver node receiver to verify the transaction.
公开号:BR112019008058A2
申请号:R112019008058-9
申请日:2018-11-27
公开日:2019-11-12
发明作者:Ma Baoli；Ma Huanyu；Cui Jiahui；Zhang Wenbin；Liu Zheng
申请人:Alibaba Group Holding Ltd；
IPC主号:

专利说明:

“SYSTEM AND METHOD FOR PROTECTING INFORMATION”
TECHNICAL FIELD [001] This disclosure generally refers to methods and devices for protecting information.
BACKGROUND [002] Privacy is important for communications and data transfers between multiple users. Without protection, users are exposed to the risk of identity theft, illegal transfer or other potential losses. The risk becomes even greater when communications and transfers are implemented online, due to free access to information online.
SUMMARY [003] Various embodiments of the present disclosure include computer-readable non-transitory systems, methods and means for protecting information.
[004] Accordingly, a computer-implemented method for protecting information comprises: committing a transaction value t of a transaction with a commitment scheme to obtain a transaction commitment value T, the commitment scheme comprising, at least least one transaction hiding factor r_t; encrypt a combination of the transaction concealment factor r_t and the transaction value t with a public key PK_B from a transaction recipient; and transmit the commitment value of the encrypted Tea combination transaction to a receiver node associated with the receiver's receiver node to verify the transaction.
[005] In some modalities, the public key PK_B is an asymmetric encryption key.
[006] In some modalities, the commitment scheme comprises a Pedersen commitment based, at least, on the transaction hiding factor r_t and with the transaction value t being a committed value.
Petition 870190037619, of 04/18/2019, p. 10/72
2/47 [007] In some embodiments, the combination of the transaction hiding factor r_t and the transaction value t comprises a concatenation of the transaction hiding factor r_t and the value of transaction t.
[008] In some embodiments, transmitting the compromised transaction value of the Tea combination encrypted to a receiver node associated with the receiver for the receiver node verifying the transaction comprises transmitting the encrypted Tea transaction commitment value to the receiving node associated with the receiver , causing the receiver node to: decrypt the encrypted combination with a SK_B private key of the receiver to obtain the transaction hiding factor r_t and the transaction value t; and verify the transaction based on at least the transaction commitment amount T, the transaction concealment factor r_t and the transaction amount t.
[009] In some embodiments, having the receiving node verify the transaction based on at least the transaction commitment value Τ, the transaction concealment factor r_t, and the transaction value t comprises making the node receiver: in response to the determination that the transaction commitment amount T does not match the transaction value commitment scheme t based on the transaction concealment factor r_t, reject the transaction; and in response to the determination that the transaction commitment amount T matches the transaction value commitment scheme t based on the transaction concealment factor r_t, approve the transaction by signing the transaction with the receiver's SKJB private key to generate a SIGB receiver signature.
[010] In some embodiments, before transmitting the encrypted combination to the receiving node associated with the receiver, the method further comprises: committing a change y of the transaction to the commitment scheme to obtain a commitment value of change Y, the scheme of compromise comprising at least one concealment change factor r_y, where alteration y is one or
Petition 870190037619, of 04/18/2019, p. 11/72
3/47 more assets of a transaction issuer that are used for the transaction less transaction value t; and encrypt another combination of the change hiding factor r_y and change y with a public key PK_A from the issuer.
[011] In some modalities, the method additionally comprises: in response to receiving the signature from the SIGB receiver, approving the transaction by signing the transaction with a SK_A private key from the issuer to generate a signature from the SIGA issuer; and send the transaction comprising the encrypted combination, the other encrypted combination, the transaction commitment value T, the change commitment value Y, the SIGA sender's signature and the receiver's signature SIGB to one or more nodes on a network block chain for one or more nodes to verify the transaction.
[012] In some modalities, sending the transaction comprising the encrypted combination, the other encrypted combination, the transaction commitment value T, the change commitment value Y, the SIGA issuer signature and the receiver's signature SIGB to the one or more nodes in the block chain network for one or more nodes to verify the transaction comprises: sending the transaction comprising the encrypted combination, the other encrypted combination, the transaction commitment value T, the change commitment value Y, the SIGA of the sender's signature and the SIGB of the receiver's signature for one or more nodes in the block chain network, causing the one or more nodes, in response to a successful verification of the transaction, to issue the transaction amount t for the receiver, eliminate one or more assets used for the transaction and issue change y to the sender.
[013] According to another aspect, a non-transitory computer-readable medium stores instructions to be executed by a processor to make the processor perform operations comprising: committing a transaction value t of a transaction with a commitment scheme for get a value
Petition 870190037619, of 04/18/2019, p. 12/72
4/47 transaction commitment T, ο commitment scheme comprising at least one transaction concealment factor r_t; encrypt a combination of the transaction concealment factor r_t and the transaction value t with a public key PK_B from a transaction recipient; and transmit the commitment value of the encrypted Tea combination transaction to a receiver node associated with the receiver's receiver node to verify the transaction.
[014] According to another aspect, an information protection system comprises a processor and a non-transitory computer-readable storage medium coupled to the processor, the storage medium storing instructions to be executed by the processor to make the system perform operations comprising: committing a transaction value t of a transaction with a commitment scheme to obtain a transaction commitment value T, the commitment scheme comprising at least one transaction concealment factor r_t; encrypt a combination of the transaction concealment factor r_t and the transaction value t with a public key PK_B from a transaction recipient; and transmit the commitment value of the encrypted Tea combination transaction to a receiver node associated with the receiver's receiver node to verify the transaction.
[015] According to another aspect, a computer-implemented method for protecting information comprises: obtaining a combination of a transaction hiding factor r_t and a transaction value t encrypted with a public key PK_B from a receiver of a transaction, and obtain a transaction commitment amount T, where: transaction value t is committed to a commitment scheme by an issuing node associated with a transaction issuer to obtain the transaction commitment value T, the commitment scheme comprising at least the transaction hiding factor r_t; decrypt the combination obtained with a SK_B private key from a receiver to obtain the
Petition 870190037619, of 04/18/2019, p. 13/72
5/47 transaction r_t and the transaction value t; and verify the transaction based on at least the transaction commitment amount T, the transaction concealment factor r_t and the transaction value t.
[016] In some embodiments, the public key PK_B of the receiver and the private key SK_B of the receiver are asymmetric encryption keys.
[017] According to another aspect, a non-transitory computer-readable medium stores instructions to be executed by a processor to make the processor perform operations comprising: obtaining a combination of a transaction concealment factor r_t and a value of transaction t encrypted with a public key PK_B from a receiver of a transaction, and obtain a transaction commitment value T, where: transaction value t is committed to a commitment scheme by an issuing node associated with a transaction issuer to obtain the transaction commitment value T, the commitment scheme comprising at least the transaction concealment factor r_t; decrypt the combination obtained with a SK_B private key from a receiver to obtain the transaction hiding factor r_t and the transaction value t; and verify the transaction based on at least the transaction commitment amount T, the transaction concealment factor r_t and the transaction value t.
[018] According to another aspect, an information protection system comprises a processor and a non-transitory computer-readable storage medium attached to the processor, the storage medium storing instructions to be executed by the processor to make the system perform operations comprising: obtaining a combination of a transaction concealment factor r_t and a transaction value t encrypted with a public key PK_B from a receiver of a transaction, and obtaining a transaction commitment value T, where: the value of transaction t is committed to a commitment scheme by an issuing node associated with a transaction issuer to obtain the value of
Petition 870190037619, of 04/18/2019, p. 14/72
6/47 transaction commitment T, the commitment scheme comprising at least the transaction concealment factor r_t; decrypt the combination obtained with a SK_B private key from a receiver to obtain the transaction hiding factor r_t and the transaction value t; and verify the transaction based on at least the transaction commitment amount T, the transaction concealment factor r_t and the transaction value t.
[019] According to another aspect, a computer-implemented method for protecting information comprises: committing a transaction value t of a transaction with a commitment scheme to obtain a transaction commitment value T, the commitment scheme comprising, at least one transaction hiding factor r_t; send the transaction value t, the transaction concealment factor r_t and the transaction commitment value T to a receiver node associated with a transaction receiver to the receiver node to verify the transaction and encrypt the transaction concealment factor r_t e the value of transaction t with a public key PK_B of the receiver; obtain an encrypted combination of the transaction hiding factor r_t and the transaction value t of the receiver node; and transmitting the encrypted combination and the transaction commitment value T to a plurality of nodes in a block chain to the plurality of nodes to verify the transaction.
[020] According to another aspect, a non-transitory computer-readable medium stores instructions to be executed by a processor to cause the processor to perform operations comprising: committing a transaction value t of a transaction with a commitment scheme for obtaining a transaction commitment value T, the commitment scheme comprising at least one transaction concealment factor r_t; send the transaction value t, the transaction concealment factor r_t and the transaction commitment value T to a receiver node associated with a transaction receiver to the receiver node to verify the transaction and encrypt the transaction concealment factor r_t e the value of transaction t with
Petition 870190037619, of 04/18/2019, p. 15/72
7/47 a public key PK_B of the receiver; obtain an encrypted combination of the transaction hiding factor r_t and the transaction value t of the receiver node; and transmitting the encrypted combination and the transaction commitment value T to a plurality of nodes in a block chain to the plurality of nodes to verify the transaction.
[021] According to another aspect, an information protection system comprises a processor and a non-transitory computer-readable storage medium coupled to the processor, the storage medium storing instructions to be executed by the processor to make the system perform operations comprising: committing a transaction amount t from a transaction to a commitment scheme to obtain a transaction commitment amount T, the commitment scheme comprising at least one transaction concealment factor r_t; send the transaction value t, the transaction concealment factor r_t and the transaction commitment value T to a receiver node associated with a transaction receiver to the receiver node to verify the transaction and encrypt the transaction concealment factor r_t e the value of transaction t with a public key PK_B of the receiver; obtain an encrypted combination of the transaction hiding factor r_t and the transaction value t of the receiver node; and transmitting the encrypted combination and the transaction commitment value T to a plurality of nodes in a block chain to the plurality of nodes to verify the transaction.
[022] According to another aspect, a computer-implemented method for protecting information comprises: obtaining a transaction value t from a transaction, a transaction concealment factor r_t and a transaction commitment value T; check the transaction based on the transaction value obtained t, the transaction concealment factor obtained r_t and the value of the transaction commitment obtained T; in response to successful transaction verification, encrypt transaction hiding factor r_t and transaction value t with a public key PK_B of one
Petition 870190037619, of 04/18/2019, p. 16/72
8/47 receiver of the transaction to obtain an encrypted combination; and transmit the encrypted combination to an issuing node associated with a transaction issuer.
[023] According to another aspect, a non-transitory computer-readable medium stores instructions to be executed by a processor to make the processor perform operations comprising: obtaining a transaction value t from a transaction, a hiding factor from transaction r_t and a transaction commitment value T; check the transaction based on the transaction value obtained t, the transaction concealment factor obtained r_t and the value of the transaction commitment obtained T; in response to successful transaction verification, encrypt the transaction concealment factor r_t and the transaction value t with a public key PK_B from a transaction recipient to obtain an encrypted combination; and transmit the encrypted combination to an issuing node associated with a transaction issuer.
[024] According to another aspect, an information protection system comprises a processor and a non-transitory computer-readable storage medium attached to the processor, the storage medium storing instructions to be executed by the system to make the processor perform operations comprising: obtaining a transaction value t from a transaction, a transaction concealment factor r_t and a transaction commitment value T; check the transaction based on the transaction value obtained t, the transaction concealment factor obtained r_t and the value of the transaction commitment obtained T; in response to successful transaction verification, encrypt the transaction concealment factor r_t and the transaction value t with a public key PK_B from a transaction recipient to obtain an encrypted combination; and transmit the encrypted combination to an issuing node associated with a transaction issuer.
[025] These and other computer-readable system resources, methods and non-transient means disclosed herein, as well as the methods of operation and functions of the related elements of the structure and the combination of parts and savings of
Petition 870190037619, of 04/18/2019, p. 17/72
9/47 manufacturing, will become more apparent by considering the following description and the appended claims with reference to the attached drawings, which form part of this specification, in which similar reference numbers designate corresponding parts in the various figures. It should be expressly understood, however, that the drawings are for the purpose of illustration and description only, and are not intended to be a definition of the limits of the invention.
BRIEF DESCRIPTION OF THE DRAWINGS [026] Certain features of various modalities of the present technology are presented with particularity in the attached claims. A better understanding of the characteristics and advantages of the technology will be obtained by reference to the detailed description below which presents illustrative modalities, in which the principles of the invention are used and the accompanying drawings of which:
[027] Figure 1 illustrates an example system for protecting information, according to several modalities.
[028] Figure 2 illustrates exemplary steps for initiating the transaction and verification, according to various modalities.
[029] Figure 3A illustrates a flowchart of an example method for protecting information, according to several modalities.
[030] Figure 3B illustrates a flowchart of an example method for protecting information, according to several modalities.
[031] Figure 4A illustrates a flowchart of an example method for protecting information, according to several modalities.
[032] Figure 4B illustrates a flowchart of an example method for protecting information, according to several modalities.
[033] Figure 5 illustrates a block diagram of an exemplary computer system in which any of the modalities described here can be implemented.
DETAILED DESCRIPTION
Petition 870190037619, of 04/18/2019, p. 18/72
