System and method for securely distributing data collected by an embedded trusted device, the method comprising: receiving by the embedded trusted device at least one data point from a connected data source; computing a cryptographic hash of the at least one data point; computing by the embedded trusted device a digital signature of the at least one data point with a first cryptographic private key stored in the embedded trusted device; transmitting a first record comprising at least the cryptographic hash or the digital signature to a public transaction repository; transmitting the at least one data point to a data consumer having a second cryptographic private key, responsive to verifying a second record cryptographically associated with the first cryptographic private key and the second cryptographic private key.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
A system for locally attesting a data record at a data source, the system including:
a trusted gateway locally connected to the data source and configured for receiving at least one data point from the data source;
at least one blockchain database configured for receiving and storing data records digitally signed with a cryptographic key; and
a certificate store,
wherein the trusted gateway comprises a secure element storing at least one private cryptographic key,
wherein the certificate store contains a digital certificate comprising a public cryptographic key corresponding to the at least one private cryptographic key digitally signed by a trusted certificate authority,
wherein the trusted gateway is configured to create a data record containing at least one data point and to transmit the created data record to the at least one blockchain database.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
An electronic marking for verifying the authenticity of an object, including: an antenna, an analogue transceiver circuit, a microcontroller, and at least one secure cryptoprocessor, in which the antenna is connected to the analogue transceiver circuit; the microcontroller is connected both to the analogue transceiver circuit and the at least one secure cryptoprocessor; the at least one secure cryptoprocessor is designed to securely generate a digital signature; the electronic marking has one or more electrical sensor conductors; the at least one secure cryptoprocessor is connected to at least one of the sensor conductors and designed to determine at least one electrical property of the connected at least one sensor conductor; and the one or more electrical sensor conductor(s) are distinct from the antenna and are positioned to overlap, at least partly, with said antenna.
G06K 19/077 - Constructional details, e.g. mounting of circuits in the carrier
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
Method and system for generating a cryptographically secure derived process data, the method comprising: performing a measurement of a process parameter using a sensor (5), cryptographically attesting the measurement outcome (6) using a digital identity (7) associated with the sensor (5), submitting the attested measurement outcome (10) to a ledger database (3), receiving the attested measurement outcome (10) by a processor (4), computing a computation result (13) from the attested measurement outcome (10) and at least one computer executable instruction by the processor (4), digitally signing the computation result (13) using a digital identity (14) associated with the processor (4), submitting the signed computation result (15) to the ledger database (3).
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
5.
METHOD FOR SUSPENDING PROTECTION OF AN OBJECT ACHIEVED BY A PROTECTION DEVICE
The disclosure concerns a method for suspending protection of an object achieved by a protection device, comprising the following steps:
a first data connection is established between the protection device and a mobile device;
a second data connection is established between the protection device and a transaction directory;
the protection device receives via the first data connection a public key;
the protection device requests via the second data connection a search of transactions associated with the public key within the transaction directory;
the protection device determines that the search within the transaction directory yields at least one transaction associated with the public key;
a third data connection is established between the protection device and an authentication entity;
the protection device receives via the first data connection an identification string;
the protection device requires via the third data connection a clearance of the identification string by the authentication entity;
the protection device determines that the identification string is cleared;
based on a determination that the search within the transaction directory yields at least one transaction and based on a determination that the identification string is cleared, the protection device suspends protection of the object
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
H04L 9/30 - Public key, i.e. encryption algorithm being computationally infeasible to invert and users' encryption keys not requiring secrecy
6.
INDUCTOR COIL PHYSICAL UNCLONEABLE FUNCTIONS BASED ELECTRONIC MARKING
An electronic marking (18; 32) for verification of the authenticity of an object, comprising: one or more electrical lines (19, 20, 21; 2, 34 ), including an antenna (22; 3), an integrated circuit (14; 35) connected to the one or more electrical lines (19, 20, 21; 2, 34), wherein the electronic marking (18; 32) is configured to respond to wireless requests with a proof of possession of a cryptographic private key, wherein said cryptographic private key is derived from measured physical attributes of at least some of the one or more electrical lines (19, 20, 21: 2, 34).
