WO2019173793A1 - Système de transfert confidentiel décentralisé, procédé et dispositif - Google Patents

Système de transfert confidentiel décentralisé, procédé et dispositif Download PDF

Info

Publication number
WO2019173793A1
WO2019173793A1 PCT/US2019/021485 US2019021485W WO2019173793A1 WO 2019173793 A1 WO2019173793 A1 WO 2019173793A1 US 2019021485 W US2019021485 W US 2019021485W WO 2019173793 A1 WO2019173793 A1 WO 2019173793A1
Authority
WO
WIPO (PCT)
Prior art keywords
sender
recipient
transfer
item
fingerprint
Prior art date
Application number
PCT/US2019/021485
Other languages
English (en)
Inventor
Maurizio Greco
Ryan Orr
Maksym PETKUS
Jon Eric GARVIN
Susanne SOMERVILLE
Original Assignee
Chronicled, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chronicled, Inc. filed Critical Chronicled, Inc.
Priority to CA3093473A priority Critical patent/CA3093473A1/fr
Priority to EP19764493.3A priority patent/EP3763103A4/fr
Publication of WO2019173793A1 publication Critical patent/WO2019173793A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • G06Q20/3674Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3827Use of message hashing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/383Anonymous user system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/389Keeping log of transactions for guaranteeing non-repudiation of a transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q2220/00Business processing using cryptography