10/47 [034] Block chain can be considered as a decentralized database, commonly referred to as a distributed ledger because the operation is performed by several nodes (for example, computing devices) in a network. Any information can be written to the block chain and saved or read from it. Anyone can set up a server and join the network of chain blocks to become a node. Any node can contribute computing power to maintain the block chain by performing complex calculations, such as hashing calculations to add a block to a current block chain, and the added block can contain various types of data or information. The node that contributed the computing power to the added block can be rewarded with a token (for example, digital currency). Since the block chain does not have a central node, each node is the same and contains the entire block chain database.
[035] Q nodes are, for example, computing devices or large computer systems that support the block chain network and keep it running smoothly. There are two types of knots, complete knots and light knots. Complete nodes maintain a complete copy of the block chain. Full nodes in the block chain network validate transactions and blocks they receive and relay them to connected pairs to provide consensual verification of transactions. Light nodes, on the other hand, download only a fraction of the block chain. For example, light nodes are used for transactions in digital currency. A light node will communicate with a complete node when it wants to perform transactions.
[036] This decentralization property can help prevent the emergence of a management center in a controlled position. For example, the maintenance of the chain of bitcoin blocks is carried out by the network of communication nodes of the bitcoin software in the execution area. This revelation uses one or more chain blocks or digital currencies, such as bitcoin and Ethereum, as examples. A person skilled in the art should appreciate that the technical solutions revealed in this revelation
Petition 870190037619, of 04/18/2019, p. 19/72
11/47 can use or apply to another type of chain of digital blocks and coins. That is, instead of banks, institutions or administrators in the traditional sense, there are several intermediaries in a form of servers that run bitcoin software. These computer servers form a network connected via the Internet, in which anyone can connect to the network. Transactions accommodated by the network can be in one way: “user A wants to send Z bitcoins to user B”, in which transactions are transmitted to the network using readily available software applications. The computer's servers act as bitcoin servers that operate to validate these financial transactions, add a record of them to your copy of the ledger, and then transmit those ledger additions to other servers on the network.
[037] Maintaining the block chain is called “mining”, and those who do this maintenance are rewarded with newly created bitcoins and transaction fees as mentioned earlier. For example, nodes can determine whether transactions are valid based on a set of rules that the chain chain of blocks has agreed to. Miners can be located on any continent and process payments by verifying each transaction as valid and adding it to the block chain. This verification is achieved through consensus provided by a plurality of miners and assumes that there is no systematic collusion. In the end, all data will be consistent, because the calculation must meet certain requirements to be valid and all nodes will be synchronized to ensure that the block chain is consistent. Thus, data can be consistently stored in a distributed system of block chain nodes.
[038] Through the mining process, transactions such as asset transfers are verified and added to a growing chain of blocks in a block chain by network nodes. Crossing the entire block chain, verification may include, for example, whether the paying party has access to the transferred asset, whether the asset
Petition 870190037619, of 04/18/2019, p. 20/72
12/47 has been spent before, if the transfer amount is correct, etc. For example, in a hypothetical transaction (for example, a bitcoin transaction under a UTXO model (transaction not spent), an Ethereum currency transaction under an Account / Balance model signed by an issuer, the proposed transaction can be transmitted to the block chain network for mining. A miner needs to verify that the transaction is eligible to be executed according to the block chain history. If the issuer's portfolio balance has sufficient funds according to the existing block chain history , the transaction is considered valid and can be added to the block. Once verified, asset transfers can be included in the next block to be added to the block chain.
[039] A block is very similar to a database record. Each time you write data, you create a block. These blocks are linked and protected using encryption to become interconnected networks. Each block is connected to the previous block, which is also the origin of the name “chain of blocks”. Each block usually contains the cryptographic hash of the previous block, the generation time and the actual data. For example, each block contains two parts: a block header to record the resource value of the current block and a body to record actual data (for example, transaction data). The block chain is linked via the block headers. Each block header can contain several resource values, such as version, previous block hash, Merkle root, timestamp, difficulty target and nonce. The previous block hash contains not only the address of the previous block, but also the hash of the data within the previous block, thus making the block chains immutable. The nonce is a number that, when included, hashes a specified number of leading zero bits.
[040] For mining, the hash of the contents of the new block is obtained by a node. The nonce (for example, random string) is appended to the hash to obtain a new string. The new chain is totaled again. The final hash is then compared to
Petition 870190037619, of 04/18/2019, p. 21/72
13/47 the difficulty target (for example, a level) and determined whether the final hash is actually less than the difficulty target or not. Otherwise, the nonce is changed and the process is repeated again. If so, the block is added to the chain and the public book is updated and alerted about the addition. The node responsible for the successful addition is rewarded with bitcoins, for example, by adding a reward transaction to itself in the new block (known as generation of coinbase).
[041] That is, for each output Ύ ”, if k is chosen from a distribution with high min-entropy, it is not feasible to find an input x so that H (k | x) = Y, where K is the nonce, x is the block hash, Y is the target of difficulty and “|” indicates concatenation. Because cryptographic hashes are essentially random, in the sense that their output cannot be predicted from their inputs, there is only one known way to find nonce: to try integers one after the other, for example 1, then 2, then 3 and so on, what can be known as brute force. The greater the number of leading zeros, the longer it will take to find a nonce Y requirement. In one example, the bitcoin system constantly adjusts the number of leading zeros, so the average time to find a nonce is around ten minutes. Thus, as computing hardware processing capacities increase over time, over the years, the bitcoin protocol will require more leading zero bits for mining to take approximately ten minutes to implement.
[042] As described, hashing is an important foundation for block chains. The hashing algorithm can be understood as a function that compresses messages of any size into a fixed-size message digest. Most commonly used are MD5 and SHA. In some embodiments, the hash length of the block chain is 256 bits, which means that, regardless of the original content, a 256-bit binary number is finally calculated. And it can be
Petition 870190037619, of 04/18/2019, p. 22/72
14/47 guaranteed that the corresponding hash is unique, as long as the original content is different. For example, the hash of the string “123” is a8fdc205a9f19cdc7507a60c4f01b13d11d7fd0 (hexadecimal), which is 256 bits when converted to binary, and only “123” has this hash. The hash algorithm in the block chain is irreversible, that is, direct calculation is easy (from “123” to a8fdc205a9f19cc1 c7507a60c4f01 b1 c7507a60c4f01 b13d11 d7fd0), and the inverse calculation cannot be done even if all computing resources are exhausted . Thus, the hash of each block in the block chain is unique.
[043] In addition, if the content of the block is changed, its hash will be changed. The block and hash are in one-to-one correspondence, and the hash of each block is calculated specifically for the block header. That is, the resource values of the block headers are connected to form a long chain, and then the hash is calculated for the chain. For example, “Hash = SHA256 (block header)” is a block hash calculation formula, SHA256 is a block chain hash algorithm applied to the block header. The hash is determined exclusively by the block header and not the block body. As mentioned above, the block header contains a lot of content, including the hash of the current block and the hash of the previous block. This means that if the contents of the current block are changed, or if the hash of the previous block is changed, it will cause a hash change in the current block. If the hacker modifies a block, the hash of that block changes. For a later block to connect to the modified block, the hacker must modify all subsequent blocks, since the next block must contain the hash of the previous block. Otherwise, the modified block will be disconnected from the block chain. Due to design reasons, hash calculations are time consuming, and it is almost impossible to modify multiple blocks in a short period of time, unless the hacker dominates more than 51% of the computing power of the entire network. Thus, the chain of blocks guarantees its own reliability and, once the data is recorded, they cannot
Petition 870190037619, of 04/18/2019, p. 23/72
15/47 be tampered with.
[044] Once the miner finds the hash (ie, a signature or eligible solution) for the new block, the miner transmits that signature to all other miners (nodes in the block chain). Other miners now check, in turn, whether this solution corresponds to the sender's block problem (that is, determining whether the hash entry actually results in that signature). If the solution is valid, the other miners will confirm the solution and agree that the new block can be added to the block chain. Thus, the consensus of the new bloc is reached. This is also known as "proof of work". The block for which consensus has been reached can now be added to the block chain and is transmitted to all nodes in the network along with its signature. The nodes will accept the block and save it in their transaction data, as long as the transactions within the block correctly match the current balances of the portfolio (transaction history) at that time. Every time a new block is added at the top of this block, the addition also counts as another "confirmation" for the previous blocks. For example, if a transaction is included in block 502 and the block chain has 507 blocks, it means that the transaction has five confirmations (corresponding to blocks 507 to 502). The more confirmations the transaction has, the more difficult it will be for attackers to change.
[045] In some modalities, an exemplary block chain asset system uses public key cryptography, in which two cryptographic keys are generated, a public key and a private key. The public key can be considered as an account number and the private key can be considered as proprietary credentials. For example, a bitcoin wallet is a collection of public and private keys. Ownership of an asset (for example, digital currency, cash asset, stocks, capital, bond) associated with a given asset address can be demonstrated with knowledge of the private key belonging to the address. For example, bitcoin wallet software, sometimes called “software
Petition 870190037619, of 04/18/2019, p. 24/72
16/47 bitcoin client ”, allows a specific user to trade bitcoins. A wallet program generates and stores private keys and communicates with peers on the bitcoin network. Public and private keys can be called asymmetric encryption keys (or asymmetric encryption keys).
[046] In block chain transactions, payers and beneficiaries are identified in the block chain by their public cryptographic keys. For example, most contemporary bitcoin transfers are from a public key to a different public key. In practice, the hashes of these keys are used in the block chain and are called “bitcoin addresses”. In principle, if a hypothetical S attacker could steal money from person A simply by adding transactions to the block chain ledger like “person A pays person S 100 bitcoins”, using users' bitcoin addresses instead of their names . The bitcoin protocol prevents this type of theft by requiring all transfers to be digitally signed with the payer's private key, and only signed transfers can be added to the block chain ledger. Since person S cannot fake person A's signature, person S cannot defraud person A by adding an entry in the block chain equivalent of “person A pays person S 200 bitcoins”. At the same time, anyone can verify person A's signature using his public key and therefore authorized any transaction in the block chain where he is the payer.
[047] In the context of the bitcoin transaction, to transfer some bitcoins to user B, user A can build a record containing information about the transaction through a node. The record can be signed with the signature key of user A (private key) and contains the public verification key of user A and the public verification key of user B. The signature is used to confirm that the transaction came from user and it also prevents the transaction from being altered by anyone once it has been issued. The record along with another record that
Petition 870190037619, of 04/18/2019, p. 25/72
17/47 occurred in the same time window where a new block can be transmitted to the complete nodes. Upon receiving the records, the complete nodes can work on incorporating the records in the ledger of all transactions that have already occurred in the block chain system, adding the new block to a block chain previously accepted through the mining process described above, and validate the added block against the network's consensus rules.
[048] The UTXO model (transaction output not spent) and the Account / Balance model are two exemplary models for implementing block chain transactions. UTXO is a block chain object model. Under UTXO, assets are represented by non-spent block chain transaction outputs, which can be used as inputs to new transactions. For example, the asset of user A to be transferred may be in a UTXO form. To spend (transact) the asset, user A needs to sign with the private key. Bitcoin is an example of a digital currency that uses the UTXO model. In the case of a valid block chain transaction, unspent exits can be used to perform other transactions. In some modalities, only unspent exits can be used in additional transactions to avoid double expenses and fraud. For this reason, entries in a block chain are excluded when a transaction occurs and, at the same time, exits are created in the form of UTXOs. These unspent transaction exits can be used (by private key holders, for example, people with digital currency wallets) for the purpose of future transactions.
[049] On the other hand, the Account / Balance Model (or referred to as Account Based Transaction Model) keeps track of each account's balance as a global state. An account balance is checked to ensure that it is greater than or equal to the amount of the transaction spent. An example of how the Account / Balance Template works on Ethereum is provided:
[050] 1. Alice gains 5 ethers through mining. It is registered in the system
Petition 870190037619, of 04/18/2019, p. 26/72
18/47 that Alice has 5 ethers.
[051] 2. Alice wants to give Bob 1 ether, so the system will first deduct 1 ether from Alice's account, so Alice now has 4 ethers.
[052] 3. The system then increases Bob's bill by 1 ether. The system knows that Bob has 2 ethers to start with, so Bob's balance is increased to 3 ethers.
[053] Ethereum record keeping can be like that at a bank. An analogy is to use an ATM / debit card. The bank controls how much money each debit card has, and when Bob needs to spend money, the bank checks his record to ensure that Bob has enough balance before approving the transaction.
[054] As the block chain and other similar ledgers are completely public, the block chain itself has no privacy protection. The public nature of the P2P network means that, while those who use it are not identified by name, linking transactions to individuals and companies is feasible. For example, in international shipments or in the supply chain, the value of the transaction has an extremely high level of privacy protection value, because with the transaction quantity information, it is possible to deduce the specific location and identities of the parties to the transaction. The subject of the transaction may comprise, for example, cash, digital currency, contract, deed, medical record, customer detail, shares, bonds, equity or any other asset that can be described in digital form. Although the UTXO model can provide anonymity to transaction values, for example, through Monero ring signing and Zcash zero knowledge encryption, transaction values remain unprotected in the Account / Balance Model. Thus, a technical problem approach to the present disclosure is how to protect information online, such as the privacy of transaction values. Such transactions can be in the account / balance model.
[055] Some existing technologies propose the use of the
Petition 870190037619, of 04/18/2019, p. 27/72
