JPWO2021249717A5

JPWO2021249717A5 -

Info

Publication number: JPWO2021249717A5
Application number: JP2022575356A
Authority: JP
Publication date: 2024-04-25

Claims

1. A method of using a tree structure overlaid on a blockchain, the tree structure including a plurality of nodes and edges between the nodes, each node being a different transaction recorded on the blockchain, each edge connecting a respective child node to a respective parent node, the edges being formed by each transaction including a transaction ID, each child node specifying the transaction ID of the respective parent node in a respective payload of the child node, one of the parent nodes being a root node of the tree structure, the method comprising:
inspecting the blockchain to identify at least a portion of the tree structure, the portion including at least identifying a target child node among the child nodes that includes a file record in the respective payload of a target child node, and identifying a path including one or more edges through the tree structure from the target child node back to the root node;
performing a check,
A) for each edge along the identified path from the target child node back to the root node, checking that the respective child node is signed by a key associated with the respective parent node;
B) checking that the current instance of the file matches the record contained in the target child node;
and providing that at least checks A) and B) are positive, validating said current instance of said file.

The method of claim 1, further comprising the step of allowing a user to perform a requested action on the current instance of the file, subject to the step of verifying.

The method of claim 2, wherein the method is performed by an operating system or file system on the user's computing device, the operating system or file system being configured to perform the check before allowing the user to use the computing device to perform the requested action.

The method of claim 2 or 3, wherein the requested action includes one of reading the file, modifying the file, executing the file, or deleting the file.

The method of any one of claims 2 to 4, wherein the payload of the target child node further includes an indication of one or more permitted actions, and the operating system or file system is configured to perform the requested action only with the further condition that the requested action is one of the permitted actions indicated in the target child node.

The method of claim 5, wherein the one or more permitted actions include one or more of reading the file, modifying the file, executing the file, or deleting the file.

The method of any one of claims 2 to 6, wherein the payload of the target child node further includes an indication of one or more authorized users, and the operating system or file system is configured to perform the requested action only with the further condition that the user requesting the action is an authorized user indicated in the payload of the target child node.

The method of claim 1 or 2, wherein the method is performed by antivirus software or another application to verify the integrity of the current instance of the file.

The method of claim 1 , wherein the key associated with each parent node is associated with the parent node by being included in the payload of the parent node.

The method of any one of claims 1 to 9, wherein each transaction includes at least one output that includes a lock script and at least one input that points to an output of a respective other transaction and includes an unlock script for unlocking the output of the respective other transaction.

11. The method of claim 10, wherein the input of each child node is signed by the key of the respective parent node , and A) comprises checking that the input of each child node along the path is signed by the key of the respective parent node .

The method of claim 10 or 11, wherein the payload of each child node is included in one or more of the outputs of the respective child node.

The method of any one of claims 1 to 12, wherein the recording includes at least an explicit copy of the file, and B) includes checking that the current instance of the file is the same as the copy recorded in the payload of the target child node.

The method of any one of claims 1 to 13, wherein the recording includes at least a hash of a pre-image, the pre-image including the file, and B) includes at least checking that the hash of the current instance of the pre-image including the current instance of the file is the same as the hash recorded in the payload of the target child node.

15. The method of claim 1, wherein the record includes a hash root of the hash tree generated from a plurality of files as a leaf of the hash tree, the file being one of the plurality of files, and B) includes checking that the hash root calculated from a current instance of the plurality of files is the same as the hash root recorded in the target child node.

The method of any one of claims 1 to 15, wherein at least one of the parent nodes is an intermediate parent node that is a child node of another of the parent nodes.

The method of claim 16, wherein the at least one intermediate parent node includes at least one node along the path between the target child node and the root node such that the path includes two or more edges.

The method of claim 17, wherein the at least one intermediate parent node includes a folder node that represents a folder that contains the file.

The method of claim 17, wherein the at least one intermediate parent node includes a user node, the key associated with the root node is a system administrator key, and the key associated with the user node is a user key.

The method of any one of claims 1 to 19, wherein the check includes an additional check C) of checking that the root node is signed by a trusted entity, and the verifying is further conditioned on the check C) being positive.

The method of claim 20, wherein the trusted entity is a system administrator.

A method according to claim 20 or 21, depending at least on claim 10, in which the root node input is signed by the trusted entity, and the check C) includes checking that the root node input is signed by the trusted entity.

23. The method of claim 1, wherein the check includes a further check of D) checking that the target child node is not a parent node of any other child node of a graph structure, and wherein the verifying is further conditioned on the check D) determining that the target child node is not a parent node of any child node of the other child node.

24. The method of claim 23, further comprising: subsequently updating the file recorded in the graph structure on the blockchain by appending a new child node to the target child node via a new edge, the new child node including a record of the updated file in the payload of the new child node.

25. The method of claim 1, wherein the target child node further specifies an end time of the record, and the check includes another check: E) checking that the record has not expired in that the current time is not later than the end time specified in the target child node, and the verification is further conditioned on check E) determining that the current time has not expired.

The method of any one of claims 1 to 25, wherein the tree structure is a meta-net graph.

1. A computer system comprising:
a processing device including one or more processing units;
a memory including one or more memory units,
27. A system, wherein the memory stores code configured to be executed on the processing unit, the code being configured, when executed on the processing unit, to perform the operations of any one of claims 1 to 26.

A computer program embodied on a computer-readable storage device, the computer program comprising code configured to perform the operations of any one of claims 1 to 26 when executed on one or more processing units.