EP3707857A1 - Device for storing digital keys for signing transactions on a blockchain - Google Patents
Device for storing digital keys for signing transactions on a blockchainInfo
- Publication number
- EP3707857A1 EP3707857A1 EP18833920.4A EP18833920A EP3707857A1 EP 3707857 A1 EP3707857 A1 EP 3707857A1 EP 18833920 A EP18833920 A EP 18833920A EP 3707857 A1 EP3707857 A1 EP 3707857A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- dsp
- transaction
- user
- storage device
- software module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/36—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
- G06Q20/367—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
- G06Q20/3674—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/36—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
- G06Q20/363—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes with the personal data of a user
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B11/00—Transmission systems employing sonic, ultrasonic or infrasonic waves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3215—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a plurality of channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Definitions
- the present invention generally relates to blockchains and more particularly to cryptographic key storage devices enabling a user to authenticate and sign transactions on a blockchain.
- a block chain consists of a sequence of blocks chained by a cryptographic mechanism at regular time intervals. Chaining is obtained by inserting the hash of the previous block into the contents of the current block.
- the blockchain forms a registry that is distributed and replicated to all nodes in the network.
- Users can interact with the blockchain by means of thin clients to perform that is, to form and sign transactions that, if validated, are stored in a block of the blockchain.
- An example of such a transaction is the transfer of an amount in cryptocurrency to a third party.
- These transactions are verified and validated by a consensus mechanism between nodes, called minors, having a complete copy of the chain, and competing to build blocks according to the aforementioned cryptographic mechanism.
- Each validated transaction is stored in a block that is broadcast to all the nodes of the network.
- a wallet address on a blockchain can be considered as a bank account number and the private key as a password to validate access to this account.
- a transaction typically represents a transfer of a cryptocurrency-denominated amount (satoshis or bitcoins) from one or more portfolio addresses of an issuer to one or more recipient portfolios.
- transaction consumes one or more UTXOs (Unspent Transaction Output), each UTXO representing an amount not spent by its recipient and being locked to the recipient's wallet address by a lock script.
- UTXOs Unspent Transaction Output
- each UTXO representing an amount not spent by its recipient and being locked to the recipient's wallet address by a lock script.
- the owner To be able to spend a UTXO, the owner must identify himself by presenting to the UTXO cryptographic elements (usually his public key and a signature generated from the corresponding private key) in the form of an unlocking script. If the items presented in the unlock script satisfy the conditions specified in the lock script, the transaction is considered committed.
- Fig. 1 schematically illustrates the example of a transfer of a cryptocurrency amount between two users of a blockchain, Alice and Bob.
- Alice forms a transaction from her wallet whose address, @wa Net Alice, is linked to a cryptographic public key (specifically, @wa Net Alice is the hash of her public key).
- T a To make the payment (of the amount value), Alice forms a transaction, T a , consisting of an input segment and an output segment.
- the input segment of T a (called scriptSig in Bitcoin) is a script responsible for unlocking the lock script (called scriptPubKey in Bitcoin) contained in the output segment of the transaction, T ⁇ , having created the UTXO of Entrance.
- the output segment of T a comprises:
- scriptPubKey a first lock script that locks the amount value to Bob's wallet address, @walletBob, lock that Bob can unlock only by presenting an unlock script (scriptSig) containing a signature authenticating it;
- scriptPubKey a second lock script that locks the balance value, associated with Alice's wallet address, @walletAlice, lock that Alice can only unlock by presenting an unlock script (scriptSig) containing a signature the authenticator;
- the unlocking script contained in the input segment of T a , is concatenated with the corresponding locking script contained in the output segment of T j M and the resulting script is executed.
- the execution of the resulting script makes it possible to verify that the cryptographic elements provided by Alice are legitimate, that is to say that the wallet address @wa Net Alice corresponds to the public key of Alice (hash verification ) and that Alice is indeed the holder of this public key (verification by means of the signature).
- Validation and storage of the transaction de facto materializes the creation of the first exit UTXO to Bob's wallet and the second exit UTXO in Alice's wallet.
