Securing cryptographic data onto a physical medium

Abstract

The present invention relates to a method and a system for inscribing and securely storing cryptographic keys on a physical medium, and to a corresponding physical medium, comprising the following steps: from a first management entity (31), generating (1) a first pair of asymmetric cryptographic keys comprising a first user public key (pub1) and a first user private key (priv1), inscribing (2) the first user private key (priv1) onto a physical medium, and affixing (4) a first tamper-evident concealing element (hol1) to the physical medium in order to conceal the first user private key (priv1) and seal same, said first user private key (priv1) being accessible only by visibly breaking said first tamper-evident concealing element (hol1); from the second management entity (32), generating (6) a second pair of asymmetric cryptographic keys comprising a second user public key (pub2) and a second user private key (priv2), inscribing (7) the second user private key (priv2) onto the physical medium and affixing (9) a second tamper-evident concealing element (hol2) to the physical medium in order to conceal the second user private key (priv2) and seal same, said second user private key (priv2) being accessible only by visibly breaking said second tamper-evident concealing element (hol2); generating (10) at least one last user public key (pub0) and/or at least one cryptographic address (adr, adr-mult) from the first user public key (pub1) and the second user public key (pub2), inscribing (11) said at least one last public user key (pub0) and/or said at least one cryptographic address (adr, adr-mult) onto the physical medium, and verifying (12, 13) same, and finally recovering the private keys (priv1, priv2) comprising the generation of a last user private key (priv0) corresponding to the last user public key (pub0) and/or to said at least one cryptographic address (adr, adr-mult).

Claims

1. A computer-implemented method comprising: generating public-private data for storing on a physical medium, wherein the public-private data comprise a first private data of a first public-private data pair and a first public data of the first public-private data pair, wherein the first private data is stored on the physical medium at a first entity in a manner that any access by any entity, other than the first entity, to the first private data on the physical medium is evident or detectable, the generating of the public-private data comprising: generating a second public-private data pair associated with a second public data and a second private data; wherein the second private data of the second public-private data pair is stored on the physical medium at a second entity in a manner that any access by any entity, other than the second entity, to the second private data on the physical medium is evident or detectable; generating particular public data using, at least in part, the first public data of the first public-private data pair and the second public data of the second public-private data pair; wherein the particular public data is stored on the physical medium in a manner that the particular public data is publicly retrievable.

2. The method of claim 1 further comprising: recovering a particular private data that is uniquely associated with the particular public data of the physical medium by receiving the first private data and the second private data retrieved from the physical medium, and generating the particular private data.

3. The method of claim 2, wherein a particular public key corresponding to the public data and a particular private key of the particular private data are part of a same particular public-private data pair.

4. The method of claim 1, wherein the physical medium comprises: a first tamper evident seal concealing an inscription of the first private data, wherein any access to the first private data causes a break in the first tamper evident seal; wherein the first tamper evident seal concealing the inscription of the first private data is attached at the first entity; a second tamper evident seal concealing an inscription of the second private data, wherein any access to the second private data causes a break in the second tamper evident seal; wherein the second tamper evident seal concealing the inscription of the second private data is attached at the second entity.

5. The method of claim 1 wherein the public data comprises one or more of: a particular public key of a particular public-private data pair having a particular private key, a multi-signature address, or a cryptographic address.

6. The method of claim 1, wherein the public data comprises a cryptographic address associated with a particular public key and wherein generating the public data using, at least in part, the first public data and the second public data comprises: generating the particular public key using, at least in part, a first public key of the first public-private data pair and a second public key of the second public-private data pair; generating the cryptographic address using, at least in part, the particular public key.

7. The method of claim 1, further comprising causing inscription of the second private data on the physical medium and thereby causing storing of the second private data on the physical medium.

8. The method of claim 1, further comprising: reading, from the physical medium, private data stored by the second entity as a retrieved private data; verifying that the retrieved private data and the second public data are associated with the same second public-private data pair.

9. The method of claim 1, wherein the first public-private data pair comprises a first private key and a first public key, and wherein the second public-private data pair comprises a second private key and a second public key.