19/47 Pedersen's commitment to encrypt the transaction amount and replace the Account / Balance Template. Under the scheme, the issuer sends the transaction amount and a random number corresponding to the transaction amount commitment to the beneficiary through a secure channel outside the block chain. The payee checks that the random number matches the transaction commitment and performs local storage. For example, in the Account / Balance Model, an account can be treated as a portfolio (account) to hold assets that are aggregated but not merged. Each asset can correspond to an asset type (for example, cryptocurrency) and the account balance is the sum of the asset's values. Even assets of the same type are not merged. During the transaction, a recipient of a transferred asset can be specified and the corresponding asset can be removed from the portfolio to finance the transaction. Block chain nodes verify that the payment portfolio has enough assets (ies) to cover the transaction and then the nodes delete the transferred asset from the payment portfolio and add an asset corresponding to a receiver portfolio.
[056] However, there are still limitations to this scheme. First, the scheme requires the user to maintain persistent storage locally to manage random numbers and plain text balances corresponding to the encrypted account balance, and management implementation is complicated; second, storing concealment factors (for example, random numbers) and plain text balances corresponding to the “Pedersen asset” in a single local node are prone to loss or corruption, while storing backup from multiple nodes is difficult due to the frequent change of the account balance.
[057] The systems and methods presented in this disclosure can overcome the above limitations and obtain robust privacy protection for transaction values, asset values and concealment factors in compromise schemes. To that end, public-private keys can be used to encrypt / decrypt random numbers and plain text balances, thereby providing
Petition 870190037619, of 04/18/2019, p. 28/72
20/47 convenient management. In addition, storing encrypted information in the block chain ensures that transaction values, asset values and concealment factors in confirmation schemes are not easily lost or tampered with.
[058] In some embodiments, a commitment scheme (for example, Pedersen commitment) can encrypt a certain value to (for example, transaction value, asset value, key parameter) as follows:
PC (a) = rxG + axH [059] where r is a random concealment factor (alternatively referred to as the binding factor) that provides concealment, G and H are the publicly agreed generators / base points of the elliptical curve and can be chosen randomly, sn is the commitment value, C (sn) is the curve point used as a commitment and given to the counterparty and H is another curve point. That is, G and H can be known parameters for the nodes. A “nothing above the sleeve” generation of H can be generated by hashing the base point G with a hash function mapping from one point to another with H = Hash (G). H and G are the public parameters of the given system (for example, points generated randomly on an elliptical curve). While the above provides an example of Pedersen's impairment in the form of an elliptical curve, several other forms of Pedersen's impairment or other impairment schemes can be used alternatively.
[060] A compromise scheme maintains data confidentiality, but commits to the data so that it cannot be changed later by the data issuer. If a party only knows the commitment value (for example, PC (a)), they cannot determine which underlying data values (for example, a) they have committed to. Both the data (for example, a) and the concealment factor (for example, r) can be revealed later (for example, by the initiating node), and a recipient (for example, consensus node) of the commitment can execute
Petition 870190037619, of 04/18/2019, p. 29/72
21/47 the commitment and verify that the confirmed data correspond to the revealed data. The concealment factor is present because, without one, someone could try to guess the data.
[061] Commitment schemes are a way for the issuer (committed party) to commit to a value (for example, a) such that the committed value remains private, but can be revealed at a later time when the committed party discloses a parameter necessary part of the commitment process. Strong commitment schemes can be both information hiding and computational linking. Hide refers to the notion that a given value a and a commitment to that value PC (a) must be unrelated. That is, PC (a) should not reveal any information about the. With PC (a), G and H known, it is almost impossible to know one because of the random number r. A commitment scheme is binding if there is no plausible way that two different values could result in the same commitment. A Pedersen compromise is perfectly hidden and computationally linked under the assumption of a discrete logarithm. In addition, with known r, G, H and PC (a), it is possible to check PC (a) by determining whether PC (a) = rxG + axH.
[062] A Pedersen appointment has an additional property: appointments can be added and the sum of a set of appointments is the same as a commitment with the sum of the data (with a concealment factor defined as the sum of the concealment factors) : PC (r1, datal) + PC (r2, data2) == PC (r1 + r2, datal + data2); PC (r1, data) - PC (r1, data) == 0. In other words, the commitment preserves the addition and applies to the commutative property, that is, the Pedersen commitment is additively homomorphic, in which the underlying data can be manipulated mathematically as if they were not encrypted.
[063] In one embodiment, a Pedersen compromise used to encrypt the input value can be constructed using elliptic curve points.
Petition 870190037619, of 04/18/2019, p. 30/72
22/47
Conventionally, an elliptical curve encryption public key (ECC) is created by multiplying a generator for group (G) with the secret key (r): Pub = rG. The result can be serialized as a 33-byte array. ECC's public keys can obey the additive homomorphic property mentioned above in relation to Pedersen's commitments. That is: Pub1 + Pub2 = (r1 + r2 (mod n)) G.
[064] Pedersen's commitment to the input value can be created by choosing an additional generator for the group (H, in the equations below) so that no one knows the discrete record of the second generator H in relation to the first generator G (or vice -versa), that is, nobody knows an x such that rG = H. This can be done, for example, using the cryptographic hash of G to choose Η: H = to_point (SHA256 (ENCODE (G))).
[065] Given the two generators G and H, an exemplary commitment scheme to encrypt the input value can be defined as: commitment = rG + aH. Here, r may be the secret concealment factor, and a may be the input value being compromised. Therefore, if sn is confirmed, the compromise scheme PC (a) = rxG + axH described above can be obtained. Pedersen's commitments are theoretically private information: for any commitment, there is some concealment factor that would make any value match the commitment. Pedersen's commitments can be computationally secure against false commitment, as arbitrary mapping may not be computed.
[066] The party (node) that confirmed the value can open the commitment by disclosing the original value a and the factor r that completes the commitment equation. The party that wants to open the PC (a) value will recalculate the commitment to verify that the original shared value actually matches the PC (a) commitment initially received. Thus, asset type information can be protected by mapping it to a unique serial number and then encrypting it at
Petition 870190037619, of 04/18/2019, p. 31/72
23/47 Pedersen commitment. The random number r chosen when generating the commitment makes it almost impossible for anyone to infer the type of asset that is confirmed according to the commitment value PC (a).
[067] During transactions, information protection is important to protect user privacy, and the value of the transaction is a type of information that is unprotected. Figure 1 shows an example system 100 for protecting information, according to several modalities. As shown, a chain network of blocks can comprise a plurality of nodes (for example, complete nodes implemented on servers, computers, etc.). For some blockchain platform (for example, NEO), complete nodes with a certain level of voting power can be referred to as consensus nodes, which assume the responsibility of verifying the transaction. In this disclosure, complete nodes, consensus nodes or other equivalent nodes can verify the transaction.
[068] In addition, as shown in Figure 1, user A and user B can use corresponding devices, such as notebooks and cell phones, serving as lightweight nodes to perform transactions. For example, user A may want to make transactions with user B by transferring some resources from user A's account to user B's account. User A and user B can use corresponding devices installed with appropriate block chain software to the transaction. User A's device can be referred to as initiator node A which initiates a transaction with User B's device referred to as receiver node B. Node A can access the block chain by communicating with node 1 and node B can access the block chain by communicating with node 2. For example, node A and node B can send transactions to the block chain through node 1 and node 2 to request the addition of transactions to the block chain . Outside the block chain, node A and node B can have other communication channels (for example, regular communication over the Internet without going through nodes 1 and 2).
Petition 870190037619, of 04/18/2019, p. 32/72
24/47 [069] Each of the nodes in FIG. 1 may comprise a processor and a non-transitory computer-readable storage medium storing instructions to be executed by the processor to cause the node (for example, the processor) to perform several steps for protecting information described herein. Each node can be installed with software (for example, transaction program) and / or hardware (for example, wires, wireless connections) to communicate with other nodes and / or other devices. More details of the node's hardware and software are described later with reference to FIG. 5.
[070] Figure 2 illustrates exemplary steps for transaction and verification between a sending node A, a receiving node B and one or more verification nodes, according to various modalities. The operations presented below are intended to be illustrative. Depending on the implementation, exemplary steps may include additional, less or alternative steps performed in several orders or in parallel.
[071] In various modalities, the accounts of the transaction parties (user A of the issuer and user B of the receiver) are configured for the Account / Balance model. User A and User B can perform the following steps to complete the transaction through one or more devices, such as their laptop, cell phone, etc. The devices can be installed with appropriate software and hardware to perform the various steps. Each account can be associated with a cryptographic private key (secret key) - pair of public keys. The private key can be denoted as SK = x, and the public key can be denoted as PK = xG, where G is a generator of the group. Each account can contain several assets, each denoted as: (V = PC (r, v), E (K, r, v)), where v represents the face value of the asset, V represents a Pedersen commitment of the value face v, r is a concealment factor (for example, a random number), PC () is a Pedersen compromise algorithm, E () is an encryption algorithm (for example, asymmetric key encryption algorithm) and K is an encryption key. In one example, each asset can be denoted as (V = PC (r, v), E (K,
Petition 870190037619, of 04/18/2019, p. 33/72
25/47 r II v)), where | represents concatenation. Each asset can also include information other than those listed, such as the asset's source information.
[072] In one example, before user A successfully transacts a t-value for user B in a transaction confirmed by chain of blocks, the addresses and assets in account A and account B are following:
[073] For Account A (account A):
Address (SK_A = a, PK_A = aG)
Assets A_1 to A_m respectively of the values a_1 to a_m are denoted as:
(A_1 = PC (r_ {a_1}, a_1), E (PK_A, r_ {a_1} | a_1)), (A_2 = PC (r_ {a_2}, a_2), E (PK_A, r_ {a_2} | a_2)), (A_m = PC (r_ {a_m}, a_m), E (PK_A, r_ {a_m} | a_m)) [074] For B Account (B account):
Address (SK_B = b, PK_B = bG)
Assets B_1 to A_n respectively of values b_1 to b_n are denoted as:
(B_1 = PC (r_ {b_1}, b_1), E (PK_B, r_ {b_1} | b_1)), (B_2 = PC (r_ {b_2}, b_2), E (PK_B, r_ {b_2} | b_2)), (B_n = PC (r_ {b_n}, b_n), E (PK_B, r_ {b_n} | b_n)) [075] In some modalities, the generation of keys can be based on the elliptic curve ecp256k1 for each account in the Account / Balance model. For example, in Ethereum ecp256k1, any number between 1 to 2 ²⁵⁶ -1 can be a valid SK private key. A good library generates a private key taking sufficient randomness into account. Ethereum requires the SK private key to be 256 bits long. Public key generation is done using the group operation of
Petition 870190037619, of 04/18/2019, p. 34/72
26/47 ECC encryption. To derive the public key PK, the private key can be multiplied by G. The multiplication used to derive the public key PK is the multiplication of ECC (elliptic curve point multiplication), which is different from normal multiplication. G is the generating point that is one of the domain parameters of ECC encryption. G can have a fixed value for ecp256k1. The address can be, for example, the last 20 bytes of the PK public key hash.
[076] In some embodiments, in step 201, node A can initiate a transaction with node B. For example, user A and user B can negotiate a transaction value t from user A's account to user B. account A and account B may correspond to the “portfolios” described here. Account A can have one or more assets. The asset can comprise, for example, cash, digital currency, contract, deed, medical record, customer details, stocks, bonds, stocks or any other asset that can be described in digital format. Account B can have one or more assets or no assets. Each asset can be associated with various block chain information stored in blocks of the block chain, the block chain information comprising, for example, NoteType representing the type of asset, Notei D representing unique asset identification, commitment values representing a commitment (for example, Pedersen commitment) value of the asset value, encryption of the random number and asset value, etc.
[077] As described in relation to account A, in some modalities, assets A_1 to A_m correspond respectively to asset values a_1 a_m and random numbers r_1 to r_m. Based on the random numbers r_1 to r_m, node A can confirm the asset values in account A for a confirmation scheme (for example, Pedersen commitment) to obtain encrypted confirmation values. For example, encrypted appointment values can be PC_1 to PC_m, where PC_i = PC (r_ {a_i}, aj) = r_ {a_i} χ G + a_i χ H, where G and H are known parameters and i is between 1 and m. In addition to the first field PC (...), each
Petition 870190037619, of 04/18/2019, p. 35/72
27/47 active is also associated with a second E (...) field, as previously described. The second field E (...) can represent an encryption of the corresponding random number and the value of the asset encrypted with the key PK_A. For example, encryption can be E (PK_A, r_ {a_i} | a_i)). The PC (...) and (...) for each asset can be inherited from previous transactions. The same mechanism can be applied to account B and its assets.
[078] In some embodiments, to satisfy transaction value t, user A can use the private key SK_A to decrypt one or more assets from an aggregate value of at least t from account A. For example, node A can touch the assets A_1, A_2, ..., A_k for this transaction, where k is less than or equal to m. The remaining assets A_k + 1, A_k + 2, ..., A_m from account A were not used. Correspondingly, node A can read the assets PC (r_ {a_1}, a_1), PC (r_ {a_2}, a_2), ..., PC (r_ {a_k}, a_k) of node 1. With the random numbers r_ {a_1}, r_ {a_2}, ..., r_ {a_k} known by node A, node A can decrypt reading assets PC (r_ {a_1}, a_1), PC (r_ {a_2}, a_2 ), ..., PC (r_ {a_k}, a_k) to obtain the values of assets a_1, a_2, ..., a_k to ensure that the sum (a_1 + a_2 + ... + a_k) is not less than the transaction amount t. Different assets can be exchanged within the account based on various rates.
[079] In some modalities, the value of selected asset value in excess of t, if any, is defined as y depending on the change. For example, node A can determine the change y = (a_1 + a_2 + ... + a_k) -1. Node A can select the random numbers r_t and r_y as concealment factors to generate Pedersen's commitments for t and y: T = PC (r_t, t), Y = PC (r_y, y). That is, node A can generate a random number r_t for t and a random number r_y for y. Node A can commit t and r_t to a commitment scheme to obtain the commitment value T = PC (r_t, t) and commit y and r_y to a commitment scheme to obtain the commitment value Y = PC (r_y, y).
Petition 870190037619, of 04/18/2019, p. 36/72
28/47 [080] In addition, in some modalities, node A can use the public key PK_B of user B to encrypt (r_t | t), which provides encryption E (PK_B, r_t | t) and use the key public PK_A of user A to encrypt (r_y | y), which provides E encryption (PK_A, r_y | y). Figure 3A and Figure 3B can follow this example. Alternative to obtain encryption E (PK_B, r_t | t) by node A, user A can send r_t et to node B along with the transaction information, causing node B to generate a second key to encrypt (r_t | t) with PK_B. Node B sends encryption to Node A to allow Node A to be verified. Figure 4A and Figure 4B can follow this example. Although concatenation is used in several examples of this disclosure, alternative combinations of inputs, outputs or other parameters can be used for the encryption function or other operation.