- Bob will then be able to spend the amount amount by using as input UTXO the first output UTXO previously created. To do this, he will have to unlock it by presenting his own cryptographic elements (public key and signature).
- the mere possession of a private key makes it possible to carry out transactions on the blockchain from the corresponding portfolio address.
- the private key is the only proof of ownership of the portfolio and its loss will prevent any access to the cryptocurrency holdings (UTXOs) held in this portfolio.
- UXOs cryptocurrency holdings
- his secret key is stolen from him by a malicious third party, the user is liable for all his assets are spent by this third party.
- the private key Given the criticality of the private key, it is generally recommended to store it generally in paper form and not in electronic format in the memory of a smartphone or computer. In addition, the length of the private key makes it virtually impossible for the user to memorize it and, even if he manages to memorize it, it would be particularly tedious to provide it for each transaction.
- USB keys are usually provided with a simple interface (LCD screen and a few buttons) allowing the owner to unlock it by means of a PIN code and to sign transactions using the required private key.
- the secret keys are stored in a secure element, safe from physical attacks, which can only be accessed by means of the PIN code.
- These USB keys can store different keys and sign transactions on a blockchain without using paper. On the other hand, they are not totally immune against physical attacks insofar as the private keys can be deduced from signals picked up either by electromagnetic radiation or again via the USB interface.
- An object of the present invention is therefore to provide a digital key storage device for its owner to authenticate and sign transactions on a chain of blocks, in significantly increased security conditions compared to those of the state of the art.
- the present invention is defined by a digital key storage device for signing transactions on a blockchain, said device comprising a microphone, a loudspeaker, a DSP processor having a secure element for storing at least one secret key, the DSP further comprising an encoder / decoder using a dictionary, S, whose code words, stored in a memory of the DSP or in a secure memory only accessible by the DSP, represent random or pseudo-random ultrasound signals, the DSP communicating with the outside of the device only by an acoustic channel, the DSP being adapted to decode a message consisting of words of S, received from an acoustic channel, via the microphone, to sign the message thus decoded by means of said key private and to transmit in response a signature of said message in the form of a response consisting of successive words of S, on said acoustic channel, via the speaker.
- the device comprises an HMI interface by means of which a user can enter a private key or a seed for generating a succession of private keys, said private key (s) being stored in the secure element of the DSP processor.
- the DSP processor typically uses an elliptic curve asymmetric cryptosystem to compute a public key from the private key entered by the user or generated by the DSP from said seed.
- the DSP processor is adapted to calculate a hash of said public key by means of a hash function to obtain a portfolio address on a blockchain.
- the device advantageously hosts a software module adapted to require the DSP processor transmission on the acoustic channel of the public key and / or the portfolio address on the acoustic channel.
- the device is a smartphone, the DSP processor being implemented in a chip separate from the microprocessor on which the operating system of the smartphone runs.
- the device is a USB key that does not include connection pins other than power pins.
- the present invention further relates to a method of payment by a user to a third party of an amount in cryptocurrency using a digital key storage device as defined above and a terminal hosting a second software module, said terminal being connected via the Internet to the P2P network implementing the blockchain, characterized in that said user enters in a window displayed by the second software module, the payment amount and the third party's wallet address, and that the second software module forms a transaction comprising an input segment and an output segment, the input segment including at least one reference to a previous transaction of which the user is a recipient, a lock script of the previous transaction, the output segment comprising the said amount and a lock script of the said amount to the third party's wallet address, the second software module transmitting a first message ( M) comprising the transaction thus formed to the digital key storage device, and in the event of validation by the user, the DSP processor signs said message and sends the signature thus obtained in the form of a second message (Sig) to said terminal , the first and second messages being transmitted on the acoustic channel
- the present invention finally relates to a method of payment by a user to a third party of an amount in cryptocurrency using a digital key storage device as defined above, realized in the form of a computer or a smartphone, the device hosting a second software module (225), and being connected via Internet to the P2P network implementing the blockchain, according to which said user enters in a window displayed by the second software module, the amount of the payment and the third party's portfolio address, and that the second software module forms a transaction comprising an input segment and an output segment, the input segment including at least one reference to a previous transaction
- the second software module transmitting a first message (M) comprising the transaction thus formed to the digital key storage device, and in the event of validation by the user, the DSP processor signs said message and returns the signature thus obtained in the form of a second message ( Sig) to the device, the first and second messages being transmitted on the acoustic channel in coded form by means of code words of the dictionary S, and the second software module substituting in said transaction the locking script of the previous transaction by a script of unlocking containing the signature thus received and the public key of the user.