10. The method of claim 1, wherein the first entity is different from the second entity.

11. A physical medium comprising: a first private data of a first public-private data pair associated with a first public data; a second private data of a second public-private data pair associated with a second public data; wherein any access to the first private data or the second private data on the physical medium is evident or detectable; particular public data that is based, at least in part, on the first public data of the first public-private data pair and the second public data of the second public-private data pair; wherein the particular public data is publicly retrievable from the physical medium.

12. The physical medium of claim 11 wherein the particular public data is uniquely associated with a particular private key which is based, at least in part, on a first private key of the first public-private data pair and a second private key of the second public-private data pair.

13. The physical medium of claim 12, wherein a particular public key corresponding to the particular public data and the particular private key are associated with a same particular public-private data pair.

14. The physical medium of claim 11, further comprising: a first tamper evident seal concealing an inscription of the first private data, wherein any access to the first private data causes a break in the first tamper evident seal; wherein the first tamper evident seal concealing the inscription of the first private data is attached at a first entity; a second tamper evident seal concealing an inscription of the second private data, wherein any access to the second private data causes a break in the second tamper evident seal; wherein the second tamper evident seal concealing the inscription of the second private data is attached at a second entity.

15. The physical medium of claim 11 wherein the particular public data comprises one or more of: a particular public key of a particular public-private data pair having a corresponding particular private key, a multi-signature address or a cryptographic address uniquely associated with a particular private key.

16. The physical medium of claim 11: wherein the particular public data indicates a cryptographic address and is based, at least in part on, a particular public key of a particular public-private data pair having a particular private key, wherein the particular public key is based, at least in part, on a first public key of the first public-private data pair and a second public key of the second public-private data pair, wherein the particular private key is based, at least in part, on a first private key of the first public-private data pair and a second private key of the second public-private data pair.

17. The physical medium of claim 11, wherein the particular public data is a publicly visible inscription on the physical medium.

Description

BRIEF DESCRIPTION OF THE FIGURES

(1) Other characteristics and advantages of the invention will become apparent on reading the detailed description which follows. Also, in order to allow a clearer understanding of the invention, several preferred embodiments will be described below, by way of example, with particular reference to the appended figures, among which:

(2) FIG. 1 shows a diagram of a representative embodiment of the invention using two management entities to provide a last user public key (pub0),

(3) FIG. 2 shows a diagram of another representative embodiment of the invention using two management entities to provide a last user public key (pub0) and a cryptographic address,

(4) FIG. 3 shows a diagram of another representative embodiment of the invention using two management entities to provide a multi-signature address,

(5) FIG. 4 shows a diagram of another representative embodiment of the invention using three management entities to provide a last user public key (pub0),

(6) FIG. 5 shows a diagram of another representative embodiment of the invention using three management entities to provide a last user public key (pub0) and a cryptographic address,

(7) FIG. 6 shows a diagram of another representative embodiment of the invention using three management entities to provide a multi-signature address,

(8) FIG. 7 is a schematic view of a management entity representative of the system of the invention,

(9) FIG. 8 is a schematic view of a physical medium in one embodiment of the invention, and

(10) FIG. 9 is a schematic view of a physical medium in another embodiment of the invention,

(11) The present invention is described with particular embodiments and references to figures, but the invention is not limited by these. The described drawings or figures are only schematic and are not limiting.

FIRST EMBODIMENT OF THE INVENTION

(12) FIG. 1 shows a representative embodiment of the invention using two management entities 31 and 32 to provide a last user public key (pub0).

(13) The system for inscribing and securely storing cryptographic keys on a physical medium includes:

(14) a first management entity (31) configured to generate a first pair of asymmetric cryptographic keys comprising a first user public key (pub1) and a first user private key (priv1),

(15) the first management entity (31) comprising: a first computer (41) in which program instructions are stored, which instructions, when read by a first data processor, cause the first computer to generate the first user private key (priv1) and store the first user public key (pub1) in a first recording memory, a first device (51) associated with the first computer configured to inscribe the first user private key (priv1) onto a physical medium, and a first means for verifying the first user private key (priv1) inscribed and affixing a first tamper-evident concealing element (hol1) to the physical medium in order to conceal the first user private key (priv1) and make it non-visible,

