US2023328046A1PendingUtilityA1

Method and apparatus for third-party managed data transference and corroboration via tokenization

67
Assignee: SPRINGCOIN INCPriority: Sep 9, 2020Filed: Jun 2, 2023Published: Oct 12, 2023
Est. expirySep 9, 2040(~14.2 yrs left)· nominal 20-yr term from priority
H04L 63/0435G06F 21/6218H04L 9/3242G06F 21/64G06F 21/602H04L 9/50H04L 2209/42H04L 2209/04H04L 9/3252
67
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A protocol that is managed by a coordinating network element or third-party intermediary or peer network elements and utilizes tokens prohibits any subset of a union of the coordinating network element or third-party intermediary, if any, and a proper subset of the processors involved in token generation from substantively accessing underlying data. By one approach, processors utilize uniquely-held secrets. By one approach, an audit capability involves a plurality of processors. By one approach, the protocol enables data transference and/or corroboration. By one approach, transferred data is hosted independently of the coordinating network element. By one approach, the coordinating network element or third-party intermediary or a second requesting network element is at least partially blinded from access to tokens submitted by a first requesting network element. By one approach, a third-party intermediary uses a single- or consortium- sourced database. By one approach, network elements provisioned with tokens jointly manage the protocol.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method for third-party managed data transference via tokenization, comprising a process that uses at least one token, utilizing a control circuit configured as a coordinating network element that manages a protocol to communicate with at least one requesting network element that is acting as at least one of:
 an attestor role; and   a requestor role, 
 the method comprising:
 attesting by a first requesting network element of the at least one requesting network element, when acting as the attestor role, wherein the attesting occurs asynchronously of storing of content; 
 inquiring by a second requesting network element, of the at least one requesting network element, when acting as the requestor role, wherein the inquiring occurs asynchronously of retrieving of the content; and 
 substantively accessing attested-to content, wherein the storing of the content is managed by the first requesting network element, and wherein:
 the substantively accessing the attested-to content is denied to the coordinating network element; and 
 the substantively accessing the attested-to content is denied to the second requesting network element unless a first token of the at least one token is used by the second requesting network element during the inquiring as a representation of an entity to which the content is associated, and matches that used by the first requesting network element during the attesting. 
 
 
     
     
         2 . The method of  claim 1  further comprising:
 the first requesting network element generating a first key as a first function of at least the first token; 
 the first requesting network element using the first key to encrypt a first value, resulting in a first encrypted value; and 
 the first requesting network element providing information to the coordinating network element that includes the first encrypted value. 
 
     
     
         3 . The method of  claim 2  further comprising:
 the first requesting network element generating a salt; 
 the first requesting network element including the salt within the information; and 
 the first requesting network element generating the first key as the first function of at least the first token and the salt. 
 
     
     
         4 . The method of  claim 2  wherein the first value includes at least a URI usable for the retrieving of the content. 
     
     
         5 . The method of  claim 2  further comprising:
 the first requesting network element generating a label as a second function of at least the first token; and 
 the first requesting network element providing the label to the coordinating network element. 
 
     
     
         6 . The method of  claim 5  further comprising:
 the second requesting network element receiving the information from the coordinating network element in exchange for providing the label. 
 
     
     
         7 . The method of  claim 2  further comprising:
 the first requesting network element providing the coordinating network element with one or more additional values that are required in addition to the first value to enable the substantively accessing the attested-to content. 
 
     
     
         8 . The method of  claim 7  wherein the one or more additional values comprise at least one of:
 a content key usable to decrypt a ciphertext to recover a portion of the content wherein the ciphertext includes at least an encrypted form of the portion; and 
 a content key component value that together with the first token is usable to derive the content key. 
 
     
     
         9 . The method of  claim 7  further comprising:
 the first requesting network element providing the coordinating network element with a second token, usable to determine which of the one or more additional values to transmit to the second requesting network element. 
 
     
     
         10 . The method of  claim 9  further comprising:
 the coordinating network element deriving a third token by using at least a second value that is provided by the second requesting network element; and 
 the coordinating network element providing to the second requesting network element at least one value of the one or more additional values if the second token matches the third token. 
 
     
     
         11 . An apparatus for third-party managed data transference via tokenization, configured to carry out a process that uses at least one token, wherein the apparatus comprises:
 a network interface;   a control circuit operably coupled to the network interface and configured as a coordinating network element that manages a protocol to communicate with at least one network element acting as at least one of:
 an attestor role; and 
 a requestor role; and 
 
 wherein the control circuit is further configured:
 to respond to a first requesting network element of the at least one requesting network element that attests when acting as an attestor role, wherein the first requesting network element attests asynchronously of a first operation in which it stores content; and 
 to respond to a second requesting network element of the at least one requesting network element that inquires when acting as a requestor role, wherein the second requesting network element inquires asynchronously of a second operation in which it retrieves content; and wherein the apparatus:
 denies to the coordinating network element substantive access to attested-to content; and 
 denies to the second requesting network element the substantive access to the attested-to content unless a first token of the at least one token is used, as a representation of an entity to which the content is associated, by the second requesting network element to inquire, and matches that used by the first requesting network element to attest. 
 
 
     
     
         12 . The apparatus of  claim 11  further comprising:
 the first requesting network element generates a first key as a first function of at least the first token; 
 the first requesting network element uses the first key to encrypt a first value, resulting in a first encrypted value; and 
 the first requesting network element provides information to the coordinating network element that includes the first encrypted value. 
 
     
     
         13 . The apparatus of  claim 12  further comprising:
 the first requesting network element generates a salt; 
 the first requesting network element includes the salt within the information; and 
 the first requesting network element generates the first key as the first function of at least the first token and the salt. 
 
     
     
         14 . The apparatus of  claim 12  further comprising:
 the first value includes at least a URI usable to retrieve the content. 
 
     
     
         15 . The apparatus of  claim 12  further comprising:
 the first requesting network element generates a label as a second function of at least the first token; and 
 the first requesting network element provides the label to the coordinating network element. 
 
     
     
         16 . The apparatus of  claim 15  further comprising:
 the second requesting network element receives the information from the coordinating network element in exchange for providing the label. 
 
     
     
         17 . The apparatus of  claim 12  further comprising:
 the first requesting network element provides the coordinating network element with one or more additional values that are required in addition to the first value to enable the substantive access to the attested-to content. 
 
     
     
         18 . The apparatus of  claim 17  wherein the one or more additional values comprise at least one of:
 a content key usable to decrypt a ciphertext to recover a portion of the content wherein the ciphertext includes at least an encrypted form of the portion; and 
 a content key component value that together with the first token is usable to derive the content key. 
 
     
     
         19 . The apparatus of  claim 17  further comprising:
 the first requesting network element provides the coordinating network element with a second token usable to determine which of the one or more additional values to transmit to the second requesting network element. 
 
     
     
         20 . The apparatus of  claim 19  further comprising:
 the coordinating network element derives a third token by using at least a second value that is provided by the second requesting network element; and 
 the coordinating network element provides to the second requesting network element at least one value of the one or more additional values if the second token matches the third token.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.