[081] In addition, in some modalities, node A can generate a strip proof RP to prove to the block chain nodes if the value of T = PC (r_t, t) and the value of Y = PC (r_y , y) are within a valid range. For example, to have valid values of T = PC (r_t, t), the value of transaction t can be within a valid range [0, 2n-1]; and to have valid values of Y = PC (r_y, y), the change y can be within a valid range [0, 2n-1]. In one embodiment, node A can use the block proof technique to generate the range proof RP related to (r_y, y, Y, r_t, T) for the block chain nodes (for example, consensus nodes ) to verify in a later step that the transaction value t and change y are within the valid range based on the proof of range. Proof of range may include, for example, Bulletproofs, Borromean ring signature, etc.
[082] In step 202, node A can send the transaction information to node B (for example, via a secure channel of the block chain). The transaction information sent can comprise, for example, commitment value T = PC (rt, t), commitment value Y = PC (r_y, y), encryption E (PK_B, r_t | t), encryption E (PK_A , r_y | | y), RP proof of reach, etc. The compromise value Y = PC (r_y,
Petition 870190037619, of 04/18/2019, p. 37/72
29/47
y), E encryption (PK_A, r_y | y) and gap-proof RP may be optional because node B may not care about the change sent back to account A. In some embodiments, transmission over the channel Communication outside the block chain can prevent transaction information from being written to the block chain and prevent nodes, in addition to sending node A and receiving node B, from obtaining transaction information. E (PK_A, r_y | y) may not need to be sent to node B, but it may be necessary in the future for user A to spend change y, since the change must be returned to account A.
[083] In step 203, node B can check the random number r_t, the transaction value t and the commitment value T. In some embodiments, node B can use the private key SK_B to decrypt E encryption (PK_B, r_t | | t) to get r_t | t. From r_t | t, node B can obtain r_t and t, and then check whether r_t and t correspond to T = PC (r_t, t). That is, node B can verify whether the commitment value T = PC (r_t, t) is correct based on the random number r_t and the transaction value t according to the Pedersen consolidation algorithm. If the match / verification fails, node B can reject the transaction; and if the match / verification is successful, node B can sign the transaction to respond to node A in step 204.
[084] In step 204, node B can sign the transaction with the private key SK_B of user B to generate a SIGB signature. The signature can follow the Digital Signature Algorithm (DSA), such as the Elliptical Curve Digital Signature Algorithm (ECDSA), whereby the receiver of the signature can verify the signature with the signer's public key to authenticate the signed data. The SIGB signature indicates that the receiving node B agrees with the transaction.
[085] In step 205, node B can transmit the signed transaction back to node A with the SIGB signature.
[086] In step 206, if the SIGB is not successfully verified, node A can reject the transaction. If the SIGB is successfully verified, node A can sign the
Petition 870190037619, of 04/18/2019, p. 38/72
30/47 transaction with user A's SK_A private key to generate a SIGA subscription. Likewise, the signature can follow the Digital Signature Algorithm (DSA). In one embodiment, node A can sign (E (PK_B, r_t | t); E (PK_A, r_y | y); Y; T; RP) with the private key SK_A of user A to generate the SIGA signature .
[087] In step 207, node A can submit the transaction to the block chain, causing the block chain nodes to check the transaction and determine whether the transaction should be added to the block chain. In a modality, node A can send the transaction (E (PK_B, r_t | t); E (PK_A, r_y | y); Y; T; r '; RP; SIGA; SIGB) to the block chain via node 1 to execute the transaction, r '= r_1 + ... + r_k - r_t - r_y. The transaction may include additional parameters or it may not include all parameters listed. The transaction can be transmitted to one or more nodes (for example, consensus nodes) in the block chain for verification. If the check is successful, the transaction will be added to the block chain. If the verification fails, the transaction will be rejected on being added to the block chain.
[088] In steps 208 to 213, the one or more nodes (for example, consensus nodes) verify the signatures, proof of scope and other information of the submitted transaction. If the verification fails, the nodes will reject the transaction. If the verification is successful, the nodes will accept the transaction, update user A's account and user B's account separately.
[089] In some modalities, to execute the transaction, the transaction information can be verified by several block chain nodes. Transaction information can include the transaction address TXID, signature (s), input and output TXID can include the hash of the content of the transaction. Signatures can include encryption signatures by the sender and receiver. The entry can include a block chain issuer account address, one or more assets taken from the issuer's block chain account for transaction, etc. The output may include a recipient's account address in a chain of blocks, asset type (s) of the beneficiary asset (s),
Petition 870190037619, of 04/18/2019, p. 39/72
31/47 commitment value (s) of the asset (s) of the recipient (s), etc. Input and output can include information indexed in a tabular form. In some modalities, the value of the value I noticed D can be “the TXID + an index of the asset in the output”. The public key PK_A of the sender can serve as the address of account A and the public key PK_B of the receiver can serve as the address of account B.
[090] In some modalities, the one or more nodes in the block chain can verify the submitted transaction (E (PK_B, r_t | t); E (PK_A, r_y | y); Y; T; RP; SIGA; SIGB).
[091] In step 208, nodes can verify that the transaction was performed using a dual anti-spend mechanism or anti-reproduction attack mechanism. If the transaction was executed, the nodes can reject the transaction; otherwise, the method can proceed to step 209.
[092] In step 209, nodes can verify SIGA and SIGB signatures (for example, based on public key A and public key B, respectively). If any of the signatures are incorrect, the nodes can reject the transaction; otherwise, the method can proceed to step 210.
[093] In optional step 210, nodes can verify that asset types are consistent. For example, nodes can verify that the types of assets in NoteType from A_1 to A_k are consistent with the asset types of the transaction value t. If any of the asset types are inconsistent, the nodes can reject the transaction; otherwise, the method may proceed to step 211. In some embodiments, the original asset type in the portfolio may have been converted to another type based on an exchange rate, and this step may be skipped.
[094] In step 211, the nodes can check the RP to the proof of reach to validate the PC value (r_t, t) and the PC value (r_y, y). In one embodiment, the nodes can check the RP at the reach of proof to verify that the transaction value t is not less than zero and the change y is not less than zero. If the verification fails,
Petition 870190037619, of 04/18/2019, p. 40/72
Nodes can reject the transaction; otherwise, the method can proceed to step 212.
[095] In step 212, nodes can verify that the transaction inputs and outputs are consistent. In one embodiment, r 'may correspond to the asset value t ’= a_1 + ... + a_k -1 - y based on the homomorphic property, where r’ = r_1 + ... + r_k - r_t - r_y. Since the input assets are a_1 for a_k and the output is t + y, t '= 0 when the input and output are consistent: a_1 + ... a_k = t + y. Thus, the corresponding commitment value ar 'is PC (r', tj = r 'x G + t' χ H = r'G. As r '= r_1 + ... + r_k - r_t - r_y, nodes can determine if the inputs and outputs are equal, checking if r'G is equal to PC_1 + ... + PC_k - T - Y corresponding to r_1 + ... + r_k - r_t - r_y. If r'G is equal to PC_1 + ... + PC_k - T - Y, the nodes will be able to determine if the transaction inputs and outputs are consistent and proceed to the next step; otherwise, the nodes can determine that the transaction inputs and outputs are inconsistent and reject the transaction.
[096] In step 213, nodes can check whether node A has the asset (s) used for the transaction. In one embodiment, nodes can perform this verification based on information stored in the block chain, such as information corresponding to account A. The information can comprise information from previous transactions for all assets. The nodes can therefore determine whether account A has the transaction facility for the transaction. If the determination is no, the nodes can reject the transaction; otherwise, the method can proceed to step 214.
[097] In step 214, nodes can update account A and account B. For example, nodes can remove the transaction asset of value t from account A and add it to account B. Based on homomorphic property, since Y = PC (r_y, y) and node 1 knows r_y and can access the compromise value Y of the block chain, node 1 can decrypt Y to obtain the value of asset y and return it to the
Petition 870190037619, of 04/18/2019, p. 41/72
33/47 account A. Node 2 obtains in step 202 the random number r_t from node 1 and can obtain commitment value T. from the block chain. Thus, node 2 can decrypt T to obtain the asset value included. it on account B.
[098] In one example, after upgrading to account A and account B, account A receives change y for exploited assets _1, A_2, ..., A_k and receives its unexploited assets A_k + 1A_m and a account B receives the transaction amount and receives its original assets B_1, B_2, ..., B_n. The assets in account A and account B are as follows:
[099] For Account A (account A), updated assets are denoted as:
(Y = PC (r_y, y), E (PK_A, r_y | y)), (A_k + 1 = PC (r_ {a_ k + 1}, a_k + 1), E (PK_A, r_ {a_ k + 1} | a_ k + 1)) (A_k + 2 = PC (r_ {a_ k + 2}, a_ k + 2), E (PK_A, r_ {a_ k + 2} | a_ k + 2)) (A_m = PC (r_ {a_m}, a_m), E (PK_A, r_ {a_m} | a_m)) [0100] For Account B (account B), updated assets are denoted as:
(B_1 = PC (r_ {b_1}, b_1), E (PK_B, r_ {b_1} | b_1)), (B_2 = PC (r_ {b_2}, b_2), E (PK_B, r_ {b_2} | b_2)), (B_n = PC (r_ {b_n}, b_n), E (PK_B, r_ {b_n} | b_n)), (T = PC (r_t, t), E (PK_B, r_t | t) ) [0101] Although this disclosure uses node A / user A and node B / user B to illustrate the sender and receiver, respectively, the sender and receiver can be the same node / user. For example, a transaction's y change (total assets explored in account A minus the transaction amount) can be sent back to the issuer of the transaction. Thus, the various steps performed by node B, as described here, can alternatively be performed by node A.
[0102] Figure 3A illustrates a flow chart of an example method 300
Petition 870190037619, of 04/18/2019, p. 42/72
34/47 for the protection of information, in accordance with the various modalities of this disclosure. Method 300 can be implemented by one or more components (e.g., node A, node 1, a combination of node A and node 1) of system 100 of FIG. 1. Method 300 may be implemented by a system or device (for example, computer, server) comprising a processor and a computer-readable non-transitory storage medium (for example, memory) storing instructions to be executed by the processor to cause the system or device (for example, the processor) to perform method 300. The operations of method 300 presented below are intended to be illustrative. Depending on the implementation, the exemplary method 300 may include additional, less or alternative steps performed in several orders or in parallel.
[0103] Block 301 comprises: committing a transaction value t of a transaction with a commitment scheme to obtain a transaction commitment value T, the commitment scheme comprising at least one transaction concealment factor r_t; For example, as described above, T = PC (r_t, t). In some embodiments, the commitment scheme comprises a Pedersen commitment based at least on the hiding factor of the transaction r_t and with the transaction amount t being a committed amount.
[0104] Block 302 comprises: encrypting a combination of the transaction hiding factor r_t and the transaction value t with a public key PK_B from a receiver of the transaction. For example, node A can use the PK_B key to encrypt (r_t | t), which generates E encryption (PK_B, r_t | t). In some embodiments, the public key PK_B is an asymmetric encryption key. In some embodiments, the combination of transaction hiding factor r_t and transaction value t comprises a concatenation of transaction hiding factor r_t and transaction value t.
[0105] Block 303 comprises: transmitting the commitment value of
Petition 870190037619, of 04/18/2019, p. 43/72
35/47 transaction Tea encrypted combination for a receiving node with the receiving node for the receiving node verifies the transaction (eg, causing the receiver node to verify the transaction). In some embodiments, transmitting the encrypted Tea combination commitment value to a receiver node associated with the receiver for the receiver node to verify the transaction comprises transmitting the encrypted Tea transaction commitment value to the receiver node associated with the receiver, causing that the receiving node: decrypt the encrypted combination with a private key SK_B of the recipient to obtain the transaction hiding factor r_t and the transaction value t; and verify the transaction based on at least the transaction commitment amount T, the transaction concealment factor r_t and the transaction amount t.
[0106] In some embodiments, having the receiving node verify the transaction based at least on the transaction commitment value T, the transaction concealment factor r_t, and the transaction value t comprises making the node receiver: in response to the determination that the transaction commitment amount T does not match the transaction value commitment scheme t based on the transaction concealment factor r_t, reject the transaction; and in response to the determination that the transaction commitment amount T matches the transaction value commitment scheme t based on the transaction concealment factor r_t, approve the transaction by signing the transaction with the receiver's SK_B private key to generate a SIGB receiver signature.
[0107] In some embodiments, before (block 304) of transmitting the encrypted combination to the receiving node associated with the receiver, the method further comprises: committing a transaction change y with the commitment scheme to obtain a change commitment value Y, the commitment scheme comprising at least one concealment change factor r_y, where change y is one or more assets of a transaction issuer that are used for the transaction
Petition 870190037619, of 04/18/2019, p. 44/72
36/47 minus transaction amount t; and encrypt another combination of the change hiding factor r_y and change y with a public key PK_A from the issuer. For example, node A can use the PK_A key to encrypt (r_y | | y), which generates E encryption (PK_A, r_y | y).
[0108] In some modalities, the method additionally comprises: in response to receiving the signature from the SIGB receiver, approving the transaction by signing the transaction with a SK_A private key from the issuer to generate a signature from the SIGA issuer; and send the transaction comprising the encrypted combination, the other encrypted combination, the transaction commitment value T, the change commitment value Y, the SIGA sender's signature and the receiver's signature SIGB to one or more nodes on a network block chain for one or more nodes to verify the transaction. More details are described above with reference to Steps 208-2013.
[0109] In some embodiments, sending the transaction comprising the encrypted combination, the other encrypted combination, the transaction commitment value T, the change commitment value Y, the SIGA issuer signature and the receiver's signature SIGB to the one or more nodes in the block chain network for one or more nodes to verify the transaction comprises: sending the transaction comprising the encrypted combination, the other encrypted combination, the transaction commitment value T, the change commitment value Y, the SIGA of the sender's signature and the SIGB of the receiver's signature for one or more nodes in the block chain network, causing the one or more nodes, in response to a successful verification of the transaction, to issue the transaction amount t for the receiver, eliminate one or more assets used for the transaction and issue change y to the sender. More details are described above with reference to Step 214.
[0110] Figure 3B illustrates a flow chart of an exemplary method 400 for protecting information, according to various modalities of the present disclosure.
Petition 870190037619, of 04/18/2019, p. 45/72
37/47
Method 400 can be implemented by one or more components (e.g., node B, node 2, a combination of node B and node 2, etc.) of system 100 of FIG. 1. Method 400 can be implemented by a system or device (for example, computer, server) comprising a processor and a non-transient, computer-readable storage medium (for example, memory) storing instructions to be executed by the processor to make that the system or device (for example, the processor) performs method 400. The operations of method 400 presented below are intended to be illustrative. Depending on the implementation, the exemplary method 400 may include additional, less or alternative steps performed in several orders or in parallel.
[0111] Block 401 comprises: obtaining a combination of a transaction concealment factor r_t and an encrypted transaction value t with a public key PK_B from a transaction receiver, and obtaining a transaction commitment value T, where : the transaction value t is committed to a commitment scheme by an issuing node associated with a transaction issuer to obtain the transaction commitment value Τ, the commitment scheme comprising at least the transaction concealment factor r_t.