- M first message
- Sig second message
- the transaction ⁇ T a is advantageously broadcast to the nodes of the P2P network to be validated and incorporated into a next block of the blockchain.
- Fig. 1 already described, schematically shows the transfer of a cryptocurrency amount between two users of a blockchain
- Fig. 2 schematically shows a system using a digital key storage device according to one embodiment of the invention
- Fig. 3A schematically represents a first exemplary architecture of the key storage device of the system of FIG. 2;
- Fig. 3B schematically represents a first exemplary architecture of the key storage device of the system of FIG. 2;
- Fig. 4A is a timing diagram of a portfolio consultation operation using the system of FIG. 2;
- Fig. 4B is a timing diagram of a payment transaction using the system of FIG. 2;
- Fig. 5A schematically shows a digital key storage device according to a first implementation variant of the invention
- Fig. 5B schematically shows a digital key storage device according to a second implementation variant of the invention.
- the basic idea of the present invention is to provide a digital key storage device (or physical wallet) comprising a loudspeaker, a microphone and a Digital Signal Processor (DSP) digital signal processor with a secure element in which the secret key and public key pairs are stored, the DSP communicating with the outside of the physical device only by random (or pseudo-random) ultrasound signals via said microphone and said speaker.
- the DSP comprises an acoustic coding / decoding module using a coding dictionary (codebook) S, the code words of which represent random or pseudorandom ultrasonic signals stored in the memory of the DSP or in a secure memory of the DSP. device to which only the DSP has access.
- a code word is a digital representation of such a random or pseudo-random ultrasound signal, this signal being generated by converting the code word to an analog signal, by amplifying this analog signal if necessary before attacking a signal. transducer.
- the device is adapted to transmit to and receive from a wallet application (wallet application) cryptographic data, in the form of words from said dictionary, via an acoustic channel between said device and the terminal hosting the wallet application.
- wallet application wallet application
- the cryptographic data are not transmitted via a USB or Bluetooth interface as in the prior art, with the inherent risks of interception (eavesdropping) or physical attacks.
- the use of ultrasonic signals at short range makes these intrusion attempts ineffective.
- the transmission of cryptographic data by means of random or pseudo-random ultrasound signals substantially increases the robustness of the channel to such attacks.
- Fig. 2 schematically shows a system comprising a digital key storage device according to one embodiment of the invention.
- the digital key storage device (or physical wallet) has been shown at 210 with the DSP at 219, the microphone at 213, and the loudspeaker at 217.
- the device can be implemented in the form of a smartphone as illustrated in the figure, or in the form of a specific USB key provided with a simple HMI interface (LCD screen and buttons for example), or even in the form of an authentication token (box specific electronics), or even in the form of a laptop.
- the DSP 219 may be the one already present by construction in the laptop.
- the physical storage portfolio is implemented as a specific USB key, it only includes power pins.
- the key can be plugged into a USB connector of a computer and thus be powered without this computer can access the data stored in the physical portfolio.
- the system 200 includes a terminal (typically a laptop computer, PC), 220, connected to the Internet and therefore able to communicate with other nodes of the P2P network (Peer to Peer) implementing the blockchain .
- a terminal typically a laptop computer, PC
- PC personal computer
- the user's terminal, 220 hosts a wallet app 225, such as a thin client SPV (Simplified! Payment Verification) conferring on the terminal the function of lightweight node and allowing it to train and verify transactions on the blockchain.