Definitions

  • the present invention relates to the field of decentralized confidential transfers of registered items. More particularly, the present invention relates to confidentially transferring custody or ownership of a recorded identity of a non-fungible item between parties using a decentralized system.
  • Counterfeit items find their way to the consumer through the supply chain.
  • the challenge of tracking items throughout the supply chain and the inability for its participants to create a proof of possessing goods is a barrier to fight counterfeiting and monitor how items are moving through the supply chain.
  • Ensuring that the item is authentic (i.e., registered by the legitimate party), ensuring that a transfer is valid (i.e., the sender actually owns it and the recipient is the only one receiving it) while maintaining transaction confidentiality are critical properties for a system that can serve multiple industries.
  • Prior implementations of such system require the disclosure of the transactions to a custody registry. Such implementations might be based on simple central databases which might not be desirable because the disclosed information is confidential amongst the parties involved in the transactions. Revealing information such as exchanged assets, commercial volumes, names of business partners, business relationships, upcoming new products and more is a loss of business intelligence and loss of competitive advantage.
  • a system, device and method of confidential secure custodial transfers of asset between registered entities implemented via an open registry e.g. a blockchain
  • an open registry e.g. a blockchain
  • a ledger securely records each of the transactions utilizing shielded or proxy data state such that information about the transactions cannot be gleaned from the ledger despite the accessible nature of the records on the open registry.
  • a first aspect is directed to a blockchain and digital ownership transfer authentication system for transferring digital identities of items from a sender to a recipient, wherein the sender has a sender secret key and a sender public key that is derived from the sender secret key and the recipient has a recipient secret key and a recipient public key that is derived from the recipient secret key.
  • the system comprises a blockchain including a key-value storage that stores transfer fingerprints and an accumulator that stores the digital identities of the items, wherein each of the digital identities includes an item’s first fingerprint that is derived from an item identifier, the sender public key of the sender that is a current custodian of the item and a corresponding randomness entropy value, a sender device storing a first transfer agent and a recipient device storing a second transfer agent, wherein upon selection of a transfer feature by the sender on the sender device, the first transfer agent generates an item’s second fingerprint based on the item identifier and the recipient public key, generates a transfer fingerprint based on the sender secret key and the item’s first fingerprint, wherein the transfer fingerprint uniquely identifies the transaction, generates at least one sender proof that enables the blockchain to determine whether the sender device knows the item identifier, the sender secret key and the recipient public key and the corresponding randomness entropy value and transmits a transaction message to the recipient device
  • the second transfer agent upon receipt of the transaction message by the recipient device, the second transfer agent generates at least one recipient proof that enables the blockchain to determine whether the recipient device knows the item identifier and the recipient secret key and transmits a transfer transaction to the blockchain including the recipient proof, the sender proof, the item’s second fingerprint and the transfer fingerprint.
  • the blockchain verifies whether the sender device knows the item identifier, the sender public key, the sender secret key and the recipient public key based on the sender proof and verifies whether the recipient device knows the item identifier and the recipient secret key based on the recipient proof.
  • the blockchain refrains from recording the transfer transaction on the accumulator if the transfer fingerprint already exists on the key- value storage.
  • the blockchain refrains from recording the transfer transaction on the accumulator if the item’s second fingerprint already exists on the accumulator.
  • the accumulator is an append-only merkle tree in which each of the digital identities is a leaf of the merkle tree.
  • the first transfer agent identifies a merkle tree root value and the blockchain refrains from recording the transfer transaction on the accumulator if a leaf that represents the transfer fingerprint does not belong to the merkle tree.
  • the item identifier is a tuple comprising a unique identifier value and the registrant public key.
  • the system further comprises a registrant device storing a registration agent, wherein upon selection of a registration feature by a registrant, the registration agent generates a registration item fingerprint based on the item identifier and a registrant public key of a registrant having a registrant secret key that corresponds to the registrant public key, generates a registrant proof that enables the blockchain to determine whether the registrant device knows the item identifier, the registrant secret key and the corresponding randomness entropy value and transmits a registration transaction to the blockchain including the registration proof and the registration item fingerprint.
  • the blockchain verifies whether the sender device knows the item identifier, the registrant public key and the registrant secret key based on the registrant proof. In some embodiments, the blockchain refrains from recording the registration transaction on the accumulator if the registrant item fingerprint already exists on the accumulator.
  • a second aspect is directed to a digital ownership transfer authentication device for transferring digital identities of items from a sender to a recipient on a blockchain, the blockchain including a key-value storage that stores transfer fingerprints and an accumulator that stores the digital identities of the items, wherein each of the digital identities includes an item’s first fingerprint that is derived from an item identifier, the sender public key of the sender that is a current custodian of the item and a corresponding randomness entropy value, wherein the sender has a sender secret key and a sender public key that is derived from the sender secret key and the recipient has a recipient secret key and a recipient public key that is derived from the recipient secret key.
  • the device comprises a non-transitory computer-readable memory storing a transfer agent having a graphical user interface and including transfer and registration functions and a processing circuit coupled with the memory, wherein when executed by the processing circuit and upon selection of a transfer feature when the sender is logged into the transfer agent, the transfer agent generates an item’s second fingerprint based on the item identifier and the recipient public key, generates a transfer fingerprint based on the sender secret key and the item’s first fingerprint, wherein the transfer fingerprint uniquely identifies the transaction, generates at least one sender proof that enables the blockchain to determine whether the sender device knows the item identifier, the sender secret key, the recipient public key and the corresponding randomness entropy value and generates a transaction message including the sender proof, the item’s second fingerprint and the transfer fingerprint.
  • the transfer agent upon receipt of the transaction message from a sender device when the recipient is logged into the transfer agent, the transfer agent generates at least one recipient proof that enables the blockchain to determine whether the transfer agent knows the item identifier and the recipient secret key and transmits a transfer transaction to the blockchain including the recipient proof, the sender proof, the item’s second fingerprint and the transfer fingerprint.
  • the blockchain verifies whether the sender device knows the item identifier, the sender public key, the sender secret key and the recipient public key based on the sender proof and verifies whether the recipient device knows the item identifier and the recipient secret key based on the recipient proof.
  • the accumulator is organized into an append-only merkle tree in which each of the digital identities is a leaf of the merkle tree and when the sender is logged into the transfer agent, the transfer agent identifies a merkle tree root value and includes the merkle tree root value in the transaction message.
  • the item identifier is a tuple comprising a unique identifier value and the registrant public key.
  • the transfer agent when a registrant is logged into the transfer agent and selects a registration feature, the transfer agent generates a registration item fingerprint based on the item identifier and a registrant public key of a registrant having a registrant secret key that corresponds to the registrant public key, generates registrant proof that enables the blockchain to determine whether the registrant device knows the item identifier, the registrant secret key and the corresponding randomness entropy value and transmits a registration transaction to the blockchain including the registration proof and the registration item fingerprint.
  • a third aspect is directed to a method of implementing a blockchain and digital ownership transfer authentication system for transferring digital identities of items from a sender to a recipient on a blockchain, the blockchain including a key-value storage that stores transfer fingerprints and an accumulator that stores the digital identities of the items, wherein each of the digital identities includes an item’s first fingerprint that is derived from an item identifier, the sender public key of the sender that is a current custodian of the item and a corresponding randomness entropy value, wherein the sender has a sender secret key and a sender public key that is derived from the sender secret key and the recipient has a recipient secret key and a recipient public key that is derived from the recipient secret key.