[0112] Block 402 comprises: decrypting the combination obtained with a SK_B private key from a transaction receiver to obtain the transaction concealment factor r_t and the transaction value t. In some embodiments, the receiver's PK_B public key and the receiver's SK_B private key are asymmetric encryption keys.
[0113] Block 403 comprises: verifying the transaction based, at least, on the transaction commitment amount T, on the transaction concealment factor r_t and on the transaction amount t.
[0114] Alternative to encrypt the combination (r_t, t) as (r_t | t) on node A, node A can transmit (r_t, t) to node B, causing node B to encrypt the
Petition 870190037619, of 04/18/2019, p. 46/72
38/47 combination (r_t, t), as described below with reference to FIG. 4A and Figure 4B. Other steps and descriptions from Figure 1 to FIG. 3B can similarly apply to Figure 4A and Figure 4B.
[0115] Figure 4A illustrates a flow chart of an exemplary 440 method for protecting information, in accordance with various modalities of the present disclosure. Method 440 can be implemented by one or more components (e.g., node A, node 1, a combination of node A and node 1, etc.) of system 100 of FIG. 1. Method 440 can be implemented by a system or device (for example, computer, server) comprising a processor and a non-transient, computer-readable storage medium (for example, memory) storing instructions to be executed by the processor to make that the system or device (for example, the processor) performs method 440. The operations of method 440 presented below are intended to be illustrative. Depending on the implementation, the exemplary method 440 may include additional, less or alternative steps performed in several orders or in parallel.
[0116] Block 441 comprises: committing a transaction value t of a transaction with a commitment scheme to obtain a transaction commitment value T, the commitment scheme comprising at least one transaction concealment factor r_t;
[0117] Block 442 comprises: sending transaction value t, transaction concealment factor r_t and transaction commitment value T to a receiving node associated with a transaction recipient for the receiving node to verify the transaction and encrypt the transaction concealment factor r_t and the transaction value t with a public key PK_B of the recipient (for example, by having the receiving node verify the transaction and encrypt the transaction concealment factor r_t and the transaction value t with a key receiver's public PK_B). For example, node B can verify that T = PC (r_t, t) and node B can encrypt the combination with the public key PK_A to
Petition 870190037619, of 04/18/2019, p. 47/72
39/47 obtain E (PK_B, r_t | t).
[0118] Block 443 comprises: obtaining an encrypted combination (for example, E (PK_B, r_t | t)) of the transaction concealment factor r_t and the transaction value t of the receiving node [0119] Block 444 comprises: transmit the encrypted combination and the transaction commitment value T to a plurality of ns in a block chain for the plurality of ns to verify the transaction (for example, by having the plurality of ns verify the transaction) [0120] Figure 4B illustrates a flow chart of an exemplary method 450 for protecting information, in accordance with various embodiments of the present disclosure. Method 450 can be implemented by one or more components (e.g., node B, node 2, a combination of node B and node 2, etc.) of system 100 of FIG. 1. Method 450 can be implemented by a system or device (for example, computer, server) comprising a processor and a non-transient, computer-readable storage medium (for example, memory) storing instructions to be executed by the processor to make that the system or device (for example, the processor) performs method 450. The operations of method 450 presented below are intended to be illustrative. Depending on the implementation, the exemplary method 450 may include additional, less or alternative steps performed in several orders or in parallel.
[0121] Block 451 comprises: obtaining a transaction value t from a transaction, a transaction concealment factor rt and a transaction commitment value T.
[0122] Block 452 comprises: checking the transaction based at least on the transaction commitment amount T, the transaction concealment factor r_t and the transaction amount t.
[0123] Block 453 comprises: in response to the successful verification of
Petition 870190037619, of 04/18/2019, p. 48/72
40/47 transaction, encrypt transaction hiding factor r_t and transaction value t with a public key PK_B from a transaction receiver to obtain an encrypted combination (for example, E (PK_B, r_t | t))).
[0124] Block 454 comprises: transmitting the encrypted combination to an issuing node associated with a transaction issuer.
[0125] As shown, privacy for the transaction amount can be protected through several improvements in computing technology. For example, the account structure comprises one or more fields, such as a first field associated with the asset value Pedersen commitment (for example, the first field being PC (r_ {a_i}, aj), with i being between 1 in) and a second field associated with the random number for the Pedersen commitment and the value of the asset (for example, the second field is E (...)). The first field and the second field are also used in the transaction steps and are stored in the block chain.
[0126] For another example, a public-private key system (asymmetric cryptography) of the account is reused to encrypt the random number of each Pedersen appointment and the corresponding asset value, and store the transaction including the encrypted random numbers and values of assets in the block chain. This way eliminates the local management of such random numbers and promotes security based on consistent and distributed block chain storage. Thus, the random number of the appointment can be effectively stored through the block chain, without the need for an additional encryption system.
[0127] For yet another example, gap proof is used to prove that the pre-existing assets of the transaction are balanced against the new assets and the transaction and that the value of each new asset is within a reasonable range. In addition, the parties to the transaction can transmit the compromised random number and the value of the new asset to the receiver through a channel outside the secure block chain for
Petition 870190037619, of 04/18/2019, p. 49/72
41/47 verify that the confirmed amount corresponds to the asset value of the transaction.
[0128] As such, random numbers of Pedersen commitments can be conveniently managed, without the risk of corruption and without incurring additional key management charges. Thus, transaction privacy can be fully protected, and transaction values can be protected. kept as secrets.
[0129] The techniques described here are implemented by one or more computing devices for special purposes. Special purpose computing devices can be desktop computer systems, server computer systems, portable computer systems, portable devices, network devices or any other device or combination of devices that incorporate physical devices and / or program logic to implement the techniques. Computing devices are usually controlled and coordinated by the operating system software. Conventional operating systems control and schedule computer processes to run, perform memory management, provide file systems, network, I / O services, and provide user interface functionality, such as a graphical user interface (GUI), among others things.
[0130] Figure 5 is a block diagram that illustrates a computer system 500 on which any of the modalities described here can be implemented. The 500 system can be implemented on any of the nodes described here and configured to perform the corresponding steps for information protection methods. Computer system 500 includes a bus 502 or other communication mechanism for communicating information, one or more hardware processors 504 coupled with bus 502 to process information. 504 hardware processors can be, for example, one or more general purpose microprocessors.
[0131] The computer system 500 also includes a main memory
Petition 870190037619, of 04/18/2019, p. 50/72
42/47
506, such as random access memory (RAM), cache and / or other dynamic storage devices, coupled to the 502 bus to store information and instructions to be executed by the 504 processor (s). The main memory 506 also can be used to store temporary variables or other intermediate information during the execution of instructions to be executed by the 504 processor (s). Such instructions, when stored in storage media accessible to the 504 processor (s), process the computer system 500 on a special purpose machine that is customized to perform the operations specified in the instructions. The computer system 500 further includes a read-only memory (ROM) 508 or other static storage device coupled to the 502 bus to store static information and instructions for the 504 processor (s). A storage device 510, such as such as a magnetic disk, optical disk, or USB flash drive (pen drive), etc., is provided and attached to the 502 bus to store information and instructions.
[0132] The computer system 500 can implement the techniques described here using custom physical device logic, one or more ASICs or FPGAs, firmware and / or program logic that in combination with the computer system causes or programs the computer system 500 to be a special purpose machine. According to an embodiment, the operations, methods and processes described herein are performed by the computer system 500 in response to the processor (s) 504 which execute one or more sequences of one or more instructions contained in main memory 506 Such instructions can be read in main memory 506 from another storage medium, such as storage device 510. Execution of the instruction sequences contained in main memory 506 causes the processor (s) 504 to perform the process steps described here. In alternative embodiments, wired circuits may be used instead of or in combination with software instructions.
Petition 870190037619, of 04/18/2019, p. 51/72
43/47 [0133] Main memory 506, ROM 508 and / or storage 510 may include non-transitory storage media. The term “non-transitory media” and similar terms, as used here, refer to media that store data and / or instructions that cause a machine to operate in a specific way, the media excludes transitory signals. Such non-transitory media may comprise non-volatile media and / or volatile media. Non-volatile media includes, for example, optical and / or magnetic disks, such as the storage device 510. Volatile media includes, without limitation, dynamic memory, such as main memory 1114. Common forms of non-transitory media include, for example , a floppy disk, floppy disk, hard drive, solid state drive, magnetic tape or any other magnetic data storage medium, a CD-ROM, any other optical data storage medium, any physical media with hole patterns, a RAM, a PROM and EPROM, a FLASH-EPROM, NVRAM, any other chip or memory cartridge and network versions of it.
[0134] Computer system 500 also includes a network interface 518 coupled to bus 502. Network interface 518 provides a bi-directional data communication coupling for one or more network links that are connected to one or more local networks. For example, the 518 network interface can be an integrated services digital network card (ISDN), cable modem, satellite modem, or a modem to provide a data communication link for a corresponding phone line type. As another example, the 518 network interface can be a local area network (LAN) card to provide a data communication connection to a compatible LAN (or WAN component to communicate with a WAN). Wireless links can also be implemented. In any implementation of this type, the network interface 518 sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information.
Petition 870190037619, of 04/18/2019, p. 52/72
44/47 [0135] Computer system 500 can send messages and receive data, including program code, through the network (s), network connection and network interface 518. In the example of the Internet, a server can transmit a requested code to an application program over the Internet, the ISP, the local network and the 518 network interface.
[0136] The received code can be executed by processor (s) 504 as it is received and / or stored in storage device 510, or other non-volatile storage for later execution.
[0137] Each of the processes, methods and algorithms described in the previous sections can be incorporated and fully or partially automated by code modules executed by one or more computer systems or computer processors comprising computer hardware. The processes and algorithms can be implemented partially or totally in specific application circuits.
[0138] The various resources and processes described above can be used independently of each other, or can be combined in several ways. All possible combinations and sub-combinations must be within the scope of this disclosure. In addition, certain methods or process blocks may be omitted in some implementations. The methods and processes described herein are also not limited to any particular sequence, and the blocks or states related to them can be performed in other sequences that are appropriate. For example, described blocks or states can be performed in a different order than specifically disclosed, or multiple blocks or states can be combined into a single block or state. The example blocks or states can be performed in series, in parallel or in some other way. The blocks or states can be added or removed from the exemplary modalities disclosed. The exemplifying systems and components described here can be
Petition 870190037619, of 04/18/2019, p. 53/72
45/47 configured differently than described. For example, elements can be added, removed or rearranged compared to the exemplary modalities disclosed.
[0139] The various operations of the exemplifying methods described here can be performed, at least partially, by an algorithm. The algorithm may be comprised of program codes or instructions stored in memory (for example, a non-transitory, computer-readable storage medium described above). Such an algorithm can comprise a machine learning algorithm. In some embodiments, a machine learning algorithm may not explicitly program computers to perform a function, but it can learn from training data to create a forecast model that performs the function.
[0140] The various operations of the exemplifying methods described here can be performed, at least partially, by one or more processors that are temporarily configured (for example, by software) or permanently configured to perform the relevant operations. Configured temporarily or permanently, such processors may constitute mechanisms implemented by the processor that operate to perform one or more operations or functions described here.
[0141] Similarly, the methods described here can be at least partially implemented in a processor, with a particular processor or processors being an example of hardware. For example, at least some of the operations of a method can be performed by one or more processors or mechanisms implemented by the processor. In addition, one or more processors can also operate to support the performance of relevant operations in a cloud computing environment or as a software as a service (SaaS). For example, at least some of the operations can be performed by a group
Petition 870190037619, of 04/18/2019, p. 54/72
46/47 computers (as examples of machines, including processors), these operations being accessible over a network (for example, the Internet) and through one or more appropriate interfaces (for example, an Application Program Interface (API)).
[0142] The performance of some of the operations can be distributed among processors, not only residing on a single machine, but deployed on several machines. In some exemplary embodiments, the processors or mechanisms implemented by the processor may be located in a single geographic location (for example, within a home environment, an office environment or a server farm). In other exemplary embodiments, processors or engines implemented by a processor can be distributed across a number of geographic locations.
[0143] Throughout this specification, plural instances can implement components, operations or structures described as a single instance. Although individual operations for one or more methods are illustrated and described as separate operations, one or more of the individual operations can be performed simultaneously, and nothing requires the operations to be performed in the order illustrated. The structures and features presented as separate components in the exemplary configurations can be implemented as a combined structure or component. Likewise, the structures and features presented as a single component can be implemented as separate components. These and other variations, modifications, additions and improvements fall within the scope of the subject of the present invention.
[0144] Although a general description of the subject has been described with reference to specific exemplary modalities, several modifications and changes can be made to these modalities without departing from the broader scope of modalities of the present disclosure. Such modalities of matter can be referred to here, individually or collectively, by the term “invention” only for convenience and without
Petition 870190037619, of 04/18/2019, p. 55/72
47/47 intention to voluntarily limit the scope of this application to any disclosure or single concept if more than one is, in fact, disclosed. The Detailed Description should not be taken in a limitative sense, and the scope of various modalities is defined only by the appended claims, together with the full range of equivalents to which such claims are entitled.