(16) a second management entity (32) configured to generate a second pair of asymmetric cryptographic keys comprising a second user public key (pub2) and a second user private key (priv2), the second management entity (32) comprising: a second computer (42) in which program instructions are stored, which instructions, when read by a second data processor, cause the second computer (42) to be configured to store the second user public key (pub2) in a second recording memory; a second device (52) associated with the second computer for inscribing the second user private key (priv2) onto the physical medium, and a second means for verifying the second user private key (priv2) inscribed and affixing a second tamper-evident concealing element (hol2) to the physical medium in order to conceal the second user private key (priv2) and make it non-visible, the second computer (42) being further configured to generate a last user public key (pub0) from the first user public key (pub1) and the second user public key (pub2), and to allow the inscription of the last user public key (pub0) onto the physical medium by the second device (52).

(17) Hardware and Software

(18) The process for inscribing cryptographic keys requires at least two different management entities 31 and 32.

(19) The management entities 31 and 32 can be associated, for example, with an individual, with a group of people, such as the employees of a company, or with a system such as a service provider.

(20) As shown in FIG. 7, the entities 31 and 32 comprise an engraving machine 51, 52 connected to a computer 41, 42 for inscribing onto the metal bar. This computer 41, 42 is not connected to any network, in order to avoid cyberattacks. It is also advisable to have a computer 41, 42 with electromagnetic protection in order to avoid attacks using electromagnetic waves to damage or spy on the equipment. The software used for generating private keys is installed on this computer. The entities 31 and 32 can use the same type of hardware and software. Each entity has different holograms which it will affix to the metal bar.

(21) The software makes it possible to carry out cryptographic calculations for generating, verifying and signing asymmetric key pairs. It also makes it possible to generate a cryptocurrency address from a key or from multiple public keys. It is possible to use a computer 41, 42 with electromagnetic protection in order to avoid attacks using electromagnetic waves to damage or spy on the equipment. The software used for generating private keys is installed on this computer 41, 42. Each entity has different holograms which it will affix to the metal bar.

(22) If there are two entities, four employees may be involved, for example: Alice and Albert, employees of the first entity 31. Bob and Brian, employees of the second entity 32.

(23) Inscribing the Cryptographic Keys

(24) The steps of generating and inscribing the public and private keys are shown in the diagram of FIG. 1.

(25) (1) Alice generates a public/private key pair on the computer 41 using the software.

(26) (2) Alice takes a metal bar 100 and inscribes the private key (priv1).

(27) (3) Albert enters this private key into the software. The latter re-generates the public key (pub1). Albert verifies that the public key generated from the private key and the public key (pub1) generated by Alice are the same.

(28) (4) Once this verification has been carried out, Alice and Albert affix the tamper-evident holographic sticker (hol1) of their entity 31 over the private key (priv1).

(29) (5) Alice and Albert send the metal bar and the public key (pub1) to the second entity. The second entity 32 then performs a similar process.

(30) (6) Brian generates a public/private key pair,

(31) (7) Brian inscribes the private key (priv2), then

(32) (8) Bob verifies with the software that the engraved key has the same public key (pub2) as that of Brian.

(33) (9) Bob and Brian affix the tamper-evident holographic sticker (hol2) of their entity 32 over the private key (priv2).

(34) (10) Then, using the two public keys pub1 and pub2, Brian uses the software to derive a third public key (pub0).

(35) (11) Brian inscribes this public key (pub0) onto the metal bar 100.

(36) (12) In the last step Bob verifies, using the public keys pub1 and pub2, that the public key pub0 has been correctly engraved on the metal bar 100. For this, he enters, in turn, the public keys pub1 and pub2 into the software and makes sure that the public key engraved on the metal bar 100 is the correct one. Bob and Brian send the metal bar and the public key (pub2) to the first entity.

(37) (13) Employees Alice and Albert of the entity 31 must also calculate the public key (pub0) using the public keys pub1 and pub2 and verify that the public key (pub0) inscribed onto the metal bar 100 is the same as the one they calculated.

(38) Then, once the engraving process has been completed correctly, the employees of the entity 31 seal the metal bar 100 in plastic protection.

