US2020336299A1PendingUtilityA1

Method and system for managing decentralized data access permissions through a blockchain

55
Assignee: CALLAN JONATHAN SEANPriority: Apr 26, 2018Filed: Jul 4, 2020Published: Oct 22, 2020
Est. expiryApr 26, 2038(~11.8 yrs left)· nominal 20-yr term from priority
H04L 9/50H04L 9/3247H04L 9/083H04L 9/3252G06F 21/6209G06F 16/27H04L 9/3239H04L 9/3249H04L 9/0825H04L 9/0643G06F 16/1834H04L 2209/38
55
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A data management blockchain and protocol for controlling access to data, in which no central trusted authority is required, is presented. The data management blockchain and protocol comprises an initial announcement of public keys by a plurality of blockchain participants, through which each blockchain participant establishes an identity. Subsequently a first of the plurality of blockchain participants publishes data encrypted with a cryptographic key on the blockchain. A second of the plurality of blockchain participants is assigned as an owner of the data by an authority. Access to the data is granted or revoked to further participants by the second of the plurality of blockchain participants through signed permission messages published on the blockchain, and a corresponding hand-over of the cryptographic key by the first of the plurality of blockchain participants, allowing access to the data. Access to further data may be revoked by changing the cryptographic key used.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method for enabling a decryption of a data package encrypted with a symmetric key, comprising:
 transmitting a data record comprising the data package encrypted with the symmetric key to a blockchain, by a data generator;   transmitting an assignment record to the blockchain, by an authorizer, said assignment record asserting ownership of the data package produced by the data generator to a data owner;   transmitting a plurality of permission records to the blockchain, by the data owner, each permission record of the plurality of permission records granting permission to one of each of a plurality of data receivers to access the data package produced by the data generator;   verifying, by the data generator, that the assignment record is digitally signed by the authorizer and that each permission record of the plurality of permission records is digitally signed by the data owner;   on successful verification, releasing the symmetric key, by the data generator, to the plurality of data receivers;   retrieving from the blockchain, by one or more of the plurality of data receivers, the data record comprising the data package; and   decrypting the data package using the symmetric key, by one or more of the plurality of data receivers.   
     
     
         2 . The method of  claim 1 , wherein the data record comprises a pointer to a location of a further data, said further data encrypted with the symmetric key, and stored on one or more of: a computer server, a database, a file system, and a removable computer data storage medium. 
     
     
         3 . The method of  claim 1 , wherein the symmetric key is used by the data generator to encrypt a plurality of data packages, transmitted to the blockchain as a plurality of data records over a period of time. 
     
     
         4 . The method of  claim 1 , further comprising a plurality of authorizers and a plurality of assignment records, wherein each of the plurality of authorizers transmits a corresponding assignment record from the plurality of assignment records to the blockchain, each corresponding assignment record asserts ownership of the data record by the data owner, and further comprising:
 verifying, by the data generator, that a number of the plurality of assignment records totals above a predetermined number; and   verifying, by the data generator, that each of the number of the plurality of assignment records is digitally signed by a corresponding one of the plurality of authorizers.   
     
     
         5 . A plurality of network connected devices, each comprising: one or more processors, and storage media comprising computer instructions, said plurality of network connected devices being connectible via a network to each other, arranged such that when computer instructions are executed on the one or more processors of one or more of the plurality of network connected devices, operations are caused for enabling a decryption of a data package encrypted with a symmetric key, comprising:
 transmitting to a blockchain by a first of the plurality of network connected devices a data record comprising the data package encrypted with a symmetric key;   transmitting to the blockchain by a second of the plurality of network connected devices an assignment record, said assignment record asserting ownership of the data package to a third of the plurality of network connected devices;   transmitting to the blockchain by the third of the plurality of network connected devices a plurality of permission records, each permission record of the plurality of permission records granting permission to one of each of a second plurality of network connected devices to access the data package;   verifying, by the first of the plurality of network connected devices, that the assignment record is digitally signed by the second of the plurality of network connected devices and that each permission record of the plurality of permission records is digitally signed by the third of the plurality of network connected devices;   on successful verification, releasing the symmetric key, by the first of the plurality of network connected devices, to the second plurality of network connected devices;   retrieving from the blockchain, by one or more of the second plurality of network connected devices, the data record comprising the data package; and   decrypting the data package using the symmetric key by one or more of the second plurality of network connected devices.   
     
     
         6 . The plurality of network connected devices of  claim 5 , wherein the data package produced by the first of the plurality of network connected devices comprises a pointer to a location of further data, said further data encrypted with the symmetric key by the first of the plurality of network connected devices, and stored on one or more of: a computer server, a database, a file system, and a removable computer data storage medium. 
     
     
         7 . The plurality of network connected devices of  claim 5 , wherein the symmetric key is used by the first of the plurality of network connected devices to encrypt a plurality of data packages, said plurality of data packages transmitted to the blockchain over a period of time. 
     
     
         8 . The plurality of network connected devices of  claim 5 , further comprising a third plurality of network connected devices and a plurality of assignment records, wherein each one of the third plurality of network connected devices transmits a corresponding assignment record from the plurality of assignment records to the blockchain, each corresponding assignment record asserts ownership of the data package by the third of the plurality of network connected devices, and further comprising:
 verifying, by the first of the plurality of network connected devices, that a number of the plurality of permission records totals above a predetermined number; and   verifying, by the first of the plurality of network connected devices, that each of the number of the plurality of assignment records is digitally signed by a corresponding one of the third plurality of network connected devices.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.