US2020090177A1PendingUtilityA1

Reissuing obligations to preserve privacy

58
Assignee: R3 LTDPriority: Oct 31, 2017Filed: Nov 25, 2019Published: Mar 19, 2020
Est. expiryOct 31, 2037(~11.3 yrs left)· nominal 20-yr term from priority
H04L 9/3247G06Q 20/382G06Q 20/065G06Q 20/223G06Q 20/02G06Q 2220/00G06Q 20/3825H04L 2209/56G06Q 20/3829H04L 9/3263G06Q 20/38215H04L 9/3239H04L 2209/38G06Q 20/401H04L 9/50H04L 9/0825
58
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A system is provided for reissuing obligations whose ownership is recorded in a distributed ledger to preserve the identity of prior owners of the obligations. The system accesses a target transaction in which an issuer has a target obligation to a target owner specified in the target transaction. The target transaction has one or more ancestor transactions that each specify an owner. The system retires the target transaction so that the issuer no longer has the target obligation. The system then receives an indication that the issuer created a reissue transaction in which the issuer has a reissued obligation to the target owner that is specified in the reissue transaction. The reissue transaction does not have any ancestor transactions.

Claims

exact text as granted — not AI-modified
I/We claim: 
     
         1 . A method performed by one or more computing systems for creating a confidential identity for a first entity, the method comprising:
 generating a first confidential public/private key pair that includes a first confidential public key and a first confidential private key;   generating a first confidential identity certificate, the first confidential identity certificate including the first confidential public key and a first well-known name of the first entity; and   signing the first confidential identity certificate with a first well-known private key of the first entity, a first well-known public key and the first well-known private key composing a first well-known public/private key pair.   
     
     
         2 . The method of  claim 1  further comprising:
 generating a first nonce; 
 receiving from a second entity a second nonce; 
 sending to the second entity the first nonce; 
 signing the first nonce and the second nonce; and 
 sending to the second entity the signed first nonce and second nonce. 
 
     
     
         3 . The method of  claim 2  wherein the signing of the first confidential identity certificate and the signing of the first nonce and the second nonce are performed by signing a combination of the first confidential identity certificate and the first nonce and the second nonce. 
     
     
         4 . The method of  claim 2  wherein the signing of the first nonce and the second nonce is performed by signing a hash of the first nonce and the second nonce. 
     
     
         5 . The method of  claim 1  wherein the first well-known public key and the first well-known name are specified in a first well-known identity certificate of the first entity that is signed by a certificate authority. 
     
     
         6 . The method of  claim 1  further comprising signing data using the first confidential private key so that a second entity when presented with the signed data and the first confidential public key can verify that the signed data was signed using the first confidential private key. 
     
     
         7 . The method of  claim 1  further comprising:
 receiving from a second entity a signed second confidential identity certificate that includes a second confidential public key of the second entity and a second well-known name of the second entity, the second confidential public key and a second confidential private key composing a second confidential public/private key pair; 
 verifying, using a second well-known public key of the second entity, that the received signed second confidential identity certificate was signed by the second entity; and 
 storing the second confidential public key for identifying the second entity based on the second confidential public key. 
 
     
     
         8 . The method of  claim 7  further comprising:
 receiving the second confidential public key and signed data that is signed using the second confidential private key and; and 
 verifying, using the second confidential public key, that the data was signed using the second confidential private key. 
 
     
     
         9 . The method of  claim 8  wherein the signed data is a transaction to which the second entity is a party, the transaction including the second confidential public key. 
     
     
         10 . The method of  claim 1  wherein multiple first confidential identity certificates are generated for signing different data. 
     
     
         11 . A method performed by one or more computing system for verifying a confidential identity of a first entity, the method comprising:
 accessing a signed first confidential identity certificate of the first entity that includes a first confidential public key of the first entity and a first well-known name of the first entity and that is signed using a first well-known private key of the first entity, the first confidential public key and a first confidential private key composing a first confidential public/private key; a first well-known public key and the first well-known private key composing a first well-known public/private key pair; and   verifying using the first well-known public key that the signed first confidential identity certificate was signed using the first well-known private key.   
     