(39) This process makes it possible to create a metal bar 100 on which two private keys (priv1 and priv2) are inscribed by two different entities, hidden by two tamper-evident holographic stickers (hol1 and hol2), as well as a public key (pub0) corresponding to the combination of the two hidden private keys (priv1 and priv2). At no time were the two private keys (priv1 and priv2) visible to one person at the same time.

(40) Recovering the Private Key

(41) (14) The owner of the metal bar 100 can verify that the secrets (priv1 and priv2) of the bar 100 have not been revealed by verifying the integrity of the tamper-evident holographic stickers (hol1 and hol2).

(42) (15) When the owner wishes to recover the private key priv0 corresponding to the public key pub0 engraved on their bar 100, they must remove the two tamper-evident holographic stickers (hol1 and hol2). The secrets (priv1 and priv2) are then visible.

(43) (16) The software for recovering private keys asks the owner of the bar 100 to enter the secrets (priv1 and priv2) inscribed onto the metal bar 100. The software then generates the private key priv0 corresponding to the public key pub0. It was only at the recovery stage that the private key priv0 was calculated. It has never been present on any computer before, which means that neither the employees of the entity 31 nor the employees of the entity 32 could have seen this private key priv0.

SECOND EMBODIMENT

(44) FIG. 2 shows a representative embodiment of the invention using two management entities 31 and 32 to provide a last user public key (pub0) and a cryptographic address (adr).

(45) In this variant, a last user public key (pub0) is generated and a cryptographic address (adr) is engraved (11) on the physical medium. The last user public key (pub0) is used to generate the cryptographic address (adr), this address (adr) being calculated from the last user public key (pub0) and being engraved on the physical medium.

(46) In this variant of the method, the steps for generating and inscribing the public and private keys presented in the diagram of FIG. 2 are similar to those presented in the diagram of FIG. 1.

(47) If the cryptographic keys are used in the context of cryptocurrencies, it is possible to inscribe the address (adr) corresponding to the public key (pub0) rather than the public key (pub0) itself.

(48) In this variant, the steps (11) and (12) of the method are different. This time, instead of writing the public key pub0, Brian inscribes the address (adr) corresponding to the public key pub0. The calculation of the address (adr) depends on the cryptocurrency used but the address (adr) always depends on the public key pub0.

(49) The verification carried out by the 1st entity 31 in step (13) is modified, because it is no longer the public key pub0 that is inscribed but rather the cryptocurrency address (adr). Consequently, the verification carried out consists in recalculating this address (adr) and verifying that the inscribed address (adr) matches the calculated address.

(50) The verification carried out in (16) by the owner is also different because in this case, the owner of the physical medium 100 verifies the address pub0 and not the public key pub0.

THIRD EMBODIMENT

(51) FIG. 3 shows a representative embodiment of the invention using two management entities 31 and 32 to provide a multi-signature address (adr-mult).

(52) In this variant, a multi-signature address (adr-mult) is generated from the first user public key (pub1) and the second user public key (pub2), this multi-signature address (adr-mult) being engraved (11) on the physical medium.

(53) In this variant of the method, the steps for generating and inscribing the public and private keys presented in the diagram of FIG. 3 are similar to those presented in the diagram of FIG. 2.

(54) Remaining on the subject of cryptocurrencies, it is possible to make the address (adr-mult) depend directly on the public keys pub1 and pub2 without having to generate a third public key pub0. In this case the address (adr-mult) inscribed onto the physical medium is a 2-of-2 “multi-signature” address, which means that to sign a transaction, the two private keys priv1 and priv2 inscribed under the hidden portions are used directly to sign a transaction. There is no generation of a 3rd private key, derived from the private keys priv1 and priv2.

(55) The different steps of this preferred embodiment are, as for the variant of FIG. 2, steps (11), (12), (13) and (16). Steps (11) and (12) are different because it is not the public key pub0 that is inscribed onto the medium, but the multi-signature address (adr-mult) corresponding to the two public keys pub1 and pub2. In step (11), Brian inscribes the address (adr-mult) corresponding to the public keys pub1 and pub2. And in step (12) Bob verifies this address (adr-mult).