G09C 1/00 - Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
G06K 19/077 - Constructional details, e.g. mounting of circuits in the carrier
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
A system (1) for locally attesting a data record at a data source (2), the system (1) comprising: - a trusted gateway (6) locally connected to the data source (2) and configured for receiving at least one data point (10) from the data source (2); - at least one blockchain database (7, 8) configured for receiving and storing data records digitally signed with a cryptographic key; and - a certificate store (9), wherein the trusted gateway (6) comprises a secure element storing at least one private cryptographic key (14), wherein the certificate store (9) contains a digital certificate (22) comprising a public cryptographic key (16) corresponding to the at least one private cryptographic key (14) digitally signed by a trusted certificate authority, wherein the trusted gateway (6) is configured to create a data record containing at least one data point (10) received from the data source (2), a timestamp (20), an identity (16) associated with the at least one private cryptographic key (14) and at least one digital signature (18) generated by the secure element with the at least one private cryptographic key (14), and to transmit the created data record to the at least one blockchain database (7, 8).
G06F 21/64 - Protecting data integrity, e.g. using checksums, certificates or signatures
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
A system (1) for locally attesting a data record at a data source (2), the system (1) comprising: - a trusted gateway (6) locally connected to the data source (2) and configured for receiving at least one data point (10) from the data source (2); - at least one blockchain database (7, 8) configured for receiving and storing data records digitally signed with a cryptographic key; and - a certificate store (9), wherein the trusted gateway (6) comprises a secure element storing at least one private cryptographic key (14), wherein the certificate store (9) contains a digital certificate (22) comprising a public cryptographic key (16) corresponding to the at least one private cryptographic key (14) digitally signed by a trusted certificate authority, wherein the trusted gateway (6) is configured to create a data record containing at least one data point (10) received from the data source (2), a timestamp (20), an identity (16) associated with the at least one private cryptographic key (14) and at least one digital signature (18) generated by the secure element with the at least one private cryptographic key (14), and to transmit the created data record to the at least one blockchain database (7, 8).
G06F 21/64 - Protecting data integrity, e.g. using checksums, certificates or signatures
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
9.
METHOD FOR SUSPENDING PROTECTION OF AN OBJECT ACHIEVED BY A PROTECTION DEVICE
The disclosure concerns a method for suspending protection of an object (1) achieved by a protection device (2), comprising the following steps: a first data connection (11) is established between the protection device (2) and a mobile device (3); a second data connection (12) is established between the protection device (2) and a transaction directory (4); the protection device (2) receives (20) via the first data connection (11) a public key; the protection device (2) requests (26) via the second data connection (12) a search of transactions associated with the public key within the transaction directory (4); the protection device (2) determines (28) that the search within the transaction directory (4) yields at least one transaction associated with the public key; a third data connection (13) is established between the protection device (2) and an authentication entity (5); the protection device (2) receives (34) via the first data connection (11) an identification string; the protection device (2) requires (35) via the third data connection (13) a clearance of the identification string by the authentication entity (5); the protection device (2) determines (37) that the identification string is cleared; based on a determination that the search within the transaction directory (4) yields at least one transaction and based on a determination that the identification string is cleared, the protection device (2) suspends (38) protection of the object (1).
H02M 1/32 - Means for protecting converters other than by automatic disconnection
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
H04L 9/14 - Arrangements for secret or secure communicationsNetwork security protocols using a plurality of keys or algorithms
An electronic marking for verifying the authenticity of an object, including an antenna, an analogue transceiver circuit, a microcontroller, and at least one secure cryptoprocessor, in which the antenna is connected to the analogue transceiver circuit; the microcontroller is connected both to the analogue transceiver circuit and the at least one secure cryptoprocessor; the at least one secure cryptoprocessor is designed to securely generate a digital signature; the electronic marking has one or more electrical sensor conductors; the at least one secure cryptoprocessor is connected to at least one of the sensor conductors and designed to determine at least one electrical property of the connected at least one sensor conductor; and the one or more electrical sensor conductor(s) are distinct from the antenna and are positioned to overlap, at least partly, with said antenna.