- a wallet app 225 such as a thin client SPV (Simplified! Payment Verification) conferring on the terminal the function of lightweight node and allowing it to train and verify transactions on the blockchain.
- SPV Simple! Payment Verification
- the terminal of the user will be able to host a complete client, allowing him to have access to a copy of the entire shared register.
- the wallet application 225 also includes a decoding module using the dictionary S enabling it to decode the random / pseudorandom signals received from the storage device.
- the terminal may include a DSP (not shown) performing such a decoding on request of the application and returning to it the messages thus decoded.
- the terminal will be able to transmit the random / pseudorandom signals that it has received to a decoding server in the cloud, which will then send back the decoded messages.
- This last embodiment is advantageous insofar as one can switch the dictionary S adaptively in the decoding server and the storage device.
- the digital key storage device, 210 comprises a software module, 215, called wallet control module (walletctrl app), whose main function is to generate a pair (s) (private key, public) and to sign messages using the private key thus generated, for example transactions formed by the wallet application.
- wallet control module wallet control module
- the physical portfolio of digital key storage is initialized.
- the physical portfolio can be password protected (PIN code), fingerprint reader, iris sensor, or other biometric authentication sensor. Password entry or biometric entry is simply to protect access to the physical portfolio.
- a password used for authentication, that can be entered using the HMI interface (touch screen for example) and validated for example by pressing a validation button or by clicking on an icon of validation displayed on the screen.
- the initialization phase comprises the generation of at least one key pair (private key, public key) by an elliptic curve cryptosystem or ECC, the domain parameters of which have previously been stored in the DSP.
- the private key can be obtained for example from a sequence of words entered or selected by means of the HMI interface. Preferably, this sequence is used as a seed to create successive generations of pairs (private key - public key) of a deterministic hierarchical portfolio (HD wallet or Hierarchical Deterministic Wallet), according to the BIP0032 and BIP044 standards.
- the private keys / public keys do not appear explicitly on the HMI interface but are generated within the DSP, 219, and stored locally, the private keys being stored in the aforementioned secure element.
- the simplest operation is the consultation of the portfolio, that is to say obtaining the list of UTXO which the user, or more precisely the address of his wallet, is recipient.
- the wallet address is obtained by a hash of the public key of the user.
- the user can of course have several public keys and several corresponding wallet addresses.
- the destination UTXOs each of these addresses can be stored in a separate directory in the wallet app.
- the user can request, via the HMI interface of the physical portfolio, to transmit the public key, or even the corresponding portfolio address, to the application 225.
- the user can select via the HMI interface the public key or the desired wallet address and request its transmission to the application 225.
- the DSP transmits the public key / wallet address by means of random S-code (or pseudo-random) ultrasound signals on the acoustic channel 250.
- the code words of S (random or ultrasonic signals) pseudo random) are chosen so that the correlation matrix of these signals, possibly filtered by the equivalent filter of the acoustic channel, is as close as possible to a diagonal matrix.
- the random (or pseudo-random) ultrasound signals are chosen so that the values of the intercorrelation coefficients are minimal and those of the autocorrelation coefficients are maximum.
- These signals are emitted by the loudspeaker (electro-acoustic transducer for example piezoelectric), 217, of the physical device 210 and received by a microphone (for example a piezoelectric transducer), 223, of the terminal, to be provided.
- the wallet application 225 either directly in the case where the wallet application takes care of the decoding, or after decoding by the DSP residing in the terminal, or again by decoding by a decoding server as indicated above.
- the wallet application can then query the blockchain for transactions (for example by blocking a block browser such as block explorer or an API such as blockchain.info ) to this address. If the public key is transmitted to the terminal, the wallet application can simply hash the corresponding wallet address and start the request as before. The chain is then scanned for transactions to this address. In all cases, the transactions that Alice receives are displayed in a window of the application 225.
- Fig. 3A represents a first exemplary architecture of the digital key storage device in the system of FIG. 2.
- the operating system 212 (for example Andro ⁇ d TM) runs on the microprocessor 211.
- the operating system communicates to the DSP only through the microprocessor so as to reinforce the robustness to attacks.