     
         12 . The method of  claim 11  further comprising:
 receiving signed data that is signed using the first confidential private key; and 
 verifying, using the first confidential public key, that the data was signed using the first confidential public key. 
 
     
     
         13 . The method of  claim 1  further comprising:
 receiving from the first entity a first nonce; and 
 sending to the first entity a second nonce; 
 wherein the signed first confidential identity certificate is part of a signed hash derived based on the signed first confidential identity certificate, the first nonce, and the second nonce. 
 
     
     
         14 . The method of  claim 13  wherein the verifying further verifies that signed hash is derived based on the first nonce and the second nonce. 
     
     
         15 . One or more computing systems for creating proof of a confidential identity of a first entity, the one or more computing system comprising:
 one or more computer-readable storage mediums for storing computer-executable instructions for controlling the one or more computing systems to:
 access a first confidential public/private key pair that includes a first confidential public key and a first confidential private key; and 
 sign the first confidential public key with a first well-known private key of the first entity, a first well-known public key and the first well-known private key composing a first well-known public/private key pair; and 
   one or more processors for executing the computer-executable instructions stored in the one or more computer-readable storage mediums.   
     
     
         16 . The one or more computing systems of  claim 15  wherein the signing also signs a combination of the first confidential public key and an identifier of the first entity wherein the signed combination forms a first confidential identity certificate. 
     
     
         17 . The one or more computing system of  claim 15  wherein the instructions further:
 generate a hash derived from the first confidential public key, a first nonce, and a second nonce, the first nonce being generated by the first entity and the second nonce being generated by a second entity; and 
 sign the hash with the first well-known public key. 
 
     
     
         18 . The one or more computing system of  claim 15  wherein the instructions further:
 generate a signed transaction that includes the first confidential public key, the signed transaction signed using the first confidential private key; and 
 provide to a second entity the signed first confidential public key 
 so that the second entity can confirm that the first entity signed the transaction using the first confidential private key and can determine that the signed first confidential public key was signed using the first well-known private key. 
 
     
     
         19 . The one or more computing system of  claim 18  wherein the instructions further record the transaction in a distributed ledger. 
     
     
         20 . The one or more computing system of  claim 18  wherein output of the signed transaction is input to another transaction. 
     
     
         21 . One or more computing systems for verifying an identity of a first entity, the one or more computing system comprising:
 one or more computer-readable storage mediums for storing computer-executable instructions for controlling the one or more computing systems to:
 access a signed first confidential public key of the first entity and that is signed using a first well-known private key of the first entity, the first confidential public key and a first confidential private key composing a first confidential public/private key, a first well-known public key and the first well-known private key composing a first well-known public/private key pair; 
 verify using the first well-known public key that the signed first confidential public key was signed using the first well-known private key; and 
 access signed data that is data that is signed using the first confidential private key; and 
 verify that the first entity signed the data using the signed first confidential public key; and 
   one or more processors for executing the computer-executable instructions stored in the one or more computer-readable storage mediums.   
     
     
         22 . The one or more computing systems of  claim 21  wherein the signed first confidential public key is signed in combination with an identifier of the first entity wherein the signed combination forms a first confidential identity certificate. 
     
     
         23 . The one or more computing systems of  claim 22  wherein the instructions further:
 receive from the first entity a first nonce; 
 send to the first entity a second nonce; 
 wherein the signed first confidential public key is part of a signed hash derived based on the first nonce and the second nonce, the first confidential identity certificate being received as part of receiving the signed hash. 
 
     
     
         24 . The one or more computing systems of  claim 23  wherein the verifying further verifies that signed hash is derived based on the first nonce and the second nonce. 
     
     
         25 . The one or more computing systems of  claim 21  wherein the data is a transaction that identifies the first entity by the first confidential public key. 
     
     
         26 . The one or more computing systems of  claim 25  wherein the output of the transaction is input to another transaction to which the first entity is a party.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.