G06K 19/077 - Constructional details, e.g. mounting of circuits in the carrier
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
11.
Dongles and method for providing a digital signature
wherein at least one of the dongles is configured to, before computing the digital signature, verify the presence of at least one other dongle belonging to the set, and to compute the digital signature only upon successful verification of the presence of one or more other dongles.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
An electronic marking (1) for verifying the authenticity of an object, comprising: an antenna (2), an analogue transceiver circuit (3), a microcontroller (4), and at least one secure cryptoprocessor (5), wherein: the antenna (2) is connected to the analogue transceiver circuit (3); the microcontroller (4) is connected both to the analogue transceiver circuit (3) and the at least one secure cryptoprocessor (5); the at least one secure cryptoprocessor (5) is designed to securely generate a digital signature; the electronic marking (1) has a sensor mesh (6) comprising one or more electrical sensor conductor(s) (7, 13, 31); the at least one secure cryptoprocessor (5) is connected to the sensor mesh (6) and designed to determine at least one electrical property of the sensor mesh (6); and the sensor mesh (6) is positioned to overlap, at least partly, with said antenna (2).
G06K 19/077 - Constructional details, e.g. mounting of circuits in the carrier
G06K 19/07 - Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards with integrated circuit chips
An electronic marking (1) for verifying the authenticity of an object, comprising: an antenna (2), an analogue transceiver circuit (3), a microcontroller (4), and at least one secure cryptoprocessor (5), wherein: the antenna (2) is connected to the analogue transceiver circuit (3); the microcontroller (4) is connected both to the analogue transceiver circuit (3) and the at least one secure cryptoprocessor (5); the at least one secure cryptoprocessor (5) is designed to securely generate a digital signature; the electronic marking (1) has one or more electrical sensor conductors (7, 13, 31); the at least one secure cryptoprocessor (5) is connected to at least one of the sensor conductors (7, 13, 31) and designed to determine at least one electrical property of the connected at least one sensor conductor; and the one or more electrical sensor conductor(s) (7, 13, 31) are distinct from the antenna (2) and are positioned to overlap, at least partly, with said antenna (2).
G06K 19/077 - Constructional details, e.g. mounting of circuits in the carrier
G06K 19/07 - Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards with integrated circuit chips
Method for suspending a physical protection of an object by a protection device, wherein a host device receives a first and second public key, a third public key and a signed combined identifier incorporating the first and second public keys, wherein the signed identifier is signed with a third private key, which third private key is cryptographically associated with the third public key; the host device requests a search of transactions within a public transaction directory; the host device authenticates the first and second public keys using a signature of the signed identifier; the host device authenticates the protection device and sends an unlock request to the dongle if the search of the transaction directory yields at least one transaction and the first and second public keys, the protection device and the dongle are authentic; and in reaction the dongle sends an unlock command to suspend the protection of the object.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
H04L 9/14 - Arrangements for secret or secure communicationsNetwork security protocols using a plurality of keys or algorithms
15.
DONGLES AND METHOD FOR PROVIDING A DIGITAL SIGNATURE
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
16.
PROTECTION DEVICE AND DONGLE AND METHOD FOR USING THE SAME
Method for suspending a physical protection of an object (1) achieved by a protection device (2), wherein a host device (10) receives a first public key, a second public key, a third public key and a signed combined identifier incorporating the first public key and the second public key, wherein the signed combined identifier is signed with a third private key, which third private key is cryptographically associated with the third public key; the host device (10) requests a search of transactions associated with the signed combined identifier within the public transaction directory (12); the host device (10) authenticates at least the first public key and the second public key using a signature of the signed combined identifier and using the third public key; the host device (10) authenticates the protection device (2) using the first public key and the dongle (6) using the second public key and sends an unlock request to the dongle (6) if the search of the transaction directory (12) yields at least one transaction and the first and second public keys, the protection device (2) and the dongle (6) are authentic; and the dongle (6) receives the unlock request and in reaction sends an unlock command controlling an actuator (3) of the protection device (2) to suspend the physical protection of the protected object (1).
patents