- the microprocessor receives from the DSP digital messages in the form of words of the dictionary S and transfers them to the driver of the loudspeaker 217. These messages are converted into analog, amplified and the resulting signals are transformed into corresponding ultrasonic signals by the loudspeaker 217. to be transmitted on the acoustic channel 250.
- the microprocessor receives ultrasonic signals from the microphone 213, previously converted into digital form, and transmits them to the DSP 219.
- microprocessor plays a transparent role in the exchanges between the DSP and the outside of the device.
- Fig. 3B is a second exemplary architecture of the digital key storage device in the system of FIG. 2.
- the DSP may receive control messages and, if necessary, return response messages to the microprocessor as before.
- the DSP receives and directly transmits the random / pseudo-random ultrasound signals without passing through the microprocessor.
- the DSP, the loudspeaker and the microphone are part of the same sound card.
- Fig. 4A schematically summarizes the exchanges within the system 200 when Alice consults her portfolio.
- the physical wallet transmits Alice's public key pK a or the walletAlice wallet address, via the acoustic channel, to the wallet app of the terminal.
- the public key pK a is transmitted in the form of a random / pseudo-random ultrasound signal s ⁇ rK a ) where s denotes the coding operation using the aforementioned dictionary S.
- the portfolio address @ walletAlice will be transmitted as a random / pseudo random ultrasound signal ⁇ t (@ walletAlice).
- the application After decoding this signal, the application transmits a request at 420 to scan in the block chain the transactions for which @ walletAlice is addressed. After retrieving these transactions in 430, Alice can list the UTXOs at her address (transactions of which @ walletAlice is a recipient whose output is not spent) to eventually aggregate them.
- the UTXO may (and) be used as input (s) for a new transaction to make a payment.
- the address @ walletAlice can be communicated in the coded form ⁇ j (@ walletAlice) via an acoustic channel to a third party having a terminal 220 as previously described, so that it can perform a payment to Alice's wallet address.
- Tr, M in other words transaction T created this UTXO.
- the wallet application then forms a new transaction, T, for example, using a script P2PKH (Pay to Public Key Hash).
- P2PKH Payment to Public Key Hash
- the application In the input segment of T , the application first provides the reference of the selected UTXO, i.e. the hash of the source transaction, 7 ⁇ , ie h (T j ⁇ ). In the T output segment the application then provides the amount to transfer and locking locking script that amount to the portfolio @walletBob address.
- the application 225 must then provide the cryptographic elements to unlock the lock script that protects the input UTXO from T a (UTXO to @walletAlice in the source transaction 7 ⁇ ), namely its public key and a signature by means of his private key.
- the wallet software 225 requests the physical wallet 210 to sign the transaction by transmitting a message to it, M, including the hash of the source transaction, and the lock script (scriptPubKey) of the source transaction 7 ⁇ , the cryptocurrency amount and the lock script (scriptPubKey) locking the amount to the @walletBob wallet address.
- the message M is transmitted to the DSP via the acoustic channel, in the form s (M) obtained by encoding M by means of the dictionary S.
- the corresponding ultrasonic signals are emitted by the speaker 227 of the terminal and received by the microphone 213 of the physical portfolio 210.
- the DSP transmits via the microprocessor to the application walletctrl _ app the address of the recipient of the payment as well as the amount.
- the application then asks the user to confirm the transaction (by pressing an icon on the touch screen or button). If the user confirms it before the expiry of a time-out, the application walletctrl _ app warns the DSP which then signs the message M with the private key (by means of an elliptic curve signature algorithm or ECDSA) and transmits the Sig signature, at the terminal 220.
- the signature Sig is transmitted in coded form, a (Sig), by means of the signals of the dictionary S, via the acoustic channel
- the signal a can be decoded by the wallet application, the local DSP or a remote decoding server.
- the wallet application 225 retrieves the Sig signature and concatenates it with Alice's public key, pK has to form the unlock script (scriptSig).
- the wallet _ app provides the hash of the source transaction, T ⁇ ) and the unlock script to form the input segment of the transaction T a .