  • the method comprises generating with a sender device having a first transfer agent an item’s second fingerprint based on the item identifier and the recipient public key, generating with the sender device a transfer fingerprint based on the sender secret key and the item’s first fingerprint, wherein the transfer fingerprint uniquely identifies the transaction, generating with the sender device at least one sender proof that enables the blockchain to determine whether the sender device knows the item identifier, the sender secret key, the recipient public key and the corresponding randomness entropy value and transmitting with the sender device a transaction message to a recipient device having a second transfer agent, the transaction message including the sender proof, the item’s second fingerprint and the transfer fingerprint.
  • the method further comprises, upon receipt of the transaction message by the recipient device generating with the recipient device at least one recipient proof that enables the blockchain to determine whether the recipient device knows the item identifier and the recipient secret key and transmitting with the recipient device a transfer transaction to the blockchain including the recipient proof, the sender proof, the item’s second fingerprint and the transfer fingerprint.
  • the method further comprises verifying with the blockchain whether the sender device knows the item identifier, the sender public key, the sender secret key and the recipient public key based on the sender proof and verifying whether the recipient device knows the item identifier and the recipient secret key based on the recipient proof.
  • the method further comprises refraining from recording the transfer transaction on the accumulator if the transfer fingerprint already exists on the key-value storage. In some embodiments, the method further comprises refraining from recording the transfer transaction on the accumulator if the item’s second fingerprint already exists on the accumulator.
  • the accumulator is an append-only merkle tree in which each of the digital identities is a leaf of the merkle tree.
  • the method further comprises identifying a merkle tree root value with the first transfer agent and refraining from recording the transfer transaction on the accumulator if a leaf that represents the transfer fingerprint does not belong to the merkle tree.
  • the item identifier is a tuple comprising a unique identifier value and the registrant public key.
  • the method further comprises upon selection of a registration feature of a registration agent on a registrant device by a registrant generating with the registrant device a registration item fingerprint based on the item identifier and a registrant public key of a registrant having a registrant secret key that corresponds to the registrant public key generating with the registrant device a registrant proof that enables the blockchain to determine whether the registrant device knows the item identifier, the registrant secret key and the corresponding randomness entropy value and transmitting with the registrant device a registration transaction to the blockchain including the registration proof and the registration item fingerprint.
  • the method further comprises verifying with the blockchain whether the sender device knows the item identifier, the registrant public key and the registrant secret key based on the registrant proof. In some embodiments, the method further comprises refraining from recording the registration transaction on the accumulator if the registrant item fingerprint already exists on the accumulator.
  • Figure 1 illustrates a decentralized confidential transfer system according to some embodiments.
  • Figure 2 illustrates a block diagram of an exemplary computing device configured to implement the system according to some embodiments.
  • Figure 3 illustrates a method of operating a secure transfer system according to some embodiments.
  • Figure 4 illustrates another portion of a method of operating a secure transfer system according to some embodiments.
  • Embodiments described herein are directed to a system, device and method of confidential secure custodial and/or ownership transfers of asset between registered entities implemented via an open registry (e.g. a blockchain).
  • an open registry e.g. a blockchain
  • a ledger that securely records each of the transactions utilizes a shielded or proxy data state such that information about the transactions cannot be gleaned from the ledger.
  • the system is necessarily rooted in the computer technology of open registry records to overcome the problem of the necessary public nature of the records a problem specifically arising in open registries due to their publically accessible recording nature.
  • the system provides the benefit of overcoming this inherent lack of confidentiality of an open registry transaction recording technology by providing a protective layer of confidentiality the open registry only displaying a proxy status of transactions, wherein the actual identifiers of the transactions cannot be derived from the proxy status without a set of generated proofs that are not provided by the open registry.
  • the term“custody” is able to include or be replaced with“ownership.”
  • Figure 1 illustrates a decentralized confidential transfer system 100 according to some embodiments.
  • the system 100 is able to comprise one or more physical or virtual assets/items 102 each having one or more identification data, an open registry 106 (e.g. a blockchain network) including one or more nodes 105, one or more transfer devices 104 each having a transfer agent 107, and one or more storage devices/servers storing secure storage databases 108, all communicatively coupled together via one or more networks 110 (e.g. the internet, a private wireless connection, a wired network).
  • the system 100 is able to comprise one or more physical or virtual assets/items 102 each having one or more identification data, an open registry 106 (e.g. a blockchain network) including one or more nodes 105, one or more transfer devices 104 each having a transfer agent 107, and one or more storage devices/servers storing secure storage databases 108, all communicatively coupled together via one or more networks 110 (e.g. the internet, a private wireless connection,
  • identification data is able to comprise an item identifier and/or a public and secret key pair (as described in detail below). Alternatively, other identifiers are able to be used as the
  • Each of the secure storage databases 108 are able to be a database which allows keeping secret data artifacts necessary for transaction generation, such as secret keys, seeds for pseudo-random function, or other data.
  • the storage is able to be a database which allows keeping secret data artifacts necessary for transaction generation, such as secret keys, seeds for pseudo-random function, or other data.
  • the storage is able to be a database which allows keeping secret data artifacts necessary for transaction generation, such as secret keys, seeds for pseudo-random function, or other data.
  • the devices/servers 108 storing the databases are able to wholly or partially separate from one or more of the nodes 105 and/or devices 104.
  • the storage devices/servers 108 are able to be one or more of the nodes 105, the devices 104 or other computing devices separate from the devices l04/registry 106 (e.g. dedicated secure storage database devices).
  • the storage devices/servers 108 are able to be a memory of the devices 104 and/or the nodes 105 such that the database is stored on the devices 104 and/or the nodes 105.
  • the registry 106 is coupled with two client transfer devices 104 (and the agents 107 operating thereon), it is understood that any number of registries
  • the networks 110 are able to be coupled with any number of transfer devices 104.
  • the networks 110 are able to be one or a combination of wired or wireless networks as are well known in the art.
  • the networks 110 are able to comprise a wired or wireless private peer-to-peer connection for conveying secret information between a sender device 104 and a recipient client device 104, necessary to execute transfer transaction and other interactions between devices 104.
  • One or more servers are able to store/operate at least a portion of the transfer agents 107 including a graphic user interface on a memory of one or more of the servers (e.g. nodes 105).
  • a user is able to download the agent 107 from the servers over the network 110 onto one or more of the transfer devices 104.
  • the agent 107 is able to create and use an application database within the local memory on the transfer device 104 to store and utilize data necessary for operation.
  • some or all of the data is able to be stored in a server database on the memory on the servers such that the agent 107 is able to connect to the servers over the networks 110 in order to utilize the data on the server database.
  • the locally executing agent is able to store the data in a server database on the memory on the servers such that the agent 107 is able to connect to the servers over the networks 110 in order to utilize the data on the server database.
  • the locally executing agent is able to be stored in a server database on the memory on the servers such that the agent 107 is able to connect to the servers over the networks 110 in order to utilize the data on the server database.
  • the locally executing agent is able to connect to the servers over the networks 110 in order to utilize the data on the server database.
