Blockchain-based node management methods and apparatuses
US-2021158347-A1 · May 27, 2021 · US
Electronic device within blockchain based PKI domain, electronic device within certification authority based PKI domain, and cryptographic communication system including these electronic devices
US12206756B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12206756-B2 |
| Application number | US-202017082790-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 28, 2020 |
| Priority date | Mar 31, 2020 |
| Publication date | Jan 21, 2025 |
| Grant date | Jan 21, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
An electronic device of a first domain, which is a blockchain-based public key infrastructure (PKI) domain, includes: an interface configured to receive, from a first entity belonging to a second domain which is a certification authority (CA)-based PKI domain, a first certificate of the first entity and a second certificate of a second entity, wherein the second entity is an upper node of the first entity and is a node of a blockchain; a memory configured to store the first certificate and the second certificate; and a processor configured to look up a transaction corresponding to the second entity at a distributed ledger of the first domain based on an identifier of the second entity, verify the second certificate based on the transaction, and verify the first certificate based on the second certificate.
First claim
Opening claim text (preview).
What is claimed is: 1. An electronic device of a first domain, which is a blockchain-based public key infrastructure (PKI) domain, the electronic device comprising: an interface configured to receive, from a first entity of a second domain, a first certificate of the first entity, a second certificate of a second entity of the second domain, and a third certificate of a third entity of the second domain, the first certificate having been issued by the third entity to the first entity, the third certificate having been issued by the second entity to the third entity; a memory configured to store the first certificate, the second certificate, and the third certificate; and a processor configured to: look up a transaction corresponding to the second entity of the second domain at a distributed ledger of the first domain based on an identifier of the second entity, the transaction having been added to the distributed ledger based on a registration message comprising a public key of the second entity and a certificate hash value of the second certificate of the second entity, the transaction indicating that the second entity and the second certificate are registered in the distributed ledger of the first domain; verify the second certificate of the second entity of the second domain based on the public key of the second entity and the certificate hash value of the second certificate of the second entity comprised by the transaction; verify the third certificate based on verification of the second certificate, and further based on the public key of the second entity obtained from the second certificate, the third certificate not being registered in the distributed ledger of the first domain; and verify the first certificate based on verification of the second certificate and verification of the third certificate, and further based on a public key of the third entity obtained from the third certificate, the first certificate not being registered in the distributed ledger of the first domain, wherein the first domain is different from the second domain, wherein the electronic device is not registered as a member of the second domain, wherein the first entity is not registered as a member of the first domain, wherein the second certificate of the second entity is registered in the distributed ledger of the first domain, and wherein the third entity is not registered as a member of the first domain. 2. The electronic device of claim 1 , wherein the processor is configured to verify the transaction by obtaining the public key of the second entity from the transaction, obtaining a first hash value by decrypting a signature of the transaction with the public key, obtaining a second hash value by hashing a message of the transaction, and comparing the first hash value and the second hash value. 3. The electronic device of claim 1 , wherein the processor is configured to verify the second certificate by obtaining a first hash value by decrypting a signature of the second certificate with the public key of the second entity, obtaining a second hash value by hashing identity information of the second certificate, and comparing the first hash value and the second hash value. 4. The electronic device of claim 1 , wherein the processor is configured to compare an identifier and a public key included in the transaction with an identifier and a public key included in the second certificate to verify the second certificate. 5. The electronic device of claim 1 , wherein the processor is configured to verify the second certificate by obtaining a first hash value, which is a hash value of the second certificate, from the transaction, obtaining a second hash value by hashing the second certificate, and comparing the first hash value and the second hash value. 6. The electronic device of claim 1 , wherein the processor is further configured to: verify the third certificate by obtaining a first hash value by decrypting a signature of the third certificate with the public key of the second entity, obtaining a second hash value by hashing identity information of the third certificate, and comparing the first hash value and the second hash value; and verify the first certificate by obtaining a third hash value by decrypting a signature of the first certificate with the public key of the third entity, obtaining a fourth hash value by hashing identity information of the first certificate, and comparing the third hash value and the fourth hash value. 7. The electronic device of claim 1 , wherein the processor is further configured to generate a certificate of the electronic device, wherein the certificate is signed with a private key of the electronic device, and wherein a public key of the electronic device is registered at the distributed ledger. 8. The electronic device of claim 1 , wherein the interface is configured to receive a registration transaction and a fourth certificate from a fourth entity registered as a member of a third domain different from the first domain and the second domain, and wherein the processor is configured to verify the registration transaction and the third certificate, and add the registration transaction to the distributed ledger. 9. An electronic device of a first domain, which is a certification authority (CA)-based public key infrastructure (PKI) domain, the electronic device comprising: an interface configured to: receive a first certificate from a first entity registered as a member of a second domain; transmit a verification request and the first certificate to a second entity of the first domain; and receive a response message, from the second entity, based on the verification request; a memory configured to store a second certificate of the second entity and a third certificate of a third entity of the first domain, the second certificate having been added to a distributed ledger of the second domain as a transaction comprising a public key of the second entity and a certificate hash value of the second certificate of the second entity, and the third certificate having been issued by the second entity of the first domain; and a processor configured to verify the response message based on the second certificate, wherein the interface is further configured to: transmit, to the first entity of the second domain, a certificate of the electronic device, the second certificate, and the third certificate, the certificate of the electronic device having been issued by the third entity of the first domain, the certificate of the electronic device not being registered at the distributed ledger of the second domain, and allow cryptographic communication with the first entity based on the third certificate being verified and the first certificate being verified, the third certificate being certified based on verification of the second certificate and the public key of the second entity obtained from the second certificate, the first certificate being verified based on verification of the second certificate, verification of the third certificate, a public key of the third entity obtained from the third certificate, the public key of the second entity, and the certificate hash value of the second certificate of the second entity, the third certificate not being registered at the distributed ledger of the second domain, wherein the first domain has a hierarchical trust certification chain, wherein the second domain is different from the first domain, wherein the second entity is an upper CA node in the hierarchical trust certification chain of the first domain, and the second certificate of the second entity is registered in the distributed ledger of the second domain, and wherein the third entity is an intermediate CA i
Assignees
Inventors
Classifications
using hash chains, e.g. blockchains or hash trees · CPC title
using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL] · CPC title
Hash functions, e.g. MD5, SHA, HMAC or f9 MAC · CPC title
involving digital signatures · CPC title
Modes of operation, e.g. cipher block chaining [CBC], electronic codebook [ECB] or Galois/counter mode [GCM] · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12206756B2 cover?
- An electronic device of a first domain, which is a blockchain-based public key infrastructure (PKI) domain, includes: an interface configured to receive, from a first entity belonging to a second domain which is a certification authority (CA)-based PKI domain, a first certificate of the first entity and a second certificate of a second entity, wherein the second entity is an upper node of the f…
- Who is the assignee on this patent?
- Samsung Electronics Co Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04L9/006. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 21 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).