- the wallet application then prompts the user to confirm the payment (for example by clicking on an icon). If the payment is confirmed, the transaction T a is broadcast to the nodes of the P2P network to be validated and incorporated in a next block of the chain.
- Fig. 4B schematically summarizes the exchanges within the system 200 when Alice makes a payment.
- step 450 after the user has entered the payment amount and the portfolio address of the beneficiary in a window of the wallet application, the latter builds a message, M, from the hash of the transaction. source, h ⁇ T ⁇ ), the source transaction locking script, the cryptocurrency payment amount, and a lock script locking the amount to the recipient's portfolio address, @walletBob.
- the signal S (M) obtained by encoding M (by means of the dictionary S) is transmitted on the acoustic channel by means of the random ultrasound signals of the dictionary S.
- the DSP After decoding s (M) and retrieving the message M by the DSP, the latter transmits in 451 the recipient's wallet address and the amount to the control application walletctrl _ app.
- the validation by the user is transmitted by walletctrl _ app to the DSP at 452.
- the DSP then signs the message M with the help of its private key (EDCSA), codes the signature obtained with the dictionary S to obtain a signal a ( Sig) and transmits the latter to the terminal 220, as before, via the acoustic channel.
- EDCSA public key
- the signal a (Sig) is decoded at the terminal 220 to provide the signature
- the wallet wallet application _ app then builds in 370 the unlocking script from the signature thus received and the public key of Alice to form the input segment of the transaction. Similarly, it concatenates the lock script to the amount to form the output segment of the transaction.
- this one broadcasts it in 480 to the other nodes of the P2P network.
- the blockchain was Bitcoin.
- it can be a block chain in which it is possible to register and execute smart contracts.
- An example of such a chain of blocks is Ethereum.
- a smart contract is a program that can be executed by any node of the P2P network implementing the blockchain. It can store data, send and receive payments, execute actions autonomously and decentralized as a software agent.
- a smart contract verifies if a number of conditions are met and, if so, automatically runs to provide a result coded in the contract.
- the physical portfolio of digital keys also makes it possible to authenticate as a party to a smart contract and, for example, to give consent.
- the wallet application (or account Ethereum terminology) can form a transaction and the owner can sign it through the physical portfolio, the transaction thus signed being transmitted to the smart contract stored in the block chain.
- the terminal 220 was separate from the digital key storage device 210. If the latter is a smartphone, it can also act as a terminal connected to the Internet: the terminal is then confused with the device and the first and second software modules are modules of the same application (or separate applications) of the smartphone as shown in the embodiment of FIG. 5A. They then talk via a local acoustic channel between the speaker 217 and the microphone 213.
- the terminal can incorporate the DSP 219 with its secure element, the first and second software modules forming part of the same application (or even separate applications) of the terminal, as shown in the embodiment of FIG. 5B. These software modules then communicate via a local acoustic channel between the speaker 217 and the microphone 213, as in the first implementation example.
- the key storage device / terminal has the same coding dictionary S for sending and receiving messages.