  • the transfer devices 104 is able to remotely communicate with the servers over the network 110 to perform any features of the agent 107 and/or access any data on the server database not available with just the data on the transfer device 104.
  • the same data is stored on both the server database and one or more of the transfer devices 104 such that either local or remote data access is possible.
  • the data on the servers and/or transfer devices 104 is able to be synchronized by the application.
  • the server database and/or agent 107 is distributed across a plurality of the servers.
  • one or more of the servers are able to store all of the database and/or application data.
  • the servers are able to perform a synchronization process such that all the databases and/or other application data are synchronized.
  • the agent 107 is able to be replaced or supplemented with a website stored on the server memory and executed by the servers, wherein the website provides some or all of the functionality of the agent 107 with a website user interface that is substantially similar to the application/agent user interface.
  • a transfer device 104 is able to access the website and utilize the features of the agent and/or website with a web browser that
  • the functionality of the website is able to be limited to facilitating the downloading of the agent 107 onto one or more transfer devices 104.
  • the application/agent 107 is able to operate on just the servers, just the transfer devices 104 or a combination of the servers and transfer devices 104. Accordingly, it should be noted that although described according to an exemplary functional distribution herein, other distributions of the functions of the application/agent 107 between the servers (via the website) and the transfer devices 104 (via the application) are contemplated but not included for the sake of brevity.
  • the items 102 are able to be an autonomous machine such as a drone or an identity/internet of things (IOT) device.
  • the agent 107 is able to be already installed in the transfer device 104 or is able to be part of the software or firmware operating the transfer device 104 itself.
  • the transfer devices 104 are able to be any transfer device having a memory for storing at least a portion of the agent 107.
  • the devices 104 comprise a display (e.g. a touchscreen).
  • suitable transfer devices 104 capable of storing the agent 107 include smart jewelry (e.g., smartwatch), a personal computer, a laptop computer, a computer workstation, a server, a mainframe computer, a handheld computer, a personal digital assistant, a cellular/mobile telephone, an IOT device, a smart appliance, a game console, a digital camera, a digital camcorder, a camera phone, a smart phone, a portable music player, a tablet computer, a mobile device, a video player, a video disc writer/player (e.g., DVD writer/player, high definition disc writer/player, ultra high definition disc writer/player), a television, a home entertainment system or any other suitable transfer device.
  • smart jewelry e.g., smartwatch
  • a personal computer e.g., smart
  • the transfer devices 104 are able to include a wireless tag reading feature capable of wirelessly reading and/or communicating with the tags or identifiers coupled to the items 102.
  • the transfer devices 104 are able to communicate wirelessly with the tags/labels via one or more of near field communication, sub-gigahertz frequencies, Bluetooth low energy (BLE), radio frequency identification (RFID), Bluetooth, Wi-Fi or other types of wireless communication known in the art.
  • BLE Bluetooth low energy
  • RFID radio frequency identification
  • Wi-Fi Wi-Fi
  • the devices 104 are able to be integrated into supply chain equipment (e.g., bar code scanner, optical character recognition (OCR) readers, RFID readers, near field communication (NFC) readers, convey belts, packaging machines) that is able to read and/or write data to the targeted open registry 106, transaction ledger, tags 103 and/or servers.
  • supply chain equipment e.g., bar code scanner, optical character recognition (OCR) readers, RFID readers, near field communication (NFC) readers, convey belts, packaging machines
  • OCR optical character recognition
  • NFC near field communication
  • the items 102 are able to be physical objects (e.g. receptacles, containers, parcels, envelops, packages, boxes, and any cases that might hold products or components that form a device, machine, apparatus or utensil) having one or more cavities for storing food, medicine, medical samples, evidence or other items and sealing elements for selectively sealing/unsealing the cavities (e.g. zippers, doors, covers, sliders, lids, flaps, and other types of sealing appendages known in the art).
  • the items 102 are able to be goods, IOT devices, apparel, shoes, hand bags, garments, products and/or other physical items.
  • the items are able to be bars of gold bullion or athlete drug test samples.
  • the items 102 are able to be virtual items/assets (e.g. intellectual property, songs, data objects).
  • the identification data of the items 102 is able to be stored on one or more tags or labels coupled to the items 102.
  • the tags are able to be substantially similar to the tags described in U.S. Patent Application Serial No. 15/785,086, filed October 16, 2017 and entitled“OPEN REGISTRY FOR PROVENANCE AND TRACKING OF GOODS IN THE SUPPEY CHAIN,” which is hereby incorporated by reference.
  • the tags and the transfer devices 104 are able to communicate wirelessly via near field communication, Bluetooth low energy (BLE), radio frequency identification (RFID), Bluetooth, Wi-Fi or other types of wireless communication known in the art.
  • the secret key of the items 102 is able to be an encryption key that is associated with the corresponding public key of the items 102.
  • the public key and secret key are related such that data encrypted with the public key are only able to be decrypted using the secret key and digital signatures generated by the secret key are only able to be validated using the public key.
  • the item identifier of the items 102 is able to be a SGTIN, the public key (associated with the secret key stored on the tag), a hash of the public key, a universally unique identifier (UUID), another unique identifier or a combination thereof.
  • some or all of the identification data is able to be printed, imprinted or applied via one or more labels to an exterior surface of the item 102.
  • the registry 106 is able to be a decentralized network of nodes 105 that provide the maintaining of a copy of a distributed ledger on each node.
  • Each node 105 is able to comprise a device (e.g. server or other computing device) storing and operating a registry agent which is capable of connecting to peer nodes 105, executing transactions and achieving decentralized consensus on the state of the ledger.
  • the nodes 105 are able to perform verification of a zero-knowledge proof utilizing their agent.
  • the open registry 106 is able to be substantially similar to the open registry described in U.S. Patent Application Serial No. 15/785,086, filed October 16, 2017 and entitled“OPEN REGISTRY FOR PROVENANCE AND TRACKING OF GOODS IN THE SUPPLY CHAIN,” except for the differences described herein.
  • the open registry 106 is able to store registry data and is able to be a database, a public blockchain, a secret blockchain (where different classes of users may have different levels of access to data records written to the chain), and/or a collection of smart contracts whose records are open to the public (e.g. access to view records is not permission based, but ownership transfer protocol
  • the registry 106 is able to be a distributed database (e.g. across a plurality of computing devices that each store copies of transactions in one or more linked blocks) that maintains a continuously-growing list of data records or contracts (e.g. item information of the items associated with the unique identifiers, provenance or chain of ownership/custody transactions associated with pairs of public keys and unique identifiers, digital signatures of a person/identity utilizing the pairs of public keys and unique identifiers) hardened against tampering and revision.
  • the open registry 106 is able to be a blockchain with a built-in Turing-complete programming language, allowing anyone to write smart contracts (e.g.
  • the open registry 106 is able to both be used to securely identify entities (e.g. registrants, items, devices) based on stored public keys and to securely record changes of custody of items 102 based on designated contracts on the registry 106 associated with the items 102.
  • entities e.g. registrants, items, devices
  • the registry 106 consists of data structure blocks which hold exclusively data or proxy data (e.g. proxy ownership data, item identification data) with each block holding batches of individual transactions and the results of any blockchain executables.
  • the blocks are able to store both data and programs/scripts (e.g. smart contracts).
  • Each block of the blockchain contains a timestamp and information linking it to a previous block (and indicating a time of the transaction) thereby defining the chain and maintaining a chronological order of each of the records/transactions.
  • the open registry 106 is able to be a non-blockchain database.
  • the registry data is able to comprise a ledger including pairs of data representing items 102 and the current and/or past custodian of those items 102.
  • items 102 are able to be registered on the ledger with an initial custodian/registrant being associated with the item 102.
  • This association is able to be kept confidential by the ledger recording the results of functions/hashes applied to the actual data (e.g. an item identifier hash representing the item identifier and a custodian hash representing the custodian identifier) such that the actual data can only be determined using proofs designed to decode/reverse the functions/hashes.
  • the ledger is able to confidentially record each change of custody of an item 102 (e.g.
