Smart device
US-2017232300-A1 · Aug 17, 2017 · US
Traceable key block-chain ledger
US11108554B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11108554-B2 |
| Application number | US-202016842690-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 7, 2020 |
| Priority date | Dec 29, 2017 |
| Publication date | Aug 31, 2021 |
| Grant date | Aug 31, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Techniques are shown for key tracing using a traceable key block-chain ledger involving, in response to detection of an attack on a resource protected by a cryptographic key, retrieving a key block-chain ledger corresponding to the cryptographic key having one or more transaction blocks. Each transaction block corresponds to a key transaction with the cryptographic key and includes metadata describing the key transaction with the cryptographic key. Metadata from the transaction blocks in the key block-chain ledger is used to trace the key transactions of the cryptographic key to a point of attack. A transaction block corresponding to the point of attack is determined and an alert is generated indicating the point of attack with metadata from the transaction block corresponding to the point of attack.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented key tracing method comprising: responsive to detection of an attack on a resource protected by a cryptographic key, retrieving a key block-chain ledger corresponding to the cryptographic key, the key block-chain ledger having one or more transaction blocks, where each transaction block corresponds to a key transaction with the cryptographic key and includes metadata describing the key transaction with the cryptographic key; using metadata from the transaction blocks in the key block-chain ledger to trace the key transactions of the cryptographic key to a point of attack; determining a transaction block corresponding to the point of attack; and generating an alert indicating the point of attack with metadata from the transaction block corresponding to the point of attack. 2. The key trace method of claim 1 , wherein the metadata comprises information for one or more of a machine that performed a rotation of the key, a machine that utilized the key for a transaction, a machine where the key resided, a source where the key originated, a data set encrypted using the key, a kernel signed with the key, a library encrypted using the key, a Dynamically Linked Library encrypted using the key, a service that utilized the key, a user that utilized the key, a domain that utilized the key. 3. The key trace method of claim 1 , wherein the alert indicating the point of attack with metadata from the transaction block corresponding to the point of attack includes information for one or more of the machine that performed the rotation of the key, the machine that utilized the key for the transaction, the machine where the key resided, the source where the key originated, the data set encrypted using the key, the kernel signed with the key, the library encrypted using the key, the Dynamically Linked Library encrypted using the key, the service that utilized the key, the user that utilized the key, and the domain that utilized the key. 4. The key trace method of claim 1 , wherein the metadata comprises a pointer to a location of a resource or log where trace information can be found. 5. The key trace method of claim 4 , wherein the alert indicating the point of attack with metadata from the transaction block corresponding to the point of attack includes the pointer to the location of the resource or log where trace information can be found. 6. The key trace method of claim 1 , wherein the step of determining a transaction block corresponding to the point of attack comprises determining a transaction block corresponding to the last transaction at which the key was valid. 7. The key trace method of claim 1 , wherein access to the key block-chain ledger or the metadata is restricted by cryptographic means to one or more authorized servers. 8. A system for key tracing, the system comprising: one or more processors; and one or more memory devices in communication with the one or more processors, the memory devices having computer-readable instructions stored thereupon that, when executed by the processors, cause the processors to: responsive to detection of an attack on a resource protected by a cryptographic key, retrieve a key block-chain ledger corresponding to the cryptographic key, the key block-chain ledger having one or more transaction blocks, where each transaction block corresponds to a key transaction with the cryptographic key and includes metadata describing the key transaction with the cryptographic key; trace the key transactions of the cryptographic key to a point of attack using metadata from the transaction blocks in the key block-chain ledger; determine a transaction block corresponding to the point of attack; and generate an alert indicating the point of attack with metadata from the transaction block corresponding to the point of attack. 9. The system for key tracing of claim 8 , wherein the metadata comprises information for one or more of a machine that performed a rotation of the key, a machine that utilized the key for a transaction, a machine where the key resided, a source where the key originated, a data set encrypted using the key, a kernel signed with the key, a library encrypted using the key, a Dynamically Linked Library encrypted using the key, a service that utilized the key, a user that utilized the key, a domain that utilized the key. 10. The system for key tracing of claim 9 , wherein the alert indicating the point of attack with metadata from the transaction block corresponding to the point of attack includes information for one or more of the machine that performed the rotation of the key, the machine that utilized the key for the transaction, the machine where the key resided, the source where the key originated, the data set encrypted using the key, the kernel signed with the key, the library encrypted using the key, the Dynamically Linked Library encrypted using the key, the service that utilized the key, the user that utilized the key, and the domain that utilized the key. 11. The system for key tracing of claim 8 , wherein the metadata comprises a pointer to a location of a resource or log where trace information can be found. 12. The system for key tracing of claim 11 , wherein the alert indicating the point of attack with metadata from the transaction block corresponding to the point of attack includes the pointer to the location of the resource or log where trace information can be found. 13. The system for key tracing of claim 8 , wherein the operation to determine a transaction block corresponding to the point of attack operates to determine a transaction block corresponding to the last transaction at which the key was valid. 14. The key trace method of claim 8 , wherein access to the key block-chain ledger or the metadata is restricted by cryptographic means to one or more authorized servers. 15. A computer storage medium having computer executable instructions stored thereon which, when executed by one or more processors, cause the processors to execute a key trace method comprising: responsive to detection of an attack on a resource protected by a cryptographic key, retrieving a key block-chain ledger corresponding to the cryptographic key, the key block-chain ledger having one or more transaction blocks, where each transaction block corresponds to a key transaction with the cryptographic key and includes metadata describing the key transaction with the cryptographic key; using metadata from the transaction blocks in the key block-chain ledger to trace the key transactions of the cryptographic key to a point of attack; determining a transaction block corresponding to the point of attack; and generating an alert indicating the point of attack with metadata from the transaction block corresponding to the point of attack. 16. The computer storage medium of claim 15 , wherein the metadata comprises information for one or more of a machine that performed a rotation of the key, a machine that utilized the key for a transaction, a machine where the key resided, a source where the key originated, a data set encrypted using the key, a kernel signed with the key, a library encrypted using the key, a Dynamically Linked Library encrypted using the key, a service that utilized the key, a user that utilized the key, a domain that utilized the key. 17. The computer storage medium of claim 16 , wherein the alert indicating the point of attack with metadata from the transaction block corresponding to the point of attack includes information for one or more of the machine that performed the rotation of the key, the machine
Assignees
Inventors
Classifications
- H04L9/50Primary
using hash chains, e.g. blockchains or hash trees · CPC title
using a plurality of keys or algorithms · CPC title
Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy · CPC title
Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) (network architectures or network communication protocols for key distribution in a packet data network H04L63/062) · CPC title
Generation of secret information including derivation or calculation of cryptographic keys or passwords · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11108554B2 cover?
- Techniques are shown for key tracing using a traceable key block-chain ledger involving, in response to detection of an attack on a resource protected by a cryptographic key, retrieving a key block-chain ledger corresponding to the cryptographic key having one or more transaction blocks. Each transaction block corresponds to a key transaction with the cryptographic key and includes metadata des…
- Who is the assignee on this patent?
- Ebay Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/50. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 31 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).