权利要求:
Claims (23)
[1]
1. Computer implemented method for information protection, FEATURED for understanding:
committing a transaction value t of a transaction with a commitment scheme to obtain a transaction commitment value Τ, the commitment scheme comprising at least one transaction concealment factor r_t;
encrypt a combination of the transaction concealment factor r_t and the transaction value t with a public key PK_B from a transaction recipient; and transmit the commitment value of the encrypted Tea combination transaction to a receiver node associated with the receiver's receiver node to verify the transaction.
[2]
2. Method, according to claim 1, CHARACTERIZED by the fact that:
the public key PK_B is an asymmetric encryption key.
[3]
3. Method, according to claim 1, CHARACTERIZED by the fact that:
the commitment scheme comprises a Pedersen commitment based at least on the transaction hiding factor r_t and with the transaction value t being a committed value.
[4]
4. Method, according to claim 1, CHARACTERIZED by the fact that:
the combination of the transaction concealment factor r_t and the transaction value t comprises a concatenation of the transaction concealment factor r_t and the transaction value t.
[5]
5. Method, according to claim 1, CHARACTERIZED by the fact that the transmission of the transaction commitment value Tea encrypted combination to the receiver node associated with the receiver for the receiver node to verify the transaction
Petition 870190037619, of 04/18/2019, p. 57/72
2/8 comprises transmitting the transaction compromise value Tea encrypted combination to the receiver node associated with the receiver, causing the receiver node:
decrypt the encrypted combination with a SK_B private key from the receiver to obtain the transaction hiding factor r_t and the transaction value t; and verify the transaction based on at least the transaction commitment amount T, the transaction concealment factor r_t and the transaction value t.
[6]
6. Method, according to claim 5, CHARACTERIZED by the fact that having the receiving node verify the transaction based at least on the transaction commitment value T, the transaction concealment factor r_t, and the value transaction t comprises making the receiving node:
in response to the determination that the transaction commitment amount T does not match the transaction value commitment scheme t based on the transaction concealment factor r_t, reject the transaction; and in response to the determination that the transaction commitment amount T matches the transaction value commitment scheme t based on the transaction concealment factor r_t, approve the transaction by signing the transaction with the receiver's SKJB private key to generate a SIGB receiver signature.
[7]
7. Method according to claim 6, before transmitting the encrypted combination to the receiver node associated with the receiver, CHARACTERIZED by further comprising:
commit a transaction change y to the commitment scheme to obtain a change Y commitment value, the commitment scheme comprising at least one concealment change factor r_y, where change y is one or more assets of an issuer of transaction that are used for the transaction minus the transaction value t; and encrypt another combination of the change hiding factor r_y and change y with a public key PK_A from the issuer.
Petition 870190037619, of 04/18/2019, p. 58/72
3/8
[8]
8. Method, according to claim 7, CHARACTERIZED by the fact that it further comprises:
in response to receiving the signature from the SIGB receiver, approving the transaction by signing the transaction with a SK_A private key from the issuer to generate a signature from the SIGA issuer; and send the transaction comprising the encrypted combination, the other encrypted combination, the transaction commitment value T, the change commitment value Y, the SIGA sender's signature and the receiver's signature SIGB to one or more nodes on a network block chain for one or more nodes to verify the transaction.
[9]
9. Method, according to claim 8, CHARACTERIZED by the fact that sending the transaction comprising the encrypted combination, the other encrypted combination, the transaction commitment value T, the change commitment value Y, the SIGA issuer signature and the receiver's signature SIGB for the one or more nodes in the block chain network for one or more nodes to verify the transaction comprises:
send the transaction comprising the encrypted combination, the other encrypted combination, the transaction commitment value T, the change commitment value Y, the SIGA of the sender's signature and the SIGB of the receiver's signature to one or more nodes in the network block chain, causing the one or more nodes, in response to a successful verification of the transaction, to issue the transaction value t to the receiver, eliminate one or more assets leveraged for the transaction, and issue the change y to the issuer.
[10]
10. Non-transitory computer-readable media CHARACTERIZED by the fact that it stores instructions, which when executed by a processor, cause the processor to perform the operations comprising:
commit a transaction value t of a transaction to a scheme of
Petition 870190037619, of 04/18/2019, p. 59/72
4/8 commitment to obtain a transaction commitment value T, the commitment scheme comprising at least one transaction concealment factor r_t;
encrypt a combination of the transaction concealment factor r_t and the transaction value t with a public key PK_B from a transaction recipient; and transmit the commitment value of the encrypted Tea combination transaction to a receiver node associated with the receiver's receiver node to verify the transaction.
[11]
11. Storage medium, according to claim 10, CHARACTERIZED by the fact that: the public key PK_B is an asymmetric encryption key.
[12]
12. Storage medium according to claim 10, CHARACTERIZED by the fact that: the commitment scheme comprises a Pedersen commitment based at least on the transaction hiding factor r_t and the transaction value t being a value committed.
[13]
13. Storage medium, according to claim 10, CHARACTERIZED by the fact that:
the combination of the transaction concealment factor r_t and the transaction value t comprises a concatenation of the transaction concealment factor r_t and the transaction value t.
[14]
14. Storage medium according to claim 10, CHARACTERIZED by the fact that the transmission of the encrypted combination transaction commitment value to the receiver node associated with the receiver for the receiver node to verify the transaction comprises transmitting the commitment value of Tea transaction encrypted combination for the receiver node associated with the receiver, causing the receiver node:
decrypt the encrypted combination with a SK_B private key from the receiver to obtain the transaction hiding factor r_t and the transaction value t; and
Petition 870190037619, of 04/18/2019, p. 60/72
5/8 verify the transaction based on at least the transaction commitment amount T, the transaction concealment factor r_t and the transaction value t.
[15]
15. Storage medium, according to claim 14, CHARACTERIZED by the fact that having the receiving node verify the transaction based on at least the transaction commitment value Τ, the transaction concealment factor r_t, and the transaction value t comprises making the receiving node:
in response to the determination that the transaction commitment amount T does not match the transaction value commitment scheme t based on the transaction concealment factor r_t, reject the transaction; and in response to the determination that the transaction commitment amount T matches the transaction value commitment scheme t based on the transaction concealment factor r_t, approve the transaction by signing the transaction with the receiver's SKJB private key to generate a SIGB receiver signature.
[16]
16. Storage medium according to claim 15, before transmitting the encrypted combination to the receiving node associated with the receiver, the operations FEATURED by further comprising:
commit a transaction change y to the commitment scheme to obtain a change Y commitment value, the commitment scheme comprising at least one concealment change factor r_y, where change y is one or more assets of an issuer of transaction that are used for the transaction minus the transaction value t; and encrypt another combination of the change hiding factor r_y and change y with a public key PK_A from the issuer.
[17]
17. Storage medium, according to claim 16, CHARACTERIZED by the fact that the operations additionally comprise:
in response to receiving the signature from the SIGB receiver, approving the transaction by signing the transaction with a private key SK_A from the issuer to generate a
Petition 870190037619, of 04/18/2019, p. 61/72
6/8 signature of the SIGA issuer; and send the transaction comprising the encrypted combination, the other encrypted combination, the transaction commitment value T, the change commitment value Y, the SIGA sender's signature and the receiver's signature SIGB to one or more nodes on a network block chain for one or more nodes to verify the transaction.
[18]
18. Storage medium according to claim 17, CHARACTERIZED by the fact that sending the transaction comprising the encrypted combination, the other encrypted combination, the transaction commitment value T, the change commitment value Y, the signature of the SIGA sender and receiver's signature SIGB for the one or more nodes in the block chain network for one or more nodes to verify the transaction comprises:
send the transaction comprising the encrypted combination, the other encrypted combination, the transaction commitment value T, the change commitment value Y, the SIGA of the sender's signature and the SIGB of the receiver's signature to one or more nodes in the network block chain, causing the one or more nodes, in response to a successful verification of the transaction, to issue the transaction value t to the receiver, eliminate one or more assets leveraged for the transaction, and issue the change y to the issuer.
[19]
19. Information protection system, FEATURED for comprising a processor and a non-transitory computer-readable storage medium coupled to the processor, the storage medium storing instructions to be executed by the processor to make the system perform the operations comprising:
committing a transaction value t of a transaction with a commitment scheme to obtain a transaction commitment value T, the commitment scheme comprising at least one transaction concealment factor r_t;
Petition 870190037619, of 04/18/2019, p. 62/72
7/8 encrypt a combination of the transaction concealment factor r_t and the transaction value t with a public key PK_B from a recipient of the transaction; and transmit the commitment value of the encrypted Tea combination transaction to a receiver node associated with the receiver's receiver node to verify the transaction.
[20]
20. Computer implemented method for information protection, FEATURED for understanding:
obtain a combination of a transaction concealment factor r_t and a transaction value t encrypted with a public key PK_B from a transaction receiver, and obtain a transaction commitment value T, where: transaction value t is committed with a commitment scheme by an issuing node associated with a transaction issuer to obtain the transaction commitment value T, the commitment scheme comprising at least the transaction concealment factor r_t;
decrypt the combination obtained with a SK_B private key from a receiver to obtain the transaction hiding factor r_t and the transaction value t; and verify the transaction based on at least the transaction commitment amount T, the transaction concealment factor r_t and the transaction value t.
[21]
21. Method, according to claim 20, CHARACTERIZED by the fact that:
the receiver's PK_B public key and the receiver's SK_B private key are asymmetric encryption keys.
[22]
22. Non-transient computer-readable media CHARACTERIZED by the fact that it stores instructions, which when executed by a processor, cause the processor to perform the operations comprising:
obtain a combination of a transaction concealment factor r_t and a transaction value t encrypted with a public key PK_B from a receiver of a
Petition 870190037619, of 04/18/2019, p. 63/72
8/8 transaction, and obtain a transaction commitment value T, where: transaction value t is committed to a commitment scheme by an issuing node associated with a transaction issuer to obtain the transaction commitment value T, the commitment scheme comprising at least the transaction concealment factor r_t;
decrypt the combination obtained with a SK_B private key from a receiver to obtain the transaction hiding factor r_t and the transaction value t; and verify the transaction based on at least the transaction commitment amount T, the transaction concealment factor r_t and the transaction value t.
[23]
23. Information protection system, CHARACTERIZED by comprising a processor and a non-transitory computer-readable storage medium coupled to the processor, the storage medium storing instructions to be executed by the processor to make the system perform the operations comprising:
obtain a combination of a transaction concealment factor r_t and a transaction value t encrypted with a public key PK_B from a transaction receiver, and obtain a transaction commitment value T, where: transaction value t is committed with a commitment scheme by an issuing node associated with a transaction issuer to obtain the transaction commitment value T, the commitment scheme comprising at least the transaction concealment factor r_t;
decrypt the combination obtained with a SK_B private key from a receiver to obtain the transaction hiding factor r_t and the transaction value t; and verify the transaction based on at least the transaction commitment amount T, the transaction concealment factor r_t and the transaction value t.