  • the ledger is able to comprise an accumulator (e.g. one or more merkle trees) and a key-value storage.
  • users upon registering with the server and/or registry 106, users are given a public and secret key pair, wherein the secret key is a sufficiently large random number and the public key is a fingerprint of the secret key.
  • a fingerprint is the output of a deterministic one-way function, which when the one-way function is given an input it produces the output, from which it is infeasible to compute the input. Determinism ensures that the output is always the same for the same input.
  • the public and secret keys are related via the one way function with the secret key being the input and the public key being the output that cannot be feasibly determined based on the output (i.e. public key).
  • the public key is able to serve as the digital identity of the user (i.e. entity) on the registry and the secret key is used by the user to identify itself (e.g. digitally sign or otherwise authenticate messages to the registry 106 and/or other users).
  • data encrypted with the public key is only able to be decrypted using the secret key and digital signatures generated by the secret key are only able to be validated using the public key.
  • the user identifiers on the open registry 106 are able to be implemented via public keys, secret keys, digital certificates (e.g. X.509 certificates), username -password or a combination thereof.
  • the registry 106 comprises smart contracts that implement the functionality described herein. Specifically, the smart contracts are able to comprise
  • registration” contracts and/or“transfer” contracts that define and enforce rules of registering and/or transferring digital custody of an item 102 as reflected on the registry 106.
  • a current custodian and/or the receiving custodian e.g.
  • custodian devices 104) are able to be required by the registry 106 (e.g. via a smart contract) to submit data satisfying the change of custody requirements.
  • the contracts are able to require proof that the item 102 has not been previously registered, that the digital identity indicated by transferor is the current custodian (as indicated on the registry 106), identification of the desired transferee (e.g. digital identity), proof by the transferee as being the desired transferee upon receiving the item 102, and/or any other requirements (e.g. times, dates, quantities, payments received).
  • the custody requirements are able to require that only one participant can have custody of an identifier at any given time, only the current custodian can transfer an identifier, a transfer is not executed until an identifier is accepted by the recipient, and/or optionally, only certain entities (e.g., manufacturers) can create identifiers in the system.
  • each smart contract on the registry 106 is able to enforce business rules, maintain an obfuscated image that proxies the truthful state of the system 100, and accept, validate and commit transactions that comply with the business rules and the current state of the system 100.
  • smart contracts perform the functionality of the registry 106 (e.g. blockchain), it is understood that the registry 106 functionality is able to be implemented by other types of executable programs in combination with or separate from the use of smart contracts.
  • the transfer agents 107 are able to accept secret inputs and produce a zero-knowledge proof for the desire non-deterministic polynomial time (NP) statement.
  • the transfer agents 107 are able to include the features described in U.S. Patent Application Serial No. 15/785,086, except for the differences described herein.
  • the agent 107 is able to comprise a register function, a transaction function, a receiver function and/or a verification function, wherein the application user interface is configured to enable users to utilize the functions/modules.
  • the agent 107 and the functions are able to use the databases 108 to store, maintain and access data necessary for the operation of the agent 107.
  • the transfer agent 107 enhances the functionality of the devices 104 themselves by enabling them to securely register and transfer digital custody of items 102 without exposing confidential or other data that would give others a competitive advantage.
  • the registration function enables the device 104 to register itself (e.g. to create one or more user/device accounts on the registry 106) and to register items 102 on the registry 106.
  • the agent 107 on the device 104 itself is able perform the registration and store the registration information as described in detail below (e.g. identity, secret/public keys).
  • the registration function enables the device 104 to create a user profile/account by inputting username and password information via the graphical user interface that is then associated with the account such that the information is able to be used to identify the user when logging onto the application.
  • the login information is able to be omitted and a user is able to use the agent 107 without creating a user account or logging in.
  • the user is able to be assigned a unique user identifier (e.g. a secret and public key pair and/or another unique identifier), wherein the unique user identifier is added to the registry to create the device/user’s digital identity.
  • the unique user identifier is stored on the transfer agent 107 on the device 104 when registering. Accordingly, the user is then able to access their account by entering the username, password and/or user identifier in order to identify themselves to the agent 107.
  • additional information is able to be stored and associated with the account such as, but not limited to, contact information (e.g. phone number, email, address), submitted content (e.g. item images, descriptions), account privileges/subscription information (e.g. unlocked application features), friends or other trusted accounts on the system and payment information (e.g. currency/bank accounts for receiving/transmitting currency based on the smart contracts).
  • contact information e.g. phone number, email, address
  • submitted content e.g. item images, descriptions
  • account privileges/subscription information e.g. unlocked application features
  • friends or other trusted accounts on the system e.g. currency/bank accounts for receiving/transmitting currency based on the smart contracts.
  • payment information e.g. currency/bank accounts for receiving/transmitting currency based on the smart contracts.
  • the additional information is submitted by a user upon logging into the account.
  • some or all of the additional information is able to be applied to the account automatically by the agent 107 based on interactions by the user with the agent 107.
  • the registration function enables the device 104 to register one or more items 102 in order to create digital identities for the items 102 on the registry 106 and associate those digital identities with a current custodian (e.g. the registrant).
  • the unit commitment function is a statistically-hiding commitment scheme.
  • the unit commitment function is able to be as follows:
  • item ownership fingerprint (iof) COMM Aid II a Pk II p);
  • id is a tuple (uid, a pk ) (e.g.
  • tuple (item identification data, registrant public key)); and p is the seed for transfer artifact function PRF X ().
  • the created item ownership fingerprint is able to represent both the item 102 (e.g. via the item identifier) and its owner (e.g. via the public key).
  • a fingerprint is the output of a deterministic one-way function, which is given an input produces an output, from which it is infeasible to compute the input.
  • this is an example of the folded fingerprint where it combines some input (item identity) and another fingerprint (e.g. the public key (which is a fingerprint of the secret key)).
  • the term“combine” is used here to convey the meaning of“comprising,” wherein an implementation example is able to be the
  • the registrant inputs the public key and/or the item identifier to the agent 107 via the user interface of the agent 107.
  • the public key and/or the item identifier are able to be wirelessly read from the item 102 (e.g. via a tag coupled to the item 102 that stores the data) using a wireless reader of the device 104.
  • the agent 107 creates a proof for the generated item ownership fingerprint based on the unit commitment function COMMA), the item identifier and the secret key of the registrant using a non-interactive zero-knowledge proof (ZPK) proving function, wherein the proving function is configured for the unit commitment function COMMA).
  • ZPK non-interactive zero-knowledge proof
  • f() e.g. unit commitment function
  • secret input e.g. secret key
  • the registry 106) to use a ZKP verification function to verify whether the proof value corresponds to the output (e.g. public key) of the function f() (e.g. unit commitment function) without the other device/agent knowing the input (e.g. secret key) to that function.
  • the ZKP verification function e.g. verify( f(), output, proof)
  • a user inputs the secret key and/or the item identifier to the agent 107 via the user interface of the agent 107.
  • the ZKP proving function is able to create a proof R egistration for the registration NP statement:
  • the iof COMM r (id II a pk II p) oCOMM r (uid II a pk II a pk II p)”
  • the agent 107 then sends the item ownership fingerprint and the item ownership fingerprint proof to the open registry 106 as a new transaction.
  • the transaction is verified by the smart contract of the registry 106 using the ZKP verification function (which like the proving function is configured for the unit commitment function) based on the item ownership fingerprint, the unit commitment function COMM (), and the item ownership fingerprint proof.
  • the registry 106 determines if that the registrant knows both the item identifier and the secret key.
  • the smart contract is able to: - parse the registration message tx reg istration as (iof, proof Registration);