(56) The verification carried out by the 1st entity 31 in step (13) is modified, because it is no longer the public key pub0 that needs to be verified, but rather the multi-signature cryptocurrency address (adr-mult). Consequently, as with the variant of FIG. 2, the verification carried out consists in recalculating the address (adr-mult) and verifying that the inscribed address (adr-mult) matches the calculated address.

(57) The verification carried out in (16) is different because in this case, the owner of the physical medium 100 does not verify the public key pub0 but rather the multi-signature address (adr-mult) corresponding to the public keys pub1 and pub2.

FOURTH EMBODIMENT

(58) FIG. 4 shows a representative embodiment of the invention using three management entities 31, 32 and 33 to provide a last user public key (pub0).

(59) In this variant, the system further comprises:

(60) a third management entity (33) configured to generate a third pair of asymmetric cryptographic keys comprising a third user public key (pub3) and a third user private key (priv3),

(61) the third management entity (33) comprising: a third computer (43) in which program instructions are stored, which instructions, when read by a third data processor, cause the third computer (43) to store the third user public key (pub3) in a third recording memory and to generate the third first user private key (priv3), a third device (53) associated with the third computer (43) configured to inscribe the third user private key (priv3) onto the physical medium, and a third means for verifying the third user private key (priv3) inscribed and affixing a third tamper-evident concealing element (hol3) to the physical medium in order to conceal the third user private key (priv3) and make it non-visible, the third computer (43) being further configured to generate the last user public key (pub0) from the first user public key (pub1), the second user public key (pub2) and the third user public key (pub3), and to allow the inscription of the last user public key (pub0) onto the physical medium by the third device (53).

(62) As shown in FIG. 7, the entities 31, 32 and 33 each need an engraving machine 51, 52, 53 connected to a computer 41, 42, 43 in order to inscribe onto the metal bar. This computer 41, 42, 43 is not connected to any network, to avoid cyberattacks. Entities 31, 32 and 33 can use the same type of hardware 41, 42, 43, 51, 52, 53 and software.

(63) Each entity 31, 32 and 33 has different holograms which it will affix to the metal bar. If there are three entities, there may be six employees involved, as an example: Alice and Albert, employees of the first entity 31. Charlie and Clara, employees of the second entity 32. Bob and Brian, employees of the third entity 33.

(64) Inscribing the Cryptographic Keys

(65) The steps of generating and inscribing the public and private keys are shown in the diagram of FIG. 4.

(66) (1) Alice generates a public/private key pair on the computer using the software.

(67) (2) Alice takes a metal bar 100 and inscribes the private key (priv1).

(68) (3) Albert enters this private key into the software. The latter re-generates the public key (pub1). Albert verifies that the public key generated from the private key and the public key (pub1) generated by Alice are the same.

(69) (4) Once this verification has been carried out, Alice and Albert affix the tamper-evident holographic sticker (hol1) of their entity 31 over the private key (priv1).

(70) (5) Alice and Albert send the metal bar and the public key (pub1) to the second entity 32.

(71) The second entity 32 then performs a similar process.

(72) (1′) Charlie generates a public/private key pair,

(73) (2′) Charlie inscribes the private key (priv2), then

(74) (3′) Clara verifies with the software that the engraved key has the same public key (pub2) as that of Brian.

(75) (4′) Charlie and Clara affix the tamper-evident holographic sticker (hol2) of their entity 32 over the private key (priv2).

(76) (5′) Then Charlie and Clara send the metal bar and the public keys (pub1 and pub2) to the third entity 33.

(77) The third entity 33 then performs a similar process.

(78) (6) Brian generates a public/private key pair (priv3, pub3),

(79) (7) Brian inscribes the private key (priv3), then

(80) (8) Bob verifies with the software that the engraved key has the same public key (pub3) as that of Brian.

(81) (9) Bob and Brian affix the tamper-evident holographic sticker (hol3) of their entity 33 over the private key (priv3).

(82) (10) Then using the three public keys pub1, pub2 and pub3, Brian uses the software to derive a fourth public key (pub0).