类似技术:

---

公开号 | 公开日 | 专利标题

---

BR112019008058A2|2019-11-12|information protection system and method

---

BR112019008036A2|2019-11-12|systems, storage media and methods for information protection

---

BR112019007907A2|2019-11-12|information protection system and method

---

KR102170346B1|2020-10-28|Systems and methods for information protection

---

US10892888B2|2021-01-12|System and method for information protection

---

CA3037833A1|2020-04-18|System and method for information protection

---

US11282325B2|2022-03-22|System and method for information protection

---

AU2019101590A4|2020-01-23|System and method for information protection

---

BR112019007232B1|2022-02-15|COMPUTER-IMPLEMENTED METHODS FOR INFORMATION PROTECTION, SYSTEMS FOR INFORMATION PROTECTION AND NON-TRANSITORY COMPUTER-LEABLE STORAGE MEDIA

同族专利:

---

公开号 | 公开日

---

EP3523919A4|2020-02-26|

---

SG11201903419WA|2019-05-30|

---

US10726657B2|2020-07-28|

---

ES2879855T3|2021-11-23|

---

KR102248154B1|2021-05-06|

---

CN110089069A|2019-08-02|

---

PH12019500848A1|2019-11-25|

---

PL3748901T3|2021-12-06|

---

KR20200066260A|2020-06-09|

---

US20200151992A1|2020-05-14|

---

CA3040791A1|2019-04-18|

---

CA3040791C|2020-12-15|

---

US20200258339A1|2020-08-13|

---

EP3523919A2|2019-08-14|

---

US10748370B2|2020-08-18|

---

WO2019072279A2|2019-04-18|

---

ZA201902473B|2020-08-26|

---

TWI716034B|2021-01-11|

---

WO2019072279A3|2019-09-19|

---

JP2020502857A|2020-01-23|

---

US10909795B2|2021-02-02|

---

US20210090375A1|2021-03-25|

---

CN110089069B|2022-02-22|

---

MX2019004543A|2019-11-11|

---

AU2018347197B2|2020-06-25|

---

US20200051361A1|2020-02-13|

---

PL3523919T3|2021-05-04|

---

RU2716740C1|2020-03-16|

---

US10885735B2|2021-01-05|

---

EP3523919B1|2020-08-26|

---

EP3748901A1|2020-12-09|

---

TW202020711A|2020-06-01|

---

US20200258340A1|2020-08-13|

---

ES2833552T3|2021-06-15|

---

JP6841911B2|2021-03-10|

---

EP3748901B1|2021-06-09|

引用文献:

---

公开号 | 申请日 | 公开日 | 申请人 | 专利标题

---

---

US4926480A|1983-08-22|1990-05-15|David Chaum|Card-computer moderated systems|

---

JP2000207466A|1999-01-18|2000-07-28|Nippon Telegr & Teleph Corp <Ntt>|Electronic commercial transaction method and means with electronic commerical transaction document as medium and recording medium with program recorded therein|

---

JP2000299683A|1999-02-10|2000-10-24|Nippon Telegr & Teleph Corp <Ntt>|Method and device for preserving plural public keys and program recording medium therefor|

---

US7716484B1|2000-03-10|2010-05-11|Rsa Security Inc.|System and method for increasing the security of encrypted secrets and authentication|

---

AU5518301A|2000-04-14|2001-10-30|Wu Wen|Delayed commitment scheme to prevent attacks based on compromised certificates|

---

EP1205889A1|2000-11-10|2002-05-15|TELEFONAKTIEBOLAGET LM ERICSSON |Returning of change in an electronic payment system|

---

US7181017B1|2001-03-23|2007-02-20|David Felsher|System and method for secure three-party communications|

---

US7509498B2|2001-06-29|2009-03-24|Intel Corporation|Digital signature validation|

---

GB2378282A|2001-07-31|2003-02-05|Hewlett Packard Co|Automated multivariate negotiation using convertable undeniable signatures|

---

CN1572099A|2001-10-19|2005-01-26|松下电器产业株式会社|Device authentication system and device authentication method|

---

KR20070046778A|2003-11-03|2007-05-03|코닌클리케 필립스 일렉트로닉스 엔.브이.|Method and device for efficient multiparty multiplication|

---

US8156029B2|2005-02-24|2012-04-10|Michael Gregory Szydlo|Process for verifiably communicating risk characteristics of an investment portfolio|

---

US20090119505A1|2005-05-10|2009-05-07|Dts Ltd.|Transaction method and verification method|

---

JP4435076B2|2005-11-18|2010-03-17|フェリカネットワークス株式会社|Mobile terminal, data communication method, and computer program|

---

US7725446B2|2005-12-19|2010-05-25|International Business Machines Corporation|Commitment of transactions in a distributed system|

---

KR101316150B1|2006-01-25|2013-10-08|파나소닉 주식회사|Terminal device, server device, and digital contents distribution system|

---

TW200820108A|2006-05-24|2008-05-01|Ibm|Method for automatically validating a transaction, electronic payment system and computer program|

---

US20090177591A1|2007-10-30|2009-07-09|Christopher Thorpe|Zero-knowledge proofs in large trades|

---

US20090281949A1|2008-05-12|2009-11-12|Appsware Wireless, Llc|Method and system for securing a payment transaction|

---

US8543091B2|2008-06-06|2013-09-24|Ebay Inc.|Secure short message service communications|

---

US8281131B2|2008-08-28|2012-10-02|International Business Machines Corporation|Attributes in cryptographic credentials|

---

US8744077B2|2008-10-28|2014-06-03|International Business Machines Corporation|Cryptographic encoding and decoding of secret data|

---

JP5264450B2|2008-12-02|2013-08-14|日本電信電話株式会社|Bit commitment verification system, bit commitment device, verification device, bit commitment verification method, bit commitment method, verification method, bit commitment program, verification program|

---

UA106481C2|2008-12-23|2014-09-10|МТН Мобайл Мани СА ЛТД|Method and system for secure transaction processing|

---

US8762741B2|2009-01-29|2014-06-24|Microsoft Corporation|Privacy-preserving communication|

---

US8825555B2|2010-06-30|2014-09-02|International Business Machines Corporation|Privacy-sensitive sample analysis|

---

US8527777B2|2010-07-30|2013-09-03|International Business Machines Corporation|Cryptographic proofs in data processing systems|

---

US8661240B2|2011-04-29|2014-02-25|International Business Machines Corporation|Joint encryption of data|

---

US20120317034A1|2011-06-13|2012-12-13|Microsoft Corporation|Transparent virtual currency using verifiable tokens|

---

US9858401B2|2011-08-09|2018-01-02|Biogy, Inc.|Securing transactions against cyberattacks|

---

SG10201903265PA|2011-09-29|2019-05-30|Amazon Tech Inc|Parameter based key derivation|

---

JP5364141B2|2011-10-28|2013-12-11|楽天株式会社|Portable terminal, store terminal, transmission method, reception method, payment system, payment method, program, and computer-readable storage medium|

---

EP2634738A1|2012-03-02|2013-09-04|Alcatel Lucent|Decentralized electronic transfer system|

---

FR2993382B1|2012-07-13|2015-07-03|Oberthur Technologies|SECURE ELECTRONIC ENTITY FOR THE AUTHORIZATION OF A TRANSACTION|

---

GB201310084D0|2013-06-06|2013-07-17|Mastercard International Inc|Improvements to electronic authentication systems|

---

US9853819B2|2013-08-05|2017-12-26|Guardtime Ip Holdings Ltd.|Blockchain-supported, node ID-augmented digital record signature method|

---

US11055707B2|2014-06-24|2021-07-06|Visa International Service Association|Cryptocurrency infrastructure system|

---

KR20160024185A|2014-08-25|2016-03-04|아이보 |Management system and method of crytocurrency using secure element|

---

GB201419016D0|2014-10-24|2014-12-10|Visa Europe Ltd|Transaction Messaging|

---

EP3278287A4|2015-03-31|2018-08-22|Nasdaq, Inc.|Systems and methods of blockchain transaction recordation|

---

WO2016164496A1|2015-04-06|2016-10-13|Bitmark, Inc.|System and method for decentralized title recordation and authentication|

---

US9397985B1|2015-04-14|2016-07-19|Manifold Technology, Inc.|System and method for providing a cryptographic platform for exchanging information|

---

US10026082B2|2015-05-21|2018-07-17|Mastercard International Incorporated|Method and system for linkage of blockchain-based assets to fiat currency accounts|

---

US9870562B2|2015-05-21|2018-01-16|Mastercard International Incorporated|Method and system for integration of market exchange and issuer processing for blockchain-based transactions|

---

WO2016200885A1|2015-06-08|2016-12-15|Blockstream Corporation|Cryptographically concealing amounts transacted on a ledger while preserving a network's ability to verify the transaction|

---

AU2016287728B2|2015-06-30|2020-05-21|Visa International Service Association|Confidential authentication and provisioning|