- S and 5 two separate coding dictionaries, S and 5 "for transmission and reception, the transmission dictionary of one being the dictionary and reception of the other and vice versa. the extent that it allows a full-duplex exchange on the acoustic channel.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Accounting & Taxation (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Finance (AREA)
- Algebra (AREA)
- Pure & Applied Mathematics (AREA)
- Computing Systems (AREA)
- Power Engineering (AREA)
- Mathematical Physics (AREA)
- Mathematical Optimization (AREA)
- Mathematical Analysis (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR1762129A FR3075534B1 (en) | 2017-12-14 | 2017-12-14 | DIGITAL KEY STORAGE DEVICE FOR SIGNING TRANSACTIONS ON A BLOCK CHAIN |
PCT/FR2018/053211 WO2019115936A1 (en) | 2017-12-14 | 2018-12-12 | Device for storing digital keys for signing transactions on a blockchain |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3707857A1 true EP3707857A1 (en) | 2020-09-16 |
Family
ID=61802094
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP18833920.4A Pending EP3707857A1 (en) | 2017-12-14 | 2018-12-12 | Device for storing digital keys for signing transactions on a blockchain |
Country Status (8)
Country | Link |
---|---|
US (1) | US20210073795A1 (en) |
EP (1) | EP3707857A1 (en) |
JP (1) | JP2021507586A (en) |
KR (1) | KR20200116455A (en) |
CN (1) | CN111656732A (en) |
AU (1) | AU2018382778A1 (en) |
FR (1) | FR3075534B1 (en) |
WO (1) | WO2019115936A1 (en) |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB201720946D0 (en) * | 2017-12-15 | 2018-01-31 | Nchain Holdings Ltd | Computer-implemented system and method |
SG11202005567QA (en) | 2017-12-13 | 2020-07-29 | Nchain Holdings Ltd | System and method for securely sharing cryptographic material |
SG11202108153QA (en) * | 2019-02-15 | 2021-08-30 | Nchain Holdings Ltd | Computer-implemented systems and methods for implementing transfers over a blockchain network |
KR20210041404A (en) * | 2019-10-07 | 2021-04-15 | 삼성전자주식회사 | Electronic device and method for blockchain address management thereof |
CN110889128A (en) * | 2019-11-27 | 2020-03-17 | 上海禾一网络科技有限公司 | Input method and device based on block chain storage and encryption key exchange |
CN112468301B (en) * | 2020-10-23 | 2022-08-02 | 苏州浪潮智能科技有限公司 | Method, system, device and medium for cloud platform authentication based on block chain |
US12107966B2 (en) * | 2021-06-26 | 2024-10-01 | Ceremorphic, Inc. | Device authentication using blockchain |
CN113315639A (en) * | 2021-07-05 | 2021-08-27 | 安徽中科晶格技术有限公司 | Identity authentication system and method |
CN113888329A (en) * | 2021-10-04 | 2022-01-04 | 杭州复杂美科技有限公司 | Universal wallet retrieving method, computer device and storage medium |
US20230421363A1 (en) * | 2022-06-28 | 2023-12-28 | Fmr Llc | Secure storage and transmission of a cryptocurrency encryption key |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7328350B2 (en) * | 2001-03-29 | 2008-02-05 | Arcot Systems, Inc. | Method and apparatus for secure cryptographic key generation, certification and use |
US20030217268A1 (en) * | 2002-05-15 | 2003-11-20 | Alexander Gantman | System and method for using acoustic digital signature generator as oracle |
US8879986B2 (en) * | 2005-12-31 | 2014-11-04 | Michelle Fisher | Wireless bidirectional communications between a mobile device and associated secure element using inaudible sound waves |
US20100281261A1 (en) * | 2007-11-21 | 2010-11-04 | Nxp B.V. | Device and method for near field communications using audio transducers |
RU2409897C1 (en) * | 2009-05-18 | 2011-01-20 | Самсунг Электроникс Ко., Лтд | Coder, transmitting device, transmission system and method of coding information objects |
JP6120206B2 (en) * | 2012-10-11 | 2017-04-26 | 公立大学法人岩手県立大学 | Acoustic code encoding / decoding device and acoustic code encoding / decoding method |
US20150324787A1 (en) * | 2014-05-08 | 2015-11-12 | Sequitur Labs, Inc. | Policy-Based Control and Augmentation of Cryptocurrencies and Cryptocurrency Security |
US20150365384A1 (en) * | 2014-06-16 | 2015-12-17 | Wul4 | System and Methods for Transmitting Information Using Inaudible Acoustic Signals |
EP2966792B1 (en) * | 2015-06-17 | 2018-05-16 | Nxp B.V. | Ultra-sound communication system |