(83) (11) Brian inscribes this public key (pub0) onto the metal bar 100.

(84) (12) In the last step Bob verifies, using the public keys pub1, pub2 and pub3, that the public key pub0 has been correctly engraved on the metal bar 100. For this, he enters, in turn, the public keys pub1, pub2 and pub3 into the software and makes sure that the public key pub0 engraved on the metal bar 100 is the correct one. Bob and Brian send the metal bar and public key (pub3) to the second entity.

(85) (13′) Employees Charlie and Clara of the entity 32 must calculate the public key (pub0) using the public keys pub1, pub2 and pub3 and verify that the public key (pub0) inscribed onto the metal bar 100 is the same as the one they calculated. Charlie and Clara send the metal bar and the public keys (pub2 and pub3) to the first entity.

(86) (13) Employees Alice and Albert of the entity 31 must also calculate the public key (pub0) using the public keys pub1, pub2 and pub3 and verify that the public key (pub0) inscribed onto the metal bar 100 is the same as the one they calculated.

(87) Then, once the engraving process has been completed correctly, the employees of the entity 31 seal the metal bar 100 in plastic protection.

(88) This process creates a metal bar 100 on which three private keys (priv1, priv2 and priv3) are inscribed by three different entities, hidden by three tamper-evident holographic stickers (hol1, hol2 and hol3), as well as a public key (pub0) corresponding to the combination of the three hidden private keys (priv1, priv2 and priv3). At no time were the three private keys (priv1, priv2 and priv3) visible to one person at the same time.

(89) Recovering the Private Key

(90) (14) The owner of the metal bar 100 can verify that the secrets (priv1, priv2 and priv3) of the bar 100 have not been revealed by verifying the integrity of the tamper-evident holographic stickers (hol1, hol2 and hol3).

(91) (15) When the owner wishes to recover the private key priv0 corresponding to the public key pub0 engraved on their bar 100, they must remove the three tamper-evident holographic stickers (hol1, hol2 and hol3). The secrets (priv1, priv2 and priv3) are then visible.

(92) (16) The software for recovering private keys asks the owner of the bar 100 to enter the secrets (priv1, priv2 and priv3) inscribed onto the metal bar 100. The software then generates the private key priv0 corresponding to the public key pub0. It was only at the recovery stage that the private key priv0 was calculated. It has never been present on any computer before, which means that neither the employees of the entity 31 nor the employees of the entities 32 or 33 could have seen this private key priv0.

FIFTH EMBODIMENT

(93) FIG. 5 shows a representative embodiment of the invention using two management entities 31, 32 and 33 to provide a last user public key (pub0) and a cryptographic address (adr).

(94) In this variant, a last user public key (pub0) is generated and a cryptographic address (adr) is engraved (11) on the physical medium. The last user public key (pub0) is used to generate the cryptographic address (adr), this address (adr) being calculated from the last user public key (pub0) and being engraved on the physical medium.

(95) In this variant of the method, the steps for generating and inscribing the public and private keys presented in the diagram of FIG. 5 are similar to those presented in the diagram of FIG. 4.

(96) If the cryptographic keys are used in the context of cryptocurrencies, it is possible to inscribe the address (adr) corresponding to the public key (pub0) rather than the public key (pub0) itself.

(97) In this variant, the steps (11) and (12) of the method are different. This time, instead of writing the public key pub0, Brian inscribes the address (adr) corresponding to the public key pub0. The calculation of the address (adr) depends on the cryptocurrency used but the address (adr) always depends on the public key pub0.

(98) The verification carried out by the first and second entities 31 and 32 in step (13′ and 13) is modified, because it is no longer the public key pub0 that is inscribed, but rather the cryptocurrency address (adr). Consequently, the verification carried out consists in recalculating this address (adr) and verifying that the inscribed address (adr) matches the calculated address.

(99) The verification carried out in (16) by the owner is also different because in this case, the owner of the physical medium 100 verifies the address (adr) and not the public key pub0.

SIXTH EMBODIMENT

(100) FIG. 6 shows a representative embodiment of the invention using three management entities 31, 32 and 33 to provide a multi-signature address (adr-mult).