---

US20180191503A1|2015-07-14|2018-07-05|Fmr Llc|Asynchronous Crypto Asset Transfer and Social Aggregating, Fractionally Efficient Transfer Guidance, Conditional Triggered Transaction, Datastructures, Apparatuses, Methods and Systems|

---

US20170085555A1|2015-07-14|2017-03-23|Fmr Llc|Point-to-Point Transaction Guidance Apparatuses, Methods and Systems|

---

US20180253702A1|2015-11-24|2018-09-06|Gartland & Mellina Group|Blockchain solutions for financial services and other transactions-based industries|

---

US11210663B2|2015-11-30|2021-12-28|Shapeshift Ag|Digital asset zero-custody switch|

---

US10013573B2|2015-12-16|2018-07-03|International Business Machines Corporation|Personal ledger blockchain|

---

US20170236121A1|2016-02-11|2017-08-17|Mastercard International Incorporated|Method and system for offline blockchain exchanges|

---

US20170243193A1|2016-02-18|2017-08-24|Skuchain, Inc.|Hybrid blockchain|

---

SG10201805995VA|2016-02-23|2018-08-30|Nchain Holdings Ltd|Determining a common secret for the secure exchange of information and hierarchical, deterministic cryptographic keys|

---

CN108352015B|2016-02-23|2022-02-01|恩链控股有限公司|Secure multi-party loss-resistant storage and encryption key transfer for blockchain based systems in conjunction with wallet management systems|

---

EP3860037A1|2016-02-23|2021-08-04|Nchain Holdings Limited|Cryptographic method and system for secure extraction of data from a blockchain|

---

WO2017147696A1|2016-02-29|2017-09-08|Troy Jacob Ronda|Systems and methods for distributed identity verification|

---

KR20180127504A|2016-04-11|2018-11-28|엔체인 홀딩스 리미티드|A method for secure peer-to-peer communication in a block chain|

---

CN107306183B|2016-04-22|2021-12-21|索尼公司|Client, server, method and identity verification system|

---

KR101780635B1|2016-04-28|2017-09-21|주식회사 코인플러그|Method for creating, registering, revoking certificate information and server using the same|

---

US10046228B2|2016-05-02|2018-08-14|Bao Tran|Smart device|

---

US10447478B2|2016-06-06|2019-10-15|Microsoft Technology Licensing, Llc|Cryptographic applications for a blockchain system|

---

KR101802655B1|2016-06-10|2017-11-29|인하대학교 산학협력단|Method and system for sage softwate-based one time password generation using remote server|

---

US11062366B2|2016-06-24|2021-07-13|Raise Marketplace Inc.|Securely processing exchange items in a data communication system|

---

US20180006823A1|2016-07-01|2018-01-04|Qualcomm Incorporated|Multi-hop secure content routing based on cryptographic partial blind signatures and embedded terms|

---

KR101795695B1|2016-07-14|2017-12-01|주식회사 코인플러그|Method for providing archiving service and verification service of data transceived via messenger service and server using the same|

---

EP3485448A4|2016-07-15|2019-07-24|Visa International Service Association|Digital asset distribution by transaction device|

---

EP3273635B1|2016-07-20|2019-10-30|Mastercard International Incorporated|Secure channel establishment|

---

US10785167B2|2016-07-26|2020-09-22|Nec Corporation|Method for controlling access to a shared resource|

---

US10067810B2|2016-07-28|2018-09-04|Cisco Technology, Inc.|Performing transactions between application containers|

---

GB201613176D0|2016-07-29|2016-09-14|Eitc Holdings Ltd|Computer-implemented method and system|

---

US10769600B2|2016-09-26|2020-09-08|International Business Machines Corporation|Cryptocurrency transactions using debit and credit values|

---

JP6971019B2|2016-09-26|2021-11-24|Ｇｍｏインターネット株式会社|Data management system, information processing device, program, and data management method|

---

CN106549749B|2016-12-06|2019-12-24|杭州趣链科技有限公司|Block chain privacy protection method based on addition homomorphic encryption|

---

WO2018125989A2|2016-12-30|2018-07-05|Intel Corporation|The internet of things|

---

CN106911470B|2017-01-23|2020-07-07|北京航空航天大学|Bit currency transaction privacy enhancement method|

---

CN106845960B|2017-01-24|2018-03-20|上海壹账通区块链科技有限公司|Method for secure transactions and system based on block chain|

---

CN107025602A|2017-02-24|2017-08-08|杭州象链网络技术有限公司|A kind of financial asset transaction system construction method based on alliance's chain|

---

JP6961960B2|2017-03-13|2021-11-05|ソニーグループ株式会社|Information processing device and information processing method|

---

JP6719410B2|2017-03-17|2020-07-08|Kddi株式会社|Generation device, verification device, and program|

---

US20180293576A1|2017-04-05|2018-10-11|Samsung Sds Co., Ltd.|System for custom currency transaction based on blockchain and operating method thereof|

---

US11095432B2|2017-04-05|2021-08-17|Samsung Sds Co., Ltd.|System for processing data based on blockchain and operating method thereof|

---

GB201705621D0|2017-04-07|2017-05-24|Nchain Holdings Ltd|Computer-implemented system and method|

---

GB201705749D0|2017-04-10|2017-05-24|Nchain Holdings Ltd|Computer-implemented system and method|

---

GB201705858D0|2017-04-11|2017-05-24|Nchain Holdings Ltd|Computer-implemented system and method|

---

GB201706132D0|2017-04-18|2017-05-31|Nchain Holdings Ltd|Computer-implemented system and method|

---

US10198949B2|2017-04-28|2019-02-05|Mastercard International Incorporated|Method and system for parking verification via blockchain|

---

US10560270B2|2017-05-03|2020-02-11|International Business Machines Corporation|Optimal data storage configuration in a blockchain|

---

GB201707168D0|2017-05-05|2017-06-21|Nchain Holdings Ltd|Computer-implemented system and method|

---

GB201707296D0|2017-05-08|2017-06-21|Nchain Holdings Ltd|Computer-implemented system and method|

---

US11165589B2|2017-05-11|2021-11-02|Shapeshift Ag|Trusted agent blockchain oracle|

---

CN107451175B|2017-05-23|2020-01-31|创新先进技术有限公司|data processing method and device based on block chain|

---

CN107239951A|2017-06-07|2017-10-10|北京天德科技有限公司|A kind of expansible Central Bank's digital cash method of commerce based on third generation block chain|

---

US20200213085A1|2017-06-14|2020-07-02|nChain Holdings Limited|Systems and methods for addressing security-related vulnerabilities arising in relation to off-blockchain channels in the event of failures in a network|

---

US10333710B2|2017-09-12|2019-06-25|Qed-It Systems Ltd.|Method and system for determining desired size of private randomness using Tsallis entropy|

---

TWI636411B|2017-09-13|2018-09-21|現代財富控股有限公司|System to provide non-repudiation for non-blockchain node and method thereof|

---

US10361870B2|2017-09-14|2019-07-23|The Toronto-Dominion Bank|Management of cryptographically secure exchanges of data using permissioned distributed ledgers|

---

CN107679857B|2017-10-10|2021-04-27|马晶瑶|Block chain cross-chain transaction method and storage medium|

---

CN108062671A|2017-11-03|2018-05-22|深圳市轱辘车联数据技术有限公司|Data trade method, block chain node server and data submit terminal|

---

WO2019109003A1|2017-11-30|2019-06-06|Visa International Service Association|Blockchain system for confidential and anonymous smart contracts|

---

CN108418689B|2017-11-30|2020-07-10|矩阵元技术（深圳）有限公司|Zero-knowledge proof method and medium suitable for block chain privacy protection|

---

US10831764B2|2017-12-02|2020-11-10|International Business Machines Corporation|Query processing and access control in a blockchain network|

---

US11227284B2|2017-12-13|2022-01-18|Mastercard International Incorporated|Method and system for consumer-initiated transactions using encrypted tokens|

---

CN108282459B|2017-12-18|2020-12-15|中国银联股份有限公司|Data transmission method and system based on intelligent contract|

---

US20190205563A1|2017-12-29|2019-07-04|Ebay, Inc.|User controlled storage and sharing of personal user information on a blockchain|

---

TWM561861U|2018-01-11|2018-06-11|網家金融科技股份有限公司|Internet payment money transfer system|

---

US10504314B2|2018-01-29|2019-12-10|Accenture Global Solutions Limited|Blockchain-based anonymized cryptologic voting|

---

CN108512650B|2018-02-28|2021-03-09|南京思利华信息科技有限公司|Block chain-oriented dynamic hash calculation method, device, node and storage medium|

---

CN108288159A|2018-03-07|2018-07-17|物数（上海）信息科技有限公司|Across chain method of commerce, system, equipment and storage medium based on multi-tiling chain|

---

CN108320228A|2018-03-07|2018-07-24|物数（上海）信息科技有限公司|Transregional piece of chain transaction in assets method, platform, equipment and storage medium|

---

US10708243B2|2018-04-24|2020-07-07|Capital One Services, Llc|Message encryption using public keychains|

---

CN108711105A|2018-05-16|2018-10-26|四川吉鼎科技有限公司|A kind of Secure Transaction verification method and system based on block chain|

---

CN108764874B|2018-05-17|2021-09-07|深圳前海微众银行股份有限公司|Anonymous transfer method, system and storage medium based on block chain|

---

CN108683669B|2018-05-19|2021-09-17|深圳市图灵奇点智能科技有限公司|Data verification method and secure multi-party computing system|

---

CN108876332B|2018-06-04|2020-09-22|清华大学|Block chain safe transaction method and device based on biometric feature mark authentication|

---

CN109003184A|2018-06-22|2018-12-14|中链科技有限公司|Block chain assets management method and device|

---

JP6956062B2|2018-10-30|2021-10-27|株式会社Ｃｒｙｐｔｏ Ｇａｒａｇｅ|Transaction method, program, verification device and generation method|

---

BR112019008171A2|2018-11-07|2019-09-10|Alibaba Group Holding Ltd|computer-implemented method for validating blockchain transactions based on account templates, computer readable storage media, and system|

---

KR102150814B1|2018-11-27|2020-09-02|알리바바 그룹 홀딩 리미티드|Systems and methods for information protection|

---

SG11201903419WA|2018-11-27|2019-05-30|Alibaba Group Holding Ltd|System and method for information protection|CN111768304A|2018-08-06|2020-10-13|阿里巴巴集团控股有限公司|Block chain transaction method and device and electronic equipment|

---

SG11201903419WA|2018-11-27|2019-05-30|Alibaba Group Holding Ltd|System and method for information protection|

---

EP3745637B1|2018-11-27|2021-06-09|Advanced New Technologies Co., Ltd.|System and method for information protection|

---

RU2719311C1|2018-11-27|2020-04-17|Алибаба Груп Холдинг Лимитед|Information protection system and method|

---

KR102150814B1|2018-11-27|2020-09-02|알리바바 그룹 홀딩 리미티드|Systems and methods for information protection|

---

US10700850B2|2018-11-27|2020-06-30|Alibaba Group Holding Limited|System and method for information protection|

---

RU2719423C1|2018-11-27|2020-04-17|Алибаба Груп Холдинг Лимитед|Information protection system and method|

---

US10764062B2|2019-06-03|2020-09-01|Alibaba Group Holding Limited|Blockchain ledger compression|

---

US10790990B2|2019-06-26|2020-09-29|Alibaba Group Holding Limited|Ring signature-based anonymous transaction|

---

SG10201907110VA|2019-08-01|2020-08-28|Alibaba Group Holding Ltd|Methods and devices for transaction matching based on blockchain system|

---

CN110648229A|2019-08-07|2020-01-03|中国科学院信息工程研究所|Semi-public block chain system and transaction method|

---

CN110473105A|2019-08-20|2019-11-19|深圳市网心科技有限公司|A kind of block chain transaction settlement method, system and relevant device|

---

CN110545279A|2019-09-05|2019-12-06|国网区块链科技有限公司|block chain transaction method, device and system with privacy and supervision functions|

---

WO2022005434A1|2020-07-03|2022-01-06|Havelsan Hava Elektronik San. Ve Tic. A.S.|A trusted zone-based method for safe storage and transfer of blockchain registered digital keys|

法律状态:
2021-05-04| B25A| Requested transfer of rights approved|Owner name: ADVANTAGEOUS NEW TECHNOLOGIES CO., LTD. (KY) |

---

2021-05-25| B25A| Requested transfer of rights approved|Owner name: ADVANCED NEW TECHNOLOGIES CO., LTD. (KY) |

---

2021-10-13| B350| Update of information on the portal [chapter 15.35 patent gazette]|

优先权:

---

申请号 | 申请日 | 专利标题

---

PCT/CN2018/117571|WO2019072279A2|2018-11-27|2018-11-27|System and method for information protection|

---