DECENTRALIZED DATA STORAGE AND PROCESSING FOR IoT DEVICES
US-2019349733-A1 · Nov 14, 2019 · US
Establishment of consortium blockchain network
US11218457B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11218457-B2 |
| Application number | US-201916686172-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 17, 2019 |
| Priority date | Feb 7, 2017 |
| Publication date | Jan 4, 2022 |
| Grant date | Jan 4, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The disclosed technology is generally directed to blockchain and other security technology. In one example of the technology, a first node is endorsed. During endorsement of a first node, a pre-determined type of blockchain or other security protocol code to be authorized and a pre-determined membership list are stored in a trusted execution environment (TEE) of the first node. A determination is made as to whether the membership lists and pre-determined blockchain or other security protocol code to be authorized from the proposed members match. If so, TEE attestation is used to verify that nodes associated with prospective members of the consortium store the pre-determined type of blockchain or other security protocol code to be authorized. Upon TEE attestation being successful, a consortium network is bootstrapped such that the prospective members become members of the consortium network.
First claim
Opening claim text (preview).
We claim: 1. An apparatus for a blockchain system, comprising: a device including at least one memory adapted to store run-time data for the device, and at least one processor that is adapted to execute processor-executable code that, in response to execution, enables the device to perform actions, including: determining that a plurality of membership lists from plurality of prospective members of a consortium match a first pre-determined membership list; in response to determining that the plurality of membership lists from the plurality of prospective members of the consortium match the first pre-determined membership list, verifying, via trusted execution environment (TEE) attestation, that nodes associated with the plurality of prospective members of the consortium store a pre-determined type of security protocol code that matches a first authorization; and in response to verifying that the nodes associated with the plurality of prospective members of the consortium store the pre-determined type of security protocol code that matches the first authorization, bootstrapping a consortium network with the plurality of prospective members as members of the consortium network. 2. The apparatus of claim 1 , wherein the actions further comprise storing a public/private key pair in a TEE of a first node. 3. The apparatus of claim 1 , wherein bootstrapping the consortium network further includes generating a blockchain master key. 4. The apparatus of claim 1 , wherein the actions further comprise receiving a public transaction key associated with a participant. 5. The apparatus of claim 1 , wherein determining that the plurality of membership lists from the plurality of prospective members of the consortium match the first pre-determined membership list includes determining that there is a match among at least one of the following: a type of TEE, a type of processor, a software version of blockchain protocol code, or a type of Confidential Consortium (COCO) Blockchain framework. 6. The apparatus of claim 1 , wherein the TEE includes at least one protected region in the at least one processor. 7. The apparatus of claim 1 , wherein the TEE includes at least two separate protected regions in the at least one processor. 8. The apparatus of claim 1 , wherein the actions further comprise discovering other nodes associated with the plurality of prospective members. 9. The apparatus of claim 8 , wherein the actions further comprise receiving a private key from each of the other nodes. 10. The apparatus of claim 1 , wherein the members include at least a first member and a second member, and wherein bootstrapping the consortium network includes endorsing a first node of the consortium network with at least a public blockchain key of the first member and a private blockchain key of the first member. 11. A method, comprising: endorsing a first node, including: storing pre-determined code of the pre-determined type of blockchain protocol code in a trusted execution environment (TEE) of the first node; storing, in the first node, a first pre-determined membership list of a consortium; and storing, in the first node, a first authorization associated with the pre-determined type of blockchain protocol code; receiving, from a plurality of prospective members of the consortium: a plurality of membership lists, and a plurality of authorizations from the plurality of prospective members of the consortium; determining that the plurality of membership lists from the plurality of prospective members of the consortium match the first pre-determined membership list; in response to determining that the plurality of membership lists from the plurality of prospective members of the consortium match the first pre-determined membership list verifying with TEE attestation that nodes associated with prospective members of the consortium store the pre-determined type of blockchain protocol code that matches the first authorization; and bootstrapping a consortium network with the prospective members as members of the consortium network. 12. The method of claim 11 , wherein endorsing the first node further includes storing a public/private key pair in the TEE of the first node. 13. The method of claim 11 , wherein bootstrapping the consortium network further includes generating a blockchain master key. 14. The method of claim 11 , further comprising receiving a public transaction key associated with a participant. 15. The method of claim 11 , wherein determining that the plurality of membership lists from the plurality of prospective members of the consortium match the first pre-determined membership list includes determining whether there is a match among at least one of the following: a type of TEE, a type of processor, a software version of blockchain protocol code, or a type of Confidential Consortium (COCO) Blockchain framework. 16. The method of claim 11 , wherein the TEE includes two separate protected regions in the processor in the first node. 17. The method of claim 11 , further comprising discovering other nodes associated with the plurality of prospective members. 18. The method of claim 11 , further comprising establishing a trusted connection with at least one other nodes via creation of a mutually-authenticated secure tunnel built on public keys of the communicating nodes. 19. The method of claim 11 , further comprising: exchanging a private key with each of the other nodes. 20. A processor-readable storage medium, having stored thereon processor-executable code that, upon execution by at least one processor, enables actions, comprising: determining that a plurality of membership lists from plurality of prospective members of a consortium match a first pre-determined membership list; in response to determining that the plurality of membership lists from the plurality of prospective members of the consortium match the first pre-determined membership list, verifying, via trusted execution environment (TEE) attestation, that nodes associated with the plurality of prospective members of the consortium store a pre-determined type of security protocol code that matches a first authorization; and in response to verifying that the nodes associated with the plurality of prospective members of the consortium store the pre-determined type of security protocol code that matches the first authorization, bootstrapping a consortium network with the plurality of prospective members as members of the consortium network.
Assignees
Inventors
Classifications
- H04L9/50Primary
using hash chains, e.g. blockchains or hash trees · CPC title
Grouping of entities · CPC title
for group communications (cryptographic mechanisms or cryptographic arrangements for key management involving conference or group key H04L9/0833) · CPC title
using cryptographic hash functions · CPC title
by executing in a restricted environment, e.g. sandbox or secure virtual machine · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11218457B2 cover?
- The disclosed technology is generally directed to blockchain and other security technology. In one example of the technology, a first node is endorsed. During endorsement of a first node, a pre-determined type of blockchain or other security protocol code to be authorized and a pre-determined membership list are stored in a trusted execution environment (TEE) of the first node. A determination …
- Who is the assignee on this patent?
- Microsoft Technology Licensing Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/50. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 04 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).