(101) In this variant, a multi-signature address (adr-mult) is generated from the first user public key (pub1), the second user public key (pub2) and the third user public key (pub3), this multi-signature address (adr-mult) being engraved (11) on the physical medium.

(102) In this variant of the method, the steps for generating and inscribing the public and private keys presented in the diagram of FIG. 6 are similar to those presented in the diagram of FIG. 5.

(103) Remaining on the subject of cryptocurrencies, it is possible to make the address (adr-mult) depend directly on the public keys pub1, pub2 and pub3 without having to generate a fourth public key pub0. In this case the address (adr-mult) inscribed onto the physical medium is a 3-of-3 “multi-signature” address, which means that to sign a transaction, the three private keys priv1, priv2 and priv3 inscribed under the hidden portions are used directly to sign a transaction. There is no generation of a 4th private key, derived from the private keys priv1, priv2 and priv3.

(104) The different steps of this preferred embodiment are, as for the variant of FIG. 5, steps (11), (12), (13) and (16). Steps (11) and (12) are different because it is not the public key pub0 that is inscribed onto the medium, but rather the multi-signature address (adr-mult) corresponding to the three public keys pub1, pub2 and pub3. In step (11), Brian inscribes the address (adr-mult) corresponding to the public keys pub1, pub2 and pub3. And in step (12) Bob verifies this address (adr-mult).

(105) The verification carried out by the first and second entities 31 and 32 in step (13′, 13) is modified, because it is no longer the public key pub0 that needs to be verified, but rather the multi-signature cryptocurrency address (adr-mult). Consequently, as with the variant of FIG. 5, the verification carried out consists in recalculating the address (adr-mult) and verifying that the inscribed address (adr-mult) matches the calculated address.

(106) The verification carried out in (16) is different because in this case, the owner of the physical medium 100 does not verify the public key pub0 but rather the multi-signature address (adr-mult) corresponding to the public keys pub1, pub2 and pub3.

OTHER EMBODIMENTS WITH MULTIPLE SECRETS

(107) The number of secrets of the preferred embodiment involves two or three entities, each with a signature. However, the number of entities involved in the execution may be greater. This number is only limited by the space available on the physical medium.

(108) In this case the process is very similar. If n entities are involved in the execution, the n−1 first entities perform steps (1) to (5) one after the other and the last entity completes the execution with steps (6) to (12).

(109) The step (13) of verifying the public key or the address inscribed onto the physical medium must be carried out by all the entities which have generated a private key.

(110) In this variant, the step of verification by the owner is also different, because this time it requires the combination of n private keys.

(111) The n secrets can be used to generate:

(112) 1 A public key (as in the embodiment of FIG. 1),

(113) 2. The address of a public key (as in the variant of FIG. 2),

(114) 3. The multi-signature address of multiple public keys (as in the variant of FIG. 3).

(115) Physical Medium

(116) FIG. 8 is a schematic view of a physical medium 100 in one embodiment of the invention,

(117) This physical medium 100 comprises: a first user private key (priv1) inscribed onto the medium, the first user private key (priv1) being associated with a first user public key (pub1) to form a first pair of asymmetric cryptographic keys, a first tamper-evident concealing element (hol1) for concealing first user private key (priv1) and sealing same, said first user private key (priv1) being accessible only by visibly breaking said first tamper-evident concealing element (hol1), a second user private key (priv2) inscribed onto the medium, the second user private key (priv2) being associated with a second user public key (pub2) to form a second pair of asymmetric cryptographic keys, a second tamper-evident concealing element (hol2) for concealing second user private key (priv2) and sealing same, the second user private key (priv2) being accessible only by visibly breaking the second tamper-evident concealing element (hol2); and a last user public key (pub0) inscribed onto the medium, which is generated from the first user public key (pub1) and the second user public key (pub2).

(118) Instead of the last user public key (pub0), a cryptographic address can also be inscribed onto the medium.

(119) The medium 100 can be formed from a bar of metal or metal alloy, such as a gold, platinum, silver or steel bar. Any other medium can be used to inscribe the private keys. For example, wood, glass, stone, plastic, ceramics, paper, etc.