US9916432B2 (en) * | 2015-10-16 | 2018-03-13 | Nokia Technologies Oy | Storing and retrieving cryptographic keys from biometric data |
CN108780548B (en) * | 2016-02-23 | 2022-08-05 | 区块链控股有限公司 | Using elliptic curve cryptography for personal device security to share secrets |
CN106779636B (en) * | 2016-11-29 | 2020-06-26 | 北京欧凯联创网络科技有限公司 | Block chain digital currency wallet based on mobile phone earphone interface |
CN107392702A (en) * | 2017-07-10 | 2017-11-24 | 北京云知科技有限公司 | A kind of commodity method for pushing and device based on vocal print |
-
2017
- 2017-12-14 FR FR1762129A patent/FR3075534B1/en not_active Expired - Fee Related
-
2018
- 2018-12-12 CN CN201880087464.7A patent/CN111656732A/en active Pending
- 2018-12-12 KR KR1020207020393A patent/KR20200116455A/en not_active Application Discontinuation
- 2018-12-12 JP JP2020532556A patent/JP2021507586A/en not_active Ceased
- 2018-12-12 AU AU2018382778A patent/AU2018382778A1/en not_active Abandoned
- 2018-12-12 US US16/771,754 patent/US20210073795A1/en not_active Abandoned
- 2018-12-12 EP EP18833920.4A patent/EP3707857A1/en active Pending
- 2018-12-12 WO PCT/FR2018/053211 patent/WO2019115936A1/en unknown
Also Published As
Publication number | Publication date |
---|---|
WO2019115936A1 (en) | 2019-06-20 |
JP2021507586A (en) | 2021-02-22 |
KR20200116455A (en) | 2020-10-12 |
FR3075534B1 (en) | 2020-01-10 |
US20210073795A1 (en) | 2021-03-11 |
FR3075534A1 (en) | 2019-06-21 |
AU2018382778A1 (en) | 2020-07-23 |
CN111656732A (en) | 2020-09-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3707857A1 (en) | Device for storing digital keys for signing transactions on a blockchain | |
FR2822002A1 (en) | CRYPTOGRAPHIC AUTHENTICATION BY EPHEMERIC MODULES | |
WO2001056352A2 (en) | Electronic payment method and device | |
WO2003056750A2 (en) | Cryptographic system for group signature | |
EP2345202A2 (en) | Digital signature method in two steps | |
WO2013021107A9 (en) | Method, server and system for authentication of a person | |
WO2008030184A1 (en) | Improved authentication system | |
EP1166496A1 (en) | Authentication and signature method for messages using reduced size of binary units of information content and corresponding systems | |
EP3595236A1 (en) | Method for synchronous generation of random values for cryptographic processes | |
WO2003107587A1 (en) | Interface method and device for the on-line exchange of contents data in a secure manner | |
EP3991381B1 (en) | Method and system for generating encryption keys for transaction or connection data | |
EP3262553B1 (en) | Method of transaction without physical support of a security identifier and without token, secured by the structural decoupling of the personal and service identifiers | |
EP4012972A1 (en) | Method for selective disclosure of data via a blockchain | |
WO2019038323A1 (en) | Method for authenticating a user with an authentication server | |
EP3570518B1 (en) | Authentication system and method using a limited-life disposable token | |
EP3270315B1 (en) | Method for securely linking a first device to a second device. | |
FR2903544A1 (en) | Prover i.e. user, authenticating method for e.g. secured cryptographic support, involves receiving challenge by prover, and calculating response depends on challenge and secret by selecting specific number of operations on encryption | |
WO2012022856A1 (en) | Method of authenticating a user of the internet network | |
EP2330772A1 (en) | Public-key encryption method without certificate | |
FR2971350A1 (en) | METHOD AND DEVICE FOR CONNECTING TO A REMOTE SERVICE FROM A HOST DEVICE | |
FR2957216A1 (en) | Method for remote secured authentication of patient personal data by health professional, involves transmitting identifier and received password to server, and comparing received password with expected single usage password |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: UNKNOWN |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20200611 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
RIN1 | Information on inventor provided before grant (corrected) |
Inventor name: PILOTO FONSECA, CARLOS, DAVID Inventor name: RUIZ, EMMANUEL Inventor name: ALFONSO REYES, RUBEN Inventor name: ROETEN, BRIAN |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
19U | Interruption of proceedings before grant |
Effective date: 20220628 |