Multilevel split keys for wallet recovery
US-11405200-B1 · Aug 2, 2022 · US
Limiting data availability on distributed ledger
US11856092B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11856092-B2 |
| Application number | US-202117336530-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 2, 2021 |
| Priority date | Jun 2, 2021 |
| Publication date | Dec 26, 2023 |
| Grant date | Dec 26, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
An example operation may include one or more of encrypting content via an encryption key to generate encrypted content, storing the encrypted content via a distributed ledger, splitting the encrypted encryption key into a set of key shares via a threshold secret sharing scheme, and distributing the set of key shares among a plurality of nodes of a distributed vault, where each key share is distributed with an expiry value that identifies when the respective key share is to be deleted by a node.
First claim
Opening claim text (preview).
What is claimed is: 1. An apparatus comprising: a hardware-implemented processor that, when executing instructions stored in a memory, is configured to: encrypt content with an encryption key to generate encrypted content; store the encrypted content in a distributed ledger; encrypt the encryption key with a one-time pad prior to the encryption key being split into the plurality of key shares, where the one-time pad is derived from a nonce value; encrypt the nonce value with a key of a user device of the distributed ledger; transmit the encrypted nonce value to the user device; split the encryption key into a set of key shares via a threshold secret sharing scheme; and distribute the set of key shares among a plurality of nodes of a distributed vault. 2. The apparatus of claim 1 , wherein the hardware-implemented processor is further configured to: store an identifier of a key share, of the set plurality of key shares, paired with an identifier of a node, of the plurality of nodes of the distributed vault, to which the key share is distributed. 3. The apparatus of claim 1 , wherein the hardware-implemented processor is configured to: distribute the set of key shares such that each node, of the plurality of nodes of the distributed vault, receives only one unique key share from the set of key shares. 4. The apparatus of claim 1 , wherein the hardware-implemented processor is further configured to: transmit an on-demand revocation request to a node, of the plurality of nodes of the distributed vault, where the on-demand revocation request instructs the node to delete its respective key share. 5. A method comprising: encrypting content with an encryption key to generate encrypted content; storing the encrypted content in a distributed ledger; encrypting the encryption key with a one-time pad prior to the encryption key being split into the plurality of key shares, where the one-time pad is derived from a nonce value; encrypting the nonce value with a key of a user device of the distributed ledger; transmitting the encrypted nonce value to the user device; splitting the encryption key into a set of key shares via a threshold secret sharing scheme; and distributing the set of key shares among a plurality of nodes of a distributed vault. 6. The method of claim 5 , wherein the method further comprises: storing an identifier of a key share, of the set of key shares, paired with an identifier of a node, of the plurality of nodes of the distributed vault, to which the key share is distributed. 7. The method of claim 5 , wherein the distributing further comprises: distributing the set of key shares such that each node, of the plurality of nodes of the distributed vault, receives only one unique key share from the set of key shares. 8. The method of claim 5 , wherein the method further comprises: transmitting an on-demand revocation request to a node, of the plurality of nodes of the distributed vault, where the on-demand revocation request instructs the node to delete its respective key share. 9. A non-transitory computer program product comprising a computer-readable medium storing instructions that, when executed by a processor, cause the processor to perform: encrypting content with an encryption key to generate encrypted content; storing the encrypted content in a distributed ledger; encrypting the encryption key with a one-time pad prior to the encryption key being split into the plurality of key shares, where the one-time pad is derived from a nonce value; encrypting the nonce value with a key of a user device of the distributed ledger; transmitting the encrypted nonce value to the user device; splitting the encryption key into a set of key shares via a threshold secret sharing scheme; and distributing the set of key shares among a plurality of nodes of a distributed vault. 10. The non-transitory computer program product of claim 9 , wherein the instructions further cause the processor to perform: storing an identifier of a key share paired with an identifier of a node, of the plurality of nodes of the distributed vault, to which the key share is distributed. 11. The non-transitory computer program product of claim 9 , wherein the distributing further comprises: distributing the set of key shares such that each node, of the plurality of nodes of the distributed vault, receives only one unique key share from the set of key shares.
Assignees
Inventors
Classifications
- H04L9/085Primary
Secret sharing or secret splitting, e.g. threshold schemes · CPC title
Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher · CPC title
using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates · CPC title
- H04L9/0894Primary
Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage · CPC title
using hash chains, e.g. blockchains or hash trees · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11856092B2 cover?
- An example operation may include one or more of encrypting content via an encryption key to generate encrypted content, storing the encrypted content via a distributed ledger, splitting the encrypted encryption key into a set of key shares via a threshold secret sharing scheme, and distributing the set of key shares among a plurality of nodes of a distributed vault, where each key share is dist…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification H04L9/085. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Dec 26 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).