(120) The inscription can use alphanumeric characters, barcodes, QR codes or any other possible representation.

(121) Instead of inscribing the codes directly onto a metal bar, it is possible to inscribe the different codes (public keys, private keys or addresses) onto one or more moving metal part(s).

(122) Other variants of the process are possible and are described in the following section.

(123) Multiple Media

(124) FIG. 9 is a schematic view of a physical medium 200 in another embodiment of the invention.

(125) This alternative embodiment is an extension of the preferred embodiment described in FIG. 1 to 6 (or the variant with multiple secrets for a public key). It uses the preceding methods to create a plurality of physical media 210, 220, 230, 240.

(126) The medium 200 is formed by a plurality of separate elements 210, 220, 230, 240 and a base 250, each separate element 210, 220, 230, 240 has its own private keys (priv1, priv2) and its own public key (pub1), a multi-signature cryptocurrency address common to the separate elements 210, 220, 230, 240 being generated and inscribed onto the base 250.

(127) Since each medium 210, 220, 230, 240 has its own public key, it is possible to generate a multi-signature cryptocurrency address common to a plurality of physical media. For example, if three elements of physical media are used, it is possible to generate a multi-signature address (2-of-3) corresponding to the three public keys. This address can therefore now be inscribed onto a 4th element or base of the physical medium.

(128) In this case, the process is as follows: (1) n elements of physical media are created by the two or three entities in accordance with the preferred embodiment described in FIG. 1 (or variant with multiple secrets).

(129) (2) Alice of the entity 31 enters the n public keys and indicates the required number of signatures s into the software that generates the multi-signature cryptocurrency address.

(130) Alice inscribes this address onto a physical medium.

(131) (3) Albert enters the public keys and the required number of signatures into the software that generates the address. Albert verifies that the address is the same as that inscribed by Alice onto the physical medium.

(132) (4) The second entity verifies that the address inscribed onto the physical medium matches the public keys inscribed onto the n physical media as well as the number s of signatures required.

(133) The phase of recovering cryptocurrency tokens deposited at the multi-signature address requires the same steps of the preferred embodiment presented in detail above in FIG. 1.

(134) In the case of an s-of-n multi-signature address, these steps must be carried out by s owners of physical media whose public keys were used to generate the multi-signature address.

(135) That is to say if there are three physical media and the multi-signature address requires two out of three signatures, steps (13), (14) and (15) must be carried out by two of the owners of the physical media. An additional step (16) is added, after the private keys have been recovered. The two owners of the physical media must generate a transaction (knowing the three public keys) and each of them must sign this transaction in order to transfer the cryptocurrency tokens.

(136) The present invention is in no way limited to the embodiments described by way of example and shown in the figures. Many modifications of details, shapes and dimensions can be made without departing from the scope of the invention. The present invention has been described in relation to specific embodiments, which have a purely illustrative value and should not be considered as limiting. For example, other uses of the method, system and physical medium of the invention are possible in industries such as automotive, luxury, shipping, real estate, legal, IP (Internet Protocol), etc. The reference numbers in the claims do not limit their scope.

Securing cryptographic data onto a physical medium

Assignee

Inventors

Cpc classification

Classification Explorer

H04L9/50

ELECTRICITY

Classification Explorer

H04L2209/56

ELECTRICITY

Classification Explorer

H04L9/085

ELECTRICITY

Classification Explorer

G06Q20/3678

PHYSICS

Classification Explorer

G06Q2220/00

PHYSICS

Classification Explorer

H04L9/10

ELECTRICITY

Classification Explorer

H04L9/0894

ELECTRICITY

Classification Explorer

H04L9/3255

ELECTRICITY

Classification Explorer

H04L9/0897

ELECTRICITY

Classification Explorer

G06Q20/3674

PHYSICS

Classification Explorer

G06Q30/0185

PHYSICS

International classification

Classification Explorer

H04L9/08

ELECTRICITY

Classification Explorer

G06Q20/36

PHYSICS

Classification Explorer

G06Q30/018

PHYSICS

Classification Explorer

H04L9/10

ELECTRICITY

Classification Explorer

H04L9/32

ELECTRICITY

Abstract

Claims

Description