US2019074966A1PendingUtilityA1

Revocation of cryptographic keys in the absence of a trusted central authority

57
Assignee: FINLOW BATES KEIRPriority: May 7, 2016Filed: Nov 5, 2018Published: Mar 7, 2019
Est. expiryMay 7, 2036(~9.8 yrs left)· nominal 20-yr term from priority
H04L 9/3268G06Q 20/3829H04L 67/104H04L 9/0891H04L 63/0823H04L 2209/56
57
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A method and apparatus are presented for revoking cryptographic keys within a distributed ledger system in which no central trusted authority is available. A key revocation message is sent by a network connected device to other network connected devices over a peer-to-peer network for inclusion in a ledger. In one embodiment the revocation message is signed using a private key of a public/private key pair to be revoked. In another embodiment an authorization for future revocation of the public/private key pair by a plurality of other public/private keys is sent for inclusion in the ledger, and subsequently the key revocation message is signed with one of the private keys of the plurality of public/private key pairs before sending the key revocation message. Once a valid key revocation message is included in the ledger, any future request to include a message signed by a revoked cryptographic key revoked by the valid key revocation message is rejected.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method for a proof-of-work based revocation of a public/private key pair used in a shared ledger distributed through a peer-to-peer network comprising the following steps:
 (A) generating a key revocation message for the public/private key pair;   (B) constructing a data message comprising the key revocation message and a nonce;   (C) applying one or more hash functions to the data message to produce an output;   (D) determining whether the output meets or fails to meet a target;   (E) if the output fails to meet the target selecting a new nonce, replacing the nonce in the data message with the new nonce, and repeating steps (C)-(E) until the output meets the target;   (F) transmitting the data message to the peer-to-peer network;   (G) appending the data message, by the peer-to-peer network, to the shared ledger; and   (H) rejecting, by the peer-to-peer network, any subsequent request to append to the shared ledger a further message signed by the private key of the public/private key pair.   
     
     
         2 . The method of  claim 1 , wherein the data message further comprises a signature of all or part of the data message, said signature generated using a second private key of a second public/private key pair. 
     
     
         3 . The method of  claim 2 , further comprising:
 creating a record of a number of commercially-valued credits associated with the second public key of the second public/private key pair; and   including the record of the number of commercially-valued credits in the shared ledger with the data message, by the peer-to-peer network.   
     
     
         4 . The method of  claim 3 , wherein the commercially-valued credits are associated with one or more of: a network address, a cryptographic key, or an email address. 
     
     
         5 . A plurality of network connected devices, each comprising: one or more processors and storage media comprising computer instructions, said plurality of network connected devices being connected via a peer-to-peer network to each other, arranged such that, when the computer instructions are executed on the one or more processors of one or more of the plurality of network connected devices, operations are caused for a revocation of a public/private key pair used in a shared ledger distributed through a peer-to-peer network, comprising the following steps:
 (A) generating, by a first of the plurality of network connected devices, a key revocation message for the public/private key pair;   (B) constructing, by the first of the plurality of network connected devices, a data message comprising the key revocation message and a nonce;   (C) applying, by the first of the plurality of network connected devices, one or more hash functions to the data message to produce an output;   (D) determining, by the first of the plurality of network connected devices, whether the output meets or fails to meet a target;   (E) if the output fails to meet the target selecting, by the first of the plurality of network connected devices, a new nonce, replacing the nonce in the data message with the new nonce, and repeating steps (C)-(E) until the output meets the target;   (F) transmitting, by the first of the plurality of network connected devices, the data message to a remainder of the plurality of network connected devices;   (G) appending the data message, by the plurality of network connected devices, to the shared ledger; and   (H) rejecting, by the plurality of network connected devices, any subsequent request to append to the shared ledger a further message signed by the private key of the public/private key pair.   
     
     
         6 . The plurality of network connected devices of  claim 5 , wherein the data message further comprises a signature of all or part of the data message, said signature generated by the first of the plurality of network connected devices using a second private key of a second public/private key pair. 
     
     
         7 . The plurality of network connected devices of  claim 6 , further comprising:
 creating, by a first of the plurality of network connected devices, a record of a number of commercially-valued credits associated with the second public key of the second public/private key pair; and   including the record of the number of commercially-valued credits in the shared ledger with the data message, by the plurality of network connected devices.   
     
     
         8 . The plurality of network connected devices of  claim 7 , wherein the commercially-valued credits are associated with one or more of: a network address, a cryptographic key, or an email address.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.