  • the transaction will be rejected, otherwise the item ownership fingerprint is appended to the accumulator of the registry 106 (thereby associating the item 102 with the registrant).
  • the transaction function enables the device 104 to transfer items 102 on the registry 106 (e.g. associate a different user identifier with an item identifier) by creating a new item ownership fingerprint that identifies the new/recipient user and the item 102.
  • the transfer function involves two users/devices 104, the sender and the recipient (each having public/secret key pairs), and requires the sender to prove that he is indeed the current owner of the item 102 by producing the new item ownership fingerprint for the recipient.
  • the agent 107 of the sender device 104 identifies an item to transfer as represented by a particular item ownership fingerprint on the accumulator (e.g. an item ownership fingerprint that has already been registered and appended to the accumulator) and/or a recipient to transfer the item 102 to (e.g. a public key of the recipient).
  • the user interface of the agent 107 comprises a transfer feature that prompts the user to select a desired item 102 to transfer and/or user to transfer to.
  • the user interface of the agent 107 is able to display a list of items 102 and/or users associated with the digital identity (e.g. public key/secret key) of a user that logged into the agent 107 (e.g.
  • the agent 107 determines the item identity data, sender secret key, recipient public key and the accumulator membership proof for the item’s fingerprint, the agent 107 of the sender device 104 uses a transfer function to generate a new item ownership fingerprint for the selected item 102 based on the item identity and recipient public key.
  • the item identity is manually entered by a user via a user interface of the agent 107 of the sender device 104.
  • the item identity is able to be determined by reading data from the item 102 (e.g.
  • the agent 107 remotely accesses the recipient public key from the ledger, other storage of the registry 106 and/or a separate key database.
  • some or all of the key value storage is able to be stored locally on the device 104 and synchronized periodically such that the agent 107 is able to locally access the recipient public key.
  • a user selects one from a plurality of possible key value storages for the transfer via the agent 107.
  • the agent 107 is able to automatically select a desired key value storage (e.g. based on where the item 102 is“tracked”).
  • the agent 107 is configure to only generate the new item ownership fingerprint if and only if the old item ownership fingerprint exists in the key value storage (i.e. passes the membership test). Specifically, the agent 107 is able to first determine the old item ownership fingerprint based on the item identity and sender public key (which can be deduced from the received sender secret key input).
  • the agent 107 of the sender device 104 also generates a transfer fingerprint sn for the transaction that can uniquely identify the transaction. Specifically, the agent 107 uses a transfer artifact function to generate the transfer fingerprint based on the old item ownership fingerprint, the sender secret key and the unit commitment function COMM (). The agent 107 is able to determine/identify the old item ownership fingerprint (either stored locally on the device 104 or remotely accessible by the agent 107) because it was previously received by the device as a part of a previous transfer message that was transmitted to the device 104 (from another device/agent) when the item was being transferred from the other device to the current device. Alternatively, the device 104 is able to store/remotely access the secret data upon which the old item ownership fingerprint was based and reconstruct the fingerprint based on that data.
  • a transfer fingerprint sn for the transaction that can uniquely identify the transaction. Specifically, the agent 107 uses a transfer artifact function to generate the transfer fingerprint based on the old item ownership fingerprint, the sender secret key and
  • this transfer fingerprint is able to represent the old iof for the item 102 on the key value storage and is flagged as being“consumed” as an indicator that the old iof can no longer be used as a source for any future transfer.
  • the transfer fingerprint is generated in a way that is deterministic and distinct from item ownership fingerprint, wherein distinct in this context relates to the registration function, which generally uses same input parameters as the transfer artifact function, hence the way it combines those parameters influences the resulting fingerprint. While there are multiple ways to achieve deterministic distinct output and a particular choice is the matter of implementation, the core property is the unlinkability (or inability to correlate) between transfer fingerprint and item ownership fingerprint despite being based on the same factors.
  • this provides the benefit of the resulting transfer fingerprint value not revealing a link to the iof 0id (i.e. the transfer fingerprint cannot be determined as being related llto any particular iof).
  • the generation of the transfer fingerprint is able to prove that the item 102 has not been transferred already (i.e. ensuring that the sender is the current“custodian” of the item 102 on the key value storage and thus that the item 102 is not associated two different user identities at the same time).
  • the transfer fingerprint can be compared to all the previously submitted transfer fingerprints on the registry 106 to ensure that the same transfer fingerprint is not submitted/used twice. This is important since the old item ownership fingerprint is not required for the transfer and therefore the source of transfer is obfuscated. While in some embodiments the transfer and transfer artifact functions are able to be combined into one function, we describe them separately for simplicity.
  • the agent 107 of the sender device 104 creates a sender proof.
  • the transfer statement is based on the item identity, sender secret key, recipient public key using the non interactive zero-knowledge proof (ZPK) proving function.
  • ZPK non interactive zero-knowledge proof
  • the ZKP proving function is able to create a proof 7i sen der for the registration NP statement:
  • COMMr ok
  • sn transfer artifact function PRFa Sk (iof 0id II p 0id ), where a Sk is the secret key of the sender);
  • iof new COMM rnew (id II a Pk II j3 ⁇ 4ew), where a Pk is the public key of the recipient.”
  • the instance tuple is (rt, sn, iof new ) and the witness tuple is (iof 0id , a Pk of sender, a Sk of sender, id, r oU , p M , a pk of recipient, t ⁇ new> Pnew) ‘
  • the agent 107 of the sender device 104 transmits a transfer message to the recipient device 104 though the network (e.g. network 110).
  • the recipient device 104 is able to store the transfer message and the data therein for use in subsequent transfers (e.g. use the knowledge of the received fingerprint value of an item for executing a subsequent transfer of the item where it is the sender device 104 of the item).
  • the transfer message includes all of the values necessary for the recipient to complete the transfer.
  • this method provides the advantage that even though the sender device 104 samples random values for the recipient’s u new , they will not be able to compute the transfer fingerprint sn and therefore will not be able to discover when iof new is transferred further, due to the seed a Sk of the transfer artifact function PRF x O.
  • the recipient device needs to approve the transfer in order for it to be recorded on the ledger of the registry 106.
  • ZPK non-interactive zero-knowledge proof
  • the ZKP proving function is able to create the proof R ecipient for the registration NP statement:
  • iof new COMM rnew (id II a Pk II P new ), where a Pk is the public key of the recipient;
  • a Pk public key function PRFa Sk (0), where a Sk is the secret key of the recipient.
  • the instance tuple is (iof new ) and the witness tuple is (a pk of recipient, a Sk of recipient, id, G neW P new )
  • the recipient devices transmit 104 a transaction message mu- ansaction to the registry 106 (via the agent 107), the transaction message comprising the root of the merkle tree for the item 102, the transfer fingerprint, new item ownership fingerprint, transfer artifact function proof and transfer function proof.
  • the steps performed by the recipient device 104 are able to be omitted and the transfer message is able to be send to the open registry 106 instead of the recipient device for verification.
  • the smart contract of the registry 106 then verifies both the transfer function proof and the transfer artifact function proof against the transfer fingerprint and new item ownership fingerprint using the verification function, verifies that the root rt of the merkle tree exists, and verifies whether transfer fingerprint and new item ownership fingerprint have been used before.
  • the transfer fingerprint sn is able to be appended to the key value storage such that the registry 106 is able to compare new transfer fingerprints to existing transfer fingerprints on the key value storage to ensure that the same transfer fingerprint is not used twice.
  • the system 100 provides the benefit of enables transactions to occur without revealing the existing/prior item/registrant identifiers (iof 0
  • the transfer protocol does not entail disclosure of the sender's public key to a recipient, but information available in the transfer message, sn, in particular, allows one to reveal the public key of the sender and a respective proof p sender for the NP statement SENDER. In particular, this is a way to reveal the sender identity, while maintaining the advantage of not revealing from which old item fingerprint it is coming from, therefore recipient will not know when sender has registered/received the item.
  • the agent 107 of the recipient device 104 requests the identity from the sender device 104 for the particular transfer fingerprint sn through a private communication channel. The sender device 104 is then able to produce proof of the SENDER NP statement:
  • FIG. 2 illustrates a block diagram of an exemplary computing device 200 configured to implement the system 100 according to some embodiments.
  • nodes 105, the transfer devices 104 and/or servers 108 are able to be substantially similar to the device 200.
  • a hardware structure suitable for implementing the computing device 200 includes a network interface 202, a memory 204, a processor 206, I/O device(s) 208 (e.g. reader), a bus 210 and a storage device 212.
  • I/O device(s) 208 e.g. reader
  • bus 210 e.g. bus
  • storage device 212 e.g.
  • one or more of the illustrated components are able to be removed or substituted for other components well known in the art.
  • the choice of processor is not critical as long as a suitable processor with sufficient speed is chosen.
  • the memory 204 is able to be any conventional computer memory known in the art.
  • the storage device 212 is able to include a hard drive, CDROM, CDRW, DVD, DVDRW, flash memory card or any other storage device.
  • the computing device 200 is able to include one or more network interfaces 202.
  • An example of a network interface includes a network card connected to an Ethernet or other type of LAN.
  • the I/O device(s) 208 are able to include one or more of the following: keyboard, mouse, monitor, display, printer, modem, touchscreen, button interface and other devices.
  • the agent 107 or function(s)/module(s) thereof are likely to be stored in the storage device 212 and memory 204 and processed as applications are typically processed. More or fewer components shown in Figure 2 are able to be included in the computing device 200.
  • secure transfer system hardware 220 is included.
  • the computing device 200 in Figure 2 includes applications 230 and hardware 220 for the system 100, the system 100 is able to be implemented on a computing device in hardware, firmware, software or any combination thereof.
  • Figure 3 illustrates a method of operating a secure transfer system 100 according to some embodiments.
  • an agent 107 of the transfer device 104 receives a selection of an asset and input of a recipient identifier identifying a recipient to which the asset is to be transferred at the step 302.
  • the agent 107 of the transfer device 104 generates an item’s second fingerprint based on the item identifier and the recipient public key at the step 304.
  • the agent 107 of the transfer device 104 generates a transfer fingerprint based on the sender secret key and the item’s first fingerprint at the step 306.
  • the agent 107 of the transfer device 104 generates at least one sender proof that enables the blockchain to determine whether the sender device knows the item identifier, the sender secret key, the sender secret key and the recipient public key at the step 308.
  • the agent 107 of the transfer device 104 transmits a transaction message to a recipient device 104 having a second transfer agent 107, the transaction message including the sender proof, the item’s second fingerprint and the transfer fingerprint at the step 310.
  • the recipient device 104 upon receipt of the transaction message by the recipient device 104, the recipient device 104 generates at least one recipient proof that enables the smart contract to determine whether the recipient device 104 knows the item identifier and the recipient secret key and transmits a transfer transaction to the open registry 106 including the recipient proof, the sender proof, the item’s second fingerprint and the transfer fingerprint.
  • the smart contract on the open registry 106 verifies whether the sender device 104 knows the item identifier, the sender public key, the sender secret key and the recipient public key based on the sender proof and verifies whether the recipient device 104 knows the item identifier and the recipient secret key based on the recipient proof.
  • the smart contract refrains from recording the transfer transaction on the ledger if the transfer fingerprint already exists on the key-value storage.
  • the blockchain refrains from recording the transfer transaction on the ledger if the item’ s second fingerprint already exists on the accumulator.
  • the agent 107 of the transfer device 104 identifies a root value on the accumulator (e.g. merkle tree) and the blockchain refrains from recording the transfer transaction on the ledger if the leaf that represents the fingerprint does not belong to the accumulator.
  • Figure 4 illustrates a method of operating a secure transfer system 100 according to some embodiments. As shown in Figure 4, an agent 107 of the transfer device 104 receives a selection of an asset to be registered at the step 402.
  • the agent 107 of the transfer device 104 generates a registration item fingerprint based on the item identifier and a registrant public key of a registrant having a registrant secret key that corresponds to the registrant public key at the step 404.
  • the agent 107 of the transfer device 104 generates a registrant proof that enables the blockchain to determine whether the registrant device 104 knows the item identifier, the registrant public key and the registrant secret key at the step 406.
  • the agent 107 of the transfer device 104 transmits a registration transaction to the open registry 106 including the registration proof and the registration item fingerprint at the step 408.
  • the method further comprises verifying with the smart contract on the open registry 106 whether the sender device 104 knows the item identifier, the registrant public key and the registrant secret key based on the registrant proof. In some embodiments, the method further comprises refraining from recording the registration transaction on the ledger on the open registry 106 if the registrant item fingerprint already exists on the accumulator. In some embodiments, the leaf that represents the item’s first fingerprint is able to be verified against some of the previous versions of the accumulator (e.g. merkle tree) in order to allow multiple transactions to be processed in parallel.
  • some of the previous versions of the accumulator e.g. merkle tree
  • the described system, method and device has numerous advantages. For example, using the system 100, nobody can register a unit on another's behalf, due to the fact that unit identity id carries registrant's public key (a Pk ) and due to the way the registration NP statement is constructed, it requires knowledge of the registrant’s secret key (a Sk ). As a result, the transfer recipient will always be able to identify unit registrant's identity. Further, nobody, besides the current owner/custodian, is able to transfer a unit 102 because one has to know the secret key of the sender due to the way the origin NP statement is formed. Additionally, nobody can transfer an item 102 to another party unless that party approves of the transfer because of the way the transfer transactions are constructed it requires proofs of both the origin and the destination NP statements (hence knowledge of recipient's secret key is required).
  • the sender can only learn if the unit is transferred successfully to the recipient by checking transfer fingerprint sn on the key value storage, but he cannot learn whether or when recipient has transferred the unit to a next party, including identities of those party(ies), since in order to compute a new recipient's transfer fingerprint sn of the unit one needs to know secret key of the recipient.
  • the receiving party cannot provably disclose the sender's identity (e.g. the public key of the sender) unless "Revealing Identity of the Sender" protocol is executed.
  • the sending party can only disclose recipient's identity they transferred to, but have no visibility over next recipients in the supply chain.
  • the devices 104 are able to be integrated into supply chain equipment (e.g., bar code scanner, optical character recognition (OCR) readers, RFID readers, near field communication (NFC) readers, convey belts, packaging machines) that is able to read and/or write data to the targeted open registry 106, tags and/or servers 108.
  • supply chain equipment e.g., bar code scanner, optical character recognition (OCR) readers, RFID readers, near field communication (NFC) readers, convey belts, packaging machines
  • item 102 is able to be a digital asset (e.g., a token, an identifier, a group of identifiers) or the digital twin of a physical asset that exists in the physical world and/or the ledger/registry record is able to be transfer of custody, transfer of ownership, transfer of use and transfer of rights. Therefore, "possession” as described herein is able to represent any type of assignment that can be transferred, including “custody", “ownership”, "right” and
  • the system 100 is able to require fingerprint generation process to use enough entropy (randomness) for each separate fingerprint since identity might have short brute-force space. Additional randomness is also able to be used to make multiple instances of ownership available to the same participant by obtaining different unit ownership fingerprints. This is beneficial in multiple use cases including transfers returned to a previous owner. Furthermore, this provides unlinkability amongst chains of transfers that involve the same participant more than once per unit.
  • a sender device 104 may invalidate a transfer before it has been sent to the registry 106 by the recipient device 104 (e.g. in cases such as mistake, for example, units were authorized but haven't been shipped). To disable such an authorization (e.g.
  • This will cause the blockchain to record the current transfer fingerprint sn on the key value storage and thus result in that transfer fingerprint being already “consumed.”
  • the transaction will be rejected because the transfer fingerprint will be invalid (e.g. already used).

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un système, un dispositif et un procédé de personnalisation sécurisée confidentielle et/ou de transfert de propriété d'un bien entre des entités mises en oeuvre par l'intermédiaire d'un registre ouvert, un registre enregistrant de manière sécurisée chacune des transactions à l'aide d'un état de données protégé ou mandataire de sorte que des informations concernant les transactions ne puissent pas être extraites du registre en dépit de la nature accessible des enregistrements sur le registre ouvert.
PCT/US2019/021485 2018-03-09 2019-03-08 Système de transfert confidentiel décentralisé, procédé et dispositif WO2019173793A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CA3093473A CA3093473A1 (fr) 2018-03-09 2019-03-08 Systeme de transfert confidentiel decentralise, procede et dispositif
EP19764493.3A EP3763103A4 (fr) 2018-03-09 2019-03-08 Système de transfert confidentiel décentralisé, procédé et dispositif

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201862640819P 2018-03-09 2018-03-09
US62/640,819 2018-03-09

Publications (1)

Publication Number Publication Date
WO2019173793A1 true WO2019173793A1 (fr) 2019-09-12

Family

ID=67846364

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2019/021485 WO2019173793A1 (fr) 2018-03-09 2019-03-08 Système de transfert confidentiel décentralisé, procédé et dispositif

Country Status (3)

Country Link
EP (1) EP3763103A4 (fr)
CA (1) CA3093473A1 (fr)
WO (1) WO2019173793A1 (fr)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160321654A1 (en) * 2011-04-29 2016-11-03 Stephen Lesavich Method and system for storage and retrieval of blockchain blocks using galois fields
US20170352012A1 (en) * 2016-04-18 2017-12-07 R3 Ltd. Secure processing of electronic transactions by a decentralized, distributed ledger system
US20170366347A1 (en) * 2016-06-20 2017-12-21 Ned M. Smith Technologies for data broker assisted transfer of device ownership

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160321654A1 (en) * 2011-04-29 2016-11-03 Stephen Lesavich Method and system for storage and retrieval of blockchain blocks using galois fields
US20170352012A1 (en) * 2016-04-18 2017-12-07 R3 Ltd. Secure processing of electronic transactions by a decentralized, distributed ledger system
US20170366347A1 (en) * 2016-06-20 2017-12-21 Ned M. Smith Technologies for data broker assisted transfer of device ownership

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3763103A4 *

Also Published As

Publication number Publication date
EP3763103A1 (fr) 2021-01-13
EP3763103A4 (fr) 2022-03-23
CA3093473A1 (fr) 2019-09-12

Similar Documents

Publication Publication Date Title
US20190205898A1 (en) Decentralized confidential transfer system, method and device
US20190034923A1 (en) Secure and confidential custodial transaction system, method and device using zero-knowledge protocol
US11038694B1 (en) Devices, methods, and systems for cryptographic authentication and provenance of physical assets
US10673617B1 (en) Methods, system and point-to-point encryption device microchip for AES-sea 512-bit key using identity access management utilizing blockchain ecosystem to improve cybersecurity
US11113699B2 (en) Open registry for identity of things
US11107088B2 (en) Open registry for internet of things
CN101937528B (zh) 实施供应链可见性策略的系统和方法
US11283610B2 (en) Methods and systems for token-based anchoring of a physical object in a distributed ledger environment
CN104919775B (zh) 用于密钥链同步的系统和方法
US7877605B2 (en) Opinion registering application for a universal pervasive transaction framework
US8793496B2 (en) Systems, methods, and computer program products for secure optimistic mechanisms for constrained devices
JP2022514784A (ja) 物体認証を準備及び実行するための方法及びシステム
CN108140152A (zh) 计算机实现的追踪机制及数据管理
CN116318617B (zh) 基于rfid和区块链的医疗救援物资慈善捐助方法
TW202217610A (zh) 鑑認系統及方法
TW202223793A (zh) 驗證系統及方法
US10867326B2 (en) Reputation system and method
US20210391993A1 (en) Methods, systems, and apparatuses for cryptographic wireless detection and authentication of fluids
WO2021094854A1 (fr) Authentification multifactorielle à l'aide de transactions à chaîne de blocs
CN113779594B (zh) 基于区块链的数据分发共享方法及系统
WO2019173793A1 (fr) Système de transfert confidentiel décentralisé, procédé et dispositif
Picazo‐Sanchez et al. Weaknesses of fingerprint‐based mutual authentication protocol
Zhang et al. Cross-Chain Interoperability and Collaboration for Keyword-Based Embedded Smart Contracts in the Internet of Things
Chen et al. An RFID system yoking‐proof protocol conforming to EPCglobal C1G2 standards
RU2809976C2 (ru) Способы и системы для основанной на токенах привязки физических объектов в среде распределенного реестра

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19764493

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 3093473

Country of ref document: CA

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2019764493

Country